alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-qbit_manage alexlebens:renovate/unified-whatsapp alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:auto/update-manifests alexlebens:renovate/unified-cloudflare-ddns
..
compare: alexlebens:fbe7ea1b3a0079742697ded6795d61b986a1635e
Branches Tags
alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-qbit_manage alexlebens:renovate/unified-whatsapp alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main alexlebens:auto/update-manifests alexlebens:renovate/unified-cloudflare-ddns

1 Commits
main ... fbe7ea1b3a

Author SHA1 Message Date
Renovate Bot
fbe7ea1b3a chore(deps): update ollama to v0.20.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 18s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
2026-04-02 22:06:34 +00:00
19 changed files with 150 additions and 92 deletions
Expand all files Collapse all files

2
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.4
appVersion: v4.0.3

2
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2
appVersion: v3.3.1

44
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -145,52 +145,11 @@ gitea-actions:
statefulset:
replicas: 6
timezone: America/Chicago
resources:
limits:
ephemeral-storage: 15Gi
requests:
ephemeral-storage: 2Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- gitea-actions-act-runner
topologyKey: "kubernetes.io/hostname"
extraVolumes:
- name: workspace-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 20Gi
- name: docker-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 50Gi
actRunner:
registry: docker.io
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts:
- name: workspace-vol
mountPath: /workspace
config: |
log:
level: debug
@@ -207,9 +166,6 @@ gitea-actions:
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
persistence:
storageClass: ceph-block
size: 10Gi

2
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.6
appVersion: v1.6.5

2
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
# renovate: datasource=github-releases depName=CyferShepard/Jellystat
appVersion: 1.1.9
appVersion: 1.1.7

2
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -8,7 +8,7 @@ jellystat:
main:
image:
repository: ghcr.io/cyfershepard/jellystat
tag: 1.1.9@sha256:f7f56aabad139faa996b8bb21a36dd3e65f7c87e10408921815b95a28a4efbaf
tag: 1.1.8@sha256:c8c451704ba7985340142cd047e2364cabaf41b613669b6c5340688ed217f82a
env:
- name: TZ
value: America/Chicago

2
clusters/cl01tl/helm/kiwix/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Kiwix
keywords:
- kiwix
- wikipedia
home: https://docs.alexlebens.dev/applications/kiwix/
home: https://wiki.alexlebens.dev/s/16eaaf92-3607-421f-bc66-cb3c39eeaea0
sources:
- https://github.com/kiwix
- https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve

14
clusters/cl01tl/helm/kiwix/values.yaml
View File

@@ -4,11 +4,13 @@ kiwix:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/kiwix/kiwix-serve
tag: 3.8.2@sha256:acdab28186a66b51bfd4202210c6732931ea95cf41c711148a0c9770b9fcc9e1
tag: 3.8.2
pullPolicy: IfNotPresent
args:
- '*.zim'
env:
@@ -16,8 +18,8 @@ kiwix:
value: 8080
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 50m
memory: 512Mi
service:
main:
controller: main
@@ -25,6 +27,7 @@ kiwix:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -37,8 +40,11 @@ kiwix:
- kiwix.alexlebens.net
rules:
- backendRefs:
- name: kiwix
- group: ''
kind: Service
name: kiwix
port: 80
weight: 100
matches:
- path:
type: PathPrefix

6
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:9af0fa5ab5e1895e94d64ea5983b5ee58c8b4dd9c5c8ef8021c8c7f950fd54c4
generated: "2026-04-02T20:28:17.818342-05:00"
digest: sha256:c1bbed66c94b64ba44ef1caadf74d46d9bce551e37b62b1cd0a3af9b81046251
generated: "2026-03-24T14:00:56.813765-05:00"

14
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -4,16 +4,16 @@ version: 1.0.0
description: Komodo
keywords:
- komodo
- docker-deployment
home: https://docs.alexlebens.dev/applications/komodo/
- deployment
- dashboard
- docker-compose
home: https://wiki.alexlebens.dev/s/bb7eb683-b5c7-4f50-9f2c-e8e57dc67c81
sources:
- https://github.com/moghtech/komodo
- https://github.com/FerretDB/FerretDB
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/moghtech/komodo/pkgs/container/komodo-core
- https://github.com/ferretdb/FerretDB/pkgs/container/ferretdb
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgresql-17-fdb-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-keys
@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo
appVersion: v2.1.1
appVersion: v2.1.0

21
clusters/cl01tl/helm/komodo/templates/external-secret.yaml
View File

@@ -14,23 +14,38 @@ spec:
data:
- secretKey: passkey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config
metadataPolicy: None
property: passkey
- secretKey: jwt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config
metadataPolicy: None
property: jwt
- secretKey: webhook
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config
metadataPolicy: None
property: webhook
- secretKey: oidc-client-id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/komodo
metadataPolicy: None
property: client
- secretKey: oidc-client-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/komodo
metadataPolicy: None
property: secret
---
@@ -50,9 +65,15 @@ spec:
data:
- secretKey: uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: uri
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret
metadataPolicy: None
property: password

51
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -4,11 +4,13 @@ komodo:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/moghtech/komodo-core
tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba
tag: 2.1.0@sha256:4915d91b5c6e9de4e8fd59391eed5cad090ec84dcf6a1a9233d97edfdbbb88e7
pullPolicy: IfNotPresent
env:
- name: COMPOSE_LOGGING_DRIVER
value: local
@@ -43,7 +45,7 @@ komodo:
- name: KOMODO_LOCAL_AUTH
value: true
- name: KOMODO_ENABLE_NEW_USERS
value: false
value: true
- name: KOMODO_DISABLE_NON_ADMIN_CREATE
value: true
- name: KOMODO_TRANSPARENT_MODE
@@ -80,16 +82,18 @@ komodo:
resources:
requests:
cpu: 10m
memory: 80Mi
memory: 128Mi
ferretdb-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/ferretdb/ferretdb
tag: 2.7.0@sha256:5706414241eb84f0515512c37b46db0f1b1eac9e5ceb7e4c2523211c184b1985
tag: 2.7.0
pullPolicy: IfNotPresent
env:
- name: DB_USERNAME
value: ferret
@@ -102,8 +106,8 @@ komodo:
value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -111,12 +115,14 @@ komodo:
http:
port: 80
targetPort: 9120
protocol: HTTP
ferretdb-2:
controller: ferretdb-2
ports:
http:
port: 27017
targetPort: 27017
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -129,8 +135,11 @@ komodo:
- komodo.alexlebens.net
rules:
- backendRefs:
- name: komodo-main
- group: ''
kind: Service
name: komodo-main
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -141,6 +150,7 @@ komodo:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
@@ -150,6 +160,7 @@ komodo:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -159,6 +170,7 @@ komodo:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -170,7 +182,7 @@ postgresql-17-fdb-cluster:
cluster:
image:
repository: ghcr.io/ferretdb/postgres-documentdb
tag: 17-0.107.0-ferretdb-2.7.0@sha256:2386795ec2aa7ae559304361979f1dc5708d383ee9020ae63dadc2940dfe58f7
tag: "17-0.106.0-ferretdb-2.5.0"
postgresUID: 999
postgresGID: 999
postgresql:
@@ -212,12 +224,35 @@ postgresql-17-fdb-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 50 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-keys:
pvcTarget: komodo-keys
local:

8
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.17.0
version: 82.16.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:fa498f2d44d84f34ce09e1b8c8f2e871c143a2cf129fa63f2e1f3328ed5f01e3
generated: "2026-04-03T18:02:30.415481231Z"
version: 0.4.0
digest: sha256:ece31be37d2fa7c7c59058e2d47e8190bea3baa742b4f04fe793956cd2d52f7f
generated: "2026-04-02T07:03:55.367235416Z"

14
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,20 +5,22 @@ description: Kube Prometheus Stack
keywords:
- kube-prometheus-stack
- prometheus
home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
- alertmanager
- metrics
- alerts
- kubernetes
home: https://wiki.alexlebens.dev/s/cd9fc3a4-aa88-4285-8886-91a6c5aecf7d
sources:
- https://github.com/prometheus/prometheus
- https://github.com/prometheus-operator/kube-prometheus
- https://git.xenrox.net/~xenrox/ntfy-alertmanager/
- https://hub.docker.com/r/xenrox/ntfy-alertmanager
- https://github.com/alexbakker/alertmanager-ntfy
- https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.17.0
version: 82.16.2
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager
@@ -26,7 +28,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator

12
clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: ntfy_password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: ntfy_password
---
@@ -34,7 +37,10 @@ spec:
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/token
metadataPolicy: None
property: metric
---
@@ -54,9 +60,15 @@ spec:
data:
- secretKey: ntfy_password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: ntfy_password
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: config

38
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -9,8 +9,10 @@ kube-prometheus-stack:
kubeSchedulerRecording: false
global:
rbac:
create: true
createAggregateClusterRoles: true
alertmanager:
enabled: true
config:
route:
group_by: ["namespace", "alertname"]
@@ -34,6 +36,8 @@ kube-prometheus-stack:
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames:
- alertmanager.alexlebens.net
parentRefs:
@@ -41,9 +45,14 @@ kube-prometheus-stack:
kind: Gateway
name: traefik-gateway
namespace: traefik
matches:
- path:
type: PathPrefix
value: /
alertmanagerSpec:
secrets:
- alertmanager-config-secret
replicas: 1
grafana:
enabled: false
kubeApiServer:
@@ -52,13 +61,11 @@ kube-prometheus-stack:
kubeControllerManager:
enabled: false
kubeEtcd:
enabled: true
service:
selector:
k8s-app: kube-controller-manager
serviceMonitor:
metricRelabelings:
- action: labeldrop
regex: pod
relabelings:
- sourceLabels: [__meta_kubernetes_pod_node_name]
separator: ;
@@ -66,12 +73,22 @@ kube-prometheus-stack:
targetLabel: nodename
replacement: $1
action: replace
metricRelabelings:
- action: labeldrop
regex: pod
kubeScheduler:
enabled: false
kubeProxy:
enabled: false
kubeStateMetrics:
enabled: true
nodeExporter:
operatingSystems:
darwin:
enabled: false
prometheusOperator:
admissionWebhooks:
enabled: true
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded
@@ -89,6 +106,8 @@ kube-prometheus-stack:
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames:
- prometheus.alexlebens.net
parentRefs:
@@ -96,10 +115,13 @@ kube-prometheus-stack:
kind: Gateway
name: traefik-gateway
namespace: traefik
matches:
- path:
type: PathPrefix
value: /
prometheusSpec:
scrapeInterval: 30s
retention: 45d
retentionSize: 240GiB
retention: 30d
externalUrl: https://prometheus.alexlebens.net
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
@@ -120,11 +142,14 @@ ntfy-alertmanager:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: xenrox/ntfy-alertmanager
tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73
tag: 1.0.0
pullPolicy: IfNotPresent
service:
main:
controller: main
@@ -132,6 +157,7 @@ ntfy-alertmanager:
http:
port: 80
targetPort: 8080
protocol: HTTP
persistence:
config:
enabled: true

2
clusters/cl01tl/helm/movie-roulette/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
# renovate: datasource=github-releases depName=sahara101/Movie-Roulette
appVersion: v5.4.2
appVersion: v5.4.1

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:0a191084a26af34605d99ecb28c6efb126988d82e167b3f2149988f150f6c656
tag: latest@sha256:dac0c447bdd3f20a43687c6bed8140547f493252fd7bad3ad8bef1faffe1002d
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:0a191084a26af34605d99ecb28c6efb126988d82e167b3f2149988f150f6c656
tag: latest@sha256:dac0c447bdd3f20a43687c6bed8140547f493252fd7bad3ad8bef1faffe1002d
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
hosts/ps10rp/komodo-periphery/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
komodo-periphery:
image: ghcr.io/moghtech/komodo-periphery:2.1.1@sha256:9324baa15d355796fc8ab7fb4a4de7f2904327238100fa78fc2c814ba9d56022
image: ghcr.io/moghtech/komodo-periphery:2.1.0@sha256:f5b272e3d9acd60d4eac69ea4fa0292dcaddfdecfc2be64ba5575e5ae18e72ae
container_name: komodo-periphery
init: true
env_file: