alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:tmp/eraser
..
compare: alexlebens:d3de532c6232b77ff3bd9cefba6ead33c91f5bd9
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests alexlebens:tmp/eraser

1 Commits
main ... d3de532c62

Author SHA1 Message Date
Renovate Bot
d3de532c62 chore(deps): update medialyze to v0.6.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 42s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 34s
Details
lint-test-helm / argo-diff (pull_request) Successful in 44s
Details
2026-04-12 13:05:37 +00:00
16 changed files with 311 additions and 234 deletions
Expand all files Collapse all files

397
.gitea/workflows/lint-test-helm.yaml
View File

@@ -378,232 +378,249 @@ jobs:
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
# argo-diff: argo-diff:
# needs: lint-helm needs: lint-helm
# runs-on: ubuntu-js runs-on: ubuntu-js
# if: | if: |
# needs.lint-helm.result == 'success' && needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' && needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request' github.event_name == 'pull_request'
# steps: steps:
# - name: Checkout - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with: with:
# fetch-depth: 0 fetch-depth: 0
# - name: Cache ArgoCD CLI - name: Cache ArgoCD CLI
# id: cache-argocd id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with: with:
# path: /usr/local/bin/argocd path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }} key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: | restore-keys: |
# ${{ runner.os }}-argocd- ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true' if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: | run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..." echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64 curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo "" echo ""
# echo ">> Installing ArgoCD CLI ..." echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo "" echo ""
# echo "----" echo "----"
# - name: Verify installation - name: Verify installation
# run: | run: |
# echo "" echo ""
# echo ">> Verifying installation ..." echo ">> Verifying installation ..."
# argocd version --client argocd version --client
# echo "" echo ""
# echo "----" echo "----"
# - name: Set Up Helm - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with: with:
# token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3 version: v4.1.3
# cache: true cache: true
# - name: Cache Helm Dependencies - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with: with:
# path: | path: |
# ~/.cache/helm ~/.cache/helm
# ~/.config/helm ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }} key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: | restore-keys: |
# helm-cache-${{ runner.os }}- helm-cache-${{ runner.os }}-
# - name: Add Repositories - name: Add Repositories
# env: env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
# echo "" echo ""
# for DIR in ${CHANGED_CHARTS}; do for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \ helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \ | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \ | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}" echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}" helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi fi
# done || true done || true
# done done
# if helm repo list > /dev/null 2>&1; then if helm repo list > /dev/null 2>&1; then
# echo "" echo ""
# echo ">> Update repository cache ..." echo ">> Update repository cache ..."
# helm repo update helm repo update
# fi fi
# echo "" echo ""
# echo "----" echo "----"
# - name: Render Templates - name: Render Templates
# id: render id: render
# env: env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# for APP_NAME in ${CHANGED_CHARTS}; do for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..." echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}" CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/" OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# helm dependency build "${CHART_PATH}" --skip-refresh helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}" NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in case "${APP_NAME}" in
# "stack") "stack")
# NAMESPACE="argocd" NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering into 'argocd' namespace ..."
# ;; ;;
# "cilium" | "coredns" | "metrics-server") "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system" NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;; ;;
# *) *)
# echo ">> Standard Rendering ..." echo ">> Standard Rendering ..."
# esac esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file yq -i '... comments=""' $file
# done done
# echo "" echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}" echo ">> Templates in outpute folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER} ls ${OUTPUT_FOLDER}
# done done
# echo "----" echo "----"
# - name: Run App Diff - name: Run App Diff
# id: diff id: diff
# env: env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }} ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }} ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# FAILED_CHARTS="" # argo diff outputs 1 on any diff, but this is expected, only error on output 2+
# DIFF_FOUND="false" set +e
OVERALL_EXIT_CODE=0
FAILED_CHARTS=""
DIFF_FOUND="false"
# for APP_NAME in ${CHANGED_CHARTS}; do for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..." echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
# if [ -s "diff_output_${APP_NAME}.txt" ]; then argocd app diff "${APP_NAME}" \
# echo ">> Argo diff:" --server "${ARGOCD_SERVER}" \
# echo "" --revision ${{ gitea.sha }} \
# cat diff_output_${APP_NAME}.txt --grpc-web > diff_output_${APP_NAME}.txt
# echo ""
# DIFF_FOUND="true" EXIT_CODE=$?
# else if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> No Argo diff found for ${APP_NAME}" echo ">> Argo diff:"
# rm "diff_output_${APP_NAME}.txt" echo ""
cat diff_output_${APP_NAME}.txt
echo ""
# fi DIFF_FOUND="true"
# done
# echo "----" else
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT" echo ">> No Argo diff found for ${APP_NAME}"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT" rm "diff_output_${APP_NAME}.txt"
# exit $OVERALL_EXIT_CODE fi
# - name: Post Diff if [ $EXIT_CODE -eq 2 ]; then
# if: | echo ">> ArgoCD diff failed for ${APP_NAME} due to a manifest error"
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do OVERALL_EXIT_CODE=1
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY} if [ -z "${FAILED_CHARTS}" ]; then
# #### App: ${APP_NAME} FAILED_CHARTS="${APP_NAME}"
# "
# if [ -z "$DIFF_CONTENT" ]; then else
# COMMENT_BODY="${COMMENT_BODY} No changes detected." FAILED_CHARTS="${FAILED_CHARTS}, ${APP_NAME}"
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \ fi
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \ fi
# -H "Authorization: token ${GITEA_TOKEN}" \ done
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed echo "----"
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# if: failure() echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# with:
# url: '${{ secrets.NTFY_URL }}' exit $OVERALL_EXIT_CODE
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure' - name: Post Diff
# priority: 3 if: |
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' always() &&
# tags: action,failed steps.diff.outputs.diff-detected == 'true' &&
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}" gitea.event.pull_request.number != null
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' env:
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# image: true run: |
COMMENT_BODY="### ArgoCD Diff Results
"
for f in diff_output_*.txt; do
APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
DIFF_CONTENT=$(cat "$f")
COMMENT_BODY="${COMMENT_BODY}
#### App: ${APP_NAME}
"
if [ -z "$DIFF_CONTENT" ]; then
COMMENT_BODY="${COMMENT_BODY} No changes detected."
else
COMMENT_BODY="${COMMENT_BODY}
\`\`\`diff
${DIFF_CONTENT}
\`\`\`"
fi
done
curl -X 'POST' \
"${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'ArgoCD Diff Failure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.111.0@sha256:b70f50fc874a6443809ede68809a9169d8f308418eb2c5cd67ff88edda036f1c container: ghcr.io/renovatebot/renovate:43.110.14@sha256:f3ba59186f17171bf2eaacc35014192d4862bf1b2af3116fb694ba9c17f04f70
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.4 appVersion: v2.7.2

2
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo # renovate: datasource=github-releases depName=moghtech/komodo
appVersion: v2.1.2 appVersion: v2.1.1

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.20.5 appVersion: 0.20.4

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -21,7 +21,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0 tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -55,7 +55,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0 tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h
@@ -89,7 +89,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.20.5@sha256:662109db8037f17257cfc6e816289c0d4c9ae8a2a4ff760b653d8d410e234ba0 tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
value: 24h value: 24h

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex # renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.1.10611-1e34174b1-ls301 appVersion: 1.43.1.10576-06378bdcd-ls300

2
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -112,7 +112,7 @@ rybbit:
main: main:
image: image:
repository: clickhouse/clickhouse-server repository: clickhouse/clickhouse-server
tag: 26.3.5@sha256:0115c4aa8d29ef873a533bcebaf5a65ec12815cf3b08b4fe6a20c30d460e8133 tag: 26.3.4@sha256:e9de4678349386db2bd6282aa71e93ef465912ae9fa419ead2e83eb1cbce7a4a
env: env:
- name: CLICKHOUSE_DB - name: CLICKHOUSE_DB
value: analytics value: analytics

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -8,7 +8,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36 tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080 value: http://searxng-api.searxng:8080
@@ -36,7 +36,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36 tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: https://searxng.alexlebens.net/ value: https://searxng.alexlebens.net/

6
clusters/cl01tl/helm/seerr/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.2 version: 3.4.1
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:f9f2649fcd5ae23d2e8bedc81c8dec7c65464328901c4fd4e47b00549e315514 digest: sha256:821fc73d7411c89f0eba2c35a7a455523dadaa4f9d5149b17b2c96cf594f5e1a
generated: "2026-04-13T18:43:39.927316242Z" generated: "2026-04-08T17:24:50.724009386Z"

4
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
dependencies: dependencies:
- name: seerr-chart - name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr repository: oci://ghcr.io/seerr-team/seerr
version: 3.4.2 version: 3.4.1
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/seerr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/seerr.png
# renovate: datasource=github-releases depName=seerr-team/seerr # renovate: datasource=github-releases depName=seerr-team/seerr
appVersion: v3.1.1 appVersion: v3.1.0

2
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -2,7 +2,7 @@ seerr-chart:
image: image:
registry: ghcr.io registry: ghcr.io
repository: seerr-team/seerr repository: seerr-team/seerr
tag: v3.1.1 tag: v3.1.0
sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9 sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9
config: config:
persistence: persistence:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.18.0@sha256:1219a291faaaef87761e9f8b0857270165c505d95c0a30325fe4e2be422ba377 tag: 3.17.0@sha256:22c5bebe1148c019cdd50c2da06d9e8679e1b2653762cb3f3febf1aba75c309f
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

102
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -138,20 +138,40 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-1
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-1
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-1
property: TOKENS_1 property: TOKENS
- secretKey: NOTIFY_QUEUE_URLS - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-1
property: NOTIFY_QUEUE_URLS property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-1
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -170,20 +190,40 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-2
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-2
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-2
property: TOKENS_2 property: TOKENS
- secretKey: NOTIFY_QUEUE_URLS - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-2
property: NOTIFY_QUEUE_URLS property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-2
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -202,20 +242,40 @@ spec:
data: data:
- secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-3
property: ENVIRONMENT property: ENVIRONMENT
- secretKey: CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: CHECK_INTERVAL
- secretKey: MAX_CHECK_INTERVAL
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: MAX_CHECK_INTERVAL
- secretKey: NODES - secretKey: NODES
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-3
property: NODES property: NODES
- secretKey: TLS_SKIP_VERIFY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: TLS_SKIP_VERIFY
- secretKey: TOKENS - secretKey: TOKENS
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-3
property: TOKENS_3 property: TOKENS
- secretKey: NOTIFY_QUEUE_URLS - secretKey: EMAIL_ENABLED
remoteRef: remoteRef:
key: /cl01tl/vault/unseal key: /cl01tl/vault/unseal/config-3
property: NOTIFY_QUEUE_URLS property: EMAIL_ENABLED
- secretKey: NOTIFY_MAX_ELAPSED
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_MAX_ELAPSED
- secretKey: NOTIFY_QUEUE_DELAY
remoteRef:
key: /cl01tl/vault/unseal/config-3
property: NOTIFY_QUEUE_DELAY
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

6
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -272,7 +272,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-1 name: vault-unseal-config-1
@@ -288,7 +288,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-2 name: vault-unseal-config-2
@@ -304,7 +304,7 @@ unseal:
main: main:
image: image:
repository: ghcr.io/lrstanley/vault-unseal repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c
envFrom: envFrom:
- secretRef: - secretRef:
name: vault-unseal-config-3 name: vault-unseal-config-3

4
renovate.json
View File

@@ -89,10 +89,10 @@
{ {
"description": "Specific app grouping overrides", "description": "Specific app grouping overrides",
"matchPackageNames": [ "matchPackageNames": [
"/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/", "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik)/",
"/^rook(-ceph|/rook|/ceph)/" "/^rook(-ceph|/rook|/ceph)/"
], ],
"groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|radarr|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}", "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|rook-ceph|roundcube|rybbit|sonarr|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
"groupSlug": "unified-{{{groupName}}}" "groupSlug": "unified-{{{groupName}}}"
}, },
{ {