alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-synapse alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-houndarr alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-musicgrabber alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:renovate/unified-postiz
..
compare: alexlebens:ebffd4783bed0ec79938f01c8a06a221dc97e257
Branches Tags
alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-synapse alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-houndarr alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-musicgrabber alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main alexlebens:renovate/unified-postiz

1 Commits
main ... ebffd4783b

Author SHA1 Message Date
Renovate Bot
ebffd4783b chore(deps): update registry.k8s.io/csi-secrets-store/driver docker tag to v1.6.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 25s
Details
render-manifests / render-manifests (pull_request) Successful in 2m1s
Details
2026-04-27 19:15:17 +00:00
21 changed files with 42 additions and 72 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-js runs-on: ubuntu-js
container: ghcr.io/renovatebot/renovate:43.150.0@sha256:f2d4c467a8eb4b885630a8ca7d068173db69a5a1156ba41480c0a3a2e011d759 container: ghcr.io/renovatebot/renovate:43.144.0@sha256:d6c68d8226a0b4f1fc00942f1c14b33d5135c6c52e8c9d29a2588b46f199c14f
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

16
clusters/cl01tl/helm/argocd/templates/prometheus-rule.yaml
View File

@@ -82,6 +82,14 @@ spec:
annotations: annotations:
summary: HAProxy pending requests (instance {{ `{{ $labels.instance }}` }}) summary: HAProxy pending requests (instance {{ `{{ $labels.instance }}` }})
description: "Some HAProxy requests are pending on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}" description: "Some HAProxy requests are pending on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyHTTPSlowingDown
expr: avg by (instance, proxy) (haproxy_backend_max_total_time_seconds) > 1
for: 1m
labels:
severity: warning
annotations:
summary: HAProxy HTTP slowing down (instance {{ `{{ $labels.instance }}` }})
description: "HAProxy backend max total time is above 1s on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}s\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyRetryHigh - alert: HAProxyRetryHigh
expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10 expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10
for: 2m for: 2m
@@ -90,6 +98,14 @@ spec:
annotations: annotations:
summary: HAProxy retry high (instance {{ `{{ $labels.instance }}` }}) summary: HAProxy retry high (instance {{ `{{ $labels.instance }}` }})
description: "High rate of retry on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}" description: "High rate of retry on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAproxyHasNoAliveBackends
expr: haproxy_backend_active_servers + haproxy_backend_backup_servers == 0
for: 0m
labels:
severity: critical
annotations:
summary: HAproxy has no alive backends (instance {{ `{{ $labels.instance }}` }})
description: "HAProxy has no alive active or backup backends for {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyFrontendSecurityBlockedRequests - alert: HAProxyFrontendSecurityBlockedRequests
expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10 expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10
for: 2m for: 2m

2
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -103,7 +103,7 @@ argo-cd:
enabled: true enabled: true
image: image:
repository: haproxy repository: haproxy
tag: 3.3.7-alpine@sha256:2afa53c856e4e9fcc7dfb35b807fcb189896d7e62b38d363f9bedea92bce7f9a tag: 3.3.6-alpine@sha256:4f97a2cb7f02fd08402259e74a65ef12fcfa3dff1ef78fddecb5228a17b7f4ad
resources: resources:
requests: requests:
cpu: 5m cpu: 5m

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.34.0 appVersion: 2.33.2

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,7 +12,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.34.0@sha256:4143292c530f6ac6700afd13360c04f477e4f1a81c1c97c4224b1c7e4330c5c4 tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

4
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -18,7 +18,7 @@ rclone-postgres-backups-remote:
nameOverride: postgres-backups-remote-rclone nameOverride: postgres-backups-remote-rclone
cronJob: cronJob:
suspend: false suspend: false
schedule: 0 6 * * 6 schedule: 0 1 * * *
rclone: rclone:
source: source:
bucketName: postgres-backups bucketName: postgres-backups
@@ -45,7 +45,7 @@ rclone-postgres-backups-external:
nameOverride: postgres-backups-external-rclone nameOverride: postgres-backups-external-rclone
cronJob: cronJob:
suspend: true suspend: true
schedule: 0 6 * * 6 schedule: 20 1 * * *
rclone: rclone:
source: source:
bucketName: openbao-backups bucketName: openbao-backups

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.7.0 appVersion: 1.6.1

12
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -15,18 +15,6 @@ spec:
remoteRef: remoteRef:
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
property: key property: key
- secretKey: otp-primary-key
remoteRef:
key: /cl01tl/dawarich/key
property: otp-primary-key
- secretKey: otp-deterministic-key
remoteRef:
key: /cl01tl/dawarich/key
property: otp-deterministic-key
- secretKey: otp-derivation-salt
remoteRef:
key: /cl01tl/dawarich/key
property: otp-derivation-salt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

40
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62 tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command: command:
- "web-entrypoint.sh" - "web-entrypoint.sh"
args: args:
@@ -83,21 +83,6 @@ dawarich:
secretKeyRef: secretKeyRef:
name: dawarich-key name: dawarich-key
key: key key: key
- name: OTP_ENCRYPTION_PRIMARY_KEY
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-primary-key
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-deterministic-key
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-derivation-salt
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true
- name: SELF_HOSTED - name: SELF_HOSTED
@@ -126,7 +111,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62 tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command: command:
- "sidekiq-entrypoint.sh" - "sidekiq-entrypoint.sh"
args: args:
@@ -176,12 +161,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -196,23 +181,8 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key name: dawarich-key-secret
key: key key: key
- name: OTP_ENCRYPTION_PRIMARY_KEY
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-primary-key
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-deterministic-key
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
valueFrom:
secretKeyRef:
name: dawarich-key
key: otp-derivation-salt
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true
- name: SELF_HOSTED - name: SELF_HOSTED

2
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -47,8 +47,6 @@ democratic-csi:
fsType: ext4 fsType: ext4
node: node:
hostPID: true hostPID: true
rbac:
enabled: true
driver: driver:
extraEnv: extraEnv:
- name: ISCSIADM_HOST_STRATEGY - name: ISCSIADM_HOST_STRATEGY

6
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -98,8 +98,8 @@ kube-prometheus-stack:
namespace: traefik namespace: traefik
prometheusSpec: prometheusSpec:
scrapeInterval: 30s scrapeInterval: 30s
retention: 60d retention: 45d
retentionSize: 450GiB retentionSize: 240GiB
externalUrl: https://prometheus.alexlebens.net externalUrl: https://prometheus.alexlebens.net
ruleSelectorNilUsesHelmValues: false ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false
@@ -112,7 +112,7 @@ kube-prometheus-stack:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 500Gi storage: 250Gi
ntfy-alertmanager: ntfy-alertmanager:
global: global:
fullnameOverride: ntfy-alertmanager fullnameOverride: ntfy-alertmanager

2
clusters/cl01tl/helm/paperless-ngx/Chart.yaml
View File

@@ -48,4 +48,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx # renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
appVersion: 2.20.15 appVersion: 2.20.14

2
clusters/cl01tl/helm/paperless-ngx/values.yaml
View File

@@ -8,7 +8,7 @@ paperless-ngx:
main: main:
image: image:
repository: ghcr.io/paperless-ngx/paperless-ngx repository: ghcr.io/paperless-ngx/paperless-ngx
tag: 2.20.15@sha256:6c86cad803970ea782683a8e80e7403444c5bf3cf70de63b4d3c8e87500db92f tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
env: env:
- name: PAPERLESS_REDIS - name: PAPERLESS_REDIS
value: redis://paperless-ngx-valkey.paperless-ngx:6379 value: redis://paperless-ngx-valkey.paperless-ngx:6379

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex # renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.1.10611-1e34174b1-ls303 appVersion: 1.43.1.10611-1e34174b1-ls302

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -22,7 +22,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.43.1.10611-1e34174b1-ls303@sha256:b785bdd60e781662f16e0526a6b54c07856739df95ab558a674a3c084dbde423 tag: 1.43.1.10611-1e34174b1-ls302@sha256:e5c7c283b242966416a4bed2d666acf6f3fb8f957c704be8333f8dc987364825
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -10,7 +10,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:ba3fbb767c9dcc29509fcbef00268a3a5d3535ed57e19a7582a56058f8b2c5c4 tag: latest@sha256:c9100c29c14a77d5289263a671580226c3b8a396a1a0130d2f500f57076a0119
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080 value: http://searxng-api.searxng:8080
@@ -38,7 +38,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:ba3fbb767c9dcc29509fcbef00268a3a5d3535ed57e19a7582a56058f8b2c5c4 tag: latest@sha256:c9100c29c14a77d5289263a671580226c3b8a396a1a0130d2f500f57076a0119
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
value: https://searxng.alexlebens.net/ value: https://searxng.alexlebens.net/

2
clusters/cl01tl/helm/secrets-store-csi-driver/values.yaml
View File

@@ -8,7 +8,7 @@ secrets-store-csi-driver:
enabled: true enabled: true
image: image:
repository: registry.k8s.io/csi-secrets-store/driver-crds repository: registry.k8s.io/csi-secrets-store/driver-crds
tag: v1.6.0@sha256:2419b318a1c17bd741686bf1994cd37cee7162039c019435b8f534f2846fe488 tag: v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c
driver: driver:
resources: resources:
limits: limits:

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -10,7 +10,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.28.0@sha256:dabb2c9a8c306a01ccf1d85e797f6a5cc81d8d3b5db8d28ab1b5969f1b56cf74 tag: 0.27.1@sha256:a9e8659827375e7ee65ea8bc8550f4c0604316b48f39da7fa255fa9f3b5a17d6
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.19.1@sha256:bf8f7f065867c605fe42955f12aaec68c5d1e667a3325bb30ad6d028b523bcd5 tag: 3.18.7@sha256:d2e31d00b58aa8e843eeaa5ba75d1bb73dd9d1587185b82e5451a585285de6a0
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

3
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -25,11 +25,10 @@ stalwart:
tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58 tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58
args: args:
- '--es.uri=https://elasticsearch-stalwart-es-http.tubearchivist:9200' - '--es.uri=https://elasticsearch-stalwart-es-http.tubearchivist:9200'
- '--es.ssl-skip-verify'
resources: resources:
requests: requests:
cpu: 1m cpu: 1m
memory: 10Mi memory: 10mi
service: service:
main: main:
controller: main controller: main

3
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -108,11 +108,10 @@ tubearchivist:
tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58 tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58
args: args:
- '--es.uri=https://elasticsearch-tubearchivist-es-http.tubearchivist:9200' - '--es.uri=https://elasticsearch-tubearchivist-es-http.tubearchivist:9200'
- '--es.ssl-skip-verify'
resources: resources:
requests: requests:
cpu: 1m cpu: 1m
memory: 10Mi memory: 10mi
service: service:
main: main:
controller: main controller: main