alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:manifests
..
compare: alexlebens:8946780e16f95aef4496f2fe98690735eafead6c
Branches Tags
alexlebens:manifests alexlebens:main

1 Commits
main ... 8946780e16

Author SHA1 Message Date
Renovate Bot
8946780e16 Update ghcr.io/qdm12/gluetun Docker tag to v3.41.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
2025-12-30 04:11:26 +00:00
103 changed files with 868 additions and 380 deletions
Expand all files Collapse all files

3
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -1,9 +1,6 @@
name: render-manifests-dispatch
on:
schedule:
- cron: '0 3 * * *'
workflow_dispatch:
env:

4
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -9,7 +9,7 @@ actual:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.1.0
tag: 25.12.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -78,7 +78,7 @@ actual:
volsync-target-data:
pvcTarget: actual-data
local:
enabled: true
enabled: false
schedule: 0 8 * * *
remote:
enabled: false

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.2.4
digest: sha256:ad9fc8f132ba717e9da4564ca1c90eab88c1d1ec251d015542b938f2bd5af7bd
generated: "2026-01-03T23:01:53.96861459Z"
version: 9.2.3
digest: sha256:b23d6a5b7b9fee9d1807259bfa2dd53d1f4dfbbeba7ec747c41a6ba991dadbba
generated: "2025-12-28T21:53:37.447568505Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.2.4
version: 9.2.3
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: github=argoproj/argo-cd

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -124,7 +124,7 @@ audiobookshelf:
volsync-target-config:
pvcTarget: audiobookshelf-config
local:
enabled: true
enabled: false
schedule: 2 8 * * *
remote:
enabled: false
@@ -134,7 +134,7 @@ volsync-target-config:
volsync-target-metadata:
pvcTarget: audiobookshelf-metadata
local:
enabled: true
enabled: false
schedule: 4 8 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -109,7 +109,7 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

4
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -108,7 +108,7 @@ backrest:
volsync-target-data:
pvcTarget: backrest-data
local:
enabled: true
enabled: false
schedule: 6 8 * * *
remote:
enabled: false
@@ -118,7 +118,7 @@ volsync-target-data:
volsync-target-config:
pvcTarget: backrest-config
local:
enabled: true
enabled: false
schedule: 8 8 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.4@sha256:f00df1c88545a23d3d22ca10f5ae5b7ee9359db1d28756b7f8a43cec624042fd
tag: 1.5.3@sha256:001875e61839c8a50743f0bc0fa4da2a55ed8a038b9b5ed0dd2c663dd3d0bfc7
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -84,7 +84,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 10 8 * * *
remote:
enabled: false

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -152,12 +152,14 @@ blocky:
radarr-4k IN CNAME traefik-cl01tl
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
rayflume IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
soulsync IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tautulli IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
@@ -165,7 +167,6 @@ blocky:
vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl
yubal-playlist IN CNAME traefik-cl01tl
blocking:
denylists:

4
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main:
image:
repository: ghcr.io/booklore-app/booklore
tag: v1.16.4
tag: v1.16.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -218,7 +218,7 @@ mariadb-cluster:
volsync-target-config:
pvcTarget: booklore-config
local:
enabled: true
enabled: false
schedule: 12 8 * * *
remote:
enabled: false

38
clusters/cl01tl/helm/cilium/templates/cilium-l2-announcement-policy.yaml
View File

@@ -1,19 +1,19 @@
# apiVersion: "cilium.io/v2alpha1"
# kind: CiliumL2AnnouncementPolicy
# metadata:
# name: general-l2-policy
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: general-l2-policy
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchExpressions:
# - key: kubernetes.io/hostname
# operator: Exists
# interfaces:
# - end0
# - enp6s0
# externalIPs: true
# loadBalancerIPs: true
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: general-l2-policy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: general-l2-policy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
nodeSelector:
matchExpressions:
- key: kubernetes.io/hostname
operator: Exists
interfaces:
- end0
- enp6s0
externalIPs: true
loadBalancerIPs: true

2
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -26,7 +26,7 @@ cilium:
- SYS_ADMIN
- SYS_RESOURCE
l2announcements:
enabled: false
enabled: true
bgpControlPlane:
enabled: false
secretsNamespace:

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 0.27.0
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.4.0
digest: sha256:5e2a32fa5ed8b180ae5e556d65c67eeb3dcf38e2974b0d668eff4ee3c83258ce
generated: "2025-12-30T21:01:48.755246408Z"
version: 0.3.1
digest: sha256:14aa30b7bf75571b03bda19af68cd50c1e7908b883351b196a260609a5b85551
generated: "2025-12-10T19:25:17.952954019Z"

2
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -19,7 +19,7 @@ dependencies:
version: 0.27.0
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.4.0
version: 0.3.1
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: github=cloudnative-pg/cloudnative-pg

4
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -7,10 +7,10 @@ plugin-barman-cloud:
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.10.0
tag: v0.9.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.10.0
tag: v0.9.0
crds:
create: true

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -76,7 +76,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 16 8 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -216,7 +216,7 @@ redis-replication:
name: directus-redis-config
key: password
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

2
clusters/cl01tl/helm/ephemera/values.yaml
View File

@@ -130,7 +130,7 @@ ephemera:
volsync-target-config:
pvcTarget: ephemera
local:
enabled: true
enabled: false
schedule: 16 8 * * *
remote:
enabled: false

6
clusters/cl01tl/helm/external-dns/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-dns
repository: https://kubernetes-sigs.github.io/external-dns/
version: 1.20.0
digest: sha256:0da4dec408239ea48de1d95fa8ad7701c4fdc0efe67baa8743507c75e62e2a47
generated: "2026-01-03T23:04:25.142170083Z"
version: 1.19.0
digest: sha256:2216b442cc820ebe561d611fbcca3955d5c94e227a0b3288e5db9f8da7d6ac00
generated: "2025-12-01T20:25:38.288305-06:00"

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -16,7 +16,7 @@ maintainers:
dependencies:
- name: external-dns
alias: external-dns-unifi
version: 1.20.0
version: 1.19.0
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: github=kubernetes-sigs/external-dns

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 1.2.1
digest: sha256:20d4fe97e96c6bd5ba958b23121d807d8154c39d58b01511b80025166713a141
generated: "2026-01-03T23:02:15.181743082Z"
version: 1.2.0
digest: sha256:6e713c4b50c14d9daf1758d9f169d10a8c7274d2c42490846817b6fb1a3ce558
generated: "2025-12-20T01:04:35.136580598Z"

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,7 +12,7 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 1.2.1
version: 1.2.0
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: github=external-secrets/external-secrets

2
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -247,7 +247,7 @@ volsync-target-data:
- 109
- 65539
local:
enabled: true
enabled: false
schedule: 18 8 * * *
remote:
enabled: false

28
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -403,20 +403,20 @@ garage:
readOnly: true
mountPropagation: None
subPath: garage-1.toml
db-1:
forceRename: garage-db-1
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-1:
main:
- path: /var/lib/garage/meta
readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
# db-1:
# forceRename: garage-db-1
# storageClass: ceph-block
# accessMode: ReadWriteOnce
# size: 50Gi
# retain: true
# advancedMounts:
# server-1:
# main:
# - path: /var/lib/garage/meta
# readOnly: false
# debug:
# - path: /var/lib/garage/meta
# readOnly: false
db-2:
forceRename: garage-db-2
storageClass: ceph-block

11
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -7,7 +7,7 @@ gatus:
enabled: true
image:
repository: ghcr.io/twin/gatus
tag: v5.34.0
tag: v5.33.1
annotations:
reloader.stakater.com/auto: "true"
service:
@@ -313,8 +313,11 @@ gatus:
- name: lidatube
url: https://lidatube.alexlebens.net
<<: *defaults
- name: yubal-playlist
url: https://yubal-playlist.alexlebens.net
- name: rayflume
url: https://rayflume.alexlebens.net
<<: *defaults
- name: soulsync
url: https://soulsync.alexlebens.net
<<: *defaults
- name: slskd
url: https://slskd.alexlebens.net
@@ -421,7 +424,7 @@ postgres-18-cluster:
volsync-target-data:
pvcTarget: gatus
local:
enabled: true
enabled: false
schedule: 22 8 * * *
remote:
enabled: false

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.11
digest: sha256:638754658519c268ac93bef8dec82332cded8e99b734ef61db45ee63e4b7c6ce
generated: "2025-12-30T22:23:45.633280279Z"
version: 0.20.10
digest: sha256:bb4fe0fe2e95889b3fbf028e1eff923fcc71d8bd1bc7887eee08010cfb28f4db
generated: "2025-12-27T23:08:24.592060217Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.11
version: 0.20.10
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 0.2.1
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.20.0
version: 0.19.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
digest: sha256:6636f6ead8089c19ad702fb58170d942e11150fdda9470f1b97f4f8fa533d00e
generated: "2025-12-30T16:03:12.004386065Z"
digest: sha256:c0ea42d1a2fc3712ac0481e0a40330704f0f2d1d290b7d30c36a536f0d0ee384
generated: "2025-12-27T19:45:48.293310777Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -32,7 +32,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.1
- name: meilisearch
version: 0.20.0
version: 0.19.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

4
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -142,7 +142,7 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2025.12.5
tag: 2025.12.4
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -133,7 +133,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 24 8 * * *
remote:
enabled: false

16
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -655,11 +655,11 @@ homepage:
url: http://lidarr.lidarr:80
key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }}
fields: ["wanted", "queued", "artists"]
- Yubal Playlist:
icon: sh-yubal.webp
description: Replicate Youtube playlist
href: https://yubal-playlist.alexlebens.net
siteMonitor: http://yubal-playlist.yubal-playlist:80
- RayFlume:
icon: sh-youtubarr.webp
description: Playlist to Lidarr Import
href: https://rayflume.alexlebens.net
siteMonitor: http://rayflume.rayflume:80
statusStyle: dot
- LidaTube:
icon: sh-lidatube.webp
@@ -667,6 +667,12 @@ homepage:
href: https://lidatube.alexlebens.net
siteMonitor: http://lidatube.lidatube:80
statusStyle: dot
- SoulSync:
icon: sh-soulsync.webp
description: Playlist Sync
href: https://soulsync.alexlebens.net
siteMonitor: http://soulsync.soulsync:80
statusStyle: dot
- slskd:
icon: sh-slskd.webp
description: slskd

2
clusters/cl01tl/helm/huntarr/values.yaml
View File

@@ -61,7 +61,7 @@ huntarr:
volsync-target-config:
pvcTarget: huntarr-config
local:
enabled: true
enabled: false
schedule: 26 8 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -226,9 +226,9 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3
volsync-target-data:
pvcTarget: immich

6
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.5.0
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.20.0
version: 0.19.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
digest: sha256:20665aefeaea3e853d5c977cdce05089a87c6d83e43aa946a088f43bcc7eebf9
generated: "2025-12-30T16:03:25.803286869Z"
digest: sha256:dc914dfc86c2b638fae6f580418dafebcddb09a25e6f534f89983fb592196245
generated: "2025-12-27T13:30:57.814394-06:00"

2
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: meilisearch
version: 0.20.0
version: 0.19.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target
alias: volsync-target-config

2
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -142,7 +142,7 @@ meilisearch:
volsync-target-config:
pvcTarget: jellyfin-config
local:
enabled: true
enabled: false
schedule: 30 8 * * *
restic:
cacheCapacity: 10Gi

2
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -144,7 +144,7 @@ postgres-18-cluster:
volsync-target-data:
pvcTarget: jellystat-data
local:
enabled: true
enabled: false
schedule: 32 8 * * *
remote:
enabled: false

6
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.5.0
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.20.0
version: 0.19.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.1.4
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
digest: sha256:d65ca3de6fd1095c4dfe2515ed84c4705495c0725773ec95ea49331a38721785
generated: "2025-12-30T16:03:37.441539588Z"
digest: sha256:e750d8cab228de94d920f80137981e24e795d97040e92dd4cf0d80e463b2bd19
generated: "2025-12-27T13:31:02.732529-06:00"

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: meilisearch
version: 0.20.0
version: 0.19.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

4
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -9,7 +9,7 @@ karakeep:
main:
image:
repository: ghcr.io/karakeep-app/karakeep
tag: 0.30.0
tag: 0.29.3
pullPolicy: IfNotPresent
env:
- name: DATA_DIR
@@ -171,7 +171,7 @@ meilisearch:
volsync-target-data:
pvcTarget: karakeep
local:
enabled: true
enabled: false
schedule: 34 8 * * *
remote:
enabled: false

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 80.9.1
version: 80.8.0
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:91fcf8234e006b8e412e15ddd159ef3450a51bfdb6866a1ea2759741f78b70cd
generated: "2025-12-30T22:24:25.338726593Z"
digest: sha256:8e4076f0ba94134eb91dc12364fde4f50bffc6dc3c4cc32a5ea6b9ede777a3b6
generated: "2025-12-28T21:56:15.664575212Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 80.9.1
version: 80.8.0
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

4
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -174,12 +174,12 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
volumeClaimTemplate:
spec:
resources:
requests:
storage: 10Gi
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

4
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -16,7 +16,7 @@ libation:
main:
image:
repository: rmcrackan/libation
tag: 13.1.0
tag: 13.0.0
pullPolicy: IfNotPresent
env:
- name: SLEEP_TIME
@@ -74,7 +74,7 @@ libation:
volsync-target-config:
pvcTarget: libation
local:
enabled: true
enabled: false
schedule: 36 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -171,7 +171,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 38 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/lidatube/values.yaml
View File

@@ -93,7 +93,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 40 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/listenarr/values.yaml
View File

@@ -74,7 +74,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 42 8 * * *
remote:
enabled: false

18
clusters/cl01tl/helm/local-path-provisioner/values.yaml
View File

@@ -13,16 +13,26 @@ local-path-provisioner:
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
- node: talos-2di-ktg
paths:
- /var/mnt/local-storage
- /var/local-path-provisioner
- node: talos-9vs-6hh
paths:
- /var/local-path-provisioner
- node: talos-aoq-hpv
paths:
- /var/local-path-provisioner
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/local-storage-node
operator: Exists
- key: kubernetes.io/hostname
operator: In
values:
- talos-2di-ktg
- talos-9vs-6hh
- talos-aoq-hpv
configmap:
name: local-path-config
setup: |-

8
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -478,7 +478,7 @@ redis-replication-hookshot:
volsync-target-synapse:
pvcTarget: matrix-synapse
local:
enabled: true
enabled: false
schedule: 44 8 * * *
remote:
enabled: false
@@ -488,7 +488,7 @@ volsync-target-synapse:
volsync-target-hookshot:
pvcTarget: matrix-hookshot
local:
enabled: true
enabled: false
schedule: 46 8 * * *
remote:
enabled: false
@@ -501,7 +501,7 @@ volsync-target-discord:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
enabled: false
schedule: 48 8 * * *
remote:
enabled: false
@@ -514,7 +514,7 @@ volsync-target-whatsapp:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
enabled: false
schedule: 50 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -161,7 +161,7 @@ volsync-target-data:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 52 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -307,7 +307,7 @@ volsync-target-data:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
enabled: false
schedule: 54 8 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -188,7 +188,7 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

10
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main:
image:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.11.3
tag: v2.11.2
pullPolicy: IfNotPresent
env:
- name: MAIN_URL
@@ -173,14 +173,14 @@ redis-replication:
name: postiz-redis-config
key: password
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3
volsync-target-config:
pvcTarget: postiz-config
local:
enabled: true
enabled: false
schedule: 56 8 * * *
remote:
enabled: false
@@ -190,7 +190,7 @@ volsync-target-config:
volsync-target-upload:
pvcTarget: postiz-uploads
local:
enabled: true
enabled: false
schedule: 58 8 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/prowlarr/values.yaml
View File

@@ -83,7 +83,7 @@ volsync-target-config:
- 109
- 65539
local:
enabled: true
enabled: false
schedule: 0 11 * * *
remote:
enabled: false

14
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -19,20 +19,6 @@ spec:
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1

24
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -28,7 +28,7 @@ qbittorrent:
qbittorrent:
image:
repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4@sha256:e0cedcadd62f809efdeddfd32e4d1192f9a74e6e64ed6753bfc6e2c3ed4a714a
tag: 5.1.4@sha256:1497b6e047ad47b738f94739219f0e5c5b2ad7a5953b7cf0050f2fedddd8c601
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -64,16 +64,6 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
@@ -84,8 +74,8 @@ qbittorrent:
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: DOT
value: "off"
securityContext:
privileged: True
capabilities:
@@ -212,7 +202,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.12.0
tag: v1.11.0
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED
@@ -447,7 +437,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 2 11 * * *
restic:
copyMethod: Snapshot
@@ -468,7 +458,7 @@ volsync-target-config:
volsync-target-qbit-manage-config:
pvcTarget: qbittorrent-qbit-manage-config-data
local:
enabled: true
enabled: false
schedule: 4 11 * * *
remote:
enabled: false
@@ -478,7 +468,7 @@ volsync-target-qbit-manage-config:
volsync-target-qui-config:
pvcTarget: qbittorrent-qui-config-data
local:
enabled: true
enabled: false
schedule: 6 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -171,7 +171,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 10 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -169,7 +169,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 12 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -169,7 +169,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 14 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -171,7 +171,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 8 11 * * *
remote:
enabled: false

12
clusters/cl01tl/helm/rayflume/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
digest: sha256:8ffb9b2d1e452cad49196824787d52f55fcc0309722fbb433a1eb2a99e9d19e1
generated: "2025-12-27T13:32:17.225782-06:00"

27
clusters/cl01tl/helm/rayflume/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
name: rayflume
version: 1.0.0
description: RayFlume
keywords:
- rayflume
- music
- lidarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://gitea.alexlebens.dev/alexlebens/RayFlume
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: rayflume
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
appVersion: 0.0.3

42
clusters/cl01tl/helm/rayflume/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: rayflume-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: rayflume-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rayflume/config
metadataPolicy: None
property: SECRET_KEY
- secretKey: LIDARR_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rayflume/config
metadataPolicy: None
property: LIDARR_TOKEN
- secretKey: YOUTUBE_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rayflume/config
metadataPolicy: None
property: YOUTUBE_API_KEY
- secretKey: MB_USER_AGENT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rayflume/config
metadataPolicy: None
property: MB_USER_AGENT

104
clusters/cl01tl/helm/rayflume/values.yaml Normal file
View File

@@ -0,0 +1,104 @@
rayflume:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/rayflume
tag: 0.0.7
pullPolicy: IfNotPresent
env:
- name: DEBUG
value: True
- name: ALLOWED_HOSTS
value: rayflume.alexlebens.net,rayflume.rayflume
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: rayflume-config-secret
key: SECRET_KEY
- name: LIDARR_TOKEN
valueFrom:
secretKeyRef:
name: rayflume-config-secret
key: LIDARR_TOKEN
- name: YOUTUBE_API_KEY
valueFrom:
secretKeyRef:
name: rayflume-config-secret
key: YOUTUBE_API_KEY
- name: MB_USER_AGENT
valueFrom:
secretKeyRef:
name: rayflume-config-secret
key: MB_USER_AGENT
- name: CELERY_BROKER_URL
value: redis://redis-replication-rayflume-master.rayflume:6379/0
- name: CELERY_RESULT_BACKEND
value: redis://redis-replication-rayflume-master.rayflume:6379/0
resources:
requests:
cpu: 10m
memory: 64Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- rayflume.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: rayflume
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: rayflume-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
main:
main:
- path: /data
readOnly: false
redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 1
redisSentinel:
enabled: false
clusterSize: 3
volsync-target-data:
pvcTarget: rayflume-data
local:
enabled: false
schedule: 16 11 * * *
remote:
enabled: false
external:
enabled: true
schedule: 16 12 * * *

3
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -85,8 +85,7 @@ rook-ceph-cluster:
cpu: 100m
memory: 128Mi
storage:
useAllDevices: false
devicePathFilter: "/dev/disk/by-partlabel/r-csi-disk"
deviceFilter: sda
config:
osdsPerDevice: "1"
csi:

2
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -271,7 +271,7 @@ postgres-18-cluster:
volsync-target-data:
pvcTarget: roundcube-data
local:
enabled: true
enabled: false
schedule: 16 11 * * *
remote:
enabled: false

23
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -1,5 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-browser-metrics-auth
namespace: {{ .Release.Namespace }}

56
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:472dd0c84b8e2a05bca773b4a430b9fc9e4e92cd4fa0afaa223efab925ab752a
tag: latest@sha256:6f3a875c64bd804d1ccf2fe3c8df35e985b75ffbf0322f216544e79912fabab2
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:472dd0c84b8e2a05bca773b4a430b9fc9e4e92cd4fa0afaa223efab925ab752a
tag: latest@sha256:6f3a875c64bd804d1ccf2fe3c8df35e985b75ffbf0322f216544e79912fabab2
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -67,6 +67,56 @@ searxng:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: searxng-wireguard-conf
key: private-key
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 64Mi
service:
api:
controller: api
@@ -170,7 +220,7 @@ searxng:
volsync-target-data:
pvcTarget: searxng-browser-data
local:
enabled: true
enabled: false
schedule: 18 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -32,7 +32,7 @@ seerr-chart:
volsync-target-config:
pvcTarget: seerr-seerr-chart-config
local:
enabled: true
enabled: false
schedule: 20 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.0.7
tag: 0.0.5
pullPolicy: IfNotPresent
resources:
requests:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 2.1.4
tag: 2.1.2
pullPolicy: IfNotPresent
resources:
requests:

14
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -65,17 +65,3 @@ spec:
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

14
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -62,16 +62,6 @@ slskd:
secretKeyRef:
name: slskd-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
@@ -80,8 +70,8 @@ slskd:
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: DOT
value: "off"
securityContext:
privileged: true
capabilities:

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -169,7 +169,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 24 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -169,7 +169,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 26 11 * * *
remote:
enabled: false

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -169,7 +169,7 @@ volsync-target-config:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
enabled: false
schedule: 22 11 * * *
remote:
enabled: false

12
clusters/cl01tl/helm/soulsync/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.7.0
digest: sha256:3f2befd8dc0c7cc73090a5e1648d200a757dbc3e58f7735940fc11b172ada4f9
generated: "2025-12-27T13:32:51.138317-06:00"

29
clusters/cl01tl/helm/soulsync/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v2
name: soulsync
version: 1.0.0
description: SoulSync
keywords:
- soulsync
- music
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Nezreka/SoulSync
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: soulsync
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-database
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/soulsync.png
# renovate: github=Nezreka/SoulSync
appVersion: 1.42.2

10
clusters/cl01tl/helm/yubal-playlist/templates/external-secret.yaml → clusters/cl01tl/helm/soulsync/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: yubal-playlist-config-secret
name: soulsync-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-playlist-config-secret
app.kubernetes.io/name: soulsync-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,10 +12,10 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: lidarr-key
- secretKey: config.json
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
key: /cl01tl/soulsync/config
metadataPolicy: None
property: key
property: config.json

36
clusters/cl01tl/helm/soulsync/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: soulsync-music-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soulsync-music-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: soulsync-music-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: soulsync-slskd-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soulsync-slskd-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: soulsync-slskd-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

48
clusters/cl01tl/helm/soulsync/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: soulsync-music-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soulsync-music-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: soulsync-slskd-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soulsync-slskd-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/slskd/Downloads
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

170
clusters/cl01tl/helm/soulsync/values.yaml Normal file
View File

@@ -0,0 +1,170 @@
soulsync:
controllers:
main:
type: deployment
replicas: 0
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-copy-config:
image:
repository: busybox
tag: 1.37.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
command:
- /bin/sh
- -ec
- |
echo ">> Coping files ..."
ls /tmp
cp -fv /tmp/config.json /app/config/config.json
echo ">> Files in config:"
ls /app/config
containers:
main:
image:
repository: boulderbadgedad/soulsync
tag: latest
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: FLASK_ENV
value: production
- name: PYTHONPATH
value: /app
- name: SOULSYNC_CONFIG_PATH
value: /app/config/config.json
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- CMD
- curl
- -f
- http://localhost:8888/
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 100m
memory: 512Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8008
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- soulsync.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: soulsync
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
secret:
enabled: true
type: secret
name: soulsync-config-secret
advancedMounts:
main:
init-copy-config:
- path: /tmp/config.json
readOnly: true
mountPropagation: None
subPath: config.json
config:
forceRename: soulsync-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /app/config
readOnly: false
init-copy-config:
- path: /app/config
readOnly: false
database:
forceRename: soulsync-database
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /app/database
readOnly: false
downloads:
existingClaim: soulsync-slskd-nfs-storage
advancedMounts:
main:
main:
- path: /app/downloads
readOnly: false
transfer:
type: emptyDir
advancedMounts:
main:
main:
- path: /app/Transfer
readOnly: false
music:
existingClaim: soulsync-music-nfs-storage
advancedMounts:
main:
main:
- path: /music
readOnly: true
volsync-target-config:
pvcTarget: soulsync-config
local:
enabled: false
schedule: 28 11 * * *
remote:
enabled: false
external:
enabled: true
schedule: 28 12 * * *
volsync-target-database:
pvcTarget: soulsync-database
local:
enabled: false
schedule: 30 11 * * *
remote:
enabled: false
external:
enabled: true
schedule: 30 12 * * *

8
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -9,7 +9,7 @@ stalwart:
main:
image:
repository: stalwartlabs/stalwart
tag: v0.15.3
tag: v0.15.2
pullPolicy: IfNotPresent
resources:
requests:
@@ -118,14 +118,14 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3
volsync-target-config:
pvcTarget: stalwart-config
local:
enabled: true
enabled: false
schedule: 32 11 * * *
remote:
enabled: false

12
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -69,7 +69,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -155,7 +155,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -241,7 +241,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -405,7 +405,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.0
tag: v1.11.6
pullPolicy: IfNotPresent
args:
- etcd
@@ -438,7 +438,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.0
tag: v1.11.6
pullPolicy: IfNotPresent
args:
- etcd
@@ -471,7 +471,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.0
tag: v1.11.6
pullPolicy: IfNotPresent
args:
- etcd

2
clusters/cl01tl/helm/tautulli/values.yaml
View File

@@ -170,7 +170,7 @@ tautulli:
volsync-target-config:
pvcTarget: tautulli-config
local:
enabled: true
enabled: false
schedule: 34 11 * * *
remote:
enabled: false

4
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -180,7 +180,7 @@ tdarr-exporter:
volsync-target-config:
pvcTarget: tdarr-config
local:
enabled: true
enabled: false
schedule: 36 11 * * *
remote:
enabled: false
@@ -190,7 +190,7 @@ volsync-target-config:
volsync-target-server:
pvcTarget: tdarr-server
local:
enabled: true
enabled: false
schedule: 38 11 * * *
remote:
enabled: false

14
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -86,17 +86,3 @@ spec:
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

22
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -56,16 +56,6 @@ tubearchivist:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
@@ -74,8 +64,12 @@ tubearchivist:
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 80,8000,24000
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: DOT
value: off
- name: DNS_KEEP_NAMESERVER
value: on
- name: DNS_PLAINTEXT_ADDRESS
value: 10.96.0.10
securityContext:
privileged: True
capabilities:
@@ -154,7 +148,7 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
resources:
requests:
cpu: 200m
@@ -165,5 +159,5 @@ redis-replication:
requests:
storage: 10Gi
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

6
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -187,7 +187,7 @@ snapshot:
s3-backup-local:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -208,7 +208,7 @@ snapshot:
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -229,7 +229,7 @@ snapshot:
s3-backup-external:
image:
repository: d3fk/s3cmd
tag: latest@sha256:8aeb104edaba11f086506024b22d543a0771e0b01cd50243043002e2d61c2f71
tag: latest@sha256:64a23903ee1b156ae7d795efc756b68ad802bce695f5608343edadba3dea1dc1
pullPolicy: IfNotPresent
command:
- /bin/sh

2
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -9,7 +9,7 @@ vaultwarden:
main:
image:
repository: vaultwarden/server
tag: 1.35.1
tag: 1.35.0
pullPolicy: IfNotPresent
env:
- name: DOMAIN

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.87.0
tag: 0.86.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

4
clusters/cl01tl/helm/yamtrack/values.yaml
View File

@@ -136,7 +136,7 @@ redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
clusterSize: 1
redisSentinel:
enabled: true
enabled: false
clusterSize: 3

16
clusters/cl01tl/helm/yubal-playlist/Chart.yaml → clusters/cl01tl/helm/ytdl-sub/Chart.yaml
View File

@@ -1,22 +1,22 @@
apiVersion: v2
name: yubal-playlist
name: ytdl-sub
version: 1.0.0
description: yubal-playlist
description: ytdl-sub
keywords:
- yubal-playlist
- ytdl-sub
- music
- youtube
home: https://wiki.alexlebens.dev/s/
sources:
- https://gitea.alexlebens.dev/alexlebens/yubal-playlist
- https://github.com/guillevc/yubal
- https://github.com/jmbannon/ytdl-sub
- https://github.com/jmbannon/ytdl-sub/pkgs/container/ytdl-sub
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: yubal-playlist
alias: ytdl-sub
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
# renovate: github=alexlebens/yubal-playlist
appVersion: 0.0.5
# renovate: github=jmbannon/ytdl-sub
appVersion: 2025.12.26

6
clusters/cl01tl/helm/yubal-playlist/templates/persistent-volume-claim.yaml → clusters/cl01tl/helm/ytdl-sub/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: yubal-playlist-nfs-storage
name: ytdl-sub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-playlist-nfs-storage
app.kubernetes.io/name: ytdl-sub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: yubal-playlist-nfs-storage
volumeName: ytdl-sub-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/helm/yubal-playlist/templates/persistent-volume.yaml → clusters/cl01tl/helm/ytdl-sub/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: yubal-playlist-nfs-storage
name: ytdl-sub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-playlist-nfs-storage
app.kubernetes.io/name: ytdl-sub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

81
clusters/cl01tl/helm/ytdl-sub/values.yaml Normal file
View File

@@ -0,0 +1,81 @@
ytdl-sub:
controllers:
main:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 12 0 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/jmbannon/ytdl-sub
tag: 2025.12.26
pullPolicy: IfNotPresent
command:
- ytdl-sub
- -c
- /config/config.yaml
- sub
env:
- name: TZ
value: America/Chicago
- name: CRON_RUN_ON_START
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
configMaps:
config:
enabled: true
data:
config.yaml: |
configuration:
working_directory: /cache
subscriptions.yaml: |
__preset__:
embed_thumbnail: True
square_thumbnail: True
overrides:
music_directory: /music
YouTube Releases | Max MP3 Quality:
= YouTube:
"Music Saved": "https://www.youtube.com/playlist?list=PLtiOoYqxYXtKK3fMya_xhqK0Wit0i10Gy&si=8wNBH-kGT9Nx0XBK"
persistence:
config:
enabled: true
type: configMap
name: ytdl-sub
advancedMounts:
main:
main:
- path: /config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml
- path: /config/subscriptions.yaml
readOnly: true
mountPropagation: None
subPath: subscriptions.yaml
cache:
type: emptyDir
advancedMounts:
main:
main:
- path: /cache
readOnly: false
music:
existingClaim: ytdl-sub-nfs-storage
advancedMounts:
main:
main:
- path: /music
readOnly: false

77
clusters/cl01tl/helm/yubal-playlist/values.yaml
View File

@@ -1,77 +0,0 @@
yubal-playlist:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/yubal-playlist
tag: 0.0.5
pullPolicy: IfNotPresent
env:
- name: YUBAL_TZ
value: America/Chicago
- name: YUBAL_PORT
value: 8000
- name: YUBAL_DEBUG
value: true
- name: YUBAL_MB_USER_AGENT
value: alexanderlebens@gmail.com
- name: YUBAL_LIDARR_ENDPOINT
value: http://lidarr.lidarr:80
- name: YUBAL_LIDARR_API_KEY
valueFrom:
secretKeyRef:
name: yubal-playlist-config-secret
key: lidarr-key
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8000
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- yubal-playlist.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: yubal-playlist
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
type: emptyDir
advancedMounts:
main:
main:
- path: /app/ytdlp
readOnly: false
music:
existingClaim: yubal-playlist-nfs-storage
advancedMounts:
main:
main:
- path: /app/data
readOnly: false

4
hosts/ps08rp/blocky/config.yml
View File

@@ -75,6 +75,7 @@ customDNS:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -127,12 +128,14 @@ customDNS:
radarr-4k IN CNAME traefik-cl01tl
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
rayflume IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
soulsync IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tautulli IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
@@ -140,7 +143,6 @@ customDNS:
vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl
yubal-playlist IN CNAME traefik-cl01tl
blocking:
denylists:

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.6
image: ghcr.io/traefik/traefik:v3.6.5
container_name: traefik
command:
- "--global.checkNewVersion=false"

Some files were not shown because too many files have changed in this diff Show More