alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:tmp/refactor alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp
..
compare: alexlebens:5fc033f48f60713f2ca46508f33ff62e914fabcc
Branches Tags
alexlebens:tmp/refactor alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:main

1 Commits
main ... 5fc033f48f

Author SHA1 Message Date
Renovate Bot
5fc033f48f chore(deps): update ghcr.io/haveagitgat/tdarr_node docker tag to v2.64.02
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 39s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 41s
Details
render-manifests / render-manifests (pull_request) Successful in 45s
Details
2026-03-19 04:19:38 +00:00
118 changed files with 644 additions and 1057 deletions
Expand all files Collapse all files

8
.gitea/workflows/lint-test-docker.yaml
View File

@@ -21,14 +21,14 @@ jobs:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
- name: Set Up Node.js
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
uses: actions/setup-node@v6
with:
node-version: '24'
@@ -120,7 +120,7 @@ jobs:
echo "----"
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/lint-test-helm.yaml
View File

@@ -28,14 +28,14 @@ jobs:
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
- name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
@@ -232,7 +232,7 @@ jobs:
github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
@@ -257,7 +257,7 @@ jobs:
echo "----"
- name: Set Up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
cache: true
- name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'

18
.gitea/workflows/render-manifests.yaml
View File

@@ -31,32 +31,32 @@ jobs:
(github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps:
- name: Checkout Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set Up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -568,7 +568,7 @@ jobs:
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Updated
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Merged
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"

6
.gitea/workflows/renovate.yaml
View File

@@ -13,10 +13,10 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
container: ghcr.io/renovatebot/renovate:43
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
- name: Renovate
run: renovate
@@ -25,7 +25,7 @@ jobs:
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: debug
LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}

3
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Actual
keywords:
- actual
- budget
home: https://docs.alexlebens.dev/applications/actual/
home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e
sources:
- https://github.com/actualbudget/actual
- https://github.com/actualbudget/actual/pkgs/container/actual
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

18
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -4,18 +4,20 @@ actual:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
tag: 26.3.0
pullPolicy: IfNotPresent
env:
- name: ACTUAL_PORT
value: 5006
- name: TZ
value: US/Central
resources:
requests:
cpu: 25m
memory: 64Mi
cpu: 10m
memory: 128Mi
probes:
liveness:
enabled: true
@@ -52,8 +54,11 @@ actual:
- actual.alexlebens.net
rules:
- backendRefs:
- name: actual
- group: ''
kind: Service
name: actual
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -64,6 +69,7 @@ actual:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.5
version: 1.0.2
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:d0d7ebf1c0013d001aa2f17d04a6d3f3d7a1fa7d5c62792eef856b87c24eb26e
generated: "2026-03-20T20:48:30.830922259Z"
digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-15T20:04:18.080966008Z"

11
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -7,22 +7,21 @@ keywords:
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.5
version: 1.0.2
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
version: 2.4.20
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
@@ -30,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3
appVersion: v4.0.2

6
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client

28
clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argo-workflows
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argo-workflows-server
port: 2746
weight: 100

66
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -2,6 +2,8 @@ argo-workflows:
crds:
install: true
keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true
upgradeJob:
image:
@@ -11,6 +13,11 @@ argo-workflows:
metricsConfig:
enabled: true
persistence:
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
archive: true
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
@@ -25,34 +32,24 @@ argo-workflows:
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
workflowTTLWorkers: 1
podCleanupWorkers: 1
cronWorkflowWorkers: 1
resources:
requests:
cpu: 10m
memory: 32Mi
memory: 128Mi
serviceMonitor:
enabled: true
name: workflow-controller
workflowNamespaces:
- argocd
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
ingress:
enabled: false
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
@@ -69,15 +66,15 @@ argo-workflows:
- openid
- email
- profile
useStaticCredentials: true
artifactRepository:
archiveLogs: false
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 10m
memory: 32Mi
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
@@ -87,7 +84,7 @@ argo-events:
resources:
requests:
cpu: 10m
memory: 32Mi
memory: 128Mi
postgres-18-cluster:
mode: recovery
recovery:
@@ -101,9 +98,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.15
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-03-20T01:09:07.547016465Z"
version: 9.4.12
digest: sha256:2bea48f3d44a453b8cdc83c7a18f9e417116d300dfad9672bab4ac97cefa891d
generated: "2026-03-18T11:03:53.835514883Z"

6
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Argo CD
keywords:
- argo-cd
- delivery
- deployment
home: https://docs.alexlebens.dev/applications/argo-cd/
- gitops
home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f
sources:
- https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
@@ -13,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.15
version: 9.4.12
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

18
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: client
---
@@ -38,7 +44,10 @@ spec:
data:
- secretKey: ntfy-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
---
@@ -58,13 +67,22 @@ spec:
data:
- secretKey: type
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type
- secretKey: url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url
- secretKey: sshPrivateKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey

146
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -1,11 +1,12 @@
argo-cd:
crds:
install: true
keep: true
configs:
cm:
admin.enabled: true
accounts.homepage: apiKey
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net
statusbadge.url: https://argocd.alexlebens.net/
statusbadge.enabled: true
@@ -32,53 +33,12 @@ argo-cd:
g, homepage, role:readonly
controller:
replicas: 1
resources:
requests:
cpu: 15m
memory: 1Gi
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics:
enabled: true
serviceMonitor:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:
requests:
cpu: 10m
memory: 64Mi
metrics:
enabled: true
serviceMonitor:
@@ -89,57 +49,20 @@ argo-cd:
enabled: true
redis-ha:
enabled: true
image:
repository: redis
tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume:
enabled: true
redis:
resources:
requests:
cpu: 1000m
memory: 64Mi
haproxy:
enabled: true
image:
repository: haproxy
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources:
requests:
cpu: 10m
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
exporter:
enabled: true
image: ghcr.io/oliver006/redis_exporter
tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
interval: 30s
rules:
- alert: RedisPodDown
expr: |
redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
for: 5m
labels:
severity: critical
annotations:
description: Redis pod {{ "{{ $labels.pod }}" }} is down
summary: Redis pod {{ "{{ $labels.pod }}" }} is down
auth: false
redisSecretInit:
enabled: false
server:
replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
extensions:
enabled: true
extensionList:
- name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics:
enabled: true
serviceMonitor:
@@ -153,55 +76,30 @@ argo-cd:
namespace: traefik
hostnames:
- argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer:
replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics:
enabled: true
serviceMonitor:
enabled: true
applicationSet:
replicas: 2
resources:
requests:
cpu: 10m
memory: 64Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
enabled: true
notifications:
enabled: true
context:
argocdUrl: https://argocd.alexlebens.net
secret:
create: false
@@ -216,10 +114,6 @@ argo-cd:
headers:
- name: Authorization
value: Bearer $ntfy-token
resources:
requests:
cpu: 10m
memory: 64Mi
livenessProbe:
enabled: true
readinessProbe:

7
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -7,14 +7,11 @@ keywords:
- books
- podcasts
- audiobooks
home: https://docs.alexlebens.dev/applications/audiobookshelf/
home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7
sources:
- https://github.com/advplyr/audiobookshelf
- https://github.com/caronc/apprise
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -32,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.1
appVersion: 2.33.0

3
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: ntfy-url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url

26
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,25 +4,28 @@ audiobookshelf:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
tag: 2.33.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 128Mi
apprise-api:
image:
repository: ghcr.io/caronc/apprise
tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
repository: caronc/apprise
tag: v1.3.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PGID
value: "1000"
- name: PUID
@@ -38,6 +41,10 @@ audiobookshelf:
secretKeyRef:
name: audiobookshelf-apprise-config
key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -75,8 +82,11 @@ audiobookshelf:
- audiobookshelf.alexlebens.net
rules:
- backendRefs:
- name: audiobookshelf
- group: ''
kind: Service
name: audiobookshelf
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -87,6 +97,7 @@ audiobookshelf:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
@@ -97,6 +108,7 @@ audiobookshelf:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:

5
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -6,8 +6,10 @@ keywords:
- authentik
- sso
- oidc
- ldap
- idp
- authentication
home: https://docs.alexlebens.dev/applications/authentik/
home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
sources:
- https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
@@ -15,7 +17,6 @@ sources:
- https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:

3
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key
metadataPolicy: None
property: key

63
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -30,23 +30,8 @@ authentik:
redis:
host: authentik-valkey
server:
replicas: 2
resources:
requests:
cpu: 100m
memory: 700Mi
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: server
replicas: 1
metrics:
enabled: true
serviceMonitor:
@@ -54,6 +39,8 @@ authentik:
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames:
- authentik.alexlebens.net
parentRefs:
@@ -61,20 +48,21 @@ authentik:
kind: Gateway
name: traefik-gateway
namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker:
name: worker
replicas: 2
resources:
requests:
cpu: 100m
memory: 512Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
replicas: 1
prometheus:
rules:
enabled: true
postgresql:
enabled: false
redis:
enabled: false
postgres-18-cluster:
mode: recovery
recovery:
@@ -88,9 +76,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: backrest
keywords:
- backrest
- backup
home: https://docs.alexlebens.dev/applications/backrest/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/garethgeorge/backrest
- https://github.com/garethgeorge/backrest/pkgs/container/backrest
- https://hub.docker.com/r/garethgeorge/backrest
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

13
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -7,8 +7,8 @@ backrest:
containers:
main:
image:
repository: ghcr.io/garethgeorge/backrest
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0
repository: garethgeorge/backrest
tag: v1.12.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -24,7 +24,7 @@ backrest:
resources:
requests:
cpu: 10m
memory: 80Mi
memory: 256Mi
service:
main:
controller: main
@@ -45,8 +45,11 @@ backrest:
- backrest.alexlebens.net
rules:
- backendRefs:
- name: backrest
- group: ''
kind: Service
name: backrest
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -57,6 +60,7 @@ backrest:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
@@ -67,6 +71,7 @@ backrest:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

5
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -98,7 +98,7 @@ blocky:
traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23
cilium-cl01tl IN A 10.232.1.23
;; Application Names
@@ -117,7 +117,6 @@ blocky:
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
foldergram IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl
@@ -128,14 +127,12 @@ blocky:
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -4,14 +4,11 @@ version: 1.0.0
description: booklore
keywords:
- booklore
- grimmory
- books
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/booklore-app/BookLore
- https://github.com/grimmory-tools/grimmory
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
@@ -32,5 +29,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v2.3.0
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1

4
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -8,8 +8,8 @@ booklore:
containers:
main:
image:
repository: ghcr.io/grimmory-tools/grimmory
tag: v2.3.0
repository: ghcr.io/booklore-app/booklore
tag: v2.2.1
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.4.0
appVersion: 1.3.4

4
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.4.0
tag: 1.3.4
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.4.0
tag: 1.3.4
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]

6
clusters/cl01tl/helm/decluttarr/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
generated: "2026-02-23T22:08:42.516245-06:00"

20
clusters/cl01tl/helm/decluttarr/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: decluttarr
version: 1.0.0
description: decluttarr
keywords:
- decluttarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/ManiMatter/decluttarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: decluttarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
appVersion: v2.0.0

21
clusters/cl01tl/helm/decluttarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: decluttarr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: decluttarr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/decluttarr/config
metadataPolicy: None
property: config.yaml

32
clusters/cl01tl/helm/decluttarr/values.yaml Normal file
View File

@@ -0,0 +1,32 @@
decluttarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/manimatter/decluttarr
tag: v2.0.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
config:
enabled: true
type: secret
name: decluttarr-config-secret
advancedMounts:
main:
main:
- path: /app/config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml

22
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -34,7 +34,27 @@ eraser:
request:
cpu: 100m
memory: 128Mi
config: ""
config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
request:
cpu: 10m

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.2.0
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-20T20:53:08.407747649Z"
version: 2.1.0
digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-07T18:02:23.908145348Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 2.2.0
version: 2.1.0
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0
appVersion: v2.1.0

9
clusters/cl01tl/helm/foldergram/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
generated: "2026-03-22T12:42:43.150705-05:00"

25
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: foldergram
version: 1.0.0
description: Foldergram
keywords:
- foldergram
- pictures
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/foldergram/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: foldergram
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.5

17
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

87
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -1,87 +0,0 @@
foldergram:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.0.5
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original
- name: DERIVATIVE_MODE
value: lazy
- name: DATA_ROOT
value: ./data
- name: GALLERY_ROOT
value: /gallery
- name: CSRF_TRUSTED_ORIGINS
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- foldergram.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: foldergram
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: false
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery/pictures
readOnly: true
volsync-target-data:
pvcTarget: foldergram-data
local:
enabled: true
schedule: 46 11 * * *
remote:
enabled: true
schedule: 46 12 * * *
external:
enabled: true
schedule: 46 13 * * *

9
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -161,9 +161,6 @@ gatus:
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: foldergram
url: https://foldergram.alexlebens.net
<<: *defaults
- name: booklore
url: https://booklore.alexlebens.net
<<: *defaults
@@ -194,9 +191,6 @@ gatus:
- name: excalidraw
url: https://excalidraw.alexlebens.net
<<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults
@@ -310,9 +304,6 @@ gatus:
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: houndarr
url: https://houndarr.alexlebens.net
<<: *defaults
- name: sonarr
url: http://sonarr.sonarr:80
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
digest: sha256:36bf651c24198d299458046aaf449e9fb50942e1143389092a746357d402b731
generated: "2026-03-20T01:18:36.687250976Z"
version: 0.20.23
digest: sha256:1565d6e94921e2543bf4c302ddebb7504fbfd9113c976e4d297de18e9a0c06c6
generated: "2026-03-19T01:04:01.714112981Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
version: 0.20.23
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

19
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -377,6 +377,25 @@ spec:
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-trivy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-trivy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0
appVersion: v2.14.3

3
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -25,6 +25,9 @@ headlamp:
- name: cert-manager
source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
version: 0.1.0
- name: trivy
source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
version: 0.3.1
- name: external-secrets-operator
source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
version: 0.1.0-beta7

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.3
appVersion: 2026.3.2

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.3
tag: 2026.3.2
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

23
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -202,15 +202,9 @@ homepage:
href: https://photoview.alexlebens.net
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Pictures:
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
description: Foldergram
href: https://foldergram.alexlebens.net
siteMonitor: http://foldergram.foldergram:80
statusStyle: dot
- Books:
icon: sh-booklore.webp
description: Grimmory
description: Booklore
href: https://booklore.alexlebens.net
siteMonitor: http://booklore.booklore:80
statusStyle: dot
@@ -639,12 +633,6 @@ homepage:
href: https://bazarr.alexlebens.net
siteMonitor: http://bazarr.bazarr:80
statusStyle: dot
- Houndarr:
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
description: Media Searches
href: https://houndarr.alexlebens.net
siteMonitor: http://houndarr.houndarr:80
statusStyle: dot
- Tdarr:
icon: sh-tdarr.webp
description: Media transcoding and health checks
@@ -792,6 +780,9 @@ homepage:
- Digital Ocean:
- abbr: DO
href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare:
- abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
@@ -801,12 +792,12 @@ homepage:
- ProtonVPN:
- abbr: PV
href: https://account.protonvpn.com/
- AirVPN:
- abbr: AV
href: https://airvpn.org/
- Unifi:
- abbr: UF
href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha:
- abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587

9
clusters/cl01tl/helm/houndarr/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
generated: "2026-03-21T22:31:01.142752-05:00"

25
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: houndarr
version: 1.0.0
description: Houndarr
keywords:
- houndarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/av1155/houndarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: houndarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.1

84
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -1,84 +0,0 @@
houndarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.6.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: HOUNDARR_SECURE_COOKIES
value: true
- name: HOUNDARR_TRUSTED_PROXIES
value: 10.96.0.0/12
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8877
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- houndarr.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: houndarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: houndarr-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
main:
main:
- path: /data
readOnly: false
volsync-target-data:
pvcTarget: houndarr-data
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 40 11 * * *
remote:
enabled: true
schedule: 40 12 * * *
external:
enabled: true
schedule: 40 14 * * *

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.1
appVersion: v2.5.6

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.6.1
tag: v2.5.6
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.13.0
version: 82.11.0
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:1d90bebd9c0afd20f8ff780edd15da18b20f89cf35fd85832d6d8d44b2e0544b
generated: "2026-03-20T18:02:38.368086545Z"
digest: sha256:e32045eeb180e3658ea4141faa2a4ecf381181993e20ca9bb1e48bcf0b861d1c
generated: "2026-03-18T21:02:35.011295676Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.13.0
version: 82.11.0
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

9
clusters/cl01tl/helm/languagetool/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:cb14506ada77add5ffcb93d38763e2a5c962312e5754618265d15c4361fea783
generated: "2026-03-20T17:49:46.393059-05:00"

27
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: languagetool
version: 1.0.0
description: LanguageTool
keywords:
- languagetool
- spellchecking
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/languagetool-org/languagetool
- https://github.com/Erikvl87/docker-languagetool
- https://hub.docker.com/r/erikvl87/languagetool
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: languagetool
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

76
clusters/cl01tl/helm/languagetool/values.yaml
View File

@@ -1,76 +0,0 @@
languagetool:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: erikvl87/languagetool
tag: 6.7
pullPolicy: IfNotPresent
env:
- name: langtool_languageModel
value: /ngrams
- name: Java_Xms
value: 512m
- name: Java_Xmx
value: 1g
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8010
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- languagetool.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: languagetool
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: languagetool-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /ngrams
readOnly: false
volsync-target-data:
pvcTarget: languagetool-data
local:
enabled: true
schedule: 38 11 * * *
remote:
enabled: true
schedule: 38 12 * * *
external:
enabled: true
schedule: 38 14 * * *

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.2.3
appVersion: 0.2.2

2
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -9,7 +9,7 @@ medialyze:
main:
image:
repository: ghcr.io/frederikemmer/medialyze
tag: 0.2.3
tag: 0.2.2
pullPolicy: IfNotPresent
env:
- name: HOST_PORT

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,27 +60,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

134
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.5.0
tag: 2.4.6
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR
@@ -50,72 +50,72 @@ music-grabber:
requests:
cpu: 10m
memory: 512Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main

2
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -12,7 +12,7 @@ outline:
main:
image:
repository: outlinewiki/outline
tag: 1.6.1
tag: 1.6.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV

3
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -9,7 +9,7 @@ plex:
main:
image:
repository: ghcr.io/linuxserver/plex
tag: 1.43.0@sha256:a27f1ce1e1d14cd3627ed217f042bf8de0f796ed274fb27b2dc971ae22a64b95
tag: 1.43.0@sha256:84f8646e799f6636876ab4f283d9fc8f6c51d56098ea74cba82bfb85074b68df
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -26,7 +26,6 @@ plex:
service:
main:
controller: main
type: LoadBalancer
ports:
http:
port: 32400

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
# renovate: datasource=github-releases depName=gitroomhq/postiz-app
appVersion: v2.21.0
appVersion: v2.20.2

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main:
image:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.21.0
tag: v2.20.2
pullPolicy: IfNotPresent
env:
- name: MAIN_URL

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.0
digest: sha256:82e19c59373b1dd1a854a4e5699c7b864cfbb96e58a065f53ad76e64d7109cff
generated: "2026-03-19T22:02:57.659253727Z"
version: 27.0.1
digest: sha256:c66f0099390741388fce480670ce5f40f0e8459f3471a9f49da6f3f217c028a0
generated: "2026-03-17T20:57:34.001956235Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 28.0.0
version: 27.0.1
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,30 +16,23 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password
---
apiVersion: external-secrets.io/v1

25
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -64,29 +64,28 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
@@ -217,7 +216,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.15.0
tag: v1.14.1
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED

4
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -9,7 +9,7 @@ roundcube:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE

2
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -122,7 +122,7 @@ rybbit:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.2.5
tag: 26.2.4
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b6db575bb821d35279474090270db9e53e92432a66d19e7da51c0ef1b5ddb806
tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b6db575bb821d35279474090270db9e53e92432a66d19e7da51c0ef1b5ddb806
tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.2.1
appVersion: v1.2.0

2
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -9,7 +9,7 @@ shelfmark:
main:
image:
repository: ghcr.io/calibrain/shelfmark
tag: v1.2.1
tag: v1.2.0
pullPolicy: IfNotPresent
env:
- name: FLASK_PORT

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.5.0
tag: 0.3.0
pullPolicy: IfNotPresent
resources:
requests:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.15.1
tag: 3.15.0
pullPolicy: IfNotPresent
resources:
requests:

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,27 +62,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

21
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,7 +54,7 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -62,29 +62,26 @@ slskd:
secretKeyRef:
name: slskd-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.3
appVersion: v1.96.2

2
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -9,7 +9,7 @@ tdarr:
main:
image:
repository: ghcr.io/haveagitgat/tdarr
tag: 2.64.02
tag: 2.63.01
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/traefik/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: traefik
repository: https://traefik.github.io/charts
version: 39.0.6
version: 39.0.5
- name: traefik-crds
repository: https://traefik.github.io/charts
version: 1.15.0
digest: sha256:45b11c0cb1083daff76df3c90ecf7d73fc09979239bdc0f272d826fab92a3ba4
generated: "2026-03-20T20:50:42.131002257Z"
digest: sha256:8edf8d2dcabdba2c2b8d6a9508f001ba5ef4bec205423f864b92f2adedd73b60
generated: "2026-03-16T15:32:49.364653199Z"

4
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: traefik
version: 39.0.6
version: 39.0.5
repository: https://traefik.github.io/charts
- name: traefik-crds
version: 1.15.0
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.11
appVersion: v3.6.10

21
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -83,27 +83,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

10
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -53,7 +53,7 @@ tubearchivist:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -61,16 +61,16 @@ tubearchivist:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: addresses
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS

2
clusters/cl01tl/helm/unpoller/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
version: 4.6.2
icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67
# renovate: datasource=github-releases depName=unpoller/unpoller
appVersion: v2.35.0
appVersion: v2.34.0

2
clusters/cl01tl/helm/unpoller/values.yaml
View File

@@ -9,7 +9,7 @@ unpoller:
main:
image:
repository: ghcr.io/unpoller/unpoller
tag: v2.35.0
tag: v2.34.0
pullPolicy: IfNotPresent
env:
- name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS

2
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
# renovate: datasource=github-releases depName=clidey/whodb
appVersion: 0.100.0
appVersion: 0.99.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.100.0
tag: 0.99.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

21
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -16,27 +16,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

18
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -40,7 +40,11 @@ yubal:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# value: protonvpn
# - name: PUID
# value: "1000"
# - name: PGID
# value: "1000"
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
@@ -48,26 +52,22 @@ yubal:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# - name: UPDATER_PROTONVPN_EMAIL
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# key: proton-email
# - name: UPDATER_PROTONVPN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: addresses
# key: proton-password
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:

4
hosts/pd05wd/ollama/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-ollama:
image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
image: ghcr.io/tailscale/tailscale:latest
container_name: tailscale-ollama
cap_add:
- net_admin
@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
ollama:
image: ollama/ollama:latest@sha256:5a5d014aa774f78ebe1340c0d4afc2e35afc12a2c3b34c84e71f78ea20af4ba3
image: ollama/ollama:latest
container_name: ollama
environment:
- OLLAMA_KEEP_ALIVE=24h

4
hosts/pd05wd/stable-diffusion/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-stable-diffusion:
image: ghcr.io/tailscale/tailscale:latest@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
image: ghcr.io/tailscale/tailscale:latest
container_name: tailscale-stable-diffusion
cap_add:
- net_admin
@@ -22,7 +22,7 @@ services:
- /dev/net/tun:/dev/net/tun
stable-diffusion:
image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda@sha256:bc4b2b12ac8d030cc5daf25e2c32517709b7c15f59a32685c4c1a14a9606eb42
image: ghcr.io/ai-dock/stable-diffusion-webui:latest-cuda
container_name: stable-diffusion
environment:
- WEBUI_ARGS="--api --listen"

4
hosts/ps08rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.94.2@sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
image: ghcr.io/tailscale/tailscale:v1.94.2
container_name: tailscale-blocky
cap_add:
- net_admin
@@ -18,7 +18,7 @@ services:
- /dev/net/tun:/dev/net/tun
blocky:
image: ghcr.io/0xerr0r/blocky:v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
image: ghcr.io/0xerr0r/blocky:v0.29.0
container_name: blocky
environment:
- TZ=America/Chicago

5
hosts/ps08rp/blocky/config.yml
View File

@@ -73,7 +73,7 @@ customDNS:
traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23
cilium-cl01tl IN A 10.232.1.23
;; Application Names
@@ -92,7 +92,6 @@ customDNS:
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
foldergram IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl
@@ -103,14 +102,12 @@ customDNS:
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl

Some files were not shown because too many files have changed in this diff Show More