1 Commits

Author SHA1 Message Date
1d5d61ac4e Update Helm release gitea to v12
All checks were successful
lint-and-test-charts / lint-test (pull_request) Successful in 14s
2025-05-17 02:10:57 +00:00
533 changed files with 2805 additions and 8561 deletions

View File

@@ -1,80 +0,0 @@
name: lint-test-docker
on:
push:
branches:
- main
paths:
- 'hosts/**'
- ! 'hosts/archive'
pull_request:
branches:
- main
paths:
- 'hosts/**'
- ! 'hosts/archive'
jobs:
docker-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "origin/${{ github.base_ref }}"
- name: Branch Does Not Exist
if: steps.check-branch-exists.outputs.exists == 'false'
run: echo "Branch origin/${{ github.base_ref }} was not found, likely already merged"
- name: Set up Node.js
if: steps.check-branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v4
with:
node-version: '22'
- name: Lint Docker Compose
if: steps.check-branch-exists.outputs.exists == 'true'
run: |
set -e # Exit immediately if a command exits with a non-zero status.
TARGET_BRANCH="origin/${{ github.base_ref }}"
echo ">> Target branch for diff is: $TARGET_BRANCH"
CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
echo ">> Found changed files:"
echo "$CHANGED_FILES"
# For each changed file, find its parent chart directory (the one with compose.yaml).
# Then, create a unique list of those directories.
CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
dir=$(dirname "$file")
while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
dir=$(dirname "$dir")
done
if [[ "$dir" != "." ]]; then
echo "$dir"
fi
done | sort -u)
if [[ -z "$CHANGED_COMPOSE" ]]; then
echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
exit 0
fi
echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE"
echo "$CHANGED_COMPOSE" | while read -r compose; do
echo ">> Linting $compose ..."
npx dclint $compose
done

View File

@@ -1,82 +0,0 @@
name: lint-test-helm
on:
push:
branches:
- main
paths:
- 'clusters/**'
- ! 'clusters/*/archive'
pull_request:
branches:
- main
paths:
- 'clusters/**'
- ! 'clusters/*/archive'
jobs:
helm-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "origin/${{ github.base_ref }}"
- name: Branch Does Not Exist
if: steps.check-branch-exists.outputs.exists == 'false'
run: echo "Branch origin/${{ github.base_ref }} was not found, likely already merged"
- name: Set up Helm
if: steps.check-branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: latest
- name: Lint Helm Chart
if: steps.check-branch-exists.outputs.exists == 'true'
run: |
set -e # Exit immediately if a command exits with a non-zero status.
TARGET_BRANCH="origin/${{ github.base_ref }}"
echo ">> Target branch for diff is: $TARGET_BRANCH"
CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
echo ">> Found changed files:"
echo "$CHANGED_FILES"
# For each changed file, find its parent chart directory (the one with Chart.yaml).
# Then, create a unique list of those directories.
CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
dir=$(dirname "$file")
while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
dir=$(dirname "$dir")
done
if [[ "$dir" != "." ]]; then
echo "$dir"
fi
done | sort -u)
if [[ -z "$CHANGED_CHARTS" ]]; then
echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
exit 0
fi
echo ">> Running helm lint on changed charts:"
echo "$CHANGED_CHARTS"
echo "$CHANGED_CHARTS" | while read -r chart; do
echo ">> Building dependency for "$chart" ..."
helm dependency build "$chart"
echo ">> Linting $chart..."
helm lint "$chart"
done

View File

@@ -0,0 +1,37 @@
name: lint-and-test-charts
on: pull_request
jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v4
with:
version: latest
- uses: actions/setup-python@v5
with:
python-version: "3.13"
check-latest: true
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.7.0
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }}

View File

@@ -1,32 +0,0 @@
name: renovate
on:
schedule:
- cron: "@hourly"
push:
branches:
- main
workflow_dispatch:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:41
steps:
- name: Checkout
uses: actions/checkout@v5
- name: Renovate
run: renovate
env:
RENOVATE_PLATFORM: gitea
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
RENOVATE_REDIS_URL: ${{ vars.RENOVATE_REDIS_URL }}

View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template
alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
appVersion: v25.5.0

View File

@@ -4,9 +4,8 @@ metadata:
name: actual-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: actual-data-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-actual
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-actual
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: actual-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: actual-data-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: actual-data
trigger:

View File

@@ -9,7 +9,7 @@ actual:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 25.10.0
tag: 25.5.0
pullPolicy: IfNotPresent
env:
- name: TZ

View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template
alias: audiobookshelf
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
appVersion: 2.21.0

View File

@@ -1,35 +1,11 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-apprise-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ntfy-url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -84,9 +60,8 @@ metadata:
name: audiobookshelf-metadata-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-metadata-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-audiobookshelf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-audiobookshelf
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: audiobookshelf-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage-backup
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
@@ -23,9 +22,8 @@ metadata:
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-nfs-storage
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: audiobookshelf-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: audiobookshelf-config
trigger:
@@ -31,9 +30,8 @@ metadata:
name: audiobookshelf-metadata-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-metadata-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: audiobookshelf-metadata
trigger:

View File

@@ -1,19 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: audiobookshelf-apprise
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-apprise
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: apprise
interval: 30s
scrapeTimeout: 15s
path: /metrics
selector:
matchLabels:
app.kubernetes.io/name: audiobookshelf
app.kubernetes.io/instance: {{ .Release.Name }}

View File

@@ -9,7 +9,7 @@ audiobookshelf:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.30.0
tag: 2.22.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -18,29 +18,6 @@ audiobookshelf:
requests:
cpu: 10m
memory: 128Mi
apprise-api:
image:
repository: caronc/apprise
tag: 1.2.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: APPRISE_STORAGE_MODE
value: memory
- name: APPRISE_STATEFUL_MODE
value: disabled
- name: APPRISE_WORKER_COUNT
value: 1
- name: APPRISE_STATELESS_URLS
valueFrom:
secretKeyRef:
name: audiobookshelf-apprise-config
key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,10 +26,6 @@ audiobookshelf:
port: 80
targetPort: 80
protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
persistence:
config:
storageClass: ceph-block

View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: bazarr
version: 1.0.0
description: Bazarr
keywords:
- bazarr
- servarr
- subtitles
home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: bazarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
appVersion: 1.5.2

View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-bazarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-bazarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- bazarr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: bazarr
port: 80
weight: 100

View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: bazarr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

View File

@@ -1,57 +0,0 @@
bazarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.3@sha256:a93c3595410f5c5791a126d7705cd8a29f3ce882338eef304cb8bece3ef2580b
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 6767
protocol: HTTP
persistence:
config:
forceRename: bazarr-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
media:
existingClaim: bazarr-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store
readOnly: false

View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template
alias: calibre-web-automated
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/calibre-web.png
appVersion: V3.0.4

View File

@@ -4,9 +4,8 @@ metadata:
name: calibre-web-automated-gmail-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-gmail-config
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -27,9 +26,8 @@ metadata:
name: calibre-web-automated-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-config-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-calibre
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-calibre
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -34,9 +33,8 @@ metadata:
name: http-route-calibre-downloader
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-calibre-downloader
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: calibre-web-automated-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: calibre-web-automated-nfs-storage
storageClassName: nfs-client
@@ -23,9 +22,8 @@ metadata:
name: calibre-web-automated-ingest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: calibre-web-automated-ingest-nfs-storage
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: calibre-web-automated-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -29,9 +28,8 @@ metadata:
name: calibre-web-automated-ingest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: calibre-web-automated-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: calibre-web-automated-config-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: calibre-web-automated-config
trigger:

View File

@@ -31,7 +31,7 @@ calibre-web-automated:
main:
image:
repository: ghcr.io/calibrain/calibre-web-automated-book-downloader
tag: latest@sha256:c2850991e99e278269003d92efa86e865f7df039093fbd03e85141b035cf7a80
tag: latest@sha256:97a636efe3b78e1306ff521aa09256125aacdb1a04e628df294d7b6da3fe7b4a
pullPolicy: IfNotPresent
env:
- name: FLASK_PORT
@@ -41,7 +41,7 @@ calibre-web-automated:
- name: GID
value: 100
- name: USE_CF_BYPASS
value: false
value: true
- name: CLOUDFLARE_PROXY_URL
value: http://localhost:8000
- name: INGEST_DIR
@@ -55,7 +55,7 @@ calibre-web-automated:
bypass:
image:
repository: ghcr.io/sarperavci/cloudflarebypassforscraping
tag: latest@sha256:c34ef70a768ddf35c057f893c5392b8f65465fc4fbac634ba68a16d6a9dd0cbb
tag: latest@sha256:d1028839c2d6317a48e6e2139acaea5129bb3b089f0c5583f61fc162f1975de0
pullPolicy: IfNotPresent
resources:
requests:

View File

@@ -19,10 +19,10 @@ dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
appVersion: 4.100.2

View File

@@ -4,9 +4,8 @@ metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -34,9 +33,8 @@ metadata:
name: code-server-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-code-server
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-code-server
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: code-server-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client

View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.105.1@sha256:c7c66416238b70312df90b5936ea4adb6108552d866dd00a804c86c599b2ab6c
tag: 4.100.2@sha256:511445e8877da1665b97d2ca39f03009a36edadba9959eefcc8ff3d1b0f42251
pullPolicy: IfNotPresent
env:
- name: TZ

View File

@@ -8,10 +8,14 @@ keywords:
home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources:
- https://github.com/directus/directus
- https://github.com/minio/operator
- https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/minio/operator/tree/master/helm/tenant
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
@@ -20,14 +24,21 @@ dependencies:
- name: app-template
alias: directus
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: tenant
alias: minio
version: 7.1.1
repository: https://operator.min.io/
- name: valkey
version: 3.0.6
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: cloudflared
alias: cloudflared-directus
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
- name: postgres-cluster
alias: postgres-17-cluster
version: 6.14.0
version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
appVersion: 11.7.2

View File

@@ -4,9 +4,8 @@ metadata:
name: directus-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-config
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -45,35 +44,11 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-metric-token
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-metric-token
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: metric-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-redis-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-redis-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -83,14 +58,14 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/redis
key: /cl01tl/directus/valkey
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/redis
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
@@ -101,9 +76,8 @@ metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -124,6 +98,79 @@ spec:
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-user-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-root-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: config.env
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
@@ -131,9 +178,8 @@ metadata:
name: directus-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -154,9 +200,8 @@ metadata:
name: directus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -176,33 +221,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

View File

@@ -1,12 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-whodb
name: http-route-directus-minio
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-whodb
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -14,7 +13,7 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- whodb.alexlebens.net
- minio-directus.alexlebens.net
rules:
- matches:
- path:
@@ -23,6 +22,6 @@ spec:
backendRefs:
- group: ''
kind: Service
name: whodb
port: 80
name: minio-directus-console
port: 9090
weight: 100

View File

@@ -1,11 +0,0 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

View File

@@ -1,35 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.2.1
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.76.0

View File

@@ -1,30 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: redis-sentinel-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-sentinel-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: redis-replication-directus
redisReplicationPassword:
secretKeyRef:
name: directus-redis-config
key: password
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v7.0.15
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 10m
memory: 128Mi

View File

@@ -1,43 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: directus
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /metrics
bearerTokenSecret:
name: directus-metric-token
key: metric-token
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.12.0
tag: 11.7.2
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
@@ -63,25 +63,21 @@ directus:
secretKeyRef:
name: directus-postgresql-17-cluster-app
key: password
- name: SYNCHRONIZATION_STORE
value: redis
- name: CACHE_ENABLED
value: true
- name: CACHE_STORE
value: redis
- name: REDIS_ENABLED
value: true
- name: REDIS_HOST
value: redis-replication-directus-master
value: directus-valkey-primary
- name: REDIS_PORT
value: 6379
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: directus-redis-config
name: directus-valkey-config
key: user
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: directus-redis-config
name: directus-valkey-config
key: password
- name: STORAGE_LOCATIONS
value: s3
@@ -90,24 +86,21 @@ directus:
- name: STORAGE_S3_KEY
valueFrom:
secretKeyRef:
name: ceph-bucket-directus
name: directus-minio-user-secret
key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET
valueFrom:
secretKeyRef:
name: ceph-bucket-directus
name: directus-minio-user-secret
key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET
valueFrom:
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
value: directus
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
value: http://minio.directus:80
- name: STORAGE_S3_FORCE_PATH_STYLE
value: true
value: "true"
- name: AUTH_PROVIDERS
value: AUTHENTIK
- name: AUTH_AUTHENTIK_DRIVER
@@ -134,13 +127,6 @@ directus:
value: Authentik
- name: TELEMETRY
value: false
- name: METRICS_ENABLED
value: true
- name: METRICS_TOKENS
valueFrom:
secretKeyRef:
name: directus-metric-token
key: metric-token
resources:
requests:
cpu: 10m
@@ -153,11 +139,48 @@ directus:
port: 80
targetPort: 8055
protocol: TCP
minio:
existingSecret:
name: directus-minio-root-secret
tenant:
name: minio-directus
configSecret:
name: directus-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: false
valkey:
architecture: standalone
auth:
enabled: true
existingSecret: directus-valkey-config
existingSecretPasswordKey: password
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
cloudflared-directus:
name: cloudflared-directus
existingSecretName: directus-cloudflared-secret
postgres-17-cluster:
mode: recovery
mode: standalone
cluster:
storage:
storageClass: local-path
@@ -170,30 +193,13 @@ postgres-17-cluster:
recovery:
method: objectStore
objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1
endpointCredentials: directus-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1
retentionPolicy: "2d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: directus-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 0 4 * * SAT"
# backupName: garage
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
endpointCredentials: directus-postgresql-17-cluster-backup-secret
backupIndex: 2

View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: eigenfocus
version: 1.0.0
description: Eigenfocus
keywords:
- eigenfocus
- projects
home: https://wiki.alexlebens.dev/s/82548c75-cefe-4ad2-b60c-0b101127c31b
sources:
- https://github.com/Eigenfocus/eigenfocus
- https://hub.docker.com/r/eigenfocus/eigenfocus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: eigenfocus
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/eigenfocus.png
appVersion: 1.1.0

View File

@@ -1,12 +1,11 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-config-backup-secret
name: eigenfocus-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-config-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -16,7 +15,7 @@ spec:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/bazarr/bazarr-config"
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/eigenfocus/eigenfocus-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:

View File

@@ -1,12 +1,11 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-ntfy
name: http-route-eigenfocus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-ntfy
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -14,7 +13,7 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- ntfy.alexlebens.net
- eigenfocus.alexlebens.net
rules:
- matches:
- path:
@@ -23,6 +22,6 @@ spec:
backendRefs:
- group: ''
kind: Service
name: ntfy
name: eigenfocus
port: 80
weight: 100

View File

@@ -1,19 +1,18 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: karakeep-data-backup-source
name: eigenfocus-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-data-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: karakeep-data
sourcePVC: eigenfocus-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: karakeep-data-backup-secret
repository: eigenfocus-data-backup-secret
retain:
hourly: 1
daily: 3

View File

@@ -0,0 +1,40 @@
eigenfocus:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: eigenfocus/eigenfocus
tag: 1.1.0-free
pullPolicy: IfNotPresent
env:
- name: DEFAULT_HOST_URL
value: https://eigenfocus.alexlebens.net
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: HTTP
persistence:
data:
forceRename: eigenfocus-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /eigenfocus-app/app-data
readOnly: false

View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.22
version: 1.4.10
repository: https://ananace.gitlab.io/charts
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
appVersion: v1.11.100

View File

@@ -4,9 +4,8 @@ metadata:
name: element-web-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: element-web-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: vectorim/element-web
tag: v1.12.2
tag: v1.11.100
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev
@@ -12,8 +12,8 @@ element-web:
disable_3pid_login: true
brand: "Alex Lebens"
branding:
welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png
auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
sso_redirect_options:
immediate: true
default_theme: dark

View File

@@ -20,14 +20,14 @@ dependencies:
- name: app-template
alias: freshrss
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
- name: postgres-cluster
alias: postgres-17-cluster
version: 6.14.0
version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
appVersion: 1.26.2

View File

@@ -4,9 +4,8 @@ metadata:
name: freshrss-install-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-install-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -41,9 +40,8 @@ metadata:
name: freshrss-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-oidc-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -78,9 +76,8 @@ metadata:
name: freshrss-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -101,9 +98,8 @@ metadata:
name: freshrss-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-data-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -158,9 +154,8 @@ metadata:
name: freshrss-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -180,33 +175,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

View File

@@ -4,9 +4,8 @@ metadata:
name: freshrss-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-data-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: freshrss-data
trigger:

View File

@@ -11,7 +11,7 @@ freshrss:
runAsUser: 0
image:
repository: alpine
tag: 3.22.2
tag: 3.21.3
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -35,7 +35,7 @@ freshrss:
runAsUser: 0
image:
repository: alpine
tag: 3.22.2
tag: 3.21.3
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -49,29 +49,7 @@ freshrss:
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.22.2
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
@@ -80,7 +58,7 @@ freshrss:
main:
image:
repository: freshrss/freshrss
tag: 1.27.1
tag: 1.26.2
pullPolicy: IfNotPresent
env:
- name: PGID
@@ -185,16 +163,13 @@ freshrss:
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
cloudflared:
existingSecretName: freshrss-cloudflared-secret
postgres-17-cluster:
mode: recovery
mode: standalone
cluster:
storage:
storageClass: local-path
@@ -207,30 +182,13 @@ postgres-17-cluster:
recovery:
method: objectStore
objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
recoveryIndex: 3
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
retentionPolicy: "2d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 2 4 * * SAT"
# backupName: garage
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
backupIndex: 3

View File

@@ -1,8 +1,9 @@
apiVersion: v2
name: karakeep
name: hoarder
version: 1.0.0
description: Karakeep
keywords:
- hoarder
- karakeep
- bookmarks
home: https://wiki.alexlebens.dev/s/f8177591-8253-4e21-82d5-a556f0aeafad
@@ -18,15 +19,15 @@ maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: karakeep
alias: hoarder
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: meilisearch
version: 0.17.1
version: 0.13.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
appVersion: 0.26.0
appVersion: 0.24.1

View File

@@ -4,9 +4,8 @@ metadata:
name: karakeep-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-key-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -19,13 +18,6 @@ spec:
key: /cl01tl/karakeep/key
metadataPolicy: None
property: key
- secretKey: prometheus-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/karakeep/key
metadataPolicy: None
property: prometheus-token
---
apiVersion: external-secrets.io/v1
@@ -34,9 +26,8 @@ metadata:
name: karakeep-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-oidc-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -64,9 +55,8 @@ metadata:
name: karakeep-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-meilisearch-master-key-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -87,9 +77,8 @@ metadata:
name: karakeep-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -107,12 +96,11 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-data-backup-secret
name: hoarder-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-data-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -122,7 +110,7 @@ spec:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/karakeep/karakeep-data"
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:

View File

@@ -1,30 +1,24 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: bazarr-config-backup-source
name: hoarder-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-config-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: bazarr-config
sourcePVC: hoarder-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: bazarr-config-backup-secret
repository: hoarder-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

View File

@@ -1,4 +1,4 @@
karakeep:
hoarder:
controllers:
main:
type: deployment
@@ -9,13 +9,11 @@ karakeep:
main:
image:
repository: ghcr.io/karakeep-app/karakeep
tag: 0.27.1
tag: 0.24.1
pullPolicy: IfNotPresent
env:
- name: DATA_DIR
value: /data
- name: DB_WAL_MODE
value: true
- name: NEXTAUTH_URL
value: https://karakeep.alexlebens.dev/
- name: NEXTAUTH_SECRET
@@ -23,41 +21,15 @@ karakeep:
secretKeyRef:
name: karakeep-key-secret
key: key
- name: PROMETHEUS_AUTH_TOKEN
valueFrom:
secretKeyRef:
name: karakeep-key-secret
key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION
value: us-east-1
- name: ASSET_STORE_S3_BUCKET
valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: ceph-bucket-karakeep
key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true
- name: MEILI_ADDR
value: http://karakeep-meilisearch.karakeep:7700
value: http://hoarder-meilisearch.hoarder:7700
- name: MEILI_MASTER_KEY
valueFrom:
secretKeyRef:
name: karakeep-meilisearch-master-key-secret
key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL
value: http://karakeep.karakeep:9222
value: http://hoarder.hoarder:9222
- name: DISABLE_SIGNUPS
value: false
- name: OAUTH_PROVIDER_NAME
@@ -77,13 +49,13 @@ karakeep:
name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL
value: http://ollama-server-3.ollama:11434
value: http://ollama-server-1.ollama:11434
- name: OLLAMA_KEEP_ALIVE
value: 5m
- name: INFERENCE_TEXT_MODEL
value: gemma3:4b
value: llama3.1:8b
- name: INFERENCE_IMAGE_MODEL
value: granite3.2-vision:2b
value: llama3.2-vision:11b
- name: EMBEDDING_TEXT_MODEL
value: mxbai-embed-large
- name: INFERENCE_JOB_TIMEOUT_SEC
@@ -122,6 +94,7 @@ karakeep:
protocol: HTTP
persistence:
data:
forceRename: hoarder-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi

View File

@@ -18,6 +18,6 @@ dependencies:
- name: app-template
alias: home-assistant
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
appVersion: 2025.5.2

View File

@@ -4,9 +4,8 @@ metadata:
name: home-assistant-code-server-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: home-assistant-code-server-password-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -34,9 +33,8 @@ metadata:
name: home-assistant-token-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: home-assistant-token-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-home-assistant
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-home-assistant
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -34,9 +33,8 @@ metadata:
name: http-route-home-assistant-code-server
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-home-assistant-code-server
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: home-assistant
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:

View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2025.10.4
tag: 2025.5.2
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.105.1@sha256:c7c66416238b70312df90b5936ea4adb6108552d866dd00a804c86c599b2ab6c
tag: 4.100.2@sha256:511445e8877da1665b97d2ca39f03009a36edadba9959eefcc8ff3d1b0f42251
pullPolicy: IfNotPresent
env:
- name: TZ

View File

@@ -18,10 +18,10 @@ dependencies:
- name: app-template
alias: homepage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.22.1
version: 1.15.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
appVersion: v1.2.0

View File

@@ -4,9 +4,8 @@ metadata:
name: homepage-dev-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage-dev-cloudflared-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -11,7 +11,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.5.0
tag: v1.2.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
@@ -27,18 +27,18 @@ homepage:
docker.yaml: ""
kubernetes.yaml: ""
settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean
hideVersion: true
color: zinc
background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
brightness: 50
theme: dark
disableCollapse: true
widgets.yaml: |
- logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- datetime:
text_size: xl
format:
@@ -68,20 +68,14 @@ homepage:
href: https://gitea.alexlebens.dev
siteMonitor: https://gitea.alexlebens.dev
statusStyle: dot
- Code:
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
description: Profile Website
href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev
statusStyle: dot
- Content Management:
icon: directus.png
icon: sh-directus.webp
description: Directus
href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev

View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template
alias: homepage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
appVersion: v1.2.0

View File

@@ -4,9 +4,8 @@ metadata:
name: homepage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

View File

@@ -4,9 +4,8 @@ metadata:
name: homepage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- ""

View File

@@ -4,9 +4,8 @@ metadata:
name: homepage-keys-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: homepage-keys-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-homepage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-homepage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: gitea-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-ps10rp
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net
spec:
@@ -20,27 +19,10 @@ metadata:
name: home-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: home-ps10rp
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName
---
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

View File

@@ -15,7 +15,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.5.0
tag: v1.2.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
@@ -39,12 +39,12 @@ homepage:
kubernetes.yaml: |
mode: cluster
settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
headerStyle: clean
hideVersion: true
color: zinc
background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-5.png
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-4.jpg
brightness: 50
theme: dark
disableCollapse: true
@@ -61,9 +61,6 @@ homepage:
- Code:
tab: Tools
icon: mdi-code-block-braces-#ffffff
- Automation:
tab: Tools
icon: mdi-wrench-#ffffff
- Monitoring:
tab: Tools
icon: mdi-chart-line-#ffffff
@@ -99,7 +96,7 @@ homepage:
icon: mdi-cloud-#ffffff
widgets.yaml: |
- logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
- kubernetes:
cluster:
show: true
@@ -132,21 +129,21 @@ homepage:
href: https://plex.alexlebens.net
siteMonitor: http://plex.plex:32400
statusStyle: dot
- Jellyfin:
icon: sh-jellyfin.webp
description: Media server
href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Media Requests:
icon: sh-overseerr.webp
description: Overseer
href: https://overseerr.alexlebens.net
siteMonitor: http://overseerr.overseerr:80
statusStyle: dot
- Media Tracking:
- Jellyfin:
icon: sh-jellyfin.webp
description: Media server
href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Yamtrack:
icon: sh-yamtrack.webp
description: Yamtrack
description: Watched Media Tracking
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
@@ -182,13 +179,13 @@ homepage:
statusStyle: dot
- Public:
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
description: Profile Website
href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev
statusStyle: dot
- Content Management:
icon: directus.png
icon: sh-directus.webp
description: Directus
href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev
@@ -242,6 +239,12 @@ homepage:
href: https://actual.alexlebens.net
siteMonitor: http://actual.actual:80
statusStyle: dot
- Project Management:
icon: sh-eigenfocus.webp
description: Eigenfocus
href: https://eigenfocus.alexlebens.net
siteMonitor: http://eigenfocus.eigenfocus:80
statusStyle: dot
- AI:
icon: sh-ollama.webp
description: Ollama
@@ -288,8 +291,8 @@ homepage:
- Code (ps10rp):
icon: sh-gitea.webp
description: Gitea
href: https://gitea-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net
href: https://gitea.lebens-home.net
siteMonitor: https://gitea.lebens-home.net
statusStyle: dot
- IDE (Public):
icon: sh-visual-studio-code.webp
@@ -309,43 +312,21 @@ homepage:
href: https://argocd.alexlebens.net
siteMonitor: http://argocd-server.argocd:80
statusStyle: dot
- Docker Deployment:
icon: sh-komodo-light.webp
description: Komodo
href: https://komodo.alexlebens.net
siteMonitor: http://komodo-main.komodo:80
statusStyle: dot
- Automation:
- Deployment Workflows:
namespace: argocd
- Workflows:
icon: sh-argo-cd.webp
description: Argo Workflows
href: https://argo-workflows.alexlebens.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot
- API Workflows:
icon: sh-n8n.webp
description: n8n
href: https://n8n.alexlebens.net
siteMonitor: http://n8n-main.n8n:80
statusStyle: dot
- Jobs:
icon: https://raw.githubusercontent.com/mshade/kronic/main/static/android-chrome-192x192.png
description: Kronic
href: https://kronic.alexlebens.net
siteMonitor: http://kronic.kronic:80
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
href: https://gatus.alexlebens.net
siteMonitor: http://gatus.gatus:80
statusStyle: dot
- Tools:
icon: sh-omnitools.webp
description: OmniTools
href: https://omni-tools.alexlebens.net
siteMonitor: http://omni-tools.omni-tools:80
namespace: argocd
- Deployment:
icon: sh-komodo-light.webp
description: Komodo
href: https://komodo.alexlebens.net
siteMonitor: http://komodo.komodo:80
statusStyle: dot
namespace: komodo
- Monitoring:
- Kubernetes:
icon: sh-headlamp.webp
@@ -374,23 +355,6 @@ homepage:
widget:
type: prometheus
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
- Alerting:
icon: sh-prometheus-light.webp
description: Alertmanager
href: https://alertmanager.alexlebens.net
siteMonitor: http://kube-prometheus-stack-alertmanager.kube-prometheus-stack:9093
statusStyle: dot
widget:
type: prometheusmetric
url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
refreshInterval: 120s
metrics:
- label: Alerts Active
query: alertmanager_alerts{state="active"}
- label: Metric Database Size
query: prometheus_tsdb_storage_blocks_bytes
format:
type: bytes
- Tautulli:
icon: sh-tautulli.webp
description: Plex Monitoring
@@ -417,17 +381,11 @@ homepage:
siteMonitor: http://authentik-server.authentik:80
statusStyle: dot
- Email:
icon: sh-stalwart.webp
icon: sh-stalwart-mail-server.webp
description: Stalwart
href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
- Notifications:
icon: sh-ntfy.webp
description: ntfy
href: https://ntfy.alexlebens.net
siteMonitor: http://ntfy.ntfy:80
statusStyle: dot
- Reverse Proxy:
icon: sh-traefik.webp
description: Traefik
@@ -479,12 +437,6 @@ homepage:
href: https://pikvm.alexlebens.net
siteMonitor: https://pikvm.alexlebens.net
statusStyle: dot
- Server Plug:
icon: sh-shelly.webp
description: Shelly
href: http://it05sp.alexlebens.net
siteMonitor: http://it05sp.alexlebens.net
statusStyle: dot
- Storage:
- Cluster Storage:
icon: sh-ceph.webp
@@ -492,30 +444,30 @@ homepage:
href: https://ceph.alexlebens.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot
- Remote Storage:
icon: sh-garage.webp
description: Garage
href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://garage-ui-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- Database:
icon: sh-pgadmin-light.webp
description: PGAdmin
href: https://pgadmin.alexlebens.net
siteMonitor: http://pgadmin.pgadmin:80
statusStyle: dot
- Database:
icon: sh-whodb.webp
description: WhoDB
href: https://whodb.alexlebens.net
siteMonitor: http://whodb.whodb:80
statusStyle: dot
- Secrets:
icon: sh-hashicorp-vault.webp
description: Vault
href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
- Object Storage (Outline):
icon: sh-minio.webp
description: Minio Tenant
href: https://minio-outline.alexlebens.net
siteMonitor: http://minio-outline-console.outline:9090
statusStyle: dot
- Object Storage (Directus):
icon: sh-minio.webp
description: Minio Tenant
href: https://minio-directus.alexlebens.net
siteMonitor: http://minio-directus-console.directus:9090
statusStyle: dot
- TV Shows:
- Sonarr:
icon: sh-sonarr.webp
@@ -627,11 +579,11 @@ homepage:
siteMonitor: http://slskd.slskd:5030
statusStyle: dot
- Services (Servarr):
- qUI:
icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg
description: qbitorrent
href: https://qui.alexlebens.net
siteMonitor: http://qbittorrent-qui.qbittorrent:80
- qBittorrent:
icon: sh-qbittorrent.webp
description: P2P Downloads
href: https://qbittorrent.alexlebens.net
siteMonitor: http://qbittorrent.qbittorrent:8080
statusStyle: dot
widget:
type: qbittorrent
@@ -643,12 +595,6 @@ homepage:
href: https://prowlarr.alexlebens.net
siteMonitor: http://prowlarr.prowlarr:80
statusStyle: dot
- Bazarr:
icon: sh-bazarr.webp
description: Indexers
href: https://bazarr.alexlebens.net
siteMonitor: http://bazarr.bazarr:80
statusStyle: dot
- Huntarr:
icon: https://raw.githubusercontent.com/plexguide/Huntarr.io/main/frontend/static/logo/128.png
description: Indexers
@@ -688,6 +634,9 @@ homepage:
- Github:
- abbr: GH
href: https://github.com/alexlebens
- Renovate:
- abbr: RN
href: https://developer.mend.io/[platform]/alexlebens/infrastructure
- Digital Ocean:
- abbr: DO
href: https://www.digitalocean.com/

View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template
alias: huntarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/huntarr.png
appVersion: 7.0.0
appVersion: 6.5.15

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-huntarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-huntarr
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -8,8 +8,8 @@ huntarr:
containers:
main:
image:
repository: ghcr.io/plexguide/huntarr
tag: 8.2.10
repository: huntarr/huntarr
tag: 6.5.15
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -31,7 +31,7 @@ huntarr:
forceRename: huntarr-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
size: 1Gi
advancedMounts:
main:
main:

View File

@@ -8,8 +8,10 @@ keywords:
home: https://wiki.alexlebens.dev/s/9377ae08-2041-4b6d-bc2b-61a4f5e8faae
sources:
- https://github.com/immich-app/immich
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
@@ -17,10 +19,13 @@ dependencies:
- name: app-template
alias: immich
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: valkey
version: 3.0.6
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster
alias: postgres-17-cluster
version: 6.14.0
alias: postgres-16-cluster
version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
appVersion: v2.0.1
appVersion: v1.132.3

View File

@@ -4,9 +4,8 @@ metadata:
name: immich-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-config-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -24,12 +23,11 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: immich-postgresql-17-cluster-backup-secret
name: immich-postgresql-16-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -49,33 +47,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: immich-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-immich
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: immich-nfs-storage
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: immich-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

View File

@@ -1,32 +0,0 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-immich
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

View File

@@ -4,9 +4,8 @@ metadata:
name: immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
selector:
matchLabels:
@@ -21,24 +20,3 @@ spec:
interval: 3m
scrapeTimeout: 1m
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-immich
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-immich
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

View File

@@ -9,7 +9,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.1.0
tag: v1.132.3
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,33 +21,33 @@ immich:
- name: IMMICH_MACHINE_LEARNING_URL
value: http://immich-machine-learning.immich:3003
- name: REDIS_HOSTNAME
value: redis-replication-immich-master
value: immich-valkey-primary
- name: DB_VECTOR_EXTENSION
value: vectorchord
value: pgvecto.rs
- name: DB_HOSTNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-17-cluster-app
name: immich-postgresql-16-cluster-app
key: host
- name: DB_DATABASE_NAME
valueFrom:
secretKeyRef:
name: immich-postgresql-17-cluster-app
name: immich-postgresql-16-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: immich-postgresql-17-cluster-app
name: immich-postgresql-16-cluster-app
key: port
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: immich-postgresql-17-cluster-app
name: immich-postgresql-16-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: immich-postgresql-17-cluster-app
name: immich-postgresql-16-cluster-app
key: password
probes:
liveness:
@@ -99,7 +99,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-machine-learning
tag: v2.1.0
tag: v1.132.1
pullPolicy: IfNotPresent
env:
- name: TRANSFORMERS_CACHE
@@ -188,16 +188,37 @@ immich:
main:
- path: /usr/src/app/upload
readOnly: false
postgres-17-cluster:
valkey:
architecture: standalone
auth:
enabled: false
usePasswordFiles: false
primary:
persistence:
enabled: false
replica:
persistence:
enabled: false
postgres-16-cluster:
# Tensorchord
#--- https://github.com/immich-app/immich/discussions/9060
#--- https://docs.pgvecto.rs/admin/kubernetes.html
#--- https://github.com/tensorchord/cloudnative-pgvecto.rs
#--- https://github.com/immich-app/immich/discussions/17025
type: tensorchord
mode: recovery
cluster:
image:
repository: ghcr.io/tensorchord/cloudnative-vectorchord
tag: 17.5-0.4.3
repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
tag: 16.3-v0.2.1
storage:
storageClass: local-path
walStorage:
storageClass: local-path
resources:
requests:
memory: 384Mi
cpu: 200m
monitoring:
enabled: true
prometheusRule:
@@ -205,41 +226,16 @@ postgres-17-cluster:
postgresql:
parameters:
shared_buffers: 256MB
shared_preload_libraries:
- "vchord.so"
initdb:
postInitSQL:
- CREATE EXTENSION IF NOT EXISTS "vector";
- CREATE EXTENSION IF NOT EXISTS "vchord" CASCADE;
- CREATE EXTENSION IF NOT EXISTS "cube" CASCADE;
- CREATE EXTENSION IF NOT EXISTS "earthdistance" CASCADE;
recovery:
method: objectStore
objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster
index: 2
endpointCredentials: immich-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-17-cluster
index: 2
retentionPolicy: "2d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/immich/immich-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: immich-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 4 4 * * SAT"
# backupName: garage
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster
endpointCredentials: immich-postgresql-16-cluster-backup-secret
backupIndex: 2

View File

@@ -20,6 +20,6 @@ dependencies:
- name: app-template
alias: jellyfin
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
appVersion: 10.10.7

View File

@@ -4,9 +4,8 @@ metadata:
name: jellyfin-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-config-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-jellyfin
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-jellyfin
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: jellyfin-nfs-storage
storageClassName: nfs-client
@@ -23,9 +22,8 @@ metadata:
name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-youtube-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: jellyfin-youtube-nfs-storage
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -29,9 +28,8 @@ metadata:
name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-youtube-nfs-storage
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

View File

@@ -4,9 +4,8 @@ metadata:
name: jellyfin-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellyfin-config-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: jellyfin-config
trigger:

View File

@@ -9,7 +9,7 @@ jellyfin:
main:
image:
repository: ghcr.io/jellyfin/jellyfin
tag: 10.11.0
tag: 10.10.7
pullPolicy: IfNotPresent
env:
- name: TZ

View File

@@ -18,10 +18,10 @@ dependencies:
- name: app-template
alias: jellystat
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
- name: postgres-cluster
alias: postgres-17-cluster
version: 6.14.0
version: 5.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
appVersion: 1.1.6

View File

@@ -4,9 +4,8 @@ metadata:
name: jellystat-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -41,9 +40,8 @@ metadata:
name: jellystat-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-data-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -98,9 +96,8 @@ metadata:
name: jellystat-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
@@ -120,33 +117,3 @@ spec:
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: jellystat-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-jellystat
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-jellystat
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

View File

@@ -4,9 +4,8 @@ metadata:
name: jellystat-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: jellystat-data-backup-source
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: jellystat-data
trigger:

View File

@@ -79,7 +79,7 @@ jellystat:
- path: /app/backend/backup-data
readOnly: false
postgres-17-cluster:
mode: recovery
mode: standalone
cluster:
storage:
storageClass: local-path
@@ -92,30 +92,14 @@ postgres-17-cluster:
recovery:
method: objectStore
objectStore:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
index: 1
endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
recoveryIndex: 2
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
index: 1
retentionPolicy: "2d"
isWALArchiver: true
# - name: garage
# destinationPath: s3://postgres-backups/cl01tl/jellystat/jellystat-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: jellystat-postgresql-17-cluster-backup-secret-weekly
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
# - name: weekly-backup
# suspend: false
# schedule: "0 6 4 * * SAT"
# backupName: garage
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
backupIndex: 2
retentionPolicy: "7d"

View File

@@ -1,11 +0,0 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-karakeep
labels:
app.kubernetes.io/name: ceph-bucket-karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-karakeep
storageClassName: ceph-bucket

View File

@@ -1,23 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: karakeep
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
endpoints:
- port: http
interval: 30s
scrapeTimeout: 15s
path: /api/metrics
authorization:
credentials:
key: prometheus-token
name: karakeep-key-secret
selector:
matchLabels:
app.kubernetes.io/name: karakeep
app.kubernetes.io/instance: {{ .Release.Name }}

View File

@@ -16,6 +16,6 @@ dependencies:
- name: app-template
alias: kiwix
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.4.0
version: 4.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png
appVersion: 3.7.0

View File

@@ -4,9 +4,8 @@ metadata:
name: http-route-kiwix
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-kiwix
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

Some files were not shown because too many files have changed in this diff Show More