alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/actions-setup-node-6.x alexlebens:renovate/actions-checkout-5.x alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/ghcr.io-twin-gatus-5.x
..
compare: alexlebens:4f98e93197f76a1c5833a004b8da74478bd2ae05
Branches Tags
alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/actions-setup-node-6.x alexlebens:renovate/actions-checkout-5.x alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/ghcr.io-twin-gatus-5.x alexlebens:main

1 Commits
main ... 4f98e93197

Author SHA1 Message Date
Renovate Bot
4f98e93197 Update ghcr.io/immich-app/immich-server Docker tag to v1.133.0
All checks were successful
lint-and-test-charts / lint-test (pull_request) Successful in 24s
Details
2025-05-22 20:21:08 +00:00
324 changed files with 2461 additions and 7233 deletions
Expand all files Collapse all files

80
.gitea/workflows/lint-test-docker.yaml
View File

@@ -1,80 +0,0 @@
name: lint-test-docker
on:
push:
branches:
- main
paths:
- 'hosts/**'
- ! 'hosts/archive'
pull_request:
branches:
- main
paths:
- 'hosts/**'
- ! 'hosts/archive'
jobs:
docker-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "origin/${{ github.base_ref }}"
- name: Branch Does Not Exist
if: steps.check-branch-exists.outputs.exists == 'false'
run: echo "Branch origin/${{ github.base_ref }} was not found, likely already merged"
- name: Set up Node.js
if: steps.check-branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Lint Docker Compose
if: steps.check-branch-exists.outputs.exists == 'true'
run: |
set -e # Exit immediately if a command exits with a non-zero status.
TARGET_BRANCH="origin/${{ github.base_ref }}"
echo ">> Target branch for diff is: $TARGET_BRANCH"
CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
echo ">> Found changed files:"
echo "$CHANGED_FILES"
# For each changed file, find its parent chart directory (the one with compose.yaml).
# Then, create a unique list of those directories.
CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
dir=$(dirname "$file")
while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
dir=$(dirname "$dir")
done
if [[ "$dir" != "." ]]; then
echo "$dir"
fi
done | sort -u)
if [[ -z "$CHANGED_COMPOSE" ]]; then
echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
exit 0
fi
echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE"
echo "$CHANGED_COMPOSE" | while read -r compose; do
echo ">> Linting $compose ..."
npx dclint $compose
done

82
.gitea/workflows/lint-test-helm.yaml
View File

@@ -1,82 +0,0 @@
name: lint-test-helm
on:
push:
branches:
- main
paths:
- 'clusters/**'
- ! 'clusters/*/archive'
pull_request:
branches:
- main
paths:
- 'clusters/**'
- ! 'clusters/*/archive'
jobs:
helm-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "origin/${{ github.base_ref }}"
- name: Branch Does Not Exist
if: steps.check-branch-exists.outputs.exists == 'false'
run: echo "Branch origin/${{ github.base_ref }} was not found, likely already merged"
- name: Set up Helm
if: steps.check-branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: latest
- name: Lint Helm Chart
if: steps.check-branch-exists.outputs.exists == 'true'
run: |
set -e # Exit immediately if a command exits with a non-zero status.
TARGET_BRANCH="origin/${{ github.base_ref }}"
echo ">> Target branch for diff is: $TARGET_BRANCH"
CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
echo ">> Found changed files:"
echo "$CHANGED_FILES"
# For each changed file, find its parent chart directory (the one with Chart.yaml).
# Then, create a unique list of those directories.
CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
dir=$(dirname "$file")
while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
dir=$(dirname "$dir")
done
if [[ "$dir" != "." ]]; then
echo "$dir"
fi
done | sort -u)
if [[ -z "$CHANGED_CHARTS" ]]; then
echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
exit 0
fi
echo ">> Running helm lint on changed charts:"
echo "$CHANGED_CHARTS"
echo "$CHANGED_CHARTS" | while read -r chart; do
echo ">> Building dependency for "$chart" ..."
helm dependency build "$chart"
echo ">> Linting $chart..."
helm lint "$chart"
done

37
.gitea/workflows/lint-test.yaml Normal file
View File

@@ -0,0 +1,37 @@
name: lint-and-test-charts
on: pull_request
jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: latest
- uses: actions/setup-python@v5
with:
python-version: "3.13"
check-latest: true
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.7.0
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }}

32
.gitea/workflows/renovate.yaml
View File

@@ -1,32 +0,0 @@
name: renovate
on:
schedule:
- cron: "@hourly"
push:
branches:
- main
workflow_dispatch:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:41
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Renovate
run: renovate
env:
RENOVATE_PLATFORM: gitea
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}

2
clusters/cl01tl/applications/actual/Chart.yaml
View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template - name: app-template
alias: actual alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
appVersion: v25.5.0 appVersion: v25.5.0

2
clusters/cl01tl/applications/actual/values.yaml
View File

@@ -9,7 +9,7 @@ actual:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 25.10.0 tag: 25.5.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/applications/audiobookshelf/Chart.yaml
View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template - name: app-template
alias: audiobookshelf alias: audiobookshelf
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
appVersion: 2.21.0 appVersion: 2.21.0

23
clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,28 +1,5 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata:
name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-apprise-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ntfy-url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-config-backup-secret name: audiobookshelf-config-backup-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}

19
clusters/cl01tl/applications/audiobookshelf/templates/service-monitor.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: audiobookshelf-apprise
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-apprise
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: apprise
interval: 30s
scrapeTimeout: 15s
path: /metrics
selector:
matchLabels:
app.kubernetes.io/name: audiobookshelf
app.kubernetes.io/instance: {{ .Release.Name }}

29
clusters/cl01tl/applications/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.30.0 tag: 2.23.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -18,29 +18,6 @@ audiobookshelf:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 128Mi
apprise-api:
image:
repository: caronc/apprise
tag: 1.2.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: APPRISE_STORAGE_MODE
value: memory
- name: APPRISE_STATEFUL_MODE
value: disabled
- name: APPRISE_WORKER_COUNT
value: 1
- name: APPRISE_STATELESS_URLS
valueFrom:
secretKeyRef:
name: audiobookshelf-apprise-config
key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -49,10 +26,6 @@ audiobookshelf:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
persistence: persistence:
config: config:
storageClass: ceph-block storageClass: ceph-block

2
clusters/cl01tl/applications/bazarr/Chart.yaml
View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template - name: app-template
alias: bazarr alias: bazarr
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
appVersion: 1.5.2 appVersion: 1.5.2

2
clusters/cl01tl/applications/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.3@sha256:a93c3595410f5c5791a126d7705cd8a29f3ce882338eef304cb8bece3ef2580b tag: 1.5.2@sha256:2458b13b6bdb9beee13acd2c70172140e9f9362488914d9f7cd95a473c3742b7
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/applications/calibre-web-automated/Chart.yaml
View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template - name: app-template
alias: calibre-web-automated alias: calibre-web-automated
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/calibre-web.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/calibre-web.png
appVersion: V3.0.4 appVersion: V3.0.4

6
clusters/cl01tl/applications/calibre-web-automated/values.yaml
View File

@@ -31,7 +31,7 @@ calibre-web-automated:
main: main:
image: image:
repository: ghcr.io/calibrain/calibre-web-automated-book-downloader repository: ghcr.io/calibrain/calibre-web-automated-book-downloader
tag: latest@sha256:c2850991e99e278269003d92efa86e865f7df039093fbd03e85141b035cf7a80 tag: latest@sha256:97a636efe3b78e1306ff521aa09256125aacdb1a04e628df294d7b6da3fe7b4a
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: FLASK_PORT - name: FLASK_PORT
@@ -41,7 +41,7 @@ calibre-web-automated:
- name: GID - name: GID
value: 100 value: 100
- name: USE_CF_BYPASS - name: USE_CF_BYPASS
value: false value: true
- name: CLOUDFLARE_PROXY_URL - name: CLOUDFLARE_PROXY_URL
value: http://localhost:8000 value: http://localhost:8000
- name: INGEST_DIR - name: INGEST_DIR
@@ -55,7 +55,7 @@ calibre-web-automated:
bypass: bypass:
image: image:
repository: ghcr.io/sarperavci/cloudflarebypassforscraping repository: ghcr.io/sarperavci/cloudflarebypassforscraping
tag: latest@sha256:c34ef70a768ddf35c057f893c5392b8f65465fc4fbac634ba68a16d6a9dd0cbb tag: latest@sha256:bd326a3c6ae0b7ed3e405bbaa230e43e252f444c98f57d179f7a1d78f273748b
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

4
clusters/cl01tl/applications/code-server/Chart.yaml
View File

@@ -19,10 +19,10 @@ dependencies:
- name: app-template - name: app-template
alias: code-server alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: cloudflared - name: cloudflared
alias: cloudflared alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
appVersion: 4.100.2 appVersion: 4.100.2

2
clusters/cl01tl/applications/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.105.1@sha256:c7c66416238b70312df90b5936ea4adb6108552d866dd00a804c86c599b2ab6c tag: 4.100.2@sha256:9848be1da7932e750b44fd30d87d828771ddfd5d9507a5dfd1e487dc79a76a2e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

17
clusters/cl01tl/applications/directus/Chart.yaml
View File

@@ -8,10 +8,14 @@ keywords:
home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/minio/operator
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus - https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/minio/operator/tree/master/helm/tenant
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
@@ -20,14 +24,21 @@ dependencies:
- name: app-template - name: app-template
alias: directus alias: directus
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: tenant
alias: minio
version: 7.1.1
repository: https://operator.min.io/
- name: valkey
version: 3.0.9
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: cloudflared - name: cloudflared
alias: cloudflared-directus alias: cloudflared-directus
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
appVersion: 11.7.2 appVersion: 11.7.2

137
clusters/cl01tl/applications/directus/templates/external-secret.yaml
View File

@@ -45,33 +45,10 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: directus-metric-token name: directus-valkey-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-metric-token app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: metric-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-redis-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-redis-config
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -83,14 +60,14 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/directus/redis key: /cl01tl/directus/valkey
metadataPolicy: None metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/directus/redis key: /cl01tl/directus/valkey
metadataPolicy: None metadataPolicy: None
property: password property: password
@@ -124,6 +101,82 @@ spec:
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-user-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-user-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-root-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-root-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: config.env
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -176,33 +229,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

10
clusters/cl01tl/monitoring/gatus/templates/http-route.yaml → clusters/cl01tl/applications/directus/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: http-route-gatus name: http-route-directus-minio
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: http-route-gatus app.kubernetes.io/name: http-route-directus-minio
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,7 +14,7 @@ spec:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- gatus.alexlebens.net - minio-directus.alexlebens.net
rules: rules:
- matches: - matches:
- path: - path:
@@ -23,6 +23,6 @@ spec:
backendRefs: backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: gatus name: minio-directus-console
port: 80 port: 9090
weight: 100 weight: 100

11
clusters/cl01tl/applications/directus/templates/object-bucket-claim.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

35
clusters/cl01tl/applications/directus/templates/redis-replication.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.2.1
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.76.0

30
clusters/cl01tl/applications/directus/templates/redis-sentinel.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: redis-sentinel-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-sentinel-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: redis-replication-directus
redisReplicationPassword:
secretKeyRef:
name: directus-redis-config
key: password
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v7.0.15
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 10m
memory: 128Mi

43
clusters/cl01tl/applications/directus/templates/service-monitor.yaml
View File

@@ -1,43 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /metrics
bearerTokenSecret:
name: directus-metric-token
key: metric-token
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

119
clusters/cl01tl/applications/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main: main:
image: image:
repository: directus/directus repository: directus/directus
tag: 11.12.0 tag: 11.7.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
@@ -63,25 +63,21 @@ directus:
secretKeyRef: secretKeyRef:
name: directus-postgresql-17-cluster-app name: directus-postgresql-17-cluster-app
key: password key: password
- name: SYNCHRONIZATION_STORE
value: redis
- name: CACHE_ENABLED
value: true
- name: CACHE_STORE
value: redis
- name: REDIS_ENABLED - name: REDIS_ENABLED
value: true value: true
- name: REDIS_HOST - name: REDIS_HOST
value: redis-replication-directus-master value: directus-valkey-primary
- name: REDIS_PORT
value: 6379
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-redis-config name: directus-valkey-config
key: user key: user
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-redis-config name: directus-valkey-config
key: password key: password
- name: STORAGE_LOCATIONS - name: STORAGE_LOCATIONS
value: s3 value: s3
@@ -90,24 +86,21 @@ directus:
- name: STORAGE_S3_KEY - name: STORAGE_S3_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ceph-bucket-directus name: directus-minio-user-secret
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET - name: STORAGE_S3_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ceph-bucket-directus name: directus-minio-user-secret
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET - name: STORAGE_S3_BUCKET
valueFrom: value: directus
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
- name: STORAGE_S3_REGION - name: STORAGE_S3_REGION
value: us-east-1 value: us-east-1
- name: STORAGE_S3_ENDPOINT - name: STORAGE_S3_ENDPOINT
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80 value: http://minio.directus:80
- name: STORAGE_S3_FORCE_PATH_STYLE - name: STORAGE_S3_FORCE_PATH_STYLE
value: true value: "true"
- name: AUTH_PROVIDERS - name: AUTH_PROVIDERS
value: AUTHENTIK value: AUTHENTIK
- name: AUTH_AUTHENTIK_DRIVER - name: AUTH_AUTHENTIK_DRIVER
@@ -134,13 +127,6 @@ directus:
value: Authentik value: Authentik
- name: TELEMETRY - name: TELEMETRY
value: false value: false
- name: METRICS_ENABLED
value: true
- name: METRICS_TOKENS
valueFrom:
secretKeyRef:
name: directus-metric-token
key: metric-token
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -153,11 +139,59 @@ directus:
port: 80 port: 80
targetPort: 8055 targetPort: 8055
protocol: TCP protocol: TCP
minio:
existingSecret:
name: directus-minio-root-secret
tenant:
name: minio-directus
configSecret:
name: directus-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: false
valkey:
architecture: replication
auth:
enabled: true
existingSecret: directus-valkey-config
existingSecretPasswordKey: password
usePasswordFiles: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
replica:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
cloudflared-directus: cloudflared-directus:
name: cloudflared-directus name: cloudflared-directus
existingSecretName: directus-cloudflared-secret existingSecretName: directus-cloudflared-secret
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -170,30 +204,13 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1 endpointCredentials: directus-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1 endpointCredentials: directus-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 2
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: directus-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 0 4 * * SAT"
# backupName: garage

21
clusters/cl01tl/applications/eigenfocus/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: eigenfocus
version: 1.0.0
description: Eigenfocus
keywords:
- eigenfocus
- projects
home: https://wiki.alexlebens.dev/s/82548c75-cefe-4ad2-b60c-0b101127c31b
sources:
- https://github.com/Eigenfocus/eigenfocus
- https://hub.docker.com/r/eigenfocus/eigenfocus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: eigenfocus
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/eigenfocus.png
appVersion: 1.1.0

55
clusters/cl01tl/applications/eigenfocus/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: eigenfocus-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: eigenfocus-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/eigenfocus/eigenfocus-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

8
clusters/cl01tl/management/kronic/templates/http-route.yaml → clusters/cl01tl/applications/eigenfocus/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: https-route-kronic name: http-route-eigenfocus
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: https-route-kronic app.kubernetes.io/name: http-route-eigenfocus
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,7 +14,7 @@ spec:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- kronic.alexlebens.net - eigenfocus.alexlebens.net
rules: rules:
- matches: - matches:
- path: - path:
@@ -23,6 +23,6 @@ spec:
backendRefs: backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: kronic name: eigenfocus
port: 80 port: 80
weight: 100 weight: 100

25
clusters/cl01tl/applications/eigenfocus/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: eigenfocus-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: eigenfocus-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: eigenfocus-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: eigenfocus-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

40
clusters/cl01tl/applications/eigenfocus/values.yaml Normal file
View File

@@ -0,0 +1,40 @@
eigenfocus:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: eigenfocus/eigenfocus
tag: 1.1.0-free
pullPolicy: IfNotPresent
env:
- name: DEFAULT_HOST_URL
value: https://eigenfocus.alexlebens.net
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: HTTP
persistence:
data:
forceRename: eigenfocus-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /eigenfocus-app/app-data
readOnly: false

4
clusters/cl01tl/applications/element-web/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.22 version: 1.4.10
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
alias: cloudflared alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
appVersion: v1.11.100 appVersion: v1.11.100

6
clusters/cl01tl/applications/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: vectorim/element-web repository: vectorim/element-web
tag: v1.12.2 tag: v1.11.101
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
@@ -12,8 +12,8 @@ element-web:
disable_3pid_login: true disable_3pid_login: true
brand: "Alex Lebens" brand: "Alex Lebens"
branding: branding:
welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
sso_redirect_options: sso_redirect_options:
immediate: true immediate: true
default_theme: dark default_theme: dark

6
clusters/cl01tl/applications/freshrss/Chart.yaml
View File

@@ -20,14 +20,14 @@ dependencies:
- name: app-template - name: app-template
alias: freshrss alias: freshrss
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: cloudflared - name: cloudflared
alias: cloudflared alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
appVersion: 1.26.2 appVersion: 1.26.2

30
clusters/cl01tl/applications/freshrss/templates/external-secret.yaml
View File

@@ -180,33 +180,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

68
clusters/cl01tl/applications/freshrss/values.yaml
View File

@@ -11,7 +11,7 @@ freshrss:
runAsUser: 0 runAsUser: 0
image: image:
repository: alpine repository: alpine
tag: 3.22.2 tag: 3.21.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -35,7 +35,7 @@ freshrss:
runAsUser: 0 runAsUser: 0
image: image:
repository: alpine repository: alpine
tag: 3.22.2 tag: 3.21.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -49,29 +49,7 @@ freshrss:
git checkout; git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.22.2
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -80,7 +58,7 @@ freshrss:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.27.1 tag: 1.26.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
@@ -185,16 +163,13 @@ freshrss:
init-download-extension-2: init-download-extension-2:
- path: /var/www/FreshRSS/extensions - path: /var/www/FreshRSS/extensions
readOnly: false readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main: main:
- path: /var/www/FreshRSS/extensions - path: /var/www/FreshRSS/extensions
readOnly: false readOnly: false
cloudflared: cloudflared:
existingSecretName: freshrss-cloudflared-secret existingSecretName: freshrss-cloudflared-secret
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -207,30 +182,13 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1 endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1 endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 3
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 2 4 * * SAT"
# backupName: garage

13
clusters/cl01tl/applications/karakeep/Chart.yaml → clusters/cl01tl/applications/hoarder/Chart.yaml
View File

@@ -1,8 +1,9 @@
apiVersion: v2 apiVersion: v2
name: karakeep name: hoarder
version: 1.0.0 version: 1.0.0
description: Karakeep description: Karakeep
keywords: keywords:
- hoarder
- karakeep - karakeep
- bookmarks - bookmarks
home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad
@@ -18,15 +19,15 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: app-template - name: app-template
alias: karakeep alias: hoarder
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: meilisearch - name: meilisearch
version: 0.17.1 version: 0.13.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
alias: cloudflared alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
appVersion: 0.26.0 appVersion: 0.24.1

13
clusters/cl01tl/applications/karakeep/templates/external-secret.yaml → clusters/cl01tl/applications/hoarder/templates/external-secret.yaml
View File

@@ -19,13 +19,6 @@ spec:
key: /cl01tl/karakeep/key key: /cl01tl/karakeep/key
metadataPolicy: None metadataPolicy: None
property: key property: key
- secretKey: prometheus-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key
metadataPolicy: None
property: prometheus-token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -107,10 +100,10 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: karakeep-data-backup-secret name: hoarder-data-backup-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: karakeep-data-backup-secret app.kubernetes.io/name: hoarder-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -122,7 +115,7 @@ spec:
mergePolicy: Merge mergePolicy: Merge
engineVersion: v2 engineVersion: v2
data: data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/karakeep/karakeep-data" RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data"
data: data:
- secretKey: BUCKET_ENDPOINT - secretKey: BUCKET_ENDPOINT
remoteRef: remoteRef:

8
clusters/cl01tl/applications/karakeep/templates/replication-source.yaml → clusters/cl01tl/applications/hoarder/templates/replication-source.yaml
View File

@@ -1,19 +1,19 @@
apiVersion: volsync.backube/v1alpha1 apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource kind: ReplicationSource
metadata: metadata:
name: karakeep-data-backup-source name: hoarder-data-backup-source
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: karakeep-data-backup-source app.kubernetes.io/name: hoarder-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
sourcePVC: karakeep-data sourcePVC: hoarder-data
trigger: trigger:
schedule: 0 4 * * * schedule: 0 4 * * *
restic: restic:
pruneIntervalDays: 7 pruneIntervalDays: 7
repository: karakeep-data-backup-secret repository: hoarder-data-backup-secret
retain: retain:
hourly: 1 hourly: 1
daily: 3 daily: 3

43
clusters/cl01tl/applications/karakeep/values.yaml → clusters/cl01tl/applications/hoarder/values.yaml
View File

@@ -1,4 +1,4 @@
karakeep: hoarder:
controllers: controllers:
main: main:
type: deployment type: deployment
@@ -9,13 +9,11 @@ karakeep:
main: main:
image: image:
repository: ghcr.io/karakeep-app/karakeep repository: ghcr.io/karakeep-app/karakeep
tag: 0.27.1 tag: 0.24.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: DATA_DIR - name: DATA_DIR
value: /data value: /data
- name: DB_WAL_MODE
value: true
- name: NEXTAUTH_URL - name: NEXTAUTH_URL
value: https://karakeep.alexlebens.dev/ value: https://karakeep.alexlebens.dev/
- name: NEXTAUTH_SECRET - name: NEXTAUTH_SECRET
@@ -23,41 +21,15 @@ karakeep:
secretKeyRef: secretKeyRef:
name: karakeep-key-secret name: karakeep-key-secret
key: key key: key
- name: PROMETHEUS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: karakeep-key-secret
key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION
value: us-east-1
- name: ASSET_STORE_S3_BUCKET
valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true
- name: MEILI_ADDR - name: MEILI_ADDR
value: http://karakeep-meilisearch.karakeep:7700 value: http://hoarder-meilisearch.hoarder:7700
- name: MEILI_MASTER_KEY - name: MEILI_MASTER_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-meilisearch-master-key-secret name: karakeep-meilisearch-master-key-secret
key: MEILI_MASTER_KEY key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL - name: BROWSER_WEB_URL
value: http://karakeep.karakeep:9222 value: http://hoarder.hoarder:9222
- name: DISABLE_SIGNUPS - name: DISABLE_SIGNUPS
value: false value: false
- name: OAUTH_PROVIDER_NAME - name: OAUTH_PROVIDER_NAME
@@ -77,13 +49,13 @@ karakeep:
name: karakeep-oidc-secret name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_SECRET key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL - name: OLLAMA_BASE_URL
value: http://ollama-server-3.ollama:11434 value: http://ollama-server-1.ollama:11434
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 5m value: 5m
- name: INFERENCE_TEXT_MODEL - name: INFERENCE_TEXT_MODEL
value: gemma3:4b value: llama3.1:8b
- name: INFERENCE_IMAGE_MODEL - name: INFERENCE_IMAGE_MODEL
value: granite3.2-vision:2b value: llama3.2-vision:11b
- name: EMBEDDING_TEXT_MODEL - name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC - name: INFERENCE_JOB_TIMEOUT_SEC
@@ -122,6 +94,7 @@ karakeep:
protocol: HTTP protocol: HTTP
persistence: persistence:
data: data:
forceRename: hoarder-data
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi

2
clusters/cl01tl/applications/home-assistant/Chart.yaml
View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template - name: app-template
alias: home-assistant alias: home-assistant
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
appVersion: 2025.5.2 appVersion: 2025.5.2

4
clusters/cl01tl/applications/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2025.10.4 tag: 2025.5.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.105.1@sha256:c7c66416238b70312df90b5936ea4adb6108552d866dd00a804c86c599b2ab6c tag: 4.100.2@sha256:9848be1da7932e750b44fd30d87d828771ddfd5d9507a5dfd1e487dc79a76a2e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

4
clusters/cl01tl/applications/homepage-dev/Chart.yaml
View File

@@ -18,10 +18,10 @@ dependencies:
- name: app-template - name: app-template
alias: homepage alias: homepage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: cloudflared - name: cloudflared
alias: cloudflared alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
appVersion: v1.2.0 appVersion: v1.2.0

18
clusters/cl01tl/applications/homepage-dev/values.yaml
View File

@@ -11,7 +11,7 @@ homepage:
main: main:
image: image:
repository: ghcr.io/gethomepage/homepage repository: ghcr.io/gethomepage/homepage
tag: v1.5.0 tag: v1.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: HOMEPAGE_ALLOWED_HOSTS - name: HOMEPAGE_ALLOWED_HOSTS
@@ -27,18 +27,18 @@ homepage:
docker.yaml: "" docker.yaml: ""
kubernetes.yaml: "" kubernetes.yaml: ""
settings.yaml: | settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean headerStyle: clean
hideVersion: true hideVersion: true
color: zinc color: zinc
background: background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
brightness: 50 brightness: 50
theme: dark theme: dark
disableCollapse: true disableCollapse: true
widgets.yaml: | widgets.yaml: |
- logo: - logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- datetime: - datetime:
text_size: xl text_size: xl
format: format:
@@ -68,20 +68,14 @@ homepage:
href: https://gitea.alexlebens.dev href: https://gitea.alexlebens.dev
siteMonitor: https://gitea.alexlebens.dev siteMonitor: https://gitea.alexlebens.dev
statusStyle: dot statusStyle: dot
- Code:
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- Site: - Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
description: Profile Website description: Profile Website
href: https://www.alexlebens.dev href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev siteMonitor: https://www.alexlebens.dev
statusStyle: dot statusStyle: dot
- Content Management: - Content Management:
icon: directus.png icon: sh-directus.webp
description: Directus description: Directus
href: https://directus.alexlebens.dev href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev siteMonitor: https://directus.alexlebens.dev

2
clusters/cl01tl/applications/homepage/Chart.yaml
View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template - name: app-template
alias: homepage alias: homepage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
appVersion: v1.2.0 appVersion: v1.2.0

16
clusters/cl01tl/applications/homepage/templates/service.yaml
View File

@@ -28,19 +28,3 @@ metadata:
spec: spec:
externalName: placeholder externalName: placeholder
type: ExternalName type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

118
clusters/cl01tl/applications/homepage/values.yaml
View File

@@ -15,7 +15,7 @@ homepage:
main: main:
image: image:
repository: ghcr.io/gethomepage/homepage repository: ghcr.io/gethomepage/homepage
tag: v1.5.0 tag: v1.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: HOMEPAGE_ALLOWED_HOSTS - name: HOMEPAGE_ALLOWED_HOSTS
@@ -39,12 +39,12 @@ homepage:
kubernetes.yaml: | kubernetes.yaml: |
mode: cluster mode: cluster
settings.yaml: | settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean headerStyle: clean
hideVersion: true hideVersion: true
color: zinc color: zinc
background: background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
brightness: 50 brightness: 50
theme: dark theme: dark
disableCollapse: true disableCollapse: true
@@ -61,9 +61,6 @@ homepage:
- Code: - Code:
tab: Tools tab: Tools
icon: mdi-code-block-braces-#ffffff icon: mdi-code-block-braces-#ffffff
- Automation:
tab: Tools
icon: mdi-wrench-#ffffff
- Monitoring: - Monitoring:
tab: Tools tab: Tools
icon: mdi-chart-line-#ffffff icon: mdi-chart-line-#ffffff
@@ -99,7 +96,7 @@ homepage:
icon: mdi-cloud-#ffffff icon: mdi-cloud-#ffffff
widgets.yaml: | widgets.yaml: |
- logo: - logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- kubernetes: - kubernetes:
cluster: cluster:
show: true show: true
@@ -132,21 +129,21 @@ homepage:
href: https://plex.alexlebens.net href: https://plex.alexlebens.net
siteMonitor: http://plex.plex:32400 siteMonitor: http://plex.plex:32400
statusStyle: dot statusStyle: dot
- Jellyfin:
icon: sh-jellyfin.webp
description: Media server
href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Media Requests: - Media Requests:
icon: sh-overseerr.webp icon: sh-overseerr.webp
description: Overseer description: Overseer
href: https://overseerr.alexlebens.net href: https://overseerr.alexlebens.net
siteMonitor: http://overseerr.overseerr:80 siteMonitor: http://overseerr.overseerr:80
statusStyle: dot statusStyle: dot
- Media Tracking: - Jellyfin:
icon: sh-jellyfin.webp
description: Media server
href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Yamtrack:
icon: sh-yamtrack.webp icon: sh-yamtrack.webp
description: Yamtrack description: Watched Media Tracking
href: https://yamtrack.alexlebens.net href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80 siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot statusStyle: dot
@@ -182,7 +179,7 @@ homepage:
statusStyle: dot statusStyle: dot
- Public: - Public:
- Site: - Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
description: Profile Website description: Profile Website
href: https://www.alexlebens.dev href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev siteMonitor: https://www.alexlebens.dev
@@ -242,6 +239,12 @@ homepage:
href: https://actual.alexlebens.net href: https://actual.alexlebens.net
siteMonitor: http://actual.actual:80 siteMonitor: http://actual.actual:80
statusStyle: dot statusStyle: dot
- Project Management:
icon: sh-eigenfocus.webp
description: Eigenfocus
href: https://eigenfocus.alexlebens.net
siteMonitor: http://eigenfocus.eigenfocus:80
statusStyle: dot
- AI: - AI:
icon: sh-ollama.webp icon: sh-ollama.webp
description: Ollama description: Ollama
@@ -288,8 +291,8 @@ homepage:
- Code (ps10rp): - Code (ps10rp):
icon: sh-gitea.webp icon: sh-gitea.webp
description: Gitea description: Gitea
href: https://gitea-ps10rp.boreal-beaufort.ts.net href: https://gitea.lebens-home.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net siteMonitor: https://gitea.lebens-home.net
statusStyle: dot statusStyle: dot
- IDE (Public): - IDE (Public):
icon: sh-visual-studio-code.webp icon: sh-visual-studio-code.webp
@@ -309,43 +312,21 @@ homepage:
href: https://argocd.alexlebens.net href: https://argocd.alexlebens.net
siteMonitor: http://argocd-server.argocd:80 siteMonitor: http://argocd-server.argocd:80
statusStyle: dot statusStyle: dot
- Docker Deployment: namespace: argocd
icon: sh-komodo-light.webp - Workflows:
description: Komodo
href: https://komodo.alexlebens.net
siteMonitor: http://komodo-main.komodo:80
statusStyle: dot
- Automation:
- Deployment Workflows:
icon: sh-argo-cd.webp icon: sh-argo-cd.webp
description: Argo Workflows description: Argo Workflows
href: https://argo-workflows.alexlebens.net href: https://argo-workflows.alexlebens.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746 siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot statusStyle: dot
- API Workflows: namespace: argocd
icon: sh-n8n.webp - Deployment:
description: n8n icon: sh-komodo-light.webp
href: https://n8n.alexlebens.net description: Komodo
siteMonitor: http://n8n-main.n8n:80 href: https://komodo.alexlebens.net
statusStyle: dot siteMonitor: http://komodo.komodo:80
- Jobs:
icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png
description: Kronic
href: https://kronic.alexlebens.net
siteMonitor: http://kronic.kronic:80
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
href: https://gatus.alexlebens.net
siteMonitor: http://gatus.gatus:80
statusStyle: dot
- Tools:
icon: sh-omnitools.webp
description: OmniTools
href: https://omni-tools.alexlebens.net
siteMonitor: http://omni-tools.omni-tools:80
statusStyle: dot statusStyle: dot
namespace: komodo
- Monitoring: - Monitoring:
- Kubernetes: - Kubernetes:
icon: sh-headlamp.webp icon: sh-headlamp.webp
@@ -417,7 +398,7 @@ homepage:
siteMonitor: http://authentik-server.authentik:80 siteMonitor: http://authentik-server.authentik:80
statusStyle: dot statusStyle: dot
- Email: - Email:
icon: sh-stalwart.webp icon: sh-stalwart-mail-server.webp
description: Stalwart description: Stalwart
href: https://stalwart.alexlebens.net href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80 siteMonitor: http://stalwart.stalwart:80
@@ -479,12 +460,6 @@ homepage:
href: https://pikvm.alexlebens.net href: https://pikvm.alexlebens.net
siteMonitor: https://pikvm.alexlebens.net siteMonitor: https://pikvm.alexlebens.net
statusStyle: dot statusStyle: dot
- Server Plug:
icon: sh-shelly.webp
description: Shelly
href: http://it05sp.alexlebens.net
siteMonitor: http://it05sp.alexlebens.net
statusStyle: dot
- Storage: - Storage:
- Cluster Storage: - Cluster Storage:
icon: sh-ceph.webp icon: sh-ceph.webp
@@ -492,12 +467,6 @@ homepage:
href: https://ceph.alexlebens.net href: https://ceph.alexlebens.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000 siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot statusStyle: dot
- Remote Storage:
icon: sh-garage.webp
description: Garage
href: https://garage-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://garage-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- Database: - Database:
icon: sh-pgadmin-light.webp icon: sh-pgadmin-light.webp
description: PGAdmin description: PGAdmin
@@ -516,6 +485,18 @@ homepage:
href: https://vault.alexlebens.net href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200 siteMonitor: http://vault.vault:8200
statusStyle: dot statusStyle: dot
- Object Storage (Outline):
icon: sh-minio.webp
description: Minio Tenant
href: https://minio-outline.alexlebens.net
siteMonitor: http://minio-outline-console.outline:9090
statusStyle: dot
- Object Storage (Directus):
icon: sh-minio.webp
description: Minio Tenant
href: https://minio-directus.alexlebens.net
siteMonitor: http://minio-directus-console.directus:9090
statusStyle: dot
- TV Shows: - TV Shows:
- Sonarr: - Sonarr:
icon: sh-sonarr.webp icon: sh-sonarr.webp
@@ -627,11 +608,11 @@ homepage:
siteMonitor: http://slskd.slskd:5030 siteMonitor: http://slskd.slskd:5030
statusStyle: dot statusStyle: dot
- Services (Servarr): - Services (Servarr):
- qUI: - qBittorrent:
icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg icon: sh-qbittorrent.webp
description: qbitorrent description: P2P Downloads
href: https://qui.alexlebens.net href: https://qbittorrent.alexlebens.net
siteMonitor: http://qbittorrent-qui.qbittorrent:80 siteMonitor: http://qbittorrent.qbittorrent:8080
statusStyle: dot statusStyle: dot
widget: widget:
type: qbittorrent type: qbittorrent
@@ -688,6 +669,9 @@ homepage:
- Github: - Github:
- abbr: GH - abbr: GH
href: https://github.com/alexlebens href: https://github.com/alexlebens
- Renovate:
- abbr: RN
href: https://developer.mend.io/[platform]/alexlebens/infrastructure
- Digital Ocean: - Digital Ocean:
- abbr: DO - abbr: DO
href: https://www.digitalocean.com/ href: https://www.digitalocean.com/

2
clusters/cl01tl/applications/huntarr/Chart.yaml
View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template - name: app-template
alias: huntarr alias: huntarr
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png
appVersion: 7.0.0 appVersion: 7.0.0

4
clusters/cl01tl/applications/huntarr/values.yaml
View File

@@ -9,7 +9,7 @@ huntarr:
main: main:
image: image:
repository: ghcr.io/plexguide/huntarr repository: ghcr.io/plexguide/huntarr
tag: 8.2.10 tag: 7.1.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -31,7 +31,7 @@ huntarr:
forceRename: huntarr-config forceRename: huntarr-config
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 1Gi
advancedMounts: advancedMounts:
main: main:
main: main:

13
clusters/cl01tl/applications/immich/Chart.yaml
View File

@@ -8,8 +8,10 @@ keywords:
home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae
sources: sources:
- https://github.com/immich-app/immich - https://github.com/immich-app/immich
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -17,10 +19,13 @@ dependencies:
- name: app-template - name: app-template
alias: immich alias: immich
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: valkey
version: 3.0.9
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-16-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
appVersion: v2.0.1 appVersion: v1.132.3

34
clusters/cl01tl/applications/immich/templates/external-secrets.yaml
View File

@@ -24,10 +24,10 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: immich-postgresql-17-cluster-backup-secret name: immich-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -49,33 +49,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: immich-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

32
clusters/cl01tl/applications/immich/templates/redis-replication.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-immich
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

21
clusters/cl01tl/applications/immich/templates/service-monitor.yaml
View File

@@ -21,24 +21,3 @@ spec:
interval: 3m interval: 3m
scrapeTimeout: 1m scrapeTimeout: 1m
path: /metrics path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-immich
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

97
clusters/cl01tl/applications/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-server repository: ghcr.io/immich-app/immich-server
tag: v2.1.0 tag: v1.133.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,33 +21,33 @@ immich:
- name: IMMICH_MACHINE_LEARNING_URL - name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning.immich:3003 value: http://immich-machine-learning.immich:3003
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: redis-replication-immich-master value: immich-valkey-primary
- name: DB_VECTOR_EXTENSION - name: DB_VECTOR_EXTENSION
value: vectorchord value: pgvecto.rs
- name: DB_HOSTNAME - name: DB_HOSTNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-postgresql-17-cluster-app name: immich-postgresql-16-cluster-app
key: host key: host
- name: DB_DATABASE_NAME - name: DB_DATABASE_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-postgresql-17-cluster-app name: immich-postgresql-16-cluster-app
key: dbname key: dbname
- name: DB_PORT - name: DB_PORT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-postgresql-17-cluster-app name: immich-postgresql-16-cluster-app
key: port key: port
- name: DB_USERNAME - name: DB_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-postgresql-17-cluster-app name: immich-postgresql-16-cluster-app
key: user key: user
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: immich-postgresql-17-cluster-app name: immich-postgresql-16-cluster-app
key: password key: password
probes: probes:
liveness: liveness:
@@ -99,7 +99,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-machine-learning repository: ghcr.io/immich-app/immich-machine-learning
tag: v2.1.0 tag: v1.132.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TRANSFORMERS_CACHE - name: TRANSFORMERS_CACHE
@@ -188,16 +188,48 @@ immich:
main: main:
- path: /usr/src/app/upload - path: /usr/src/app/upload
readOnly: false readOnly: false
postgres-17-cluster: valkey:
architecture: replication
auth:
enabled: false
usePasswordFiles: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
replica:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
postgres-16-cluster:
# Tensorchord
#--- https://github.com/immich-app/immich/discussions/9060
#--- https://docs.pgvecto.rs/admin/kubernetes.html
#--- https://github.com/tensorchord/cloudnative-pgvecto.rs
#--- https://github.com/immich-app/immich/discussions/17025
type: tensorchord
mode: recovery mode: recovery
cluster: cluster:
image: image:
repository: ghcr.io/tensorchord/cloudnative-vectorchord repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: 17.5-0.4.3 tag: 16.3-v0.2.1
storage: storage:
storageClass: local-path storageClass: local-path
walStorage: walStorage:
storageClass: local-path storageClass: local-path
resources:
requests:
memory: 384Mi
cpu: 200m
monitoring: monitoring:
enabled: true enabled: true
prometheusRule: prometheusRule:
@@ -205,41 +237,16 @@ postgres-17-cluster:
postgresql: postgresql:
parameters: parameters:
shared_buffers: 256MB shared_buffers: 256MB
shared_preload_libraries:
- "vchord.so"
initdb:
postInitSQL:
- CREATE EXTENSION IF NOT EXISTS "vector";
- CREATE EXTENSION IF NOT EXISTS "vchord" CASCADE;
- CREATE EXTENSION IF NOT EXISTS "cube" CASCADE;
- CREATE EXTENSION IF NOT EXISTS "earthdistance" CASCADE;
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster
index: 2 endpointCredentials: immich-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster
index: 2 endpointCredentials: immich-postgresql-16-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 2
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: immich-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 4 4 * * SAT"
# backupName: garage

2
clusters/cl01tl/applications/jellyfin/Chart.yaml
View File

@@ -20,6 +20,6 @@ dependencies:
- name: app-template - name: app-template
alias: jellyfin alias: jellyfin
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
appVersion: 10.10.7 appVersion: 10.10.7

2
clusters/cl01tl/applications/jellyfin/values.yaml
View File

@@ -9,7 +9,7 @@ jellyfin:
main: main:
image: image:
repository: ghcr.io/jellyfin/jellyfin repository: ghcr.io/jellyfin/jellyfin
tag: 10.11.0 tag: 10.10.7
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

4
clusters/cl01tl/applications/jellystat/Chart.yaml
View File

@@ -18,10 +18,10 @@ dependencies:
- name: app-template - name: app-template
alias: jellystat alias: jellystat
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
appVersion: 1.1.6 appVersion: 1.1.6

30
clusters/cl01tl/applications/jellystat/templates/external-secret.yaml
View File

@@ -120,33 +120,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: jellystat-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

36
clusters/cl01tl/applications/jellystat/values.yaml
View File

@@ -79,7 +79,7 @@ jellystat:
- path: /app/backend/backup-data - path: /app/backend/backup-data
readOnly: false readOnly: false
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -92,30 +92,14 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
index: 1 endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
index: 1 endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 2
isWALArchiver: true retentionPolicy: "7d"
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 6 4 * * SAT"
# backupName: garage

11
clusters/cl01tl/applications/karakeep/templates/object-bucket-claim.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-karakeep
labels:
app.kubernetes.io/name: ceph-bucket-karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-karakeep
storageClassName: ceph-bucket

23
clusters/cl01tl/applications/karakeep/templates/service-monitor.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: karakeep
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /api/metrics
authorization:
credentials:
key: prometheus-token
name: karakeep-key-secret
selector:
matchLabels:
app.kubernetes.io/name: karakeep
app.kubernetes.io/instance: {{ .Release.Name }}

2
clusters/cl01tl/applications/kiwix/Chart.yaml
View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template - name: app-template
alias: kiwix alias: kiwix
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png
appVersion: 3.7.0 appVersion: 3.7.0

2
clusters/cl01tl/applications/libation/Chart.yaml
View File

@@ -17,6 +17,6 @@ dependencies:
- name: app-template - name: app-template
alias: libation alias: libation
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
appVersion: 12.4.3 appVersion: 12.4.3

4
clusters/cl01tl/applications/libation/values.yaml
View File

@@ -6,7 +6,7 @@ libation:
suspend: false suspend: false
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
timeZone: US/Central timeZone: US/Central
schedule: "30 4 * * *" schedule: "0 * * * *"
startingDeadlineSeconds: 90 startingDeadlineSeconds: 90
successfulJobsHistory: 3 successfulJobsHistory: 3
failedJobsHistory: 3 failedJobsHistory: 3
@@ -16,7 +16,7 @@ libation:
main: main:
image: image:
repository: rmcrackan/libation repository: rmcrackan/libation
tag: 12.5.6 tag: 12.4.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SLEEP_TIME - name: SLEEP_TIME

6
clusters/cl01tl/applications/lidarr/Chart.yaml
View File

@@ -21,10 +21,10 @@ dependencies:
- name: app-template - name: app-template
alias: lidarr alias: lidarr
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
appVersion: 2.13.3 appVersion: 2.11.2

30
clusters/cl01tl/applications/lidarr/templates/external-secret.yaml
View File

@@ -83,33 +83,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: lidarr-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

49
clusters/cl01tl/applications/lidarr/values.yaml
View File

@@ -15,7 +15,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 2.14.5@sha256:5f58fcb45a15cb33ef153f74b14c724ba073553afdc9b078e7701f15b7ce1433 tag: 2.11.2@sha256:e01a6968d2c58f04278a67da9690e62b0cba07f5dbacb03b0cfbf195940f94a7
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -31,7 +31,7 @@ lidarr:
metrics: metrics:
image: image:
repository: ghcr.io/onedr0p/exportarr repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0 tag: v2.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: ["lidarr"] args: ["lidarr"]
env: env:
@@ -85,20 +85,21 @@ lidarr:
readOnly: false readOnly: false
postgres-17-cluster: postgres-17-cluster:
nameOverride: lidarr2-postgresql-17 nameOverride: lidarr2-postgresql-17
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
walStorage: walStorage:
storageClass: local-path storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
resources: resources:
requests: requests:
memory: 1Gi memory: 1Gi
cpu: 200m cpu: 200m
monitoring:
enabled: true
prometheusRule:
enabled: true
bootstrap:
initdb: initdb:
postInitSQL: postInitSQL:
- CREATE DATABASE "lidarr-main" OWNER "app"; - CREATE DATABASE "lidarr-main" OWNER "app";
@@ -106,32 +107,14 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster
index: 1
endpointCredentials: lidarr-postgresql-17-cluster-backup-secret endpointCredentials: lidarr-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster
index: 1 endpointCredentials: lidarr-postgresql-17-cluster-backup-secret
endpointCredentials: lidarr-postgresql-17-cluster-backup-secret backupIndex: 3
retentionPolicy: "1d" retentionPolicy: "7d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/lidarr/lidarr2-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: lidarr-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 */12 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 8 4 * * SAT"
# backupName: garage

2
clusters/cl01tl/applications/lidatube/Chart.yaml
View File

@@ -17,6 +17,6 @@ dependencies:
- name: app-template - name: app-template
alias: lidatube alias: lidatube
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png
appVersion: 0.2.22 appVersion: 0.2.22

2
clusters/cl01tl/applications/lidatube/values.yaml
View File

@@ -13,7 +13,7 @@ lidatube:
main: main:
image: image:
repository: thewicklowwolf/lidatube repository: thewicklowwolf/lidatube
tag: 0.2.40 tag: 0.2.22
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUID - name: PUID

20
clusters/cl01tl/applications/omni-tools/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: omni-tools
version: 1.0.0
description: OmniTools
keywords:
- omni-tools
home: https://wiki.alexlebens.dev/s/8820cd36-dcf6-4ddf-8b2f-584271628a54
sources:
- https://github.com/iib0011/omni-tools
- https://hub.docker.com/r/iib0011/omni-tools
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: omni-tools
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/omnitools.png
appVersion: 0.4.0

25
clusters/cl01tl/applications/omni-tools/values.yaml
View File

@@ -1,25 +0,0 @@
omni-tools:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: iib0011/omni-tools
tag: 0.6.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 512Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: HTTP

21
clusters/cl01tl/applications/outline/Chart.yaml
View File

@@ -9,10 +9,14 @@ keywords:
home: https://wiki.alexlebens.dev/s/c530c2b9-82b7-44df-b7ef-870c8b29242f home: https://wiki.alexlebens.dev/s/c530c2b9-82b7-44df-b7ef-870c8b29242f
sources: sources:
- https://github.com/outline/outline - https://github.com/outline/outline
- https://github.com/minio/operator
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/outlinewiki/outline - https://hub.docker.com/r/outlinewiki/outline
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/minio/operator/tree/master/helm/tenant
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
@@ -21,14 +25,25 @@ dependencies:
- name: app-template - name: app-template
alias: outline alias: outline
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: tenant
alias: minio
version: 7.1.1
repository: https://operator.min.io/
- name: valkey
version: 3.0.9
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: cloudflared - name: cloudflared
alias: cloudflared-outline alias: cloudflared-outline
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
- name: cloudflared
alias: cloudflared-minio
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
appVersion: 0.84.0 appVersion: 0.84.0

129
clusters/cl01tl/applications/outline/templates/external-secret.yaml
View File

@@ -57,6 +57,82 @@ spec:
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: outline-minio-user-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-user-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/auth
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: outline-minio-root-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-root-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: outline-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/config
metadataPolicy: None
property: config.env
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -80,6 +156,29 @@ spec:
metadataPolicy: None metadataPolicy: None
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: outline-minio-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-minio-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/outline-minio
metadataPolicy: None
property: token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -109,33 +208,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: outline-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

10
clusters/cl01tl/applications/omni-tools/templates/http-route.yaml → clusters/cl01tl/applications/outline/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: http-route-omni-tools name: http-route-outline-minio
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: http-route-omni-tools app.kubernetes.io/name: http-route-outline-minio
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,7 +14,7 @@ spec:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- omni-tools.alexlebens.net - minio-outline.alexlebens.net
rules: rules:
- matches: - matches:
- path: - path:
@@ -23,6 +23,6 @@ spec:
backendRefs: backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: omni-tools name: minio-outline-console
port: 80 port: 9090
weight: 100 weight: 100

30
clusters/cl01tl/applications/outline/templates/object-bucket-claim.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-outline
labels:
app.kubernetes.io/name: ceph-bucket-outline
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-outline
storageClassName: ceph-bucket
additionalConfig:
bucketPolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor",
"Effect": "Allow",
"Action": [
"s3:GetObjectAcl",
"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::bucket-outline-630c57e0-d475-4d78-926c-c1c082291d73/*"
}
]
}

32
clusters/cl01tl/applications/outline/templates/redis-replication.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-outline
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-outline
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

19
clusters/cl01tl/applications/outline/templates/service-monitor.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-outline
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-outline
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

103
clusters/cl01tl/applications/outline/values.yaml
View File

@@ -9,7 +9,7 @@ outline:
main: main:
image: image:
repository: outlinewiki/outline repository: outlinewiki/outline
tag: 0.87.4 tag: 0.84.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: NODE_ENV - name: NODE_ENV
@@ -64,30 +64,29 @@ outline:
- name: PGSSLMODE - name: PGSSLMODE
value: disable value: disable
- name: REDIS_URL - name: REDIS_URL
value: redis://redis-replication-outline-master.outline:6379 value: redis://outline-valkey-primary.outline:6379
- name: FILE_STORAGE - name: FILE_STORAGE
value: s3 value: s3
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ceph-bucket-outline name: outline-minio-user-secret
key: AWS_ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: ceph-bucket-outline name: outline-minio-user-secret
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION - name: AWS_REGION
value: us-east-1 value: us-east-1
- name: AWS_S3_UPLOAD_BUCKET_NAME - name: AWS_S3_UPLOAD_BUCKET_NAME
valueFrom: value: outline
configMapKeyRef:
name: ceph-bucket-outline
key: BUCKET_NAME
- name: AWS_S3_UPLOAD_BUCKET_URL - name: AWS_S3_UPLOAD_BUCKET_URL
value: https://objects.alexlebens.dev value: https://outline-storage.alexlebens.dev/outline
- name: AWS_S3_ACCELERATE_URL
value: https://outline-storage.alexlebens.dev/outline
- name: AWS_S3_FORCE_PATH_STYLE - name: AWS_S3_FORCE_PATH_STYLE
value: true value: false
- name: AWS_S3_ACL - name: AWS_S3_ACL
value: private value: private
- name: FILE_STORAGE_UPLOAD_MAX_SIZE - name: FILE_STORAGE_UPLOAD_MAX_SIZE
@@ -142,11 +141,60 @@ outline:
port: 3000 port: 3000
targetPort: 3000 targetPort: 3000
protocol: HTTP protocol: HTTP
minio:
existingSecret:
name: outline-minio-root-secret
tenant:
name: minio-outline
configSecret:
name: outline-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: false
valkey:
architecture: replication
auth:
enabled: false
usePasswordFiles: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
replica:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
cloudflared-outline: cloudflared-outline:
existingSecretName: outline-cloudflared-secret existingSecretName: outline-cloudflared-secret
name: cloudflared-outline name: cloudflared-outline
cloudflared-minio:
existingSecretName: outline-minio-cloudflared-secret
name: cloudflared-minio
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -159,30 +207,13 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
index: 1 endpointCredentials: outline-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
index: 1 endpointCredentials: outline-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 2
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: outline-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 10 4 * * SAT"
# backupName: garage

2
clusters/cl01tl/applications/overseerr/Chart.yaml
View File

@@ -16,6 +16,6 @@ maintainers:
dependencies: dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png
appVersion: 1.34.0 appVersion: 1.34.0

4
clusters/cl01tl/applications/photoview/Chart.yaml
View File

@@ -17,10 +17,10 @@ dependencies:
- name: app-template - name: app-template
alias: photoview alias: photoview
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
appVersion: 2.4.0 appVersion: 2.4.0

30
clusters/cl01tl/applications/photoview/templates/external-secrets.yaml
View File

@@ -26,33 +26,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: photoview-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

36
clusters/cl01tl/applications/photoview/values.yaml
View File

@@ -73,7 +73,7 @@ photoview:
- path: /photos - path: /photos
readOnly: true readOnly: true
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -86,30 +86,14 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster
index: 1 endpointCredentials: photoview-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster
index: 1 endpointCredentials: photoview-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 3
isWALArchiver: true retentionPolicy: "7d"
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/photoview/photoview-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: photoview-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 12 4 * * SAT"
# backupName: garage

2
clusters/cl01tl/applications/plex/Chart.yaml
View File

@@ -21,6 +21,6 @@ dependencies:
- name: app-template - name: app-template
alias: plex alias: plex
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
appVersion: 1.41.6 appVersion: 1.41.6

2
clusters/cl01tl/applications/plex/values.yaml
View File

@@ -9,7 +9,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.42.2@sha256:b13c1a01150225d88085214dc3deabb41985fa5427766c0126c84780d156b9a9 tag: 1.41.7@sha256:fad37d3811bbd089f95886cd14768addf009648a4913a01ea3db0a623e633025
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

11
clusters/cl01tl/applications/postiz/Chart.yaml
View File

@@ -8,10 +8,12 @@ keywords:
home: https://wiki.alexlebens.dev/s/f483a06b-860b-423c-8d51-a1ce82e0fd43 home: https://wiki.alexlebens.dev/s/f483a06b-860b-423c-8d51-a1ce82e0fd43
sources: sources:
- https://github.com/gitroomhq/postiz-app - https://github.com/gitroomhq/postiz-app
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app - https://github.com/gitroomhq/postiz-app/pkgs/container/postiz-app
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers: maintainers:
@@ -20,13 +22,16 @@ dependencies:
- name: app-template - name: app-template
alias: postiz alias: postiz
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: valkey
version: 3.0.9
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
appVersion: v1.43.3 appVersion: v1.43.3

52
clusters/cl01tl/applications/postiz/templates/external-secret.yaml
View File

@@ -24,10 +24,10 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: postiz-redis-config name: postiz-valkey-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: postiz-redis-config app.kubernetes.io/name: postiz-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -35,27 +35,27 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: REDIS_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/postiz/redis
metadataPolicy: None
property: REDIS_URL
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/postiz/redis key: /cl01tl/postiz/valkey
metadataPolicy: None metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/postiz/redis key: /cl01tl/postiz/valkey
metadataPolicy: None metadataPolicy: None
property: password property: password
- secretKey: REDIS_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/postiz/valkey
metadataPolicy: None
property: REDIS_URL
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -253,33 +253,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

35
clusters/cl01tl/applications/postiz/templates/redis-replication.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-postiz
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-postiz
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
redisSecret:
name: postiz-redis-config
key: password
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

19
clusters/cl01tl/applications/postiz/templates/service-monitor.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-postiz
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-postiz
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

67
clusters/cl01tl/applications/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main: main:
image: image:
repository: ghcr.io/gitroomhq/postiz-app repository: ghcr.io/gitroomhq/postiz-app
tag: v2.7.0 tag: v1.43.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MAIN_URL - name: MAIN_URL
@@ -31,12 +31,12 @@ postiz:
- name: REDIS_URL - name: REDIS_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postiz-redis-config name: postiz-valkey-config
key: REDIS_URL key: REDIS_URL
- name: BACKEND_INTERNAL_URL - name: BACKEND_INTERNAL_URL
value: http://localhost:3000 value: http://localhost:3000
- name: IS_GENERAL - name: IS_GENERAL
value: "true" value: 'true'
- name: STORAGE_PROVIDER - name: STORAGE_PROVIDER
value: local value: local
- name: UPLOAD_DIRECTORY - name: UPLOAD_DIRECTORY
@@ -48,7 +48,7 @@ postiz:
- name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL - name: NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL
value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
- name: POSTIZ_GENERIC_OAUTH - name: POSTIZ_GENERIC_OAUTH
value: "true" value: 'true'
- name: POSTIZ_OAUTH_URL - name: POSTIZ_OAUTH_URL
value: https://auth.alexlebens.dev value: https://auth.alexlebens.dev
- name: POSTIZ_OAUTH_AUTH_URL - name: POSTIZ_OAUTH_AUTH_URL
@@ -102,11 +102,35 @@ postiz:
main: main:
- path: /uploads - path: /uploads
readOnly: false readOnly: false
valkey:
architecture: replication
auth:
enabled: true
existingSecret: postiz-valkey-config
existingSecretPasswordKey: password
usePasswordFiles: false
primary:
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
replica:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 64Mi
persistence:
enabled: true
size: 1Gi
cloudflared: cloudflared:
name: cloudflared-postiz name: cloudflared-postiz
existingSecretName: postiz-cloudflared-secret existingSecretName: postiz-cloudflared-secret
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -119,30 +143,13 @@ postgres-17-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster
index: 2 endpointCredentials: postiz-postgresql-17-cluster-backup-secret
recoveryIndex: 1
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/postiz/postiz-postgresql-17-cluster
index: 2 endpointCredentials: postiz-postgresql-17-cluster-backup-secret
retentionPolicy: "2d" backupIndex: 1
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/postiz/postiz-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: postiz-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 14 4 * * SAT"
# backupName: garage

2
clusters/cl01tl/applications/prowlarr/Chart.yaml
View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template - name: app-template
alias: prowlarr alias: prowlarr
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
appVersion: 1.35.1 appVersion: 1.35.1

2
clusters/cl01tl/applications/prowlarr/values.yaml
View File

@@ -20,7 +20,7 @@ prowlarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/prowlarr repository: ghcr.io/linuxserver/prowlarr
tag: 2.0.5@sha256:608935c38763920b25622a3d404bb14ea08fcaa7c2a9b1c93ce9bac61ad4b11d tag: 1.35.1@sha256:c63b71155541de52a9e60ba13fd10824a59f649812ca18701509b7b804a5253a
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

4
clusters/cl01tl/applications/radarr-4k/Chart.yaml
View File

@@ -24,10 +24,10 @@ dependencies:
- name: app-template - name: app-template
alias: radarr-4k alias: radarr-4k
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
appVersion: 5.22.4 appVersion: 5.22.4

30
clusters/cl01tl/applications/radarr-4k/templates/external-secret.yaml
View File

@@ -83,33 +83,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: radarr-4k-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-4k-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

47
clusters/cl01tl/applications/radarr-4k/values.yaml
View File

@@ -15,7 +15,7 @@ radarr-4k:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 5.28.0@sha256:fae2aafa6ecace3524fc79d102f5bfd25fb151caed6a454cee46479236ac33bf tag: 5.23.3@sha256:532749cc71739130720c9d1cd8b8fbec204f6c8bd94fd633fccb4b566a672a55
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -31,7 +31,7 @@ radarr-4k:
metrics: metrics:
image: image:
repository: ghcr.io/onedr0p/exportarr repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0 tag: v2.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: ["radarr"] args: ["radarr"]
env: env:
@@ -85,7 +85,7 @@ radarr-4k:
readOnly: false readOnly: false
postgres-17-cluster: postgres-17-cluster:
nameOverride: radarr5-4k-postgresql-17 nameOverride: radarr5-4k-postgresql-17
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -95,43 +95,24 @@ postgres-17-cluster:
enabled: true enabled: true
prometheusRule: prometheusRule:
enabled: true enabled: true
resources: bootstrap:
requests:
memory: 1Gi
cpu: 200m
initdb: initdb:
database: app
owner: app
postInitSQL: postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app"; - CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app"; - CREATE DATABASE "radarr-log" OWNER "app";
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster
index: 1
endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-4k/radarr5-4k-postgresql-17-cluster
index: 1 endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret
endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret backupIndex: 3
retentionPolicy: "2d" retentionPolicy: "7d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/radarr-4k/radarr5-4k-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: radarr-4k-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 18 4 * * SAT"
# backupName: garage

4
clusters/cl01tl/applications/radarr-anime/Chart.yaml
View File

@@ -24,10 +24,10 @@ dependencies:
- name: app-template - name: app-template
alias: radarr-anime alias: radarr-anime
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
appVersion: 5.22.4 appVersion: 5.22.4

30
clusters/cl01tl/applications/radarr-anime/templates/external-secret.yaml
View File

@@ -83,33 +83,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: radarr-anime-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-anime-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

43
clusters/cl01tl/applications/radarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ radarr-anime:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 5.28.0@sha256:fae2aafa6ecace3524fc79d102f5bfd25fb151caed6a454cee46479236ac33bf tag: 5.23.3@sha256:532749cc71739130720c9d1cd8b8fbec204f6c8bd94fd633fccb4b566a672a55
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -29,7 +29,7 @@ radarr-anime:
metrics: metrics:
image: image:
repository: ghcr.io/onedr0p/exportarr repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0 tag: v2.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: ["radarr"] args: ["radarr"]
env: env:
@@ -83,7 +83,7 @@ radarr-anime:
readOnly: false readOnly: false
postgres-17-cluster: postgres-17-cluster:
nameOverride: radarr5-anime-postgresql-17 nameOverride: radarr5-anime-postgresql-17
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -93,39 +93,24 @@ postgres-17-cluster:
enabled: true enabled: true
prometheusRule: prometheusRule:
enabled: true enabled: true
bootstrap:
initdb: initdb:
database: app
owner: app
postInitSQL: postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app"; - CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app"; - CREATE DATABASE "radarr-log" OWNER "app";
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster
index: 1
endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-anime/radarr5-anime-postgresql-17-cluster
index: 1 endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret
endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret backupIndex: 3
retentionPolicy: "2d" retentionPolicy: "7d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/radarr-anime/radarr5-anime-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: radarr-anime-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 20 4 * * SAT"
# backupName: garage

4
clusters/cl01tl/applications/radarr-standup/Chart.yaml
View File

@@ -23,10 +23,10 @@ dependencies:
- name: app-template - name: app-template
alias: radarr-standup alias: radarr-standup
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
appVersion: 5.22.4 appVersion: 5.22.4

30
clusters/cl01tl/applications/radarr-standup/templates/external-secret.yaml
View File

@@ -83,33 +83,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: radarr-standup-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-standup-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

43
clusters/cl01tl/applications/radarr-standup/values.yaml
View File

@@ -13,7 +13,7 @@ radarr-standup:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 5.28.0@sha256:fae2aafa6ecace3524fc79d102f5bfd25fb151caed6a454cee46479236ac33bf tag: 5.23.3@sha256:532749cc71739130720c9d1cd8b8fbec204f6c8bd94fd633fccb4b566a672a55
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -29,7 +29,7 @@ radarr-standup:
metrics: metrics:
image: image:
repository: ghcr.io/onedr0p/exportarr repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0 tag: v2.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: ["radarr"] args: ["radarr"]
env: env:
@@ -83,7 +83,7 @@ radarr-standup:
readOnly: false readOnly: false
postgres-17-cluster: postgres-17-cluster:
nameOverride: radarr5-standup-postgresql-17 nameOverride: radarr5-standup-postgresql-17
mode: recovery mode: standalone
cluster: cluster:
storage: storage:
storageClass: local-path storageClass: local-path
@@ -93,39 +93,24 @@ postgres-17-cluster:
enabled: true enabled: true
prometheusRule: prometheusRule:
enabled: true enabled: true
bootstrap:
initdb: initdb:
database: app
owner: app
postInitSQL: postInitSQL:
- CREATE DATABASE "radarr-main" OWNER "app"; - CREATE DATABASE "radarr-main" OWNER "app";
- CREATE DATABASE "radarr-log" OWNER "app"; - CREATE DATABASE "radarr-log" OWNER "app";
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster
index: 1
endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup: backup:
objectStore: enabled: true
- name: external endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/radarr5-standup/radarr5-standup-postgresql-17-cluster
index: 1 endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret
endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret backupIndex: 3
retentionPolicy: "2d" retentionPolicy: "7d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/radarr-standup/radarr5-standup-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: radarr-standup-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 22 4 * * SAT"
# backupName: garage

4
clusters/cl01tl/applications/radarr/Chart.yaml
View File

@@ -23,10 +23,10 @@ dependencies:
- name: app-template - name: app-template
alias: radarr alias: radarr
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 6.14.0 version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
appVersion: 5.22.4 appVersion: 5.22.4

30
clusters/cl01tl/applications/radarr/templates/external-secret.yaml
View File

@@ -83,33 +83,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: radarr-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: radarr-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

Some files were not shown because too many files have changed in this diff Show More