alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:manifests
..
compare: alexlebens:fe207aab32e89f77e2576a93ce52554d415b9caa
Branches Tags
alexlebens:manifests alexlebens:main

1 Commits
main ... fe207aab32

Author SHA1 Message Date
Renovate Bot
fe207aab32 Update Helm release tailscale-operator to v1.92.4
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 23s
Details
2025-12-19 22:03:05 +00:00
35 changed files with 104 additions and 482 deletions
Expand all files Collapse all files

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main:
image:
repository: ghcr.io/booklore-app/booklore
tag: v1.15.0
tag: v1.14.1
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.13.2
tag: v1.13.1
replicaCount: 3
resources:
requests:

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 1.2.0
digest: sha256:6e713c4b50c14d9daf1758d9f169d10a8c7274d2c42490846817b6fb1a3ce558
generated: "2025-12-20T01:04:35.136580598Z"
version: 1.1.1
digest: sha256:d346563864c95c4ca3fe5f04f6b292e417069d171f5866b5af0fe84277481493
generated: "2025-12-06T18:01:23.564488208Z"

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,7 +12,7 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 1.2.0
version: 1.1.1
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
appVersion: v1.1.1

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.39.0
digest: sha256:870e456773199684c150585c12c2e18b3f0895ee8cc73481a53b23c8e94560b1
generated: "2025-12-20T00:03:40.10414707Z"
version: 0.38.0
digest: sha256:3f4c6bb308a1e5e757368ea9eee902d5ade7d33881c0f6c8402d6ed41641e260
generated: "2025-12-01T19:55:48.64361-06:00"

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: headlamp
version: 0.39.0
version: 0.38.0
repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
appVersion: 0.38.0

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2025.12.4
tag: 2025.12.3
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.4.1
tag: v2.3.1
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 80.6.0
version: 80.4.2
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:6f046a936f1d732a44113eb0b7e54330a4261042179f37f4c94fccc9f20ee511
generated: "2025-12-20T01:04:57.413744271Z"
digest: sha256:e167d9dd4f23c5c590d3e44c89e8f76860a1cc5c8acd4b7939fcd3a8cd7d24b4
generated: "2025-12-17T16:26:22.948236914Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 80.6.0
version: 80.4.2
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

62
clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml
View File

@@ -9,57 +9,19 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
update.sh: |
if ! command -v curl 2>&1 >/dev/null
then
echo "curl could not be found, installing";
apk add curl;
fi;
if ! command -v jq 2>&1 >/dev/null
then
echo "jq could not be found, installing";
apk add jq;
fi;
API_ENDPOINT="http://localhost:8080/api/v2";
MAX_RETRIES=5
SUCCESS=false
echo " "
echo ">> Running Update Port Script ..."
echo " "
echo ">> Verifying required commands ..."
echo " "
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable"
SUCCESS=true
break
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ..."
sleep 5
fi
done
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ..."
exit 1
fi
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful"
else
echo ">> Installation failed with exit code $?"
exit 1
fi
fi;
if ! command -v jq 2>&1 >/dev/null; then
echo " "
echo ">> Command jq could not be found, installing";
apk add --no-cache -q jq;
if [ $? -eq 0 ]; then
echo " "
echo ">> Installation successful"
else
echo " "
echo ">> Installation failed with exit code $?"
exit 1
fi
fi;
# echo " ";
# echo ">> Authentication ...";

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -198,7 +198,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.11.0
tag: v1.10.0
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED

2
clusters/cl01tl/helm/shelly-plug/values.yaml
View File

@@ -36,7 +36,7 @@ shelly-plug:
main:
image:
repository: php
tag: 8.5.1-apache-bookworm
tag: 8.5.0-apache-bookworm
pullPolicy: IfNotPresent
env:
- name: SHELLY_HOSTNAME

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:8b9f2138ec50fc9e521960868f79d2ad0d529bc610aef19031ea8ff80b54c5e0
tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:8b9f2138ec50fc9e521960868f79d2ad0d529bc610aef19031ea8ff80b54c5e0
tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:8b9f2138ec50fc9e521960868f79d2ad0d529bc610aef19031ea8ff80b54c5e0
tag: 4.0.16@sha256:60e5edcac39172294ad22d55d1b08c2c0a9fe658cad2f2c4d742ae017d7874de
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/tailscale-operator/Chart.lock
View File

@@ -3,4 +3,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts
version: 1.92.4
digest: sha256:e883577bd0b7f676ce3ec97468321c5956b476e4c9f81c4e99b261a3a0b90641
generated: "2025-12-20T00:12:07.547753923Z"
generated: "2025-12-19T22:03:01.496082477Z"

8
clusters/cl01tl/helm/traefik/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: traefik
repository: https://traefik.github.io/charts
version: 38.0.1
version: 37.4.0
- name: traefik-crds
repository: https://traefik.github.io/charts
version: 1.13.0
digest: sha256:0caf1c25f7bca77f070a3ba490f0d0370f7583370dfeeb2a726023ff567c208e
generated: "2025-12-19T18:45:42.696331-06:00"
version: 1.12.0
digest: sha256:68267043bdc2c60346e196e1c1d0cef62884bb3dc2ff26ff4a273ccf27edf738
generated: "2025-12-14T21:03:44.140099-06:00"

4
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -15,10 +15,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: traefik
version: 38.0.1
version: 37.4.0
repository: https://traefik.github.io/charts
- name: traefik-crds
version: 1.13.0
version: 1.12.0
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
appVersion: v3.6.4

20
clusters/cl01tl/helm/traefik/values.yaml
View File

@@ -1,8 +1,13 @@
traefik:
crds:
enabled: true
deleteOnUninstall: false
deployment:
kind: DaemonSet
ingressClass:
enabled: false
kubernetesGateway:
enabled: true
gateway:
enabled: true
annotations:
@@ -90,18 +95,6 @@ traefik:
expose:
default: true
exposedPort: 443
http:
# -- See
# -- [upstream documentation](https://doc.traefik.io/traefik/security/request-path/#encoded-character-filtering)
# -- [relevant issue] https://github.com/traefik/traefik/issues/12399
encodedCharacters:
allowEncodedSlash: true
allowEncodedBackSlash: true
allowEncodedNullCharacter: true
allowEncodedSemicolon: true
allowEncodedPercent: true
allowEncodedQuestionMark: true
allowEncodedHash: true
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
@@ -150,7 +143,6 @@ traefik:
traefik-crds:
enabled: true
traefik: true
gatewayAPI: false
gatewayAPIExperimental: true
gatewayAPI: true
hub: false
deleteOnUninstall: false

2
clusters/cl01tl/helm/vault/Chart.lock
View File

@@ -9,4 +9,4 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
digest: sha256:01077322d1f106f1bb2834f2bc74f548084910af901a71e2892e05d3fb0d8c68
generated: "2025-12-19T22:52:58.599824-06:00"
generated: "2025-12-05T17:15:08.381024587Z"

153
clusters/cl01tl/helm/vault/templates/config-map.yaml
View File

@@ -1,153 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-snapshot-script
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-script
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
snapshot.sh: |
DATE=$(date +"%Y%m%d-%H-%M")
MAX_RETRIES=5
SUCCESS=false
echo " "
echo ">> Running Vault Snapshot Script ..."
echo " "
echo ">> Verifying required commands ..."
echo " "
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
echo " "
if ! command -v jq 2>&1 >/dev/null; then
echo ">> Command jq could not be found, installing";
apk add --no-cache -q jq;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " ";
echo ">> Fetching Vault token ...";
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
echo " ";
echo ">> Taking Vault snapsot ...";
vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap
echo " ";
echo ">> Setting ownership of Vault snapsot ...";
chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap
echo " ";
echo ">> Completed Vault snapshot";
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-backup-script
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-script
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
backup.sh: |
echo " ";
echo ">> Running S3 backup for Vault snapshot";
OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
STATUS=$?
if [ $STATUS -ne 0 ]; then
if echo "$OUTPUT" | grep -q "403 Forbidden"; then
MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
elif echo "$OUTPUT" | grep -q "404 Not Found"; then
MESSAGE="404 Error: The bucket or folder does not exist"
elif echo "$OUTPUT" | grep -q "Connection refused"; then
MESSAGE="Network Error: Cannot reach the S3 endpoint"
else
MESSAGE="Unknown Error"
echo " ";
echo ">> Unknown Error, output:"
echo " "
echo "$OUTPUT"
fi
MAX_RETRIES=5
SUCCESS=false
echo " "
echo ">> Sending message to ntfy using curl ..."
echo " "
echo ">> Verifying required commands ..."
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " "
echo ">> Sending to NTFY ..."
echo ">> Message: $MESSAGE"
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Vault Backup Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
)
echo ">> HTTP Status Code: $HTTP_STATUS"
else
echo " ";
echo ">> S3 Sync succeeded"
fi

101
clusters/cl01tl/helm/vault/templates/external-secret.yaml
View File

@@ -31,70 +31,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-local-config
name: vault-s3cmd-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-local-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-local
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-remote-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-remote-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups
metadataPolicy: None
property: s3cfg-remote
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/vault-backups
metadataPolicy: None
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-s3cmd-external-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-s3cmd-external-config
app.kubernetes.io/name: vault-s3cmd-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -117,43 +57,6 @@ spec:
metadataPolicy: None
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-backup-ntfy-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-ntfy-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint
- secretKey: NTFY_TOPIC
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/vault/snapshot
metadataPolicy: None
property: NTFY_TOPIC
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

8
clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +1,17 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vault-storage-backup
name: vault-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-storage-backup
app.kubernetes.io/name: vault-nfs-storage-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: ceph-filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteMany
- ReadWriteOnce
resources:
requests:
storage: 1Gi

162
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -32,12 +32,12 @@ vault:
livenessProbe:
enabled: false
volumes:
- name: vault-storage-backup
- name: vault-nfs-storage-backup
persistentVolumeClaim:
claimName: vault-storage-backup
claimName: vault-nfs-storage-backup
volumeMounts:
- mountPath: /opt/backups/
name: vault-storage-backup
name: vault-nfs-storage-backup
readOnly: false
affinity: |
podAntiAffinity:
@@ -176,15 +176,26 @@ snapshot:
- /bin/ash
args:
- -ec
- /scripts/snapshot.sh
- |
apk add --no-cache jq;
echo ">> Running Vault snapshot"
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
vault operator raft snapshot save /opt/backup/vault-snapshot-latest.snap;
cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
cp /opt/backup/vault-snapshot-latest.snap /opt/backup/vault-snapshot-s3.snap;
echo ">> Completed Vault snapshot"
envFrom:
- secretRef:
name: vault-snapshot-agent-token
env:
- name: VAULT_ADDR
value: http://vault-active.vault.svc.cluster.local:8200
resources:
requests:
cpu: 10m
memory: 64Mi
containers:
s3-backup-local:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
@@ -193,136 +204,43 @@ snapshot:
- /bin/sh
args:
- -ec
- /scripts/backup.sh
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
- |
echo ">> Running S3 backup for Vault snapshot"
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/vault-snapshot-s3.snap ${BUCKET}/cl01tl/cl01tl-vault-snapshots/vault-snapshot-$(date +"%Y%m%d-%H-%M").snap;
rm -f /opt/backup/vault-snapshot-s3.snap;
echo ">> Completed S3 backup for Vault snapshot"
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: vault-s3cmd-local-config
name: vault-s3cmd-config
key: BUCKET
- name: TARGET
value: Local
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- /scripts/backup.sh
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: vault-s3cmd-remote-config
key: BUCKET
- name: TARGET
value: Remote
s3-backup-external:
image:
repository: d3fk/s3cmd
tag: latest@sha256:ed348a0fae5723d2e62636c175baf4dfaf732a790179ca675d1f24f863d0d68f
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- /scripts/backup.sh
envFrom:
- secretRef:
name: vault-backup-ntfy-secret
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: vault-s3cmd-external-config
key: BUCKET
- name: TARGET
value: External
resources:
requests:
cpu: 100m
memory: 128Mi
persistence:
snapshot-script:
enabled: true
type: configMap
name: vault-snapshot-script
defaultMode: 0755
advancedMounts:
snapshot:
snapshot:
- path: /scripts/snapshot.sh
subPath: snapshot.sh
backup-script:
enabled: true
type: configMap
name: vault-backup-script
defaultMode: 0755
advancedMounts:
snapshot:
s3-backup-local:
- path: /scripts/backup.sh
subPath: backup.sh
s3-backup-remote:
- path: /scripts/backup.sh
subPath: backup.sh
s3-backup-external:
- path: /scripts/backup.sh
subPath: backup.sh
s3cmd-local-config:
enabled: true
type: secret
name: vault-s3cmd-local-config
advancedMounts:
snapshot:
s3-backup-local:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3cmd-remote-config:
enabled: true
type: secret
name: vault-s3cmd-remote-config
advancedMounts:
snapshot:
s3-backup-remote:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3cmd-external-config:
enabled: true
type: secret
name: vault-s3cmd-external-config
advancedMounts:
snapshot:
s3-backup-external:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
backup:
existingClaim: vault-storage-backup
config:
existingClaim: vault-nfs-storage-backup
advancedMounts:
snapshot:
snapshot:
- path: /opt/backup
readOnly: false
s3-backup-local:
- path: /opt/backup
readOnly: false
s3-backup-remote:
- path: /opt/backup
readOnly: false
s3-backup-external:
s3-backup:
- path: /opt/backup
readOnly: false
s3cmd-config:
enabled: true
type: secret
name: vault-s3cmd-config
advancedMounts:
snapshot:
s3-backup:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
unseal:
global:
fullnameOverride: vault-unseal

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.86.0
tag: 0.85.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

2
hosts/ps08rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-blocky
cap_add:
- net_admin

2
hosts/ps09rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-blocky
cap_add:
- net_admin

2
hosts/ps10rp/blocky/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-blocky:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-blocky
cap_add:
- net_admin

4
hosts/ps10rp/garage/compose.yaml
View File

@@ -1,6 +1,6 @@
services:
tailscale-garage:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-garage
cap_add:
- net_admin
@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
tailscale-garage-ui:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-garage-ui
cap_add:
- net_admin

2
hosts/ps10rp/gitea/compose.yaml
View File

@@ -1,6 +1,6 @@
services:
tailscale-gitea:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-gitea
cap_add:
- net_admin

2
hosts/ps10rp/homepage/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-homepage:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-homepage
cap_add:
- net_admin

2
hosts/ps10rp/node-exporter/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-node-exporter:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-node-exporter
cap_add:
- net_admin

2
hosts/ps10rp/tailscale-subnet/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-subnet
cap_add:
- net_admin

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
tailscale-traefik:
image: ghcr.io/tailscale/tailscale:v1.92.4
image: ghcr.io/tailscale/tailscale:v1.92.3
container_name: tailscale-traefik
cap_add:
- net_admin