alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:auto/update-manifests alexlebens:manifests alexlebens:renovate/unified-grafanaloki alexlebens:renovate/headlamp-0.x
..
compare: alexlebens:e3e4bdb4a12d84d881e99831780fa58243aba371
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:auto/update-manifests alexlebens:main alexlebens:manifests alexlebens:renovate/unified-grafanaloki alexlebens:renovate/headlamp-0.x

1 Commits
main ... e3e4bdb4a1

Author SHA1 Message Date
Renovate Bot
e3e4bdb4a1 chore(deps): update helm release cilium to v1.19.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
2026-02-06 03:43:11 +00:00
33 changed files with 39 additions and 723 deletions
Expand all files Collapse all files

2
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -157,14 +157,12 @@ blocky:
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl
yubal-playlist IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl
blocking: blocking:

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cilium - name: cilium
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
version: 1.18.6 version: 1.19.0
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b digest: sha256:d2319facc93cab2a0a137588d8bd93315b52025b3ec86bc89edb0e236a74c814
generated: "2026-02-05T12:00:20.15778-06:00" generated: "2026-02-06T03:43:04.47604832Z"

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cilium - name: cilium
version: 1.18.6 version: 1.19.0
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.0.0 version: 1.3.2
digest: sha256:3833a9f099d80f50e8a7c9874138b9eba42c18fe5f5f5dc605031f7c44bd3971 digest: sha256:7b7c6dee59f2ea630f0e7a1124aeeda52cdff23769136300384b28210e03945a
generated: "2026-02-06T15:40:39.917039721Z" generated: "2026-02-03T21:41:32.061135319Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
version: 2.0.0 version: 1.3.2
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.0.0 appVersion: v1.3.2

2
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -88,7 +88,7 @@ freshrss:
- name: PUID - name: PUID
value: "568" value: "568"
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: FRESHRSS_ENV - name: FRESHRSS_ENV
value: production value: production
- name: CRON_MIN - name: CRON_MIN

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -310,12 +310,6 @@ gatus:
- name: lidarr - name: lidarr
url: https://lidarr.alexlebens.net url: https://lidarr.alexlebens.net
<<: *defaults <<: *defaults
- name: spotisub
url: https://spotisub.alexlebens.net
<<: *defaults
- name: yubal
url: https://yubal.alexlebens.net
<<: *defaults
- name: yubal-playlist - name: yubal-playlist
url: https://yubal-playlist.alexlebens.net url: https://yubal-playlist.alexlebens.net
<<: *defaults <<: *defaults

12
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -655,24 +655,12 @@ homepage:
url: http://lidarr.lidarr:80 url: http://lidarr.lidarr:80
key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }} key: {{ "{{HOMEPAGE_VAR_LIDARR_KEY}}" }}
fields: ["wanted", "queued", "artists"] fields: ["wanted", "queued", "artists"]
- Yubal:
icon: sh-yubal.webp
description: Download Youtube playlist
href: https://yubal.alexlebens.net
siteMonitor: http://yubal.yubal:80
statusStyle: dot
- Yubal Playlist: - Yubal Playlist:
icon: sh-yubal.webp icon: sh-yubal.webp
description: Replicate Youtube playlist description: Replicate Youtube playlist
href: https://yubal-playlist.alexlebens.net href: https://yubal-playlist.alexlebens.net
siteMonitor: http://yubal-playlist.yubal-playlist:80 siteMonitor: http://yubal-playlist.yubal-playlist:80
statusStyle: dot statusStyle: dot
- Spotisub:
icon: sh-spotify.webp
description: Replicate Spotify playlist
href: https://spotisub.alexlebens.net
siteMonitor: http://spotisub.spotisub:80
statusStyle: dot
- slskd: - slskd:
icon: sh-slskd.webp icon: sh-slskd.webp
description: slskd description: slskd

30
clusters/cl01tl/helm/komodo/templates/external-secret.yaml
View File

@@ -47,33 +47,3 @@ spec:
key: /authentik/oidc/komodo key: /authentik/oidc/komodo
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: komodo-postgresql-17-fdb-cluster-ferret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-ferret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: uri
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: password

37
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -2,7 +2,7 @@ komodo:
controllers: controllers:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 0
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 revisionHistoryLimit: 3
containers: containers:
@@ -53,11 +53,14 @@ komodo:
- name: PERIPHERY_SSL_ENABLED - name: PERIPHERY_SSL_ENABLED
value: false value: false
- name: DB_USERNAME - name: DB_USERNAME
value: ferret valueFrom:
secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-app
key: user
- name: DB_PASSWORD - name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret name: komodo-postgresql-17-fdb-cluster-app
key: password key: password
- name: KOMODO_DATABASE_URI - name: KOMODO_DATABASE_URI
value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@komodo-ferretdb-2.komodo:27017/komodo value: mongodb://$(DB_USERNAME):$(DB_PASSWORD)@komodo-ferretdb-2.komodo:27017/komodo
@@ -85,7 +88,7 @@ komodo:
memory: 128Mi memory: 128Mi
ferretdb-2: ferretdb-2:
type: deployment type: deployment
replicas: 1 replicas: 0
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 revisionHistoryLimit: 3
containers: containers:
@@ -95,15 +98,11 @@ komodo:
tag: 2.7.0 tag: 2.7.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: DB_USERNAME - name: FERRETDB_POSTGRESQL_URL
value: ferret
- name: DB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: komodo-postgresql-17-fdb-cluster-ferret name: komodo-postgresql-17-fdb-cluster-app
key: password key: uri
- name: FERRETDB_POSTGRESQL_URL
value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -195,13 +194,13 @@ postgresql-17-fdb-cluster:
- pg_cron - pg_cron
- pg_documentdb_core - pg_documentdb_core
- pg_documentdb - pg_documentdb
initdb: # initdb:
database: ferretDB # database: ferretDB
owner: ferret # owner: ferret
postInitApplicationSQL: # postInitApplicationSQL:
- CREATE EXTENSION IF NOT EXISTS pg_cron; # - create extension if not exists pg_cron;
- CREATE EXTENSION IF NOT EXISTS documentdb CASCADE; # - create extension if not exists documentdb cascade;
- GRANT documentdb_admin_role TO ferret; # - grant documentdb_admin_role to ferret;
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
@@ -228,7 +227,7 @@ postgresql-17-fdb-cluster:
# isWALArchiver: false # isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: true
immediate: true immediate: true
schedule: "0 0 0 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.89.0 appVersion: v0.88.1

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.15.5 appVersion: 0.15.4

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 27.0.0 version: 26.0.0
digest: sha256:ab76a45fb53268d4afdad507277c244af11c50344e50a24799182bbd9757258d digest: sha256:fb73bc68bbf8ab128ff7fc641413ce3f004677d351038517ed68f5b39eeafb08
generated: "2026-02-06T14:05:22.069162277Z" generated: "2026-01-09T20:11:58.398634666Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 27.0.0 version: 26.0.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.89.0 appVersion: v0.88.1

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:670bd1076097640fc25221bf92a8af7d344503ce17ba3305abedf28e3634e807 tag: latest@sha256:8d77102a0d2c615e88c5184868dc2c32cd361413dbc104abc301f54079fd40a2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:670bd1076097640fc25221bf92a8af7d344503ce17ba3305abedf28e3634e807 tag: latest@sha256:8d77102a0d2c615e88c5184868dc2c32cd361413dbc104abc301f54079fd40a2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark # renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.0.4 appVersion: v1.0.3

2
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -9,7 +9,7 @@ shelfmark:
main: main:
image: image:
repository: ghcr.io/calibrain/shelfmark repository: ghcr.io/calibrain/shelfmark
tag: v1.0.4 tag: v1.0.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: FLASK_PORT - name: FLASK_PORT

6
clusters/cl01tl/helm/spotisub/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:3b63381e4968f95ce2d99fae620f3d1ae6af295b1bacc4ed0fbe9f1ccb0e9405
generated: "2026-02-06T11:04:57.311195-06:00"

21
clusters/cl01tl/helm/spotisub/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: spotisub
version: 1.0.0
description: Spotisub
keywords:
- spotisub
- music
- spotify
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/blastbeng/spotisub
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: spotisub
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=blastbeng/spotisub
appVersion: v0.3.6

93
clusters/cl01tl/helm/spotisub/templates/external-secret.yaml
View File

@@ -1,93 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: spotify-client-id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-id
- secretKey: spotify-client-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-secret
- secretKey: spotify-redirect-uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: redirect-uri
- secretKey: subsonic-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: user
- secretKey: subsonic-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: password
- secretKey: lidarr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

11
clusters/cl01tl/helm/spotisub/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: spotisub
labels:
app.kubernetes.io/name: spotisub
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

17
clusters/cl01tl/helm/spotisub/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: spotisub-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/spotisub/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music Youtube/
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

194
clusters/cl01tl/helm/spotisub/values.yaml
View File

@@ -1,194 +0,0 @@
spotisub:
controllers:
main:
type: deployment
replicas: 0
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: blastbeng/spotisub
tag: v0.3.7
pullPolicy: IfNotPresent
env:
- name: SPOTIPY_CLIENT_ID
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-id
- name: SPOTIPY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-secret
- name: SPOTIPY_REDIRECT_URI
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-redirect-uri
- name: SUBSONIC_API_HOST
value: http://navidrome-main.navidrome
- name: SUBSONIC_API_PORT
value: 80
- name: SUBSONIC_API_USER
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-user
- name: SUBSONIC_API_PASS
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-password
- name: PLAYLIST_PREFIX
value: "Spotify - "
- name: NUM_USER_PLAYLISTS
value: 0
- name: ARTIST_GEN_SCHED
value: 0
- name: RECOMEND_GEN_SCHED
value: 0
- name: SPOTDL_ENABLED
value: 1
- name: SPOTDL_OUT_FORMAT
value: "/mnt/store/Music Youtube/Andrew Lebens/{artist}/{album} ({year})/{artists} - {album} - {track-number} - {title}.{output-ext}"
- name: LIDARR_ENABLED
value: 1
- name: LIDARR_IP
value: http://lidarr.lidarr
- name: LIDARR_PORT
value: 80
- name: LIDARR_TOKEN
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: lidarr-key
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!'"
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 5183
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 5183
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- spotisub.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: spotisub
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /home/user/spotisub/cache
readOnly: false
music:
existingClaim: spotisub-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Music Youtube/
readOnly: false

6
clusters/cl01tl/helm/yubal/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:f8966d4e96cba272ddc29e3bdc508ca11ea758e3f784849f598a724819ab9d04
generated: "2026-01-16T18:57:07.816828126Z"

21
clusters/cl01tl/helm/yubal/Chart.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: v2
name: yubal
version: 1.0.0
description: yubal
keywords:
- yubal
- music
- youtube
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/guillevc/yubal
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: yubal
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=guillevc/yubal
appVersion: v4.0.0

35
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: yubal-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

11
clusters/cl01tl/helm/yubal/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: yubal
labels:
app.kubernetes.io/name: yubal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

17
clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: yubal-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: yubal-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: yubal-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music Youtube/
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

151
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -1,151 +0,0 @@
yubal:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/guillevc/yubal
tag: 4.0.0
pullPolicy: IfNotPresent
env:
- name: YUBAL_TZ
value: America/Chicago
- name: YUBAL_HOST
value: 0.0.0.0
- name: YUBAL_PORT
value: 8080
- name: YUBAL_LOG_LEVEL
value: INFO
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: yubal-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: yubal-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: yubal-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 8000
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8000
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- yubal.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: yubal
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /app/config
readOnly: false
ytdlp:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /app/ytdlp
readOnly: false
music:
existingClaim: yubal-nfs-storage
advancedMounts:
main:
main:
- path: /app/data
readOnly: false

2
hosts/ps08rp/blocky/config.yml
View File

@@ -132,14 +132,12 @@ customDNS:
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl
yubal-playlist IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl
blocking: blocking:

2
hosts/ps09rp/blocky/config.yml
View File

@@ -153,14 +153,12 @@ customDNS:
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl
yubal-playlist IN CNAME traefik-cl01tl yubal-playlist IN CNAME traefik-cl01tl
blocking: blocking: