alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/unified-isponsorblocktv alexlebens:manifests alexlebens:renovate/unified-cilium
..
compare: alexlebens:ff9ece55ad8a36e117ebeb8349b2d5fc9681a83f
Branches Tags
alexlebens:renovate/unified-isponsorblocktv alexlebens:manifests alexlebens:renovate/unified-cilium alexlebens:main

1 Commits
main ... ff9ece55ad

Author SHA1 Message Date
Renovate Bot
ff9ece55ad chore(deps): update ghcr.io/gethomepage/homepage docker tag to v1.12.1
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 18s
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 56s
Details
2026-03-29 00:28:53 +00:00
349 changed files with 4442 additions and 3652 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

248
.gitea/workflows/lint-test-helm.yaml
View File

@@ -16,8 +16,8 @@ on:
env:
CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7"
ARGOCD_VERSION: "v3.3.6"
jobs:
lint-helm:
@@ -102,7 +102,7 @@ jobs:
echo ""
echo "${CHANGED_CHARTS}"
CHANGED_CHARTS_CSV=$(echo "${CHANGED_CHARTS}" | paste -sd ',' -)
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo ""
echo "----"
@@ -236,17 +236,7 @@ jobs:
with:
fetch-depth: 0
- name: Cache Kubeconform
id: cache-kubeconform
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: /usr/local/bin/kubeconform
key: ${{ runner.os }}-kubeconform-${{ env.KUBECONFORM_VERSION }}
restore-keys: |
${{ runner.os }}-kubeconform-
- name: Install Kubeconform
if: steps.cache-kubeconform.outputs.cache-hit != 'true'
run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
@@ -259,8 +249,6 @@ jobs:
echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/
- name: Verify installation
run: |
echo ""
echo ">> Verifying installation ..."
kubeconform -v
@@ -336,7 +324,7 @@ jobs:
helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \
${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \
@@ -377,233 +365,3 @@ jobs:
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true
# argo-diff:
# needs: lint-helm
# runs-on: ubuntu-js
# if: |
# needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request'
# steps:
# - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with:
# fetch-depth: 0
# - name: Cache ArgoCD CLI
# id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: |
# ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo ""
# echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo ""
# echo "----"
# - name: Verify installation
# run: |
# echo ""
# echo ">> Verifying installation ..."
# argocd version --client
# echo ""
# echo "----"
# - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with:
# token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3
# cache: true
# - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: |
# ~/.cache/helm
# ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: |
# helm-cache-${{ runner.os }}-
# - name: Add Repositories
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# echo ">> Adding repositories for chart dependencies ..."
# echo ""
# for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi
# done || true
# done
# if helm repo list > /dev/null 2>&1; then
# echo ""
# echo ">> Update repository cache ..."
# helm repo update
# fi
# echo ""
# echo "----"
# - name: Render Templates
# id: render
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in
# "stack")
# NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..."
# ;;
# "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;;
# *)
# echo ">> Standard Rendering ..."
# esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file
# done
# echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER}
# done
# echo "----"
# - name: Run App Diff
# id: diff
# env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# FAILED_CHARTS=""
# DIFF_FOUND="false"
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> Argo diff:"
# echo ""
# cat diff_output_${APP_NAME}.txt
# echo ""
# DIFF_FOUND="true"
# else
# echo ">> No Argo diff found for ${APP_NAME}"
# rm "diff_output_${APP_NAME}.txt"
# fi
# done
# echo "----"
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# exit $OVERALL_EXIT_CODE
# - name: Post Diff
# if: |
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY}
# #### App: ${APP_NAME}
# "
# if [ -z "$DIFF_CONTENT" ]; then
# COMMENT_BODY="${COMMENT_BODY} No changes detected."
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
# -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
# if: failure()
# with:
# url: '${{ secrets.NTFY_URL }}'
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure'
# priority: 3
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
# tags: action,failed
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
# image: true

8
.gitea/workflows/render-manifests.yaml
View File

@@ -50,7 +50,7 @@ jobs:
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -273,7 +273,7 @@ jobs:
NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server")
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.119.0@sha256:81c17fc52c5a1f80947407ee0f49a67cb337f7817cfaf6178184ece7b1b3a2f7
container: ghcr.io/renovatebot/renovate:43.99.0@sha256:aae697086b93427dcde46eb92e08e334b018946ce19339bf044ce971ca1626e2
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0
appVersion: 26.3.0

3
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -8,7 +8,7 @@ actual:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e
tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
env:
- name: ACTUAL_PORT
value: 5006
@@ -39,6 +39,7 @@ actual:
http:
port: 80
targetPort: 5006
protocol: HTTP
route:
main:
kind: HTTPRoute

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.6
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b
generated: "2026-03-24T16:59:01.228848139Z"

32
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.6
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3

14
clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml → clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: prowlarr-key-secret
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: prowlarr-key-secret
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
- secretKey: secret
remoteRef:
key: /cl01tl/prowlarr/key
property: key
key: /authentik/oidc/argo-workflows
property: secret
- secretKey: client
remoteRef:
key: /authentik/oidc/argo-workflows
property: client

109
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
argo-workflows:
crds:
install: true
keep: true
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
controller:
metricsConfig:
enabled: true
persistence:
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
resources:
requests:
cpu: 1m
memory: 20Mi
serviceMonitor:
enabled: true
workflowNamespaces:
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 1m
memory: 32Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 1m
memory: 20Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.5.0
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
generated: "2026-04-08T22:05:49.003208408Z"
version: 9.4.17
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-03-28T01:51:34.832601868Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,7 +13,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.5.0
version: 9.4.17
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

50
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -48,31 +48,31 @@ argo-cd:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -49,9 +49,11 @@ audiobookshelf:
http:
port: 80
targetPort: 80
protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
serviceMonitor:
main:
selector:

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
generated: "2026-04-13T20:32:12.748342469Z"
version: 0.4.0
digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-03-15T20:04:35.99407071Z"

8
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,18 +18,18 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

4
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -77,10 +77,6 @@ authentik:
enabled: true
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery:
method: objectStore
objectStore:

1
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -31,6 +31,7 @@ backrest:
http:
port: 80
targetPort: 9898
protocol: TCP
serviceMonitor:
main:
selector:

7
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -5,14 +5,11 @@ description: Bazarr
keywords:
- bazarr
- subtitles
- servarr
home: https://docs.alexlebens.dev/applications/bazarr/
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
@@ -27,5 +24,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
appVersion: v1.5.6-ls342
# renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: 1.5.6

39
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -23,28 +23,11 @@ bazarr:
- name: PGID
value: 1000
resources:
limits:
cpu: 100m
requests:
cpu: 10m
cpu: 1m
memory: 250Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["bazarr"]
env:
- name: URL
value: http://localhost:6767
- name: PORT
value: 9792
- name: APIKEY
valueFrom:
secretKeyRef:
name: bazarr-key-secret
key: key
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
service:
main:
controller: main
@@ -52,21 +35,7 @@ bazarr:
http:
port: 80
targetPort: 6767
metrics:
port: 9792
targetPort: 9792
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics
protocol: HTTP
route:
main:
kind: HTTPRoute

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
generated: "2026-04-13T20:32:34.844998902Z"
version: 0.4.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-09T23:06:16.853255429Z"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

9
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -102,12 +102,14 @@ blocky:
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
@@ -135,16 +137,16 @@ blocky:
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl
@@ -160,7 +162,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.20.2
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
generated: "2026-04-13T23:02:59.380767677Z"
version: v1.20.1
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
generated: "2026-03-28T01:35:24.542754563Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.20.2
version: v1.20.1
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.2
appVersion: v1.20.1

8
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.28.0
version: 0.27.1
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.6.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
generated: "2026-04-14T09:03:10.332065288Z"
version: 0.5.0
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-02-05T19:36:19.473447121Z"

6
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.28.0
version: 0.27.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.6.0
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0
appVersion: 1.28.1

12
clusters/cl01tl/helm/code-server/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
home: https://docs.alexlebens.dev/applications/code-server/
sources:
- https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.112.0

14
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml → clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-key-secret
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-key-secret
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
- secretKey: PASSWORD
remoteRef:
key: /cl01tl/bazarr/key
property: key
key: /cl01tl/code-server/auth
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
key: /cl01tl/code-server/auth
property: SUDO_PASSWORD

84
clusters/cl01tl/helm/code-server/values.yaml Normal file
View File

@@ -0,0 +1,84 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 1m
memory: 50Mi
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- name: code-server
port: 8443
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
external:
enabled: true
schedule: 16 10 * * *

17
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,18 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
generated: "2026-04-13T20:32:54.380897459Z"
version: 0.4.0
digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-03-15T20:04:49.68456485Z"

19
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -12,7 +12,6 @@ sources:
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,24 +21,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-public
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-watched
version: 0.8.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1
appVersion: 1.4.0

39
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "web-entrypoint.sh"
args:
@@ -111,7 +111,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8
command:
- "sidekiq-entrypoint.sh"
args:
@@ -211,9 +211,11 @@ dawarich:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
@@ -313,36 +315,3 @@ postgres-18-cluster:
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
volsync-target-storage:
pvcTarget: dawarich-storage
local:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
external:
enabled: true
schedule: 6 10 * * *
volsync-target-public:
pvcTarget: dawarich-public
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
volsync-target-watched:
pvcTarget: dawarich-watched
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *

25
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,8 +1,5 @@
democratic-csi:
driver:
image:
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
@@ -13,23 +10,7 @@ democratic-csi:
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
replicaCount: 3
externalAttacher:
image:
registry: registry.k8s.io/sig-storage/csi-attacher
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
@@ -55,7 +36,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

1
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/descheduler/
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens

3
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,7 +1,4 @@
descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment
resources:
limits:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
generated: "2026-04-13T20:33:13.909018545Z"
version: 0.4.0
digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-03-15T20:05:03.156596646Z"

6
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -21,12 +21,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.2
appVersion: 11.17.0

10
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -8,7 +8,8 @@ directus:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
tag: 11.17.0@sha256:076269ccbe7d4a0c44ce5f5b7f11e2ea5f7b3e4c4f704c0f88a52805e069c1c6
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net
@@ -142,7 +143,7 @@ directus:
resources:
requests:
cpu: 10m
memory: 300Mi
memory: 1Gi
service:
main:
controller: main
@@ -150,6 +151,7 @@ directus:
http:
port: 80
targetPort: 8055
protocol: TCP
serviceMonitor:
main:
selector:
@@ -210,7 +212,3 @@ valkey:
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: eck-operator
repository: https://helm.elastic.co
version: 3.3.2
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177
generated: "2026-04-01T21:30:02.975920565Z"
version: 3.3.1
digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-02-25T18:48:55.77034549Z"

4
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: eck-operator
version: 3.3.2
version: 3.3.1
repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2
appVersion: v3.3.1

2
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,7 +1,7 @@
eck-operator:
managedNamespaces:
- stalwart
- tubearchivist
- stalwart
installCRDs: true
replicaCount: 2
resources:

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.34
version: 1.4.33
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
generated: "2026-04-10T01:17:19.932208699Z"
version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-03-24T16:11:50.424321433Z"

6
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.34
version: 1.4.33
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15
appVersion: v1.12.13

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser
repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"
digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
generated: "2025-12-03T22:53:20.200917773Z"

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -9,19 +9,13 @@ home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
- name: app-template
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

82
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -35,85 +35,3 @@ eraser:
requests:
cpu: 1m
memory: 20Mi
eraser-metrics:
global:
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

1
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -25,6 +25,7 @@ excalidraw:
http:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute

3
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
@@ -20,4 +19,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
appVersion: v0.21.0
appVersion: v0.20.0

3
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,7 +1,4 @@
external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.21.0@sha256:f53faaf71cb270d1ca9dce6ea0c94bfebf1a18696263487f0fbc74b9bf2bd7ff
fullnameOverride: external-dns-unifi
resources:
requests:

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.3.0
digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
generated: "2026-04-10T15:10:52.488487421Z"
version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -14,8 +14,8 @@ sources:
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.3.0
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: vv2.3.0
appVersion: v2.2.0

6
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -2,7 +2,7 @@ external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
@@ -29,7 +29,7 @@ external-secrets:
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
@@ -37,7 +37,7 @@ external-secrets:
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m

7
clusters/cl01tl/helm/foldergram/Chart.lock
View File

@@ -2,11 +2,8 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
generated: "2026-04-11T15:26:16.743784-05:00"
digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
generated: "2026-03-22T12:42:43.150705-05:00"

8
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -10,7 +10,6 @@ sources:
- https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
@@ -19,13 +18,10 @@ dependencies:
alias: foldergram
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
- name: volsync-target
alias: volsync-target-db
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.1.0
appVersion: v1.0.8

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-collections-nfs-storage
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -15,7 +15,7 @@ spec:
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures/Collections
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4

36
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -12,24 +12,23 @@ foldergram:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a
tag: 1.0.9@sha256:aa6707e7456386f2d74b8f2769d0281f4127d1276349583b8531dbaa8f844883
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original
- name: DERIVATIVE_MODE
value: eager
value: lazy
- name: DATA_ROOT
value: ./data
- name: GALLERY_ROOT
value: /gallery
- name: CSRF_TRUSTED_ORIGINS
value: https://foldergram.alexlebens.net, https://art.alexlebens.dev
# - name: PUBLIC_DEMO_MODE
# value: 1
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 10m
memory: 1Gi
cpu: 1m
memory: 230Mi
service:
main:
controller: main
@@ -37,6 +36,7 @@ foldergram:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -56,35 +56,25 @@ foldergram:
type: PathPrefix
value: /
persistence:
db:
forceRename: foldergram-db
cache:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /app/data/db
readOnly: false
data:
forceRename: foldergram-data
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 100Gi
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-collections-nfs-storage
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery
- path: /gallery/pictures
readOnly: true
volsync-target-db:
pvcTarget: foldergram-db
volsync-target-data:
pvcTarget: foldergram-data
local:
enabled: true
schedule: 46 11 * * *

8
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
generated: "2026-04-10T01:17:32.585138713Z"
digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
generated: "2026-03-15T20:05:14.085780861Z"

4
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -22,10 +22,10 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -79,7 +79,7 @@ freshrss:
resources:
requests:
cpu: 1m
memory: 100Mi
memory: 128Mi
service:
main:
controller: main
@@ -87,6 +87,7 @@ freshrss:
http:
port: 80
targetPort: 80
protocol: HTTP
persistence:
data:
forceRename: freshrss-data

19
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -28,7 +28,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
server-2:
type: deployment
replicas: 1
@@ -57,7 +57,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
server-3:
type: deployment
replicas: 1
@@ -86,7 +86,7 @@ garage:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 400Mi
webui:
type: deployment
replicas: 1
@@ -212,15 +212,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-2:
forceRename: garage-2
controller: server-2
@@ -228,15 +232,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-3:
forceRename: garage-3
controller: server-3
@@ -244,21 +252,26 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
webui:
controller: webui
ports:
webui:
port: 3909
targetPort: 3909
protocol: HTTP
serviceMonitor:
main:
selector:

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:b2a7ef962a91dff4313f66c1d04356f1b2aeefc752d672a9a27ea227db4b8c7d
generated: "2026-04-04T21:02:09.187828-05:00"
digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
generated: "2026-03-15T20:05:27.625292422Z"

2
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

42
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -113,6 +113,9 @@ gatus:
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
@@ -131,6 +134,9 @@ gatus:
- name: immich
url: https://immich.alexlebens.net
<<: *defaults
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: foldergram
url: https://foldergram.alexlebens.net
<<: *defaults
@@ -155,11 +161,8 @@ gatus:
- name: searxng
url: https://searxng.alexlebens.net
<<: *defaults
- name: sparkyfitness
url: https://sparkyfitness.alexlebens.net
<<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: kiwix
url: https://kiwix.alexlebens.net
@@ -167,24 +170,24 @@ gatus:
- name: excalidraw
url: https://excalidraw.alexlebens.net
<<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults
- name: home-assistant-code-server
url: https://home-assistant-code-server.alexlebens.net
<<: *defaults
- name: postiz-spotlight
url: https://postiz-spotlight.alexlebens.net
<<: *defaults
- name: postiz-temporal
url: https://postiz-temporal.alexlebens.net
<<: *defaults
- name: argocd
url: https://argocd.alexlebens.net
<<: *defaults
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: argo-workflows
url: https://argo-workflows.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -212,9 +215,6 @@ gatus:
- name: authentik
url: https://authentik.alexlebens.net
<<: *defaults
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: stalwart
url: https://stalwart.alexlebens.net
<<: *defaults
@@ -345,14 +345,6 @@ gatus:
url: https://www.alexlebens.dev
<<: *defaults
group: external
- name: docs
url: https://docs.alexlebens.dev
<<: *defaults
group: external
- name: saralebens
url: https://www.saralebens.com
<<: *defaults
group: external
- name: rybbit
url: https://rybbit.alexlebens.dev
<<: *defaults
@@ -367,7 +359,7 @@ gatus:
<<: *defaults
group: external
- name: outline
url: https://outline.alexlebens.dev
url: https://wiki.alexlebens.dev
<<: *defaults
group: external
- name: vaultwarden
@@ -388,6 +380,10 @@ gatus:
url: https://gitea.alexlebens.dev
<<: *defaults
group: external
- name: codeserver
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.30
digest: sha256:9bc92f3ced6f5bad9f656ce355f5a633c200183f1ab6fa26c897bea9f76054ee
generated: "2026-04-14T00:59:53.650540444Z"
version: 0.20.26
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b
generated: "2026-03-24T16:59:26.537547513Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -14,6 +14,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.30
version: 0.20.26
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

18
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,27 +1,27 @@
dependencies:
- name: gitea
repository: https://dl.gitea.com/charts/
version: 12.5.1
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.3
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.31.0
version: 0.29.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:d654c705c599c73c4e7aa50c53791edafc7a63d4c9ed17856c76ad385406170b
generated: "2026-04-14T17:48:02.925330851Z"
digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39
generated: "2026-03-26T20:59:30.690577-05:00"

15
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -14,7 +14,6 @@ sources:
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://hub.docker.com/_/busybox
- https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
@@ -26,29 +25,29 @@ maintainers:
- name: alexlebens
dependencies:
- name: gitea
version: 12.5.1
version: 12.5.0
repository: https://dl.gitea.com/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.3
- name: meilisearch
version: 0.31.0
version: 0.29.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-renovate
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage

12
clusters/cl01tl/helm/gitea/templates/config-map.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-custom-templates
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-custom-templates
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
header.tmpl: |
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>

65
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -32,9 +32,6 @@ gitea:
- name: gitea-themes-storage
persistentVolumeClaim:
claimName: gitea-themes-storage
- name: gitea-custom-templates
configMap:
name: gitea-custom-templates
extraInitVolumeMounts:
- name: gitea-themes-storage
readOnly: false
@@ -43,10 +40,6 @@ gitea:
- name: gitea-themes-storage
readOnly: true
mountPath: /data/gitea/public/assets/css
- name: gitea-custom-templates
mountPath: /data/gitea/templates/custom/header.tmpl
subPath: header.tmpl
readOnly: true
initPreScript: |
wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz;
tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css;
@@ -152,52 +145,11 @@ gitea-actions:
statefulset:
replicas: 6
timezone: America/Chicago
resources:
limits:
ephemeral-storage: 15Gi
requests:
ephemeral-storage: 2Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- gitea-actions-act-runner
topologyKey: "kubernetes.io/hostname"
extraVolumes:
- name: workspace-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 20Gi
- name: docker-vol
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-block
resources:
requests:
storage: 50Gi
actRunner:
registry: docker.io
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts:
- name: workspace-vol
mountPath: /workspace
config: |
log:
level: debug
@@ -213,10 +165,7 @@ gitea-actions:
registry: docker.io
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
persistence:
storageClass: ceph-block
size: 10Gi
@@ -242,21 +191,17 @@ meilisearch:
size: 5Gi
resources:
requests:
cpu: 10m
memory: 150Mi
cpu: 1m
memory: 160Mi
serviceMonitor:
enabled: true
cloudflared:
resources:
requests:
cpu: 100m
memory: 30Mi
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
cpu: 100m
memory: 100Mi
recovery:
method: objectStore
objectStore:
@@ -279,7 +224,7 @@ valkey-gitea:
resources:
requests:
cpu: 20m
memory: 1Gi
memory: 2Gi
dataStorage:
requestedSize: 10Gi
replica:

10
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa
generated: "2026-04-13T20:33:58.123069628Z"
version: 0.4.0
digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2
generated: "2026-03-18T10:04:15.165729555Z"

6
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -20,15 +20,15 @@ dependencies:
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-remote-cache
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator

133
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -244,44 +244,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-dns
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-dns
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-dns.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-secrets
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-secrets
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-secrets.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -434,44 +396,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker-internal
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker-internal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker-internal.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-version-checker
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-version-checker
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/version-checker.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -605,25 +529,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-unpackerr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-unpackerr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/unpackerr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -700,25 +605,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-navidrome
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-navidrome
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/navidrome.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -738,25 +624,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-servarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-servarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/servarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard

2
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -61,7 +61,7 @@ spec:
resources:
requests:
cpu: 20m
memory: 150Mi
memory: 120Mi
env:
- name: AUTH_CLIENT_ID
valueFrom:

5
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -1,9 +1,4 @@
grafana-operator:
image:
registry: ghcr.io
repository: grafana/grafana-operator
# renovate: datasource=docker depName=ghcr.io/grafana/grafana-operator
tag: v5.22.2@sha256:d45fc24e8f43d83286d81625ee8d919d0fc88255a6500b63f68d7966a4f9e9af
replicas: 2
resources:
requests:

1
clusters/cl01tl/helm/grimmory/values.yaml
View File

@@ -44,6 +44,7 @@ grimmory:
http:
port: 80
targetPort: 6060
protocol: HTTP
route:
main:
kind: HTTPRoute

8
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:fc508a58ea7dffe1b92049a89c3fe2f0034d05ecdad38807bb6e02c68a1cb957
generated: "2026-04-13T20:34:25.515547207Z"
version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa
generated: "2026-03-19T04:16:54.362332682Z"

13
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: Harbor
keywords:
- harbor
- image-registry
home: https://docs.alexlebens.dev/applications/harbor/
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9
sources:
- https://github.com/goharbor
- https://github.com/orgs/goharbor/packages
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goharbor/harbor-helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -20,11 +21,11 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor

36
clusters/cl01tl/helm/harbor/templates/external-secret.yaml
View File

@@ -14,49 +14,85 @@ spec:
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: CSRF_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: CSRF_KEY
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: secret
- secretKey: tls.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.crt
- secretKey: tls.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.key
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/jobservice
metadataPolicy: None
property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD

38
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -21,9 +21,13 @@ harbor:
size: 100Gi
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
internalTLS:
enabled: false
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
@@ -69,12 +73,12 @@ harbor:
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 72h
interval: 24h
dryrun: false
trivy:
enabled: true
image:
repository: ghcr.io/goharbor/trivy-adapter-photon
tag: v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
database:
type: external
external:
@@ -105,14 +109,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 14 * * *"
backupName: garage-local
valkey:
valkey:
resources:
requests:
memory: 30Mi
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Headlamp
keywords:
- headlamp
- dashboard
home: https://docs.alexlebens.dev/applications/headlamp/
- kubernetes
home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243
sources:
- https://github.com/headlamp-k8s/headlamp
- https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp

18
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -14,25 +14,43 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: secret
- secretKey: OIDC_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: issuer
- secretKey: OIDC_SCOPES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-client-id

28
clusters/cl01tl/helm/headlamp/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: headlamp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: headlamp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100

28
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -1,9 +1,5 @@
headlamp:
replicaCount: 2
image:
registry: ghcr.io
repository: headlamp-k8s/headlamp
tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb
config:
oidc:
secret:
@@ -14,30 +10,10 @@ headlamp:
watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
httpRoute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100
resources:
requests:
cpu: 1m
memory: 80Mi
cpu: 10m
memory: 128Mi
pluginsManager:
enabled: true
securityContext:

9
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Home Assistant
keywords:
- home-assistant
- home-automation
home: https://docs.alexlebens.dev/applications/home-assistant/
- home
- automation
home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca
sources:
- https://www.home-assistant.io/
- https://github.com/home-assistant/core
- https://github.com/home-assistant/core/pkgs/container/home-assistant
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -24,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.4.2
appVersion: 2026.3.4

9
clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
@@ -38,5 +44,8 @@ spec:
data:
- secretKey: bearer-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token

37
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -4,29 +4,28 @@ home-assistant:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.4.2@sha256:4c940155cfd5b0187a6faee2db5d52b98bb573edc1aeee95d0818bb17b6534d7
tag: 2026.3.4
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 1m
memory: 400Mi
cpu: 50m
memory: 512Mi
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -36,6 +35,10 @@ home-assistant:
envFrom:
- secretRef:
name: home-assistant-code-server-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -43,12 +46,14 @@ home-assistant:
http:
port: 80
targetPort: 8123
protocol: TCP
code-server:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -77,8 +82,11 @@ home-assistant:
- home-assistant.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-main
- group: ''
kind: Service
name: home-assistant-main
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -94,8 +102,11 @@ home-assistant:
- home-assistant-code-server.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-code-server
- group: ''
kind: Service
name: home-assistant-code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
@@ -117,6 +128,8 @@ home-assistant:
volsync-target-config:
pvcTarget: home-assistant-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:

4
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Homepage
keywords:
- homepage
- dashboard
home: https://docs.alexlebens.dev/applications/homepage/
home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa
sources:
- https://github.com/gethomepage/homepage
- https://github.com/gethomepage/homepage/pkgs/container/homepage
@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.12.3
appVersion: v1.12.0

51
clusters/cl01tl/helm/homepage/templates/external-secret.yaml
View File

@@ -14,69 +14,120 @@ spec:
data:
- secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_KOMODO_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_KOMODO_API_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: secret
- secretKey: HOMEPAGE_VAR_JELLYSTAT_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: password
- secretKey: HOMEPAGE_VAR_UNIFI_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key
- secretKey: HOMEPAGE_VAR_SONARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_LIDARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_PROWLARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

230
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -5,7 +5,7 @@ homepage:
main:
type: deployment
replicas: 1
strategy: Recreate
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
serviceAccount:
@@ -16,7 +16,8 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.12.3@sha256:cc84f2f5eb3c7734353701ccbaa24ed02dacb0d119114e50e4251e2005f3990a
tag: v1.12.1
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
value: home.alexlebens.net
@@ -25,8 +26,8 @@ homepage:
name: homepage-keys-secret
resources:
requests:
cpu: 1m
memory: 128Mi
cpu: 10m
memory: 256Mi
serviceAccount:
homepage:
enabled: true
@@ -56,7 +57,7 @@ homepage:
- Media:
tab: Applications
icon: mdi-multimedia-#ffffff
- External:
- Public:
tab: Applications
icon: mdi-earth-#ffffff
- Internal:
@@ -145,6 +146,12 @@ homepage:
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV:
icon: sh-jellyfin.webp
description: Jellyfin
@@ -176,7 +183,13 @@ homepage:
siteMonitor: http://immich.immich:2283
statusStyle: dot
- Pictures:
icon: sh-foldergram.webp
icon: sh-photoview.webp
description: Photoview
href: https://photoview.alexlebens.net
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Pictures:
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
description: Foldergram
href: https://foldergram.alexlebens.net
siteMonitor: http://foldergram.foldergram:80
@@ -187,7 +200,7 @@ homepage:
href: https://grimmory.alexlebens.net
siteMonitor: http://grimmory.grimmory:80
statusStyle: dot
- External:
- Public:
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Profile Website
@@ -196,7 +209,7 @@ homepage:
statusStyle: dot
- Documentation:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Homelab Docs
description: Documentation Wiki
href: https://docs.alexlebens.dev
siteMonitor: https://docs.alexlebens.dev
statusStyle: dot
@@ -224,11 +237,11 @@ homepage:
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Knowledge Base:
- Wiki:
icon: sh-outline.webp
description: Outline
href: https://outline.alexlebens.dev
siteMonitor: https://outline.alexlebens.dev
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.webp
@@ -285,19 +298,13 @@ homepage:
href: https://searxng.alexlebens.net/
siteMonitor: http://searxng-browser.searxng:80
statusStyle: dot
- Fitness Tracker:
icon: sh-sparkyfitness.webp
description: Sparky Fitness
href: https://sparkyfitness.alexlebens.net
siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
- Email:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Documents:
icon: sh-paperless-ngx.webp
description: Paperless-ngx
href: https://paperless-ngx.alexlebens.net
siteMonitor: http://paperless-ngx.paperless-ngx:80
statusStyle: dot
- Wikipedia:
- Wiki:
icon: sh-kiwix-light.webp
description: Kiwix
href: https://kiwix.alexlebens.net
@@ -310,7 +317,7 @@ homepage:
siteMonitor: http://excalidraw.excalidraw:80
statusStyle: dot
- Code:
- Code (External):
- Code (Public):
icon: sh-gitea.webp
description: Gitea
href: https://gitea.alexlebens.dev
@@ -332,30 +339,24 @@ homepage:
href: https://gitea.alexlebens.net
siteMonitor: https://gitea.alexlebens.net
statusStyle: dot
- Code (Remote):
- Code (ps10rp):
icon: sh-gitea.webp
description: Gitea
href: https://gitea-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- IDE (Public):
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- IDE (Home Assistant):
icon: sh-visual-studio-code.webp
description: Edit config for Home Assistant
href: https://home-assistant-code-server.alexlebens.net
siteMonitor: http://home-assistant-code-server.home-assistant:8443
statusStyle: dot
- Spotlight (Postiz):
icon: https://raw.githubusercontent.com/getsentry/spotlight/c528fc752edde40f008282dc7c8ff1568e58c40b/packages/website/public/favicon.svg
description: Sentry monitoring for Postiz
href: https://postiz-spotlight.alexlebens.net
siteMonitor: http://postiz-spotlight.postiz:8969
statusStyle: dot
- Temporal (Postiz):
icon: https://raw.githubusercontent.com/temporalio/documentation/47b489b69d7c7ee4c3a0880cc0faf11b5f4cdb2a/static/img/favicon.svg
description: Temporal monitoring for Postiz
href: https://postiz-temporal.alexlebens.net
siteMonitor: http://postiz-temporal-web.postiz:8080
statusStyle: dot
- Automation:
- Continuous Deployment:
icon: sh-argo-cd.webp
@@ -387,6 +388,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Deployment Workflows:
icon: sh-argo-cd.webp
description: Argo Workflows
href: https://argo-workflows.alexlebens.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
@@ -456,79 +463,49 @@ homepage:
query: prometheus_tsdb_storage_blocks_bytes
format:
type: bytes
- Jellyfin Monitor:
- Jellystat:
icon: sh-jellystat.webp
description: Jellystat
description: Jellyfin Monitoring
href: https://jellystat.alexlebens.net
siteMonitor: http://jellystat.jellystat:80
statusStyle: dot
- Media Library Statistics:
- MediaLyze:
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
description: MediaLyze
description: Jellyfin Media Monitoring
href: https://medialyze.alexlebens.net
siteMonitor: http://medialyze.medialyze:80
statusStyle: dot
- Services:
- Auth (External):
- Auth (Public):
icon: sh-authentik.webp
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
namespace: authentik
app: authentik
podSelector: >-
app.kubernetes.io/instance in (
authentik
)
- Auth (Local):
icon: sh-authentik.webp
description: Authentik
href: https://authentik.alexlebens.net
siteMonitor: http://authentik-server.authentik:80
statusStyle: dot
- Email Client:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Email Server:
- Email:
icon: sh-stalwart.webp
description: Stalwart
href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
namespace: stalwart
app: stalwart
podSelector: >-
app.kubernetes.io/instance in (
stalwart
)
- Notifications:
icon: sh-ntfy.webp
description: ntfy
href: https://ntfy.alexlebens.net
siteMonitor: http://ntfy.ntfy:80
statusStyle: dot
namespace: ntfy
app: ntfy
podSelector: >-
app.kubernetes.io/instance in (
ntfy
)
- Reverse Proxy:
icon: sh-traefik.webp
description: Traefik
href: https://traefik-cl01tl.alexlebens.net/dashboard/#/
siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/
statusStyle: dot
namespace: traefik
app: traefik
podSelector: >-
app.kubernetes.io/name in (
traefik
)
widget:
type: traefik
url: https://traefik-cl01tl.alexlebens.net
@@ -538,14 +515,8 @@ homepage:
href: https://harbor.alexlebens.net
siteMonitor: http://harbor-portal.harbor:80
statusStyle: dot
namespace: harbor
app: harbor
podSelector: >-
app.kubernetes.io/instance in (
harbor
)
- Hardware:
- Network Management (Local):
- Network Management (alexlebens.net):
icon: sh-ubiquiti-unifi.webp
description: Unifi
href: https://unifi.alexlebens.net
@@ -598,22 +569,13 @@ homepage:
href: https://ceph.alexlebens.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot
namespace: rook-ceph
app: rook-ceph
podSelector: ""
- Object Storage (Local):
- Object Storage (NAS):
icon: sh-garage.webp
description: Garage
href: https://garage-webui.alexlebens.net
siteMonitor: http://garage-webui.garage:3909
statusStyle: dot
namespace: garage
app: garage
podSelector: >-
app.kubernetes.io/instance in (
garage
)
- Object Storage (Remote):
- Object Storage (ps10rp):
icon: sh-garage.webp
description: Garage
href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
@@ -631,24 +593,12 @@ homepage:
href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
namespace: vault
app: vault
podSelector: >-
app.kubernetes.io/instance in (
vault
)
- Backups:
icon: sh-backrest-light.webp
description: Backrest
href: https://backrest.alexlebens.net
siteMonitor: http://backrest.backrest:80
statusStyle: dot
namespace: backrest
app: backrest
podSelector: >-
app.kubernetes.io/instance in (
backrest
)
widget:
type: backrest
url: http://backrest.backrest:80
@@ -659,12 +609,6 @@ homepage:
href: https://qui.alexlebens.net
siteMonitor: http://qbittorrent-qui.qbittorrent:80
statusStyle: dot
namespace: qbittorrent
app: qbittorrent
podSelector: >-
app.kubernetes.io/instance in (
qbittorrent
)
widget:
type: qbittorrent
url: http://qbittorrent.qbittorrent:8080
@@ -693,12 +637,6 @@ homepage:
href: https://tdarr.alexlebens.net
siteMonitor: http://tdarr-web.tdarr:8265
statusStyle: dot
namespace: tdarr
app: tdarr
podSelector: >-
app.kubernetes.io/instance in (
tdarr
)
widget:
type: tdarr
url: http://tdarr-web.tdarr:8265
@@ -709,12 +647,6 @@ homepage:
href: https://sonarr.alexlebens.net
siteMonitor: http://sonarr.sonarr:80
statusStyle: dot
namespace: sonarr
app: sonarr
podSelector: >-
app.kubernetes.io/instance in (
sonarr
)
widget:
type: sonarr
url: http://sonarr.sonarr:80
@@ -727,12 +659,6 @@ homepage:
href: https://sonarr-4k.alexlebens.net
siteMonitor: http://sonarr-4k.sonarr-4k:80
statusStyle: dot
namespace: sonarr-4k
app: sonarr-4k
podSelector: >-
app.kubernetes.io/instance in (
sonarr-4k
)
widget:
type: sonarr
url: http://sonarr-4k.sonarr-4k:80
@@ -745,12 +671,6 @@ homepage:
href: https://sonarr-anime.alexlebens.net
siteMonitor: http://sonarr-anime.sonarr-anime:80
statusStyle: dot
namespace: sonarr-anime
app: sonarr-anime
podSelector: >-
app.kubernetes.io/instance in (
sonarr-anime
)
widget:
type: sonarr
url: http://sonarr-anime.sonarr-anime:80
@@ -764,12 +684,6 @@ homepage:
href: https://radarr.alexlebens.net
siteMonitor: http://radarr.radarr:80
statusStyle: dot
namespace: radarr
app: radarr
podSelector: >-
app.kubernetes.io/instance in (
radarr
)
widget:
type: radarr
url: http://radarr.radarr:80
@@ -782,12 +696,6 @@ homepage:
href: https://radarr-4k.alexlebens.net
siteMonitor: http://radarr-4k.radarr-4k:80
statusStyle: dot
namespace: radarr-4k
app: radarr-4k
podSelector: >-
app.kubernetes.io/instance in (
radarr-4k
)
widget:
type: radarr
url: http://radarr-4k.radarr-4k:80
@@ -800,12 +708,6 @@ homepage:
href: https://radarr-anime.alexlebens.net
siteMonitor: http://radarr-anime.radarr-anime:80
statusStyle: dot
namespace: radarr-anime
app: radarr-anime
podSelector: >-
app.kubernetes.io/instance in (
radarr-anime
)
widget:
type: radarr
url: http://radarr-anime.radarr-anime:80
@@ -818,12 +720,6 @@ homepage:
href: https://radarr-standup.alexlebens.net
siteMonitor: http://radarr-standup.radarr-standup:80
statusStyle: dot
namespace: radarr-standup
app: radarr-standup
podSelector: >-
app.kubernetes.io/instance in (
radarr-standup
)
widget:
type: radarr
url: http://radarr-standup.radarr-standup:80
@@ -837,12 +733,6 @@ homepage:
href: https://lidarr.alexlebens.net
siteMonitor: http://lidarr.lidarr:80
statusStyle: dot
namespace: lidarr
app: lidarr
podSelector: >-
app.kubernetes.io/instance in (
lidarr
)
widget:
type: lidarr
url: http://lidarr.lidarr:80
@@ -855,7 +745,7 @@ homepage:
siteMonitor: http://yubal.yubal:80
statusStyle: dot
- Music Grabber:
icon: sh-music-grabber.webp
icon: sh-music-service.webp
description: Replicate Music playlists
href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80
@@ -866,12 +756,6 @@ homepage:
href: https://slskd.alexlebens.net
siteMonitor: http://slskd.slskd:5030
statusStyle: dot
namespace: slskd
app: slskd
podSelector: >-
app.kubernetes.io/instance in (
slskd
)
- Books:
- Shelfmark:
icon: sh-shelfmark.webp
@@ -938,6 +822,7 @@ homepage:
http:
port: 80
targetPort: 3000
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -950,8 +835,11 @@ homepage:
- home.alexlebens.net
rules:
- backendRefs:
- name: homepage
- group: ''
kind: Service
name: homepage
port: 80
weight: 100
matches:
- path:
type: PathPrefix

9
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -4,14 +4,11 @@ version: 1.0.0
description: Houndarr
keywords:
- houndarr
- rescan
- servarr
home: https://docs.alexlebens.dev/applications/houndarr/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/av1155/houndarr
- https://github.com/av1155/houndarr/pkgs/container/houndarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,6 +20,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.7.0
appVersion: v1.6.3

14
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -4,11 +4,13 @@ houndarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
tag: v1.6.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
@@ -22,8 +24,8 @@ houndarr:
value: 10.96.0.0/12
resources:
requests:
cpu: 1m
memory: 60Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -31,6 +33,7 @@ houndarr:
http:
port: 80
targetPort: 8877
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -43,8 +46,11 @@ houndarr:
- houndarr.alexlebens.net
rules:
- backendRefs:
- name: houndarr
- group: ''
kind: Service
name: houndarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix

8
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:73ee46c366adf205ca50a7382a404ccd0e548a2ebeb39fa5f5afbadf6e0d539f
generated: "2026-04-13T20:34:57.11369553Z"
digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13
generated: "2026-03-15T20:06:27.091094433Z"

11
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -5,13 +5,12 @@ description: Immich
keywords:
- immich
- photos
home: https://docs.alexlebens.dev/applications/immich/
home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae
sources:
- https://github.com/immich-app/immich
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -21,11 +20,11 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
@@ -33,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.5
appVersion: v2.6.3

3
clusters/cl01tl/helm/immich/templates/external-secrets.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: immich.json
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/immich/config
metadataPolicy: None
property: immich.json

39
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -4,14 +4,16 @@ immich:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.7.5@sha256:c15bff75068effb03f4355997d03dc7e0fc58720c2b54ad6f7f10d1bc57efaa5
tag: v2.6.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: IMMICH_TELEMETRY_INCLUDE
value: all
- name: IMMICH_CONFIG_FILE
@@ -85,7 +87,7 @@ immich:
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 500Mi
memory: 512Mi
service:
main:
controller: main
@@ -93,12 +95,15 @@ immich:
http:
port: 2283
targetPort: 2283
protocol: TCP
metrics-api:
port: 8081
targetPort: 8081
protocol: TCP
metrics-ms:
port: 8082
targetPort: 8082
protocol: TCP
serviceMonitor:
main:
selector:
@@ -127,8 +132,11 @@ immich:
- immich.alexlebens.net
rules:
- backendRefs:
- name: immich
- group: ''
kind: Service
name: immich
port: 2283
weight: 100
matches:
- path:
type: PathPrefix
@@ -184,12 +192,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: immich
local:

5
clusters/cl01tl/helm/intel-device-plugin/Chart.yaml
View File

@@ -4,9 +4,10 @@ version: 1.0.0
description: Intel Device Plugin
keywords:
- intel-device-plugin
- gpu
- operator
home: https://docs.alexlebens.dev/applications/intel-device-plugin/
- gpu
- kubernetes
home: https://wiki.alexlebens.dev/s/340746b2-b0ab-4b6b-95eb-323038ecdd35
sources:
- https://github.com/intel/intel-device-plugins-for-kubernetes
- https://github.com/intel/helm-charts/tree/main/charts/device-plugin-operator

Some files were not shown because too many files have changed in this diff Show More