alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:manifests alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-directusdirectus alexlebens:renovate/unified-cilium alexlebens:tmp/yubal
..
compare: alexlebens:dd9ca7f6704f1d6883df01ae3ade8bbf8f76525e
Branches Tags
alexlebens:manifests alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-directusdirectus alexlebens:renovate/unified-cilium alexlebens:main alexlebens:tmp/yubal

1 Commits
main ... dd9ca7f670

Author SHA1 Message Date
Renovate Bot
dd9ca7f670 chore(deps): update searxng/searxng:latest docker digest to 68b5b56
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 12s
Details
render-manifests / render-manifests (pull_request) Successful in 43s
Details
2026-03-24 19:40:22 +00:00
31 changed files with 401 additions and 194 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.89.3@sha256:95ef56f2595ea6ee1acac7c9ef6c8e2112a9be0699a42df9921310923aed7167
container: ghcr.io/renovatebot/renovate:43.89.2@sha256:a823bf9ff1f04c31d46267b78330e06f802dbf6e1af899e21c6a8e3197d45354
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -91,7 +91,7 @@ argo-cd:
enabled: true
image:
repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume:
enabled: true
redis:

5
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords:
- cert-manager
- certificates
home: https://docs.alexlebens.dev/applications/cert-manager/
- kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources:
- https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -15,6 +16,6 @@ dependencies:
- name: cert-manager
version: v1.20.0
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.0

5
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,11 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
acme:
email: alexanderlebens@gmail.com

3
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: api-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true
keep: true
replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs:
- --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus:
enabled: true
servicemonitor:
enabled: true
honorLabels: true

9
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Cilium
keywords:
- cilium
- operator
- cni
- network
home: https://docs.alexlebens.dev/applications/cilium/
- kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources:
- https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium
- https://github.com/cilium/charts
maintainers:
- name: alexlebens
dependencies:
@@ -18,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.18.6
appVersion: 1.19.2

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane:
enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf:
hostLegacyRouting: true
devices: end0 enp6s0
ciliumEndpointSlice:
enabled: true
ingressController:
enabled: false
gatewayAPI:
enabled: true
enableAppProtocol: true
enableAlpn: true
secretsNamespace:
create: false
name: kube-system
enableAppProtocol: true
gatewayClass:
create: auto
externalIPs:
enabled: true
socketLB:
enabled: true
hostNamespaceOnly: true
hubble:
enabled: true
metrics:
serviceMonitor:
enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true
ui:
enabled: true
ingress:
enabled: false
ipam:
mode: "kubernetes"
ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6:
enabled: false
kubeProxyReplacement: true
l7Proxy: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
trustCRDsExist: true
enabled: true
envoy:
enabled: true
securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON
- BPF
prometheus:
enabled: true
serviceMonitor:
enabled: true
operator:
enabled: true
rollOutPods: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
cgroup:

7
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,11 +6,10 @@ keywords:
- cloudnative-pg
- operator
- postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/
- kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources:
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers:
@@ -22,6 +21,6 @@ dependencies:
- name: plugin-barman-cloud
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.28.1

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg:
replicaCount: 2
resources:
requests:
cpu: 10m
memory: 64Mi
monitoring:
podMonitorEnabled: true
plugin-barman-cloud:
replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds:
create: true
resources:
requests:
cpu: 10m
memory: 64Mi

12
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -5,14 +5,14 @@ description: Code Server
keywords:
- code-server
- code
home: https://docs.alexlebens.dev/applications/code-server/
- ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources:
- https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -28,5 +28,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.112.0
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.108.1

6
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

16
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -4,18 +4,16 @@ code-server:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -28,7 +26,7 @@ code-server:
resources:
requests:
cpu: 10m
memory: 80Mi
memory: 128Mi
service:
main:
controller: main
@@ -49,8 +47,11 @@ code-server:
- code-server.alexlebens.net
rules:
- backendRefs:
- name: code-server
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
@@ -61,6 +62,7 @@ code-server:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords:
- coredns
- dns
home: https://docs.alexlebens.dev/applications/coredns/
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/coredns/coredns
- https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns
version: 1.45.2
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
tag: v1.14.2
replicaCount: 3
resources:
limits:
cpu: null
memory: null
requests:
cpu: 20m
memory: 32Mi
cpu: 50m
memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus:
service:
enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor:
enabled: true
namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount:
create: true
name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers:
- zones:
- zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.111.232.172
- zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.97.20.219
nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists
effect: NoSchedule
deployment:
skipConfig: false
enabled: true
name: coredns

5
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Dawarich
keywords:
- dawarich
- location
home: https://docs.alexlebens.dev/applications/dawarich/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key
metadataPolicy: None
property: key
---
@@ -34,9 +37,15 @@ spec:
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret

73
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "web-entrypoint.sh"
args:
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
tag: 1.4.0
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
env:
- name: RAILS_ENV
value: production
@@ -91,14 +86,14 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
@@ -107,15 +102,14 @@ dawarich:
resources:
requests:
cpu: 10m
memory: 750Mi
memory: 128Mi
sidekiq:
image:
repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "sidekiq-entrypoint.sh"
args:
- "sidekiq"
tag: 1.4.0
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
env:
- name: RAILS_ENV
value: production
@@ -191,19 +185,23 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- pgrep
- -f
- sidekiq
- /bin/sh
- -c
- pgrep -f sidekiq
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -240,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net
rules:
- backendRefs:
- name: dawarich
- group: ""
kind: Service
name: dawarich
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -252,6 +253,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -265,6 +267,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -278,6 +281,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
@@ -309,9 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

22
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -40,21 +40,21 @@ harbor:
enabled: true
portal:
image:
repository: ghcr.io/goharbor/harbor-portal
tag: v2.15.0@sha256:541d5fa95bf77240d46a438f86245cdfd6afa6dd7fdd0cf4dd4c905af6a980b1
repository: goharbor/harbor-portal
tag: v2.15.0
replicas: 2
core:
image:
repository: ghcr.io/goharbor/harbor-core
tag: v2.15.0@sha256:32a13f6693a278261e9c9cb7eb606c5e2aa021308ae44fdc73225755048500a8
repository: goharbor/harbor-core
tag: v2.15.0
replicas: 2
existingSecret: harbor-secret
secretName: harbor-secret
existingXsrfSecret: harbor-secret
jobservice:
image:
repository: ghcr.io/goharbor/harbor-jobservice
tag: v2.15.0@sha256:a22c7cccba4673b26ffb96f5c37971d85d879dd837bc82448e01c0170b68cf28
repository: goharbor/harbor-jobservice
tag: v2.15.0
replicas: 2
jobLoggers:
- stdout
@@ -63,11 +63,11 @@ harbor:
registry:
image:
repository: goharbor/registry-photon
tag: v2.15.0@sha256:beb49fd16cf0906c04a2bf51a22f7210289e7cc2ae43a733e2a0364380aceae6
tag: v2.15.0
controller:
image:
repository: ghcr.io/goharbor/harbor-registryctl
tag: v2.15.0@sha256:463172f71d3a1e8d4f9e3b4e687a447f41fbc3126316d8c150dba04a903bbc47
repository: goharbor/harbor-registryctl
tag: v2.15.0
existingSecret: harbor-secret
relativeurls: true
credentials:
@@ -93,8 +93,8 @@ harbor:
addr: harbor-valkey.harbor:6379
exporter:
image:
repository: ghcr.io/goharbor/harbor-exporter
tag: v2.15.0@sha256:ad065e4e1a0ee900a0bb1a03d57028ed4b51dc04933f5c1cb5c4aee301a72ddb
repository: goharbor/harbor-exporter
tag: v2.15.0
replicas: 2
postgres-18-cluster:
mode: recovery

14
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -40,6 +40,20 @@ homepage:
html {
font-size: 18px;
}
ul#myTab {
background-color: rgba(240, 230, 215, 0.12) !important;
color: white !important;
}
li.service div.service-card,
li.bookmark a.rounded-md {
color: white !important;
background-color: rgba(240, 230, 215, 0.12) !important;
transition: all 150ms ease !important;
}
li.service div.service-card:hover,
li.bookmark a.rounded-md:hover {
background-color: rgba(240, 230, 215, 0.18) !important;
}
docker.yaml: ""
kubernetes.yaml: |
mode: cluster

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.14.0
version: 82.13.6
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:767eea1e633cefea72a9428ca888bfb47e82febdfd647d7d5f199523eace0154
generated: "2026-03-24T20:52:31.377221183Z"
digest: sha256:6c29e37c4a0b08244b3ab0c60b2e07a2574f382f18183d98017d2d0dbcab7f21
generated: "2026-03-24T17:20:56.086048387Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.14.0
version: 82.13.6
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

2
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.5.2
tag: 2.5.1
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR

11
clusters/cl01tl/helm/rook-ceph/Chart.lock
View File

@@ -1,9 +1,12 @@
dependencies:
- name: rook-ceph
repository: https://charts.rook.io/release
version: v1.19.3
version: v1.19.2
- name: rook-ceph-cluster
repository: https://charts.rook.io/release
version: v1.19.3
digest: sha256:f485e0ac0fe7a70972491078f37b8be4aff2c6dfa7346bdb18d296f1dbd15b1e
generated: "2026-03-24T22:57:30.323965591Z"
version: v1.19.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
digest: sha256:4bd2987d8b6b91e0c4dc026c5d20419c69bd81c82063d7850bbfe8d7dbea3b82
generated: "2026-03-09T22:05:44.444530464Z"

6
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -16,11 +16,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: rook-ceph
version: v1.19.3
version: v1.19.2
repository: https://charts.rook.io/release
- name: rook-ceph-cluster
version: v1.19.3
version: v1.19.2
repository: https://charts.rook.io/release
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
# renovate: datasource=github-releases depName=rook/rook
appVersion: v1.19.3
appVersion: v1.19.2

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:c4850cf4ad1954a4d93e0ad5aa8ce2c5b6ba067c889355ce970d820ac6080722
tag: latest@sha256:68b5b5654c29a222dfd83367f2dc3fcb371dffed132582042326e6e4e0792ee1
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:c4850cf4ad1954a4d93e0ad5aa8ce2c5b6ba067c889355ce970d820ac6080722
tag: latest@sha256:68b5b5654c29a222dfd83367f2dc3fcb371dffed132582042326e6e4e0792ee1
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.8.0
tag: 0.6.0
pullPolicy: IfNotPresent
resources:
requests:

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -405,7 +405,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd
@@ -438,7 +438,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd
@@ -471,7 +471,7 @@ etcd-defrag:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6
tag: v1.12.5
pullPolicy: IfNotPresent
args:
- etcd

2
clusters/cl01tl/helm/yubal/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
# renovate: datasource=github-releases depName=guillevc/yubal
appVersion: v0.7.2
appVersion: v4.0.0

68
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -14,7 +14,7 @@ yubal:
main:
image:
repository: ghcr.io/guillevc/yubal
tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
tag: 4.0.0
pullPolicy: IfNotPresent
env:
- name: YUBAL_TZ
@@ -29,6 +29,72 @@ yubal:
requests:
cpu: 10m
memory: 128Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
service:
main:
controller: main

204
renovate.json
View File

@@ -3,10 +3,7 @@
"extends": [
"config:recommended",
"mergeConfidence:all-badges",
":rebaseStalePrs",
"group:recommended",
"group:monorepos",
"group:kubernetesMonorepo"
":rebaseStalePrs"
],
"timezone": "America/Chicago",
"labels": [],
@@ -74,50 +71,28 @@
"enabled": false
},
{
"description": "Label by datasource",
"description": "Label charts",
"matchDatasources": [
"helm",
"docker",
"github-actions"
"helm"
],
"addLabels": [
"{{{datasource}}}"
"chart"
],
"automerge": false
},
{
"description": "Automerge helm chart lock files",
"matchManagers": [
"helm"
],
"lockFileMaintenance": {
"enabled": true
},
"addLabels": [
"automerge"
],
"automerge": true,
"automergeType": "branch"
},
{
"description": "Automerge patches",
"matchUpdateTypes": [
"patch",
"pinDigest"
],
"description": "Label images",
"matchDatasources": [
"helm",
"docker",
"github-actions"
"docker"
],
"addLabels": [
"automerge"
"image"
],
"automerge": true,
"minimumReleaseAge": "1 days"
"automerge": false
},
{
"description": "Label appVersion and images, grouped",
"description": "Label appVersion and images, merged",
"matchManagers": [
"custom.regex",
"helm-values"
@@ -130,7 +105,7 @@
"automerge": false
},
{
"description": "Automerge appVersion and images, grouped",
"description": "Automerge appVersion and images, merged",
"matchUpdateTypes": [
"patch",
"pinDigest"
@@ -142,42 +117,92 @@
"groupName": "{{#if packageName}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' packageName)}}}{{else}}{{{replace 'ghcr.io/' '' (replace 'docker.io/' '' depName)}}}{{/if}}",
"groupSlug": "unified-{{{groupName}}}",
"addLabels": [
"image",
"automerge"
],
"automerge": true,
"minimumReleaseAge": "1 days"
},
{
"description": "Group apps by their keyword",
"groupName": "{{{replace '^.*(dawarich|komodo|immich|home-assistant|element-web|cilium).*$' '$1' depName}}}",
"groupSlug": "unified-{{{groupName}}}",
"matchPackageNames": [
"/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium)/"
]
"description": "Automerge digests for actions",
"matchManagers": [
"github-actions"
],
"matchUpdateTypes": [
"digest"
],
"addLabels": [
"actions",
"automerge"
],
"enabled": true,
"automerge": true,
"minimumReleaseAge": "1 days"
},
{
"description": "Group Bazarr dependencies",
"groupName": "bazarr",
"groupSlug": "unified-bazarr",
"matchPackageNames": [
"bazarr$"
]
"description": "Automerge chart patches",
"matchUpdateTypes": [
"patch"
],
"matchDatasources": [
"helm"
],
"addLabels": [
"chart",
"automerge"
],
"automerge": true,
"minimumReleaseAge": "1 days"
},
{
"description": "Group Code Server dependencies",
"groupName": "code-server",
"groupSlug": "unified-code-server",
"matchPackageNames": [
"code-server$"
]
"description": "Automerge helm chart lock files",
"matchManagers": [
"helm"
],
"lockFileMaintenance": {
"enabled": true
},
"addLabels": [
"chart",
"automerge"
],
"automerge": true,
"automergeType": "branch"
},
{
"description": "Group Rook-Ceph dependencies",
"groupName": "rook-ceph",
"groupSlug": "unified-rook-ceph",
"description": "Automerge image patches",
"matchUpdateTypes": [
"patch",
"pinDigest"
],
"matchDatasources": [
"docker"
],
"addLabels": [
"image",
"automerge"
],
"automerge": true,
"minimumReleaseAge": "1 days"
},
{
"description": "Automerge images, specific packages",
"matchUpdateTypes": [
"patch",
"minor"
],
"matchDatasources": [
"docker"
],
"matchPackageNames": [
"/^rook(-ceph|\\/rook|\\/ceph)/"
]
"ghcr.io/renovatebot/renovate",
"kube-prometheus-stack"
],
"addLabels": [
"image",
"automerge"
],
"automerge": true
},
{
"description": "Automerge digest updates, specific packages",
@@ -191,28 +216,59 @@
"searxng/searxng"
],
"addLabels": [
"image",
"automerge"
],
"enabled": true,
"automerge": true
},
{
"description": "Automerge images, specific packages",
"matchUpdateTypes": [
"patch",
"minor"
],
"matchDatasources": [
"docker"
],
"description": "Group Dawarich dependencies",
"groupName": "dawarich",
"groupSlug": "unified-dawarich",
"matchPackageNames": [
"ghcr.io/renovatebot/renovate",
"ghcr.io/prometheus-community/charts/kube-prometheus-stack"
],
"addLabels": [
"automerge"
],
"automerge": true
"/^(ghcr\\.io/|docker\\.io/)?(freika|freikin)/dawarich/"
]
},
{
"description": "Group Komodo dependencies",
"groupName": "komodo",
"groupSlug": "unified-komodo",
"matchPackageNames": [
"/^moghtech/komodo/",
"/^ghcr\\.io/moghtech/komodo/",
"/^docker\\.io/moghtech/komodo/"
]
},
{
"description": "Group Immich dependencies",
"groupName": "immich",
"groupSlug": "unified-immich",
"matchPackageNames": [
"/^immich-app/immich/",
"/^ghcr\\.io/immich-app/immich/",
"/^docker\\.io/immich-app/immich/"
]
},
{
"description": "Group Home Assistant dependencies",
"groupName": "home-assistant",
"groupSlug": "unified-home-assistant",
"matchPackageNames": [
"/^home-assistant//",
"/^ghcr\\.io/home-assistant//",
"/^docker\\.io/home-assistant//"
]
},
{
"description": "Group Element Web updates",
"groupName": "element-web",
"groupSlug": "unified-element-web",
"matchPackageNames": [
"/element-web/",
"/vectorim/element-web/",
"/element-hq/element-web/"
]
}
]
}