alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

Compare commits

base: alexlebens:renovate/cilium-1.x
Branches Tags
alexlebens:main alexlebens:renovate/unified-freikadawarich alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:manifests
..
compare: alexlebens:fe0bcbf9077a9538ef7d78c9d89e0bc4e773cb63
Branches Tags
alexlebens:renovate/unified-freikadawarich alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:main alexlebens:manifests

1 Commits
renovate/c ... fe0bcbf907

Author SHA1 Message Date
Renovate Bot
fe0bcbf907 chore(deps): update dependency outline/outline to v1.6.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Successful in 29s
Details
2026-03-15 20:27:10 +00:00
132 changed files with 2310 additions and 902 deletions
Expand all files Collapse all files

10
.gitea/workflows/lint-test-docker.yaml
View File

@@ -21,14 +21,14 @@ jobs:
runs-on: ubuntu-js runs-on: ubuntu-js
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: "${{ github.base_ref }}" branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
- name: Set Up Node.js - name: Set Up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 uses: actions/setup-node@v6
with: with:
node-version: '24' node-version: '24'
@@ -120,7 +120,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
@@ -131,4 +131,4 @@ jobs:
tags: action,failed tags: action,failed
details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}" details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

26
.gitea/workflows/lint-test-helm.yaml
View File

@@ -28,14 +28,14 @@ jobs:
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }} changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm - name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -209,7 +209,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
@@ -218,9 +218,9 @@ jobs:
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed tags: action,failed
details: "Helm linting for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.lint.outputs.failed-charts }}" details: "Helm linting for cluster '${CLUSTER}' failed on charts: ${{ steps.lint.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
validate-kubeconform: validate-kubeconform:
@@ -232,7 +232,7 @@ jobs:
github.event_name == 'pull_request' github.event_name == 'pull_request'
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -257,7 +257,7 @@ jobs:
echo "----" echo "----"
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
@@ -265,7 +265,7 @@ jobs:
cache: true cache: true
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -352,7 +352,7 @@ jobs:
exit $EXIT_CODE exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
@@ -361,7 +361,7 @@ jobs:
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed tags: action,failed
details: "Kubeconform for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.validate.outputs.failed-charts }}" details: "Kubeconform for cluster '${CLUSTER}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true

463
.gitea/workflows/render-manifests-automerge.yaml Normal file
View File

@@ -0,0 +1,463 @@
name: render-manifests-automerge
on:
workflow_dispatch:
# pull_request:
# branches:
# - main
# paths:
# - 'clusters/cl01tl/helm/**'
# types:
# - closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME_BASE: auto/update-manifests-automerge
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-automerge:
runs-on: ubuntu-js
if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch
id: prepare-manifest-branch
run: |
cd ${MANIFEST_DIR}
BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
echo ""
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Creating branch ..."
git checkout -b $BRANCH_NAME
echo "----"
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITEA_OUTPUT
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..."
# Extract the chart names from the git diff
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo "${RENDER_DIR}"
echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT"
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
echo "EOF" >> "$GITEA_OUTPUT"
else
echo ""
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ""
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering ..."
echo ">> Chart: ${CHART_NAME}"
echo ">> Path: ${CHART_PATH}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
echo ""
echo ">> Updating helm dependencies ..."
helm dependency update --skip-refresh > /dev/null
echo ""
echo ">> Linting helm chart ..."
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ""
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..."
esac
echo ""
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
echo ""
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ""
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ""
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after automerge"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----"
echo "push=true" >> "$GITEA_OUTPUT"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${BRANCH_NAME}" \
--arg base "${BASE_BRANCH}" \
--arg title "Automated Manifest Update - Automerge" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. This is expected to be automerged." \
'{head: $head, base: $base, title: $title, body: $body}' )
echo ">> Creating PR from branch ${BRANCH_NAME} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo ">> Pull Request URL: $PR_URL"
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_NUMBER=$(cat response_body.json | jq -r .number)
echo ">> Pull Request Number: $PR_NUMBER"
echo "pull-request-number=${PR_NUMBER}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: Merge Changes
id: merge-changes
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
PAYLOAD=$( jq -n \
--arg Do "merge" \
'{Do: $Do}' )
echo ">> Merging PR with ID: ${PR_NUMBER}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request merged successfully!"
echo "pull-request-operation=merged" >> $GITEA_OUTPUT
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
echo "pull-request-operation=failed" >> $GITEA_OUTPUT
exit 1
fi
echo "----"
- name: Cleanup Branch
if: failure()
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd ${MANIFEST_DIR}
echo ">> Removing branch: ${BRANCH_NAME}"
git push origin --delete ${BRANCH_NAME}
echo "----"
- name: ntfy Merged
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Merged - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Automerge Manifest rendering for Infrastructure!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Automerge Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests-automerge.yaml", "clear": true}]'
image: true

445
.gitea/workflows/render-manifests-dispatch.yaml Normal file
View File

@@ -0,0 +1,445 @@
name: render-manifests-dispatch
on:
workflow_dispatch:
# schedule:
# - cron: '0 15 * * *'
# workflow_dispatch:
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-dispatch:
runs-on: ubuntu-js
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}"
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Triggered on dispatch, will check all paths ..."
# Extract names of charts
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo "${RENDER_DIR}"
echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT"
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
echo "EOF" >> "$GITEA_OUTPUT"
else
echo ">> No directories found"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ""
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering ..."
echo ">> Chart: ${CHART_NAME}"
echo ">> Path: ${CHART_PATH}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
echo ""
echo ">> Updating helm dependencies ..."
helm dependency update --skip-refresh > /dev/null
echo ""
echo ">> Linting helm chart ..."
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ""
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..."
esac
echo ""
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
echo ""
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ""
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ""
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
echo "push=true" >> "$GITEA_OUTPUT"
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

451
.gitea/workflows/render-manifests-merge.yaml Normal file
View File

@@ -0,0 +1,451 @@
name: render-manifests-merge
on:
workflow_dispatch:
# pull_request:
# branches:
# - main
# paths:
# - 'clusters/cl01tl/helm/**'
# types:
# - closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-merge:
runs-on: ubuntu-js
if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}"
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..."
# Extract the chart names from the git diff
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo "${RENDER_DIR}"
echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT"
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
echo "EOF" >> "$GITEA_OUTPUT"
else
echo ""
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ""
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering ..."
echo ">> Chart: ${CHART_NAME}"
echo ">> Path: ${CHART_PATH}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
echo ""
echo ">> Updating helm dependencies ..."
helm dependency update --skip-refresh > /dev/null
echo ""
echo ">> Linting helm chart ..."
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ""
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..."
esac
echo ""
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
echo ""
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ""
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ""
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
echo "push=true" >> "$GITEA_OUTPUT"
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

449
.gitea/workflows/render-manifests-push.yaml Normal file
View File

@@ -0,0 +1,449 @@
name: render-manifests-push
on:
workflow_dispatch:
# push:
# branches:
# - main
# paths:
# - 'clusters/cl01tl/helm/**'
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-push:
runs-on: ubuntu-js
if: gitea.event.commits[0].author.username != 'renovate-bot'
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}"
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Checking for changes ..."
# Extract the chart names from the git diff
RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo "${RENDER_DIR}"
echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT"
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
echo "EOF" >> "$GITEA_OUTPUT"
else
echo ""
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ""
echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ""
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo ""
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering ..."
echo ">> Chart: ${CHART_NAME}"
echo ">> Path: ${CHART_PATH}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
echo ""
echo ">> Updating helm dependencies ..."
helm dependency update --skip-refresh > /dev/null
echo ""
echo ">> Linting helm chart ..."
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ""
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..."
esac
echo ""
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
echo ""
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ""
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ""
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
echo "push=true" >> "$GITEA_OUTPUT"
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

50
.gitea/workflows/render-manifests.yaml
View File

@@ -6,6 +6,12 @@ on:
workflow_dispatch: workflow_dispatch:
push:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
pull_request: pull_request:
branches: branches:
- main - main
@@ -28,35 +34,36 @@ jobs:
if: >- if: >-
github.event_name == 'schedule' || github.event_name == 'schedule' ||
github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' && github.actor != 'renovate-bot') ||
(github.event_name == 'pull_request' && github.event.pull_request.merged == true) (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps: steps:
- name: Checkout Main - name: Checkout Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
path: infrastructure path: infrastructure
fetch-depth: 0 fetch-depth: 0
- name: Checkout Manifests - name: Checkout Manifests
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
with: with:
ref: manifests ref: manifests
path: infrastructure-manifests path: infrastructure-manifests
- name: Set Up Helm - name: Set Up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743 version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true cache: true
- name: Configure Kubeconfig - name: Configure Kubeconfig
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 uses: azure/k8s-set-context@v4
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies - name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@v5
with: with:
path: | path: |
~/.cache/helm ~/.cache/helm
@@ -88,6 +95,10 @@ jobs:
DIFF_TARGET="HEAD^..HEAD" DIFF_TARGET="HEAD^..HEAD"
elif [[ "${{ github.event_name }}" == "push" ]]; then
echo ">> Mode: Push (Standard)"
DIFF_TARGET="${{ github.event.before }}..HEAD"
fi fi
echo "" echo ""
@@ -100,7 +111,6 @@ jobs:
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
id: prepare-manifest-branch id: prepare-manifest-branch
env: env:
PR_NUMBER: ${{ github.event.pull_request.number }}
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }} IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
run: | run: |
cd "${MANIFEST_DIR}" cd "${MANIFEST_DIR}"
@@ -110,10 +120,10 @@ jobs:
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
if [[ "$IS_AUTOMERGE" == "true" ]]; then if [[ "$IS_AUTOMERGE" == "true" ]]; then
BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-${PR_NUMBER}"
echo "" echo ""
echo ">> Creating branch ${BRANCH_NAME} ..." echo ">> Creating branch ${BRANCH_NAME} ..."
git checkout -B "$BRANCH_NAME" BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-$(date +%Y%m%d%H%M%S)"
git checkout -b "$BRANCH_NAME"
else else
echo "" echo ""
@@ -406,6 +416,7 @@ jobs:
echo "----" echo "----"
echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT" echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
echo "pull-request-url=$(cat response_body.json | jq -r .[0].html_url)" >> "$GITHUB_OUTPUT"
else else
echo "" echo ""
@@ -457,6 +468,7 @@ jobs:
echo "" echo ""
echo "----" echo "----"
echo "pull-request-url=$(jq -r .html_url response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT" echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT" echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-operation=created" >> "$GITHUB_OUTPUT" echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
@@ -568,7 +580,7 @@ jobs:
echo "----" echo "----"
- name: ntfy Created - name: ntfy Created
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false' if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -577,12 +589,12 @@ jobs:
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed tags: action,successfully,completed
details: "Created renderd manifests for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}" details: "Created renderd manifests for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Updated - name: ntfy Updated
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false' if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -591,12 +603,12 @@ jobs:
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed tags: action,successfully,completed
details: "Updated rendered manifests PR for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}" details: "Updated rendered manifests PR for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.check-for-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Merged - name: ntfy Merged
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged' if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -605,12 +617,12 @@ jobs:
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed tags: action,successfully,completed
details: "Automerged manifest rendering for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}" details: "Automerged manifest rendering for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]' actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: "${{ secrets.NTFY_URL }}" url: "${{ secrets.NTFY_URL }}"
@@ -621,4 +633,4 @@ jobs:
tags: action,failed tags: action,failed
details: "Manifest rendering for Infrastructure has failed!" details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png" icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

4
.gitea/workflows/renovate.yaml
View File

@@ -13,10 +13,10 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb container: ghcr.io/renovatebot/renovate:43
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@v6
- name: Renovate - name: Renovate
run: renovate run: renovate

6
.pre-commit-config.yaml
View File

@@ -1,6 +1,6 @@
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0 rev: v2.3.0
hooks: hooks:
- id: end-of-file-fixer - id: end-of-file-fixer
- id: trailing-whitespace - id: trailing-whitespace
@@ -9,9 +9,7 @@ repos:
exclude: '^.*\/templates\/.*$' exclude: '^.*\/templates\/.*$'
args: args:
- --multi - --multi
- id: check-merge-conflict
- id: check-json
- repo: https://github.com/IamTheFij/docker-pre-commit - repo: https://github.com/IamTheFij/docker-pre-commit
rev: v3.0.1 rev: v2.0.0
hooks: hooks:
- id: docker-compose-check - id: docker-compose-check

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.5 version: 1.0.2
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.21 version: 2.4.20
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
digest: sha256:d0d7ebf1c0013d001aa2f17d04a6d3f3d7a1fa7d5c62792eef856b87c24eb26e digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-20T20:48:30.830922259Z" generated: "2026-03-15T20:04:18.080966008Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,10 +18,10 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.5 version: 1.0.2
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.21 version: 2.4.20
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows # renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3 appVersion: v4.0.2

2
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -8,7 +8,7 @@ argo-workflows:
upgradeJob: upgradeJob:
image: image:
repository: registry.k8s.io/kubectl repository: registry.k8s.io/kubectl
tag: v1.35.3 tag: v1.35.2
controller: controller:
metricsConfig: metricsConfig:
enabled: true enabled: true

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.15 version: 9.4.10
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa digest: sha256:795aad956acef3f5efb8160390caf9b9792b7b4150d3a7984f1c5edbad92dfaa
generated: "2026-03-20T01:09:07.547016465Z" generated: "2026-03-10T18:58:35.720448421Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.15 version: 9.4.10
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.4 appVersion: v3.3.3

9
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -55,7 +55,14 @@ argo-cd:
server: server:
replicas: 2 replicas: 2
extensions: extensions:
enabled: false enabled: true
extensionList:
- name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.1 appVersion: 2.33.0

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1 tag: 2.33.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

5
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -98,7 +98,7 @@ blocky:
traefik-cl01tl IN A 10.232.1.21 traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22 blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23 cilium-cl01tl IN A 10.232.1.23
;; Application Names ;; Application Names
@@ -127,17 +127,14 @@ blocky:
home IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -4,14 +4,11 @@ version: 1.0.0
description: booklore description: booklore
keywords: keywords:
- booklore - booklore
- grimmory
- books - books
home: https://wiki.alexlebens.dev/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/booklore-app/BookLore - https://github.com/booklore-app/BookLore
- https://github.com/grimmory-tools/grimmory
- https://github.com/booklore-app/booklore/pkgs/container/booklore - https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -32,5 +29,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory # renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.3.0 appVersion: v2.2.1

4
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -8,8 +8,8 @@ booklore:
containers: containers:
main: main:
image: image:
repository: ghcr.io/grimmory-tools/grimmory repository: ghcr.io/booklore-app/booklore
tag: v2.3.0 tag: v2.2.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cilium - name: cilium
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
version: 1.19.1 version: 1.18.6
digest: sha256:bf5e8b3233c18bdb9409bb98c9a7ea4114e0e04e8489a49fdb2d29ded0cfa429 digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
generated: "2026-03-22T03:40:43.419786988Z" generated: "2026-02-05T12:00:20.15778-06:00"

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cilium - name: cilium
version: 1.19.1 version: 1.18.6
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.4 appVersion: 1.3.3

4
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.4 tag: 1.3.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"] command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"] args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.4 tag: 1.3.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"] command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"] args: ["sidekiq"]

6
clusters/cl01tl/helm/decluttarr/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
generated: "2026-02-23T22:08:42.516245-06:00"

20
clusters/cl01tl/helm/decluttarr/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: decluttarr
version: 1.0.0
description: decluttarr
keywords:
- decluttarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/ManiMatter/decluttarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: decluttarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
appVersion: v2.0.0

21
clusters/cl01tl/helm/decluttarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: decluttarr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: decluttarr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/decluttarr/config
metadataPolicy: None
property: config.yaml

32
clusters/cl01tl/helm/decluttarr/values.yaml Normal file
View File

@@ -0,0 +1,32 @@
decluttarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/manimatter/decluttarr
tag: v2.0.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
config:
enabled: true
type: secret
name: decluttarr-config-secret
advancedMounts:
main:
main:
- path: /app/config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml

22
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -34,7 +34,27 @@ eraser:
request: request:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
config: "" config: "" # |
# cacheDir: /var/lib/trivy
# dbRepo: ghcr.io/aquasecurity/trivy-db
# deleteFailedImages: true
# deleteEOLImages: true
# vulnerabilities:
# ignoreUnfixed: true
# types:
# - os
# - library
# securityChecks:
# - vuln
# severities:
# - CRITICAL
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover: remover:
request: request:
cpu: 10m cpu: 10m

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.2.0 version: 2.1.0
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4 digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-20T20:53:08.407747649Z" generated: "2026-03-07T18:02:23.908145348Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
version: 2.2.0 version: 2.1.0
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0 appVersion: v2.1.0

2
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -34,7 +34,7 @@ garage:
debug: debug:
image: image:
repository: ubuntu repository: ubuntu
tag: resolute-20260312 tag: resolute-20260108
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- "sleep" - "sleep"

9
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -191,9 +191,6 @@ gatus:
- name: excalidraw - name: excalidraw
url: https://excalidraw.alexlebens.net url: https://excalidraw.alexlebens.net
<<: *defaults <<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea - name: gitea
url: https://gitea.alexlebens.net url: https://gitea.alexlebens.net
<<: *defaults <<: *defaults
@@ -230,9 +227,6 @@ gatus:
- name: jellystat - name: jellystat
url: https://jellystat.alexlebens.net url: https://jellystat.alexlebens.net
<<: *defaults <<: *defaults
- name: medialyze
url: https://medialyze.alexlebens.net
<<: *defaults
- name: authentik - name: authentik
url: https://authentik.alexlebens.net url: https://authentik.alexlebens.net
<<: *defaults <<: *defaults
@@ -307,9 +301,6 @@ gatus:
- name: tdarr - name: tdarr
url: https://tdarr.alexlebens.net url: https://tdarr.alexlebens.net
<<: *defaults <<: *defaults
- name: houndarr
url: https://houndarr.alexlebens.net
<<: *defaults
- name: sonarr - name: sonarr
url: http://sonarr.sonarr:80 url: http://sonarr.sonarr:80
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24 version: 0.20.21
digest: sha256:36bf651c24198d299458046aaf449e9fb50942e1143389092a746357d402b731 digest: sha256:4f1359a01b8b85722ab1805426a86f3ea64d0134513ce14fe9c55f3f918a21fb
generated: "2026-03-20T01:18:36.687250976Z" generated: "2026-03-09T23:02:42.799515974Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24 version: 0.20.21
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0 version: 0.27.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3 digest: sha256:095caf06888cd4663eb5d389399ebad167861007b604016fc4907308474558ab
generated: "2026-03-16T15:56:55.197735783Z" generated: "2026-03-15T20:05:41.388335307Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -33,7 +33,7 @@ dependencies:
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
version: 0.28.0 version: 0.27.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

6
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 5.22.2 version: 5.22.1
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2 digest: sha256:9cbba52d093e40b20917af87263e1fb0e478912440f660543f3527e70452edc7
generated: "2026-03-18T10:04:15.165729555Z" generated: "2026-03-15T20:05:59.855514102Z"

4
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
version: 5.22.2 version: 5.22.1
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator # renovate: datasource=github-releases depName=grafana/grafana-operator
appVersion: v5.22.2 appVersion: v5.22.1

6
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -362,10 +362,10 @@ spec:
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard
metadata: metadata:
name: grafana-dashboard-tdarr name: grafana-dashboard-trivy
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-tdarr app.kubernetes.io/name: grafana-dashboard-trivy
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -375,7 +375,7 @@ spec:
contentCacheDuration: 1h contentCacheDuration: 1h
folderUID: grafana-folder-service folderUID: grafana-folder-service
resyncPeriod: 1h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/trivy.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: harbor - name: harbor
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
version: 1.18.3 version: 1.18.2
- name: postgres-cluster - name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.10.0 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
generated: "2026-03-19T04:16:54.362332682Z" generated: "2026-03-15T20:06:13.615175051Z"

4
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: harbor - name: harbor
version: 1.18.3 version: 1.18.2
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0 appVersion: v2.14.3

12
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -41,12 +41,12 @@ harbor:
portal: portal:
image: image:
repository: goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.15.0 tag: v2.14.3
replicas: 2 replicas: 2
core: core:
image: image:
repository: goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.15.0 tag: v2.14.3
replicas: 2 replicas: 2
existingSecret: harbor-secret existingSecret: harbor-secret
secretName: harbor-secret secretName: harbor-secret
@@ -54,7 +54,7 @@ harbor:
jobservice: jobservice:
image: image:
repository: goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.15.0 tag: v2.14.3
replicas: 2 replicas: 2
jobLoggers: jobLoggers:
- stdout - stdout
@@ -63,11 +63,11 @@ harbor:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.15.0 tag: v2.14.3
controller: controller:
image: image:
repository: goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.15.0 tag: v2.14.3
existingSecret: harbor-secret existingSecret: harbor-secret
relativeurls: true relativeurls: true
credentials: credentials:
@@ -94,7 +94,7 @@ harbor:
exporter: exporter:
image: image:
repository: goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.15.0 tag: v2.14.3
replicas: 2 replicas: 2
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery

3
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -25,6 +25,9 @@ headlamp:
- name: cert-manager - name: cert-manager
source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
version: 0.1.0 version: 0.1.0
- name: trivy
source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
version: 0.3.1
- name: external-secrets-operator - name: external-secrets-operator
source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator source: https://artifacthub.io/packages/headlamp/external-secrets-operator-headlamp-plugin/external-secrets-operator
version: 0.1.0-beta7 version: 0.1.0-beta7

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core # renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.3 appVersion: 2026.3.1

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.3 tag: 2026.3.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

23
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -204,7 +204,7 @@ homepage:
statusStyle: dot statusStyle: dot
- Books: - Books:
icon: sh-booklore.webp icon: sh-booklore.webp
description: Grimmory description: Booklore
href: https://booklore.alexlebens.net href: https://booklore.alexlebens.net
siteMonitor: http://booklore.booklore:80 siteMonitor: http://booklore.booklore:80
statusStyle: dot statusStyle: dot
@@ -477,12 +477,6 @@ homepage:
href: https://jellystat.alexlebens.net href: https://jellystat.alexlebens.net
siteMonitor: http://jellystat.jellystat:80 siteMonitor: http://jellystat.jellystat:80
statusStyle: dot statusStyle: dot
- MediaLyze:
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
description: Jellyfin Media Monitoring
href: https://medialyze.alexlebens.net
siteMonitor: http://medialyze.medialyze:80
statusStyle: dot
- Services: - Services:
- Auth (Public): - Auth (Public):
icon: sh-authentik.webp icon: sh-authentik.webp
@@ -633,12 +627,6 @@ homepage:
href: https://bazarr.alexlebens.net href: https://bazarr.alexlebens.net
siteMonitor: http://bazarr.bazarr:80 siteMonitor: http://bazarr.bazarr:80
statusStyle: dot statusStyle: dot
- Houndarr:
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
description: Media Searches
href: https://houndarr.alexlebens.net
siteMonitor: http://houndarr.houndarr:80
statusStyle: dot
- Tdarr: - Tdarr:
icon: sh-tdarr.webp icon: sh-tdarr.webp
description: Media transcoding and health checks description: Media transcoding and health checks
@@ -786,6 +774,9 @@ homepage:
- Digital Ocean: - Digital Ocean:
- abbr: DO - abbr: DO
href: https://www.digitalocean.com/ href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare: - Cloudflare:
- abbr: CF - abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768 href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
@@ -795,12 +786,12 @@ homepage:
- ProtonVPN: - ProtonVPN:
- abbr: PV - abbr: PV
href: https://account.protonvpn.com/ href: https://account.protonvpn.com/
- AirVPN:
- abbr: AV
href: https://airvpn.org/
- Unifi: - Unifi:
- abbr: UF - abbr: UF
href: https://unifi.ui.com/ href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha: - ReCaptcha:
- abbr: RC - abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587 href: https://www.google.com/recaptcha/admin/site/698983587

9
clusters/cl01tl/helm/houndarr/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:375d6c2eb2f097717c44c5a28cb162da24f4ff154a971e5a68ccd0e0b77e936f
generated: "2026-03-21T22:31:01.142752-05:00"

25
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: v2
name: houndarr
version: 1.0.0
description: Houndarr
keywords:
- houndarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/av1155/houndarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: houndarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.0

84
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -1,84 +0,0 @@
houndarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.6.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: HOUNDARR_SECURE_COOKIES
value: true
- name: HOUNDARR_TRUSTED_PROXIES
value: 10.96.0.0/12
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8877
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- houndarr.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: houndarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: houndarr-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
main:
main:
- path: /data
readOnly: false
volsync-target-data:
pvcTarget: houndarr-data
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 40 11 * * *
remote:
enabled: true
schedule: 40 12 * * *
external:
enabled: true
schedule: 40 14 * * *

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.1 appVersion: v2.5.6

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-server repository: ghcr.io/immich-app/immich-server
tag: v2.6.1 tag: v2.5.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0 version: 0.27.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:57b007c6e19dda1300f5025332d9e8104bfb9a50cd7124260bfa68ce2432628b digest: sha256:ca384647a640ae717ac874a2627f00ac9a1e5c97ff5eeb8f326ebdd471ab1623
generated: "2026-03-16T15:57:13.466372254Z" generated: "2026-03-09T15:04:08.648165537Z"

2
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.28.0 version: 0.27.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config

6
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0 version: 0.27.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:49e37e17dc859927048c6474ce27cb063a020f291d6d2d24876d0427eddc3656 digest: sha256:75f92316d4b6229d00e3dfa39ed5026ad39a28f833321cd3887a2048cdac34c7
generated: "2026-03-16T15:57:28.156797159Z" generated: "2026-03-09T22:04:48.630821646Z"

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.28.0 version: 0.27.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.13.0 version: 82.10.3
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:1d90bebd9c0afd20f8ff780edd15da18b20f89cf35fd85832d6d8d44b2e0544b digest: sha256:37ffa4a21ed29703cae9c9f3fb029566a1dd6af6e0fe8cc3862a2226d6644114
generated: "2026-03-20T18:02:38.368086545Z" generated: "2026-03-10T19:02:41.11005238Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.13.0 version: 82.10.3
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0 appVersion: v0.89.0

9
clusters/cl01tl/helm/languagetool/Chart.lock
View File

@@ -1,9 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:cb14506ada77add5ffcb93d38763e2a5c962312e5754618265d15c4361fea783
generated: "2026-03-20T17:49:46.393059-05:00"

27
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: v2
name: languagetool
version: 1.0.0
description: LanguageTool
keywords:
- languagetool
- spellchecking
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/languagetool-org/languagetool
- https://github.com/Erikvl87/docker-languagetool
- https://hub.docker.com/r/erikvl87/languagetool
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: languagetool
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

76
clusters/cl01tl/helm/languagetool/values.yaml
View File

@@ -1,76 +0,0 @@
languagetool:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: erikvl87/languagetool
tag: 6.7
pullPolicy: IfNotPresent
env:
- name: langtool_languageModel
value: /ngrams
- name: Java_Xms
value: 512m
- name: Java_Xmx
value: 1g
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8010
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- languagetool.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: languagetool
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: languagetool-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /ngrams
readOnly: false
volsync-target-data:
pvcTarget: languagetool-data
local:
enabled: true
schedule: 38 11 * * *
remote:
enabled: true
schedule: 38 12 * * *
external:
enabled: true
schedule: 38 14 * * *

2
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation # renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.2 appVersion: 13.3.0

4
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -16,7 +16,7 @@ libation:
main: main:
image: image:
repository: rmcrackan/libation repository: rmcrackan/libation
tag: 13.3.2 tag: 13.3.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SLEEP_TIME - name: SLEEP_TIME
@@ -35,7 +35,7 @@ libation:
main: main:
image: image:
repository: ubuntu repository: ubuntu
tag: resolute-20260312 tag: resolute-20260108
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- "sleep" - "sleep"

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -15,7 +15,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:034055feee43b11eb2f7a8438a9af1c99ab564dd2b43e5df2fe5b3c9b3b8b1ac tag: 3.1.2-nightly@sha256:2b1b64f07214c6cf05bcfed999aa74ee23825e4bc2ef2c48aba1cd5d5bf968fe
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/medialyze/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:17ac9bc0cc2eac395c630c22ab095e3e34e5d75a34523c3f39629ca1c56ecbc8
generated: "2026-03-17T17:46:15.885193-05:00"

22
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: medialyze
version: 1.0.0
description: MediaLyze
keywords:
- medialyze
- jellyfin
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/frederikemmer/MediaLyze
- https://github.com/frederikemmer/MediaLyze/pkgs/container/medialyze
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: medialyze
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.2.3

17
clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: medialyze-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: medialyze-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: medialyze-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: medialyze-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: medialyze-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

85
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -1,85 +0,0 @@
medialyze:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/frederikemmer/medialyze
tag: 0.2.3
pullPolicy: IfNotPresent
env:
- name: HOST_PORT
value: 8080
- name: SCAN_RUNTIME_WORKER_COUNT
value: 2
- name: TZ
value: America/Chicago
- name: MEDIA_HOST_DIR
value: /media
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- medialyze.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: medialyze
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: medialyze-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
media:
existingClaim: medialyze-nfs-storage
advancedMounts:
main:
main:
- path: /media
readOnly: true
volsync-target-data:
pvcTarget: medialyze-data
local:
enabled: true
schedule: 36 11 * * *
remote:
enabled: true
schedule: 36 12 * * *
external:
enabled: true
schedule: 36 14 * * *

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,27 +60,20 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: proton-email
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: preshared-key property: email
- secretKey: addresses - secretKey: proton-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: addresses property: password
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

134
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main: main:
image: image:
repository: g33kphr33k/musicgrabber repository: g33kphr33k/musicgrabber
tag: 2.5.0 tag: 2.4.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MUSIC_DIR - name: MUSIC_DIR
@@ -50,72 +50,72 @@ music-grabber:
requests: requests:
cpu: 10m cpu: 10m
memory: 512Mi memory: 512Mi
# gluetun: gluetun:
# image: image:
# repository: ghcr.io/qdm12/gluetun repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# lifecycle: lifecycle:
# postStart: postStart:
# exec: exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env: env:
# - name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
# value: airvpn value: protonvpn
# - name: VPN_TYPE - name: VPN_TYPE
# value: wireguard value: wireguard
# - name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: private-key key: private-key
# - name: WIREGUARD_PRESHARED_KEY - name: UPDATER_PROTONVPN_EMAIL
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: preshared-key key: proton-email
# - name: WIREGUARD_ADDRESSES - name: UPDATER_PROTONVPN_PASSWORD
# valueFrom: valueFrom:
# secretKeyRef: secretKeyRef:
# name: music-grabber-wireguard-conf name: music-grabber-wireguard-conf
# key: addresses key: proton-password
# - name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8 value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
# value: 8080 value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot value: dot
# - name: HTTPPROXY - name: HTTPPROXY
# value: "off" value: "off"
# - name: SHADOWSOCKS - name: SHADOWSOCKS
# value: "off" value: "off"
# securityContext: securityContext:
# privileged: True privileged: True
# capabilities: capabilities:
# add: add:
# - NET_ADMIN - NET_ADMIN
# - SYS_MODULE - SYS_MODULE
# probes: probes:
# liveness: liveness:
# enabled: true enabled: true
# custom: true custom: true
# spec: spec:
# exec: exec:
# command: command:
# - /gluetun-entrypoint - /gluetun-entrypoint
# - healthcheck - healthcheck
# failureThreshold: 5 failureThreshold: 5
# initialDelaySeconds: 30 initialDelaySeconds: 30
# periodSeconds: 30 periodSeconds: 30
# successThreshold: 1 successThreshold: 1
# timeoutSeconds: 15 timeoutSeconds: 15
# resources: resources:
# limits: limits:
# devic.es/tun: "1" devic.es/tun: "1"
# requests: requests:
# devic.es/tun: "1" devic.es/tun: "1"
# cpu: 10m cpu: 10m
# memory: 128Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main

2
clusters/cl01tl/helm/ntfy/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
# renovate: datasource=github-releases depName=binwiederhier/ntfy # renovate: datasource=github-releases depName=binwiederhier/ntfy
appVersion: 2.19.2 appVersion: 2.18.0

2
clusters/cl01tl/helm/ntfy/values.yaml
View File

@@ -9,7 +9,7 @@ ntfy:
main: main:
image: image:
repository: binwiederhier/ntfy repository: binwiederhier/ntfy
tag: v2.19.2 tag: v2.18.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
args: ["serve"] args: ["serve"]
env: env:

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.18.2 appVersion: 0.18.0

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.18.2 tag: 0.18.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.18.2 tag: 0.18.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.18.2 tag: 0.18.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE

2
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -39,4 +39,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
# renovate: datasource=github-releases depName=outline/outline # renovate: datasource=github-releases depName=outline/outline
appVersion: 1.6.1 appVersion: 1.6.0

2
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -12,7 +12,7 @@ outline:
main: main:
image: image:
repository: outlinewiki/outline repository: outlinewiki/outline
tag: 1.6.1 tag: 1.5.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: NODE_ENV - name: NODE_ENV

3
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -9,7 +9,7 @@ plex:
main: main:
image: image:
repository: ghcr.io/linuxserver/plex repository: ghcr.io/linuxserver/plex
tag: 1.43.0@sha256:a27f1ce1e1d14cd3627ed217f042bf8de0f796ed274fb27b2dc971ae22a64b95 tag: 1.43.0@sha256:79dfc89947410ec120a3e34cf68f746f6f154de20772e6f27b9998ca9bd65a5e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -26,7 +26,6 @@ plex:
service: service:
main: main:
controller: main controller: main
type: LoadBalancer
ports: ports:
http: http:
port: 32400 port: 32400

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
# renovate: datasource=github-releases depName=gitroomhq/postiz-app # renovate: datasource=github-releases depName=gitroomhq/postiz-app
appVersion: v2.21.0 appVersion: v2.20.2

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main: main:
image: image:
repository: ghcr.io/gitroomhq/postiz-app repository: ghcr.io/gitroomhq/postiz-app
tag: v2.21.0 tag: v2.20.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MAIN_URL - name: MAIN_URL

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.0 version: 27.0.0
digest: sha256:82e19c59373b1dd1a854a4e5699c7b864cfbb96e58a065f53ad76e64d7109cff digest: sha256:ab76a45fb53268d4afdad507277c244af11c50344e50a24799182bbd9757258d
generated: "2026-03-19T22:02:57.659253727Z" generated: "2026-02-06T14:05:22.069162277Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 28.0.0 version: 27.0.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0 appVersion: v0.89.0

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,30 +16,23 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: proton-email
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: preshared-key property: email
- secretKey: addresses - secretKey: proton-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: addresses property: password
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1

25
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: airvpn value: protonvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
@@ -64,29 +64,28 @@ qbittorrent:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: private-key key: private-key
- name: WIREGUARD_PRESHARED_KEY - name: UPDATER_PROTONVPN_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: preshared-key key: proton-email
- name: WIREGUARD_ADDRESSES - name: UPDATER_PROTONVPN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: qbittorrent-wireguard-conf name: qbittorrent-wireguard-conf
key: addresses key: proton-password
- name: FIREWALL_VPN_INPUT_PORTS - name: VPN_PORT_FORWARDING
valueFrom: value: "on"
secretKeyRef: - name: VPN_PORT_FORWARDING_UP_COMMAND
name: qbittorrent-wireguard-conf value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
key: input-ports - name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16 value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: 8080,9022 value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY - name: HTTPPROXY
value: "off" value: "off"
- name: SHADOWSOCKS - name: SHADOWSOCKS
@@ -217,7 +216,7 @@ qbittorrent:
qui: qui:
image: image:
repository: ghcr.io/autobrr/qui repository: ghcr.io/autobrr/qui
tag: v1.15.0 tag: v1.14.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: QUI__METRICS_ENABLED - name: QUI__METRICS_ENABLED

2
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
# renovate: datasource=github-releases depName=roundcube/roundcubemail # renovate: datasource=github-releases depName=roundcube/roundcubemail
appVersion: 1.6.14 appVersion: 1.6.13

4
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -9,7 +9,7 @@ roundcube:
main: main:
image: image:
repository: roundcube/roundcubemail repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: ROUNDCUBEMAIL_DB_TYPE - name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
backup: backup:
image: image:
repository: roundcube/roundcubemail repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: ROUNDCUBEMAIL_DB_TYPE - name: ROUNDCUBEMAIL_DB_TYPE

4
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -71,7 +71,7 @@ rybbit:
key: mapbox-token key: mapbox-token
probes: probes:
liveness: liveness:
enabled: false enabled: true
custom: true custom: true
spec: spec:
exec: exec:
@@ -122,7 +122,7 @@ rybbit:
main: main:
image: image:
repository: clickhouse/clickhouse-server repository: clickhouse/clickhouse-server
tag: 26.2.5 tag: 26.2.4
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: CLICKHOUSE_DB - name: CLICKHOUSE_DB

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:b6db575bb821d35279474090270db9e53e92432a66d19e7da51c0ef1b5ddb806 tag: latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:b6db575bb821d35279474090270db9e53e92432a66d19e7da51c0ef1b5ddb806 tag: latest@sha256:174f6a8498d88d2d98c265a952c2d552859bf315cd505746d1c0d4fbec37952f
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark # renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.2.1 appVersion: v1.2.0

2
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -9,7 +9,7 @@ shelfmark:
main: main:
image: image:
repository: ghcr.io/calibrain/shelfmark repository: ghcr.io/calibrain/shelfmark
tag: v1.2.1 tag: v1.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: FLASK_PORT - name: FLASK_PORT

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.3.0 tag: 0.2.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.15.1 tag: 3.12.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,27 +62,20 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
- secretKey: preshared-key - secretKey: proton-email
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: preshared-key property: email
- secretKey: addresses - secretKey: proton-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /airvpn/conf/cl01tl key: /protonvpn/conf/cl01tl
metadataPolicy: None metadataPolicy: None
property: addresses property: password
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

21
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,7 +54,7 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env: env:
- name: VPN_SERVICE_PROVIDER - name: VPN_SERVICE_PROVIDER
value: airvpn value: protonvpn
- name: VPN_TYPE - name: VPN_TYPE
value: wireguard value: wireguard
- name: WIREGUARD_PRIVATE_KEY - name: WIREGUARD_PRIVATE_KEY
@@ -62,29 +62,26 @@ slskd:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: slskd-wireguard-conf
key: private-key key: private-key
- name: WIREGUARD_PRESHARED_KEY - name: UPDATER_PROTONVPN_EMAIL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: slskd-wireguard-conf
key: preshared-key key: proton-email
- name: WIREGUARD_ADDRESSES - name: UPDATER_PROTONVPN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: slskd-wireguard-conf name: slskd-wireguard-conf
key: addresses key: proton-password
- name: FIREWALL_VPN_INPUT_PORTS - name: VPN_PORT_FORWARDING
valueFrom: value: "on"
secretKeyRef: - name: PORT_FORWARD_ONLY
name: slskd-wireguard-conf value: "on"
key: input-ports
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16 value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: 5030,50300 value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE - name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY - name: HTTPPROXY
value: "off" value: "off"
- name: SHADOWSOCKS - name: SHADOWSOCKS

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2 tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2 tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/sonarr repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2 tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale # renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.3 appVersion: v1.94.2

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -69,7 +69,7 @@ etcd-backup:
s3-prune: s3-prune:
image: image:
repository: d3fk/s3cmd repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -155,7 +155,7 @@ etcd-backup:
s3-prune: s3-prune:
image: image:
repository: d3fk/s3cmd repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
@@ -241,7 +241,7 @@ etcd-backup:
s3-prune: s3-prune:
image: image:
repository: d3fk/s3cmd repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh

Some files were not shown because too many files have changed in this diff Show More