alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:manifests
..
compare: alexlebens:8c1175ad72f2a7d5c356e2ed59f8eba923fa67ea
Branches Tags
alexlebens:manifests alexlebens:main

1 Commits
main ... 8c1175ad72

Author SHA1 Message Date
Renovate Bot
8c1175ad72 Update ghcr.io/alex1989hu/kubelet-serving-cert-approver Docker tag to v0.10.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
2025-12-07 02:59:54 +00:00
125 changed files with 519 additions and 754 deletions
Expand all files Collapse all files

34
.gitea/workflows/lint-test-docker.yaml
View File

@@ -36,20 +36,14 @@ jobs:
id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: |
if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo "----"
echo "exists=true" >> $GITEA_OUTPUT
- name: Set up Node.js
if: steps.branch-exists.outputs.exists == 'true'
if: steps.check-branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v6
with:
node-version: '24'
@@ -65,11 +59,11 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
else
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
fi
if [ -n "${GIT_DIFF}" ]; then
@@ -78,12 +72,7 @@ jobs:
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
fi
CHANGED_COMPOSE+=$(echo "$path")
done
else
@@ -95,32 +84,27 @@ jobs:
if [ -n "${CHANGED_COMPOSE}" ]; then
echo ""
echo ">> Compose to Lint:"
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "compose-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any docker compose files to lint"
echo "----"
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Lint Docker Compose
if: steps.check-dir-changes.outputs.changes-detected == 'true'
if: steps.check-branch-exists.outputs.exists == 'true'
env:
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
run: |
echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE"
for compose in $CHANGED_COMPOSE; do
echo "$CHANGED_COMPOSE" | while read -r compose; do
echo ">> Linting $compose ..."
npx dclint $compose
done

30
.gitea/workflows/lint-test-helm.yaml
View File

@@ -37,13 +37,7 @@ jobs:
id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: |
if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo "----"
@@ -54,7 +48,7 @@ jobs:
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.19.2
version: v3
- name: Check Directories for Changes
id: check-dir-changes
@@ -67,11 +61,11 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
else
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
fi
if [ -n "${GIT_DIFF}" ]; then
@@ -80,12 +74,7 @@ jobs:
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo " ")
fi
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
done
else
@@ -97,20 +86,15 @@ jobs:
if [ -n "${CHANGED_CHARTS}" ]; then
echo ""
echo ">> Chart to Lint:"
echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "chart-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any helm charts files to lint"
echo "----"
echo "changes-detected=false" >> $GITEA_OUTPUT
fi

9
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -161,10 +161,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
@@ -197,11 +193,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

9
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -146,10 +146,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
@@ -182,11 +178,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

9
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -166,10 +166,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
@@ -202,11 +198,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

9
.gitea/workflows/render-manifests-push.yaml
View File

@@ -164,10 +164,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
@@ -200,11 +196,6 @@ jobs:
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
appVersion: 25.12.0
appVersion: 25.11.0

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 0.46.2
version: 0.46.1
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.19
version: 2.4.18
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:40a93dfcabbc5746682bac631e9a620588cf0cb6fdf79a42446a823e93a531c8
generated: "2025-12-11T15:49:57.970719-06:00"
digest: sha256:6cc24f6ce2b7f67c2eeab9bb6f64ebfedc082a2e809fc1f03f691f99a3006143
generated: "2025-12-04T01:01:06.532396136Z"

8
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,14 +18,14 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 0.46.2
version: 0.46.1
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.19
version: 2.4.18
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: v3.7.6
appVersion: v3.6.7

8
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -31,10 +31,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret
name: argo-workflows-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -61,10 +61,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
name: argo-workflows-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

41
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -9,15 +9,15 @@ argo-workflows:
nodeStatusOffLoad: true
archive: true
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
host: argo-workflows-postgresql-17-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
name: argo-workflows-postgresql-17-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
name: argo-workflows-postgresql-17-cluster-app
key: password
ssl: false
sslMode: disable
@@ -59,6 +59,20 @@ argo-workflows:
useStaticCredentials: true
artifactRepository:
archiveLogs: false
s3: {}
# accessKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: accesskey
# secretKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: secretkey
# insecure: true
# bucket:
# endpoint:
# region:
# encryptionOptions:
# enableEncryption: true
argo-events:
controller:
resources:
@@ -75,12 +89,9 @@ argo-events:
requests:
cpu: 10m
memory: 128Mi
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -92,30 +103,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
# endpointCredentialsIncludeRegion: true
# retentionPolicy: "30d"
# data:
@@ -123,7 +134,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -133,6 +143,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.1.7
digest: sha256:ed1ae26f3e642750f6dd970c1adc4fa14a627fad13daf74169213199f74425b3
generated: "2025-12-09T23:01:55.027301875Z"
version: 9.1.6
digest: sha256:488b8e826e7cc7179f154c1b7555e2cec78b69becb9f8cdbe4937b3546d87e5d
generated: "2025-12-05T04:02:40.060511766Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.1.7
version: 9.1.6
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: v3.2.1
appVersion: 3.0.0

5
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -25,7 +25,6 @@ argo-cd:
id: authentik
params:
server.insecure: true
controller.diff.server.side: true
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
@@ -61,7 +60,7 @@ argo-cd:
enabled: true
auth: false
redisSecretInit:
enabled: false
enabled: true
server:
replicas: 2
extensions:
@@ -280,7 +279,7 @@ argo-cd:
- description: Application has degraded
send:
- app-health-degraded
when: app.status.health.status == 'Degraded'
when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15
trigger.on-sync-failed: |
- description: Application syncing has failed
send:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
appVersion: 2.31.0
appVersion: 2.21.0

4
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -8,5 +8,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:fdd5cc597cf958ca0f6f43dd403915c89c45718eff80920c2d322264dc8b09e1
generated: "2025-12-11T16:14:14.729827-06:00"
digest: sha256:e6ea05d8bdb96164bc19da117078b5101f329ad5f1b461fa02f198bef45454f3
generated: "2025-12-07T02:54:01.695741198Z"

4
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -28,8 +28,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
appVersion: 2025.10.2
appVersion: 2025.4.1

8
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -47,10 +47,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret
name: authentik-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -77,10 +77,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret-garage
name: authentik-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

4
clusters/cl01tl/helm/authentik/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -29,4 +29,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0

29
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -9,22 +9,22 @@ authentik:
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: host
- name: AUTHENTIK_POSTGRESQL__NAME
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: dbname
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: user
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: password
authentik:
redis:
@@ -50,12 +50,9 @@ authentik:
enabled: false
cloudflared:
existingSecretName: authentik-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -67,30 +64,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -98,7 +95,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -108,6 +104,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
appVersion: 1.5.3
appVersion: 1.5.2

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.3@sha256:4aa1e82d1e96ae712095d881b7e3840e6db6ca862c335be5b00001f31156650b
tag: 1.5.3@sha256:ec11e988e8e13411c994a4d9f43ed9b97409aa92c1da54d9f23926c3da7c2032
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
appVersion: v0.28.2
appVersion: v0.25

4
clusters/cl01tl/helm/blocky/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -29,4 +29,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -156,7 +156,6 @@ blocky:
radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl

2
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
version: 25.10.2
repository: https://helm.mariadb.com/mariadb-operator
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
appVersion: v1.13.2
appVersion: v.1.10.0

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main:
image:
repository: ghcr.io/booklore-app/booklore
tag: v1.13.2
tag: v1.13.1
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.19.2
digest: sha256:b02bda9b9f2fc886af11d017a27a5761513defee603f9e3aa1d7add2749b925c
generated: "2025-12-10T15:01:57.196895547Z"
version: v1.19.1
digest: sha256:0b1238a5552bc6d457d4b1a2a1f387a3e7f2c19f820ecb64e14d20481a1ed1ce
generated: "2025-12-01T20:25:17.762628-06:00"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.19.2
version: v1.19.1
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
appVersion: v1.19.2
appVersion: v1.17.2

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 1.18.4
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
appVersion: 1.18.4
appVersion: 1.17.3

3
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -55,9 +55,6 @@ cilium:
metrics:
serviceMonitor:
enabled: true
tls:
auto:
method: cronJob
relay:
enabled: true
metrics:

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.27.0
version: 0.26.1
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.3.1
digest: sha256:14aa30b7bf75571b03bda19af68cd50c1e7908b883351b196a260609a5b85551
generated: "2025-12-10T19:25:17.952954019Z"
digest: sha256:b38e5104d77ab1737a27a2542eda958e82038443940f07b7c2cbe3b0a477e1e6
generated: "2025-12-01T20:25:20.341325-06:00"

4
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -16,10 +16,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.27.0
version: 0.26.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.3.1
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
appVersion: 1.28.0
appVersion: 1.26.0

2
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
appVersion: 4.106.3
appVersion: 4.100.2

2
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 1.45.0
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
appVersion: v1.13.2
appVersion: v1.12.1

2
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -17,4 +17,4 @@ dependencies:
version: 0.34.0
repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 0.34.0
appVersion: 0.33.0

4
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -8,5 +8,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:636b200b79efdd6ea36afdf29a5e85f3741b362dfcbf2af47c7aff9e55f02812
generated: "2025-12-11T16:47:16.317535-06:00"
digest: sha256:73ab37385c3d0ec2db83a3640bc03b08ddd06fd015e1b7138e49bc8c3be9382e
generated: "2025-12-07T02:54:20.639142398Z"

4
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -26,8 +26,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
appVersion: 11.14.0
appVersion: 11.7.2

38
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -151,10 +151,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret
name: directus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -181,10 +181,40 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret-garage
name: directus-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

4
clusters/cl01tl/helm/directus/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.2.1
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
@@ -32,4 +32,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.76.0

2
clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml
View File

@@ -19,7 +19,7 @@ spec:
name: directus-redis-config
key: password
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v8.4.0
image: quay.io/opstree/redis-sentinel:v7.0.15
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config

33
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.14.0
tag: 11.13.4
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
@@ -41,27 +41,27 @@ directus:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: host
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: port
- name: DB_USER
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: password
- name: SYNCHRONIZATION_STORE
value: redis
@@ -156,12 +156,9 @@ directus:
cloudflared-directus:
name: cloudflared-directus
existingSecretName: directus-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -173,30 +170,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -204,7 +201,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -214,6 +210,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

2
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 3.2.0
repository: https://helm.elastic.co
icon: https://helm.elastic.co/icons/eck.png
appVersion: v3.2.0
appVersion: 1.26.0

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
appVersion: v1.12.6
appVersion: v1.11.100

2
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -17,4 +17,4 @@ dependencies:
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v1.4.1
appVersion: v1.3.1

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 1.19.0
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v0.20.0
appVersion: 1.16.1

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -15,4 +15,4 @@ dependencies:
version: 1.1.1
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
appVersion: v1.1.1
appVersion: 0.17.0

4
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -8,5 +8,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:dc8829a1f2cea88033bfda5d412dee8124154e26bfbe9e1bd67b8bb351ad7904
generated: "2025-12-11T17:07:50.35548-06:00"
digest: sha256:d4b26fd1608a0c767c6ebb226173cef133ed53f45098851713121e429bc614a1
generated: "2025-12-07T02:54:39.594902963Z"

4
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -26,8 +26,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
appVersion: 1.27.1
appVersion: 1.26.2

8
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -155,10 +155,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret
name: freshrss-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -185,10 +185,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret-garage
name: freshrss-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

29
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -98,22 +98,22 @@ freshrss:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: host
- name: DB_BASE
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: dbname
- name: DB_USER
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: password
- name: FRESHRSS_INSTALL
value: |
@@ -193,12 +193,9 @@ freshrss:
readOnly: false
cloudflared:
existingSecretName: freshrss-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -210,30 +207,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -241,7 +238,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -251,6 +247,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 2 4 * * SAT"
# backupName: garage-remote

4
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -5,5 +5,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:11d46f37e9f98a5562239e1b827a4caccc0ca14dc738681465e27ef5c5edd6d0
generated: "2025-12-11T17:23:01.072262-06:00"
digest: sha256:53e3b31b3fa3916ac4478c0ca3733a18f7145a0129b6a9c7aefdaf8169cb525c
generated: "2025-12-04T00:00:45.882393108Z"

4
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -21,8 +21,8 @@ dependencies:
repository: https://twin.github.io/helm-charts
version: 1.4.4
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
appVersion: v5.33.0
appVersion: v5.12.0

8
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -54,10 +54,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret
name: gatus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -84,10 +84,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret-garage
name: gatus-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

106
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -36,27 +36,27 @@ gatus:
POSTGRES_USER:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: username
POSTGRES_PASSWORD:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: password
POSTGRES_HOST:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: host
POSTGRES_PORT:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: port
POSTGRES_DB:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: dbname
resources:
requests:
@@ -125,9 +125,6 @@ gatus:
- name: overseerr
url: https://overseerr.alexlebens.net
<<: *defaults
- name: seerr
url: https://seerr.alexlebens.net
<<: *defaults
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
@@ -143,9 +140,6 @@ gatus:
- name: audiobookshelf
url: https://audiobookshelf.alexlebens.net
<<: *defaults
- name: booklore
url: https://booklore.alexlebens.net
<<: *defaults
- name: home-assistant
url: https://home-assistant.alexlebens.net
<<: *defaults
@@ -182,11 +176,6 @@ gatus:
- name: n8n
url: https://n8n.alexlebens.net
<<: *defaults
- name: kronic
url: https://kronic.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -256,9 +245,6 @@ gatus:
- name: ceph
url: https://ceph.alexlebens.net
<<: *defaults
- name: garage
url: https://garage-webui.alexlebens.net
<<: *defaults
- name: pgadmin
url: https://pgadmin.alexlebens.net
<<: *defaults
@@ -268,29 +254,6 @@ gatus:
- name: vault
url: https://vault.alexlebens.net
<<: *defaults
- name: backrest
url: https://backrest.alexlebens.net
<<: *defaults
- name: qui
url: https://qui.alexlebens.net
<<: *defaults
- name: qbittorrent
url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: sonarr
url: https://sonarr.alexlebens.net
<<: *defaults
@@ -321,11 +284,25 @@ gatus:
- name: slskd
url: https://slskd.alexlebens.net
<<: *defaults
- name: ephemera
url: https://ephemera.alexlebens.net
- name: qui
url: https://qui.alexlebens.net
<<: *defaults
- name: listenarr
url: https://listenarr.alexlebens.net
- name: qbittorrent
url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: www
url: https://www.alexlebens.dev
@@ -370,20 +347,27 @@ gatus:
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults
group: external
- name: public homepage
url: https://home.alexlebens.dev
<<: *defaults
group: external
postgres-18-cluster:
- name: discord
group: public
url: https://discord.com/app
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
- name: reddit
group: public
url: https://reddit.com
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -395,19 +379,19 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster
index: 2
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
@@ -415,10 +399,10 @@ postgres-18-cluster:
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -426,7 +410,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -436,6 +419,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5
digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6
generated: "2025-12-08T03:02:06.697075532Z"
version: 0.20.4
digest: sha256:4aa24e57233783f99d3de453f997ff4dddecaea729ab09b78745ee89ffa0e4a8
generated: "2025-12-06T01:01:30.343689275Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5
version: 0.20.4
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

4
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -17,5 +17,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:ecb6e0283b564f37b5d60bb64860b71c3b68acc2835364c0488fd7a9e932b941
generated: "2025-12-11T17:38:49.087683-06:00"
digest: sha256:392636c97a9be96f21c70f9b53559398aa15e67a0cae551041ee64f23088b59a
generated: "2025-12-07T02:54:49.861996743Z"

4
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -43,8 +43,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
appVersion: 1.25.2
appVersion: 1.23.7

8
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -254,10 +254,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-postgresql-18-cluster-backup-secret
name: gitea-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -284,10 +284,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-postgresql-18-cluster-backup-secret-garage
name: gitea-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

8
clusters/cl01tl/helm/gitea/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -29,7 +29,7 @@ spec:
storage: 10Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
@@ -47,7 +47,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -63,4 +63,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0

23
clusters/cl01tl/helm/gitea/templates/redis-sentinel.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: redis-sentinel-gitea
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-sentinel-gitea
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: redis-replication-gitea
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v8.4.0
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi

2
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -12,6 +12,8 @@ spec:
matchLabels:
app.kubernetes.io/name: gitea
app.kubernetes.io/instance: {{ .Release.Name }}
matchExpressions:
- { key: app.kubernetes.io/controller, operator: NotIn, values: [backup] }
endpoints:
- port: http

39
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -108,22 +108,22 @@ gitea:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: password
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom:
@@ -174,9 +174,6 @@ gitea-actions:
backup:
global:
fullnameOverride: gitea-backup
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
controllers:
backup:
type: cronjob
@@ -194,9 +191,6 @@ backup:
name: gitea-backup
pod:
automountServiceAccountToken: true
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
initContainers:
backup:
image:
@@ -218,7 +212,7 @@ backup:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -242,7 +236,7 @@ backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
tag: latest@sha256:590c42746db1252be8aad33e287c7910698c32b58b4fc34f67592a5bd0841551
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -322,12 +316,9 @@ meilisearch:
enabled: true
cloudflared:
existingSecretName: gitea-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -343,30 +334,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-18-cluster
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -374,7 +365,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -384,6 +374,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

4
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -5,5 +5,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:9640766b4a15b50a759edbc8a2aad816f9240be72bf06364acb387464245d51a
generated: "2025-12-11T19:19:12.375716-06:00"
digest: sha256:3bd7096e4401df5818733b3e0b08f281c12af9b54a272fbe3e753b2616d725dd
generated: "2025-12-04T00:01:28.278027037Z"

4
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -20,8 +20,8 @@ dependencies:
version: v5.20.0
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
appVersion: v5.20.0
appVersion: v5.18.0

8
clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml
View File

@@ -61,10 +61,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret
name: grafana-operator-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: grafana-operator-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -91,10 +91,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret-garage
name: grafana-operator-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: grafana-operator-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

10
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -85,25 +85,25 @@ spec:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
name: grafana-operator-postgresql-17-cluster-app
key: host
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
name: grafana-operator-postgresql-17-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
name: grafana-operator-postgresql-17-cluster-app
key: port
- name: DB_USER
valueFrom:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
name: grafana-operator-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
name: grafana-operator-postgresql-17-cluster-app
key: password

8
clusters/cl01tl/helm/grafana-operator/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -29,7 +29,7 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
@@ -47,7 +47,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -63,4 +63,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0

23
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -12,12 +12,9 @@ grafana-operator:
enabled: true
dashboard:
enabled: false
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -29,30 +26,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
index: 1
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster
index: 2
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: grafana-operator-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -60,7 +57,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -70,6 +66,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

9
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: harbor
repository: https://helm.goharbor.io
version: 1.18.1
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 6.16.1
digest: sha256:a8f5d259fb93f933050c498d9271a5b8606594c968a360f8be151f47b3feb49d
generated: "2025-12-11T20:49:18.650522-06:00"

8
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.18.1
version: 1.18.0
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
alias: postgres-17-cluster
version: 6.16.1
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
appVersion: v2.14.1
appVersion: v2.13.0

45
clusters/cl01tl/helm/harbor/templates/external-secret.yaml
View File

@@ -101,10 +101,47 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: harbor-postgresql-18-cluster-backup-secret
name: harbor-nginx-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: harbor-nginx-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ca.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/nginx
metadataPolicy: None
property: ca.crt
- secretKey: tls.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/nginx
metadataPolicy: None
property: tls.crt
- secretKey: tls.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/nginx
metadataPolicy: None
property: tls.key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: harbor-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -131,10 +168,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: harbor-postgresql-18-cluster-backup-secret-garage
name: harbor-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

27
clusters/cl01tl/helm/seerr/templates/http-route.yaml → clusters/cl01tl/helm/harbor/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-seerr
name: http-route-harbor
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-seerr
app.kubernetes.io/name: http-route-harbor
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -14,8 +14,27 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- seerr.alexlebens.net
- harbor.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /api/
- path:
type: PathPrefix
value: /service/
- path:
type: PathPrefix
value: /v2/
- path:
type: PathPrefix
value: /c/
backendRefs:
- group: ''
kind: Service
name: harbor-core
port: 80
weight: 100
- matches:
- path:
type: PathPrefix
@@ -23,6 +42,6 @@ spec:
backendRefs:
- group: ''
kind: Service
name: seerr-seerr-chart
name: harbor-portal
port: 80
weight: 100

4
clusters/cl01tl/helm/harbor/templates/redis-replication.yaml
View File

@@ -13,7 +13,7 @@ spec:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.4.0
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -29,4 +29,4 @@ spec:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.80.1
image: quay.io/opstree/redis-exporter:v1.48.0

23
clusters/cl01tl/helm/harbor/templates/redis-sentinel.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: redis-sentinel-harbor
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-sentinel-harbor
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: redis-replication-harbor
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v8.4.0
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi

45
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -1,16 +1,9 @@
harbor:
expose:
type: route
type: clusterIP
tls:
enabled: false
route:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hosts:
- harbor.alexlebens.net
auto:
commonName: harbor.alexlebens.net
externalURL: https://harbor.alexlebens.net
persistence:
enabled: true
@@ -38,6 +31,11 @@ harbor:
enabled: true
cache:
enabled: true
nginx:
image:
repository: goharbor/nginx-photon
tag: v2.14.1
replicas: 0
portal:
image:
repository: goharbor/harbor-portal
@@ -82,11 +80,11 @@ harbor:
database:
type: external
external:
host: harbor-postgresql-18-cluster-rw
host: harbor-postgresql-17-cluster-rw
port: "5432"
username: app
coreDatabase: app
existingSecret: harbor-postgresql-18-cluster-app
existingSecret: harbor-postgresql-17-cluster-app
redis:
type: external
external:
@@ -96,12 +94,9 @@ harbor:
repository: goharbor/harbor-exporter
tag: v2.14.1
replicas: 2
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgresql
tag: 18.1-standard-trixie
storage:
storageClass: local-path
walStorage:
@@ -113,30 +108,30 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: harbor-postgresql-18-cluster-backup-secret-garage
endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-18-cluster
index: 1
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
index: 2
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: harbor-postgresql-18-cluster-backup-secret-garage
endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/harbor/harbor-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: harbor-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: harbor-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
@@ -144,7 +139,6 @@ postgres-18-cluster:
scheduledBackups:
- name: daily-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
@@ -154,6 +148,5 @@ postgres-18-cluster:
backupName: garage-local
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

2
clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
View File

@@ -13,7 +13,7 @@ roleRef:
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com
name: alexanderlebens@gmail.com
apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
name: headlamp-admin

4
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -40,14 +40,14 @@ spec:
key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
- secretKey: OIDC_VALIDATOR_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
- secretKey: OIDC_VALIDATOR_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2025.12.2
tag: 2025.12.0
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/homepage-dev/values.yaml
View File

@@ -11,7 +11,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.8.0
tag: v1.7.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS

10
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -15,7 +15,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.8.0
tag: v1.7.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
@@ -143,16 +143,10 @@ homepage:
statusStyle: dot
- Media Requests:
icon: sh-overseerr.webp
description: Overseerr
description: Overseer
href: https://overseerr.alexlebens.net
siteMonitor: http://overseerr.overseerr:80
statusStyle: dot
- Media Requests (New):
icon: sh-overseerr.webp
description: Seerr
href: https://seerr.alexlebens.net
siteMonitor: http://seerr-seerr-chart.seerr:80
statusStyle: dot
- Media Tracking:
icon: sh-yamtrack.webp
description: Yamtrack

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 80.2.0
version: 79.12.0
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
digest: sha256:78e60a6bd6407b1a2d0e1bb9f7717faedd7ad43ded9cb4b6a93e29e85bdf294a
generated: "2025-12-10T21:05:54.967633057Z"
digest: sha256:e7edbec86ffbb16885333a6e1eeffec5c336bed8c161c52165949987eca4392d
generated: "2025-12-05T21:30:48.985834989Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -19,7 +19,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 80.2.0
version: 79.12.0
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

2
clusters/cl01tl/helm/lidatube/values.yaml
View File

@@ -13,7 +13,7 @@ lidatube:
main:
image:
repository: thewicklowwolf/lidatube
tag: 0.2.42
tag: 0.2.41
pullPolicy: IfNotPresent
env:
- name: PUID

6
clusters/cl01tl/helm/loki/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: loki
repository: https://grafana.github.io/helm-charts
version: 6.48.0
version: 6.46.0
- name: promtail
repository: https://grafana.github.io/helm-charts
version: 6.17.1
digest: sha256:218f6fdff5df62e43f081f045ab7ccba541a792b42750e3ebb8ac28308072724
generated: "2025-12-10T18:02:17.566041524Z"
digest: sha256:ff5441b35309842526f15b544bf3a7cb80508b1547bbd0eb58fa584172b716be
generated: "2025-12-01T19:55:56.473483-06:00"

2
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -16,7 +16,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: loki
version: 6.48.0
version: 6.46.0
repository: https://grafana.github.io/helm-charts
- name: promtail
version: 6.17.1

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: matrix-synapse
repository: https://ananace.gitlab.io/charts
version: 3.12.17
version: 3.12.16
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
@@ -14,5 +14,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1
digest: sha256:b1df95bd8c258c15178f35b229b2d2aee28fc2fff2b5176ed734a7aaeffaa372
generated: "2025-12-10T17:01:51.601498219Z"
digest: sha256:a90f6deb880962f642cac44608c3741af25c109464a62c9faf2f4552bfd2b920
generated: "2025-12-07T02:55:22.440509182Z"

2
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -29,7 +29,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: matrix-synapse
version: 3.12.17
version: 3.12.16
repository: https://ananace.gitlab.io/charts
- name: app-template
alias: matrix-hookshot

6
clusters/cl01tl/helm/n8n/values.yaml
View File

@@ -9,7 +9,7 @@ n8n:
main:
image:
repository: ghcr.io/n8n-io/n8n
tag: 2.0.1
tag: 1.123.1
pullPolicy: IfNotPresent
env:
- name: GENERIC_TIMEZONE
@@ -93,7 +93,7 @@ n8n:
main:
image:
repository: ghcr.io/n8n-io/n8n
tag: 2.0.1
tag: 1.123.1
pullPolicy: IfNotPresent
command:
- n8n
@@ -188,7 +188,7 @@ n8n:
main:
image:
repository: ghcr.io/n8n-io/n8n
tag: 2.0.1
tag: 1.123.1
pullPolicy: IfNotPresent
command:
- n8n

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.2
tag: 0.13.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main:
image:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.10.1
tag: v2.9.0
pullPolicy: IfNotPresent
env:
- name: MAIN_URL

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 25.0.1
digest: sha256:33e08873d2d1558d7e3784d7f995c8134347ca590f54109b783ae5f6ad5e2ae5
generated: "2025-12-11T18:13:48.868551-06:00"
version: 25.0.0
digest: sha256:9d103810351095faa83536eb9de22b45a80ea2cf9ccfe9add3d2f5f294ab30c0
generated: "2025-12-02T17:19:01.082597-06:00"

2
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 25.0.1
version: 25.0.0
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
appVersion: v0.82.0

4
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -28,7 +28,7 @@ qbittorrent:
qbittorrent:
image:
repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4@sha256:043498de39c3dd63eec94360c5ad966a51271d1581070f42cb73ab0cf4776f29
tag: 5.1.4@sha256:f0465dbb2aa14397fd205a0240ee562eb062354c036ccc444084fe46c6c75091
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -190,7 +190,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.9.1
tag: v1.8.1
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED

6
clusters/cl01tl/helm/reloader/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: reloader
repository: https://stakater.github.io/stakater-charts
version: 2.2.6
digest: sha256:9f219460f4d02b27df15ff0b8cae6aa9310f5a4b21255bf481801f361baa3dd2
generated: "2025-12-11T18:50:49.682645-06:00"
version: 2.2.5
digest: sha256:b44f560fe6595c2944e20095038d57c01a9086cf60c73797ee5c1b02762f479a
generated: "2025-12-01T20:27:12.722806-06:00"

2
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: reloader
version: 2.2.6
version: 2.2.5
repository: https://stakater.github.io/stakater-charts
icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg
appVersion: v1.4.2

2
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -58,7 +58,7 @@ roundcube:
nginx:
image:
repository: nginx
tag: 1.29.4-alpine
tag: 1.29.3-alpine
pullPolicy: IfNotPresent
env:
- name: NGINX_HOST

30
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -20,36 +20,6 @@ spec:
metadataPolicy: None
property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-browser-metrics-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-browser-metrics-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: metrics-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-password
- secretKey: metrics-username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-username
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

11
clusters/cl01tl/helm/searxng/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: searxng
labels:
app.kubernetes.io/name: searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

Some files were not shown because too many files have changed in this diff Show More