alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:renovate/docker.io-postgres-18.x
Branches Tags
alexlebens:main alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/php-8.x alexlebens:manifests
..
compare: alexlebens:2197b2c12ec94d899dd01efaa11307ea670d4ae9
Branches Tags
alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/php-8.x alexlebens:manifests alexlebens:main

1 Commits
renovate/d ... 2197b2c12e

Author SHA1 Message Date
Renovate Bot
2197b2c12e Update php Docker tag to v8.5.0
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
2025-12-07 03:15:58 +00:00
20 changed files with 61 additions and 89 deletions
Expand all files Collapse all files

18
.gitea/workflows/lint-test-docker.yaml
View File

@@ -6,14 +6,12 @@ on:
- main - main
paths: paths:
- 'hosts/**' - 'hosts/**'
- '!clusters/**'
push: push:
branches: branches:
- main - main
paths: paths:
- 'hosts/**' - 'hosts/**'
- '!clusters/**'
env: env:
BASE_BRANCH: "origin/${{ gitea.base_ref }}" BASE_BRANCH: "origin/${{ gitea.base_ref }}"
@@ -38,20 +36,14 @@ jobs:
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ ${{ github.event_name == 'push' }} ]; then echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo "----" echo "----"
echo "exists=true" >> $GITEA_OUTPUT echo "exists=true" >> $GITEA_OUTPUT
- name: Set up Node.js - name: Set up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.check-branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v6 uses: actions/setup-node@v6
with: with:
node-version: '24' node-version: '24'
@@ -81,7 +73,7 @@ jobs:
for path in $GIT_DIFF; do for path in $GIT_DIFF; do
CHANGED_COMPOSE+=$(echo "$path") CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ") RENDER_DIR+=$(echo " ")
done done
else else
@@ -106,14 +98,14 @@ jobs:
fi fi
- name: Lint Docker Compose - name: Lint Docker Compose
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-branch-exists.outputs.exists == 'true'
env: env:
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }} CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
run: | run: |
echo ">> Running dclint on changed compose files:" echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE" echo "$CHANGED_COMPOSE"
for compose in $CHANGED_COMPOSE; do echo "$CHANGED_COMPOSE" | while read -r compose; do
echo ">> Linting $compose ..." echo ">> Linting $compose ..."
npx dclint $compose npx dclint $compose
done done

13
.gitea/workflows/lint-test-helm.yaml
View File

@@ -6,14 +6,12 @@ on:
- main - main
paths: paths:
- 'clusters/cl01tl/helm/**' - 'clusters/cl01tl/helm/**'
- '!hosts/**'
push: push:
branches: branches:
- main - main
paths: paths:
- 'clusters/cl01tl/helm/**' - 'clusters/cl01tl/helm/**'
- '!hosts/**'
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -39,13 +37,7 @@ jobs:
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ ${{ github.event_name == 'push' }} ]; then echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo "----" echo "----"
@@ -69,7 +61,6 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then if [ "${{ github.event_name }}" == "pull_request" ]; then
echo "" echo ""
echo ">> Checking for changes in a pull request ..." echo ">> Checking for changes in a pull request ..."
git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+"
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+") GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
else else
echo "" echo ""
@@ -84,7 +75,7 @@ jobs:
for path in $GIT_DIFF; do for path in $GIT_DIFF; do
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}') CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo " ") RENDER_DIR+=$(echo " ")
done done
else else

4
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -60,7 +60,7 @@ argo-cd:
enabled: true enabled: true
auth: false auth: false
redisSecretInit: redisSecretInit:
enabled: false enabled: true
server: server:
replicas: 2 replicas: 2
extensions: extensions:
@@ -279,7 +279,7 @@ argo-cd:
- description: Application has degraded - description: Application has degraded
send: send:
- app-health-degraded - app-health-degraded
when: app.status.health.status == 'Degraded' when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15
trigger.on-sync-failed: | trigger.on-sync-failed: |
- description: Application syncing has failed - description: Application syncing has failed
send: send:

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v1.13.2 tag: v1.13.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

74
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -140,9 +140,6 @@ gatus:
- name: audiobookshelf - name: audiobookshelf
url: https://audiobookshelf.alexlebens.net url: https://audiobookshelf.alexlebens.net
<<: *defaults <<: *defaults
- name: booklore
url: https://booklore.alexlebens.net
<<: *defaults
- name: home-assistant - name: home-assistant
url: https://home-assistant.alexlebens.net url: https://home-assistant.alexlebens.net
<<: *defaults <<: *defaults
@@ -179,11 +176,6 @@ gatus:
- name: n8n - name: n8n
url: https://n8n.alexlebens.net url: https://n8n.alexlebens.net
<<: *defaults <<: *defaults
- name: kronic
url: https://kronic.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: omni-tools - name: omni-tools
url: https://omni-tools.alexlebens.net url: https://omni-tools.alexlebens.net
<<: *defaults <<: *defaults
@@ -253,9 +245,6 @@ gatus:
- name: ceph - name: ceph
url: https://ceph.alexlebens.net url: https://ceph.alexlebens.net
<<: *defaults <<: *defaults
- name: garage
url: https://garage-webui.alexlebens.net
<<: *defaults
- name: pgadmin - name: pgadmin
url: https://pgadmin.alexlebens.net url: https://pgadmin.alexlebens.net
<<: *defaults <<: *defaults
@@ -265,29 +254,6 @@ gatus:
- name: vault - name: vault
url: https://vault.alexlebens.net url: https://vault.alexlebens.net
<<: *defaults <<: *defaults
- name: backrest
url: https://backrest.alexlebens.net
<<: *defaults
- name: qui
url: https://qui.alexlebens.net
<<: *defaults
- name: qbittorrent
url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: sonarr - name: sonarr
url: https://sonarr.alexlebens.net url: https://sonarr.alexlebens.net
<<: *defaults <<: *defaults
@@ -318,11 +284,25 @@ gatus:
- name: slskd - name: slskd
url: https://slskd.alexlebens.net url: https://slskd.alexlebens.net
<<: *defaults <<: *defaults
- name: ephemera - name: qui
url: https://ephemera.alexlebens.net url: https://qui.alexlebens.net
<<: *defaults <<: *defaults
- name: listenarr - name: qbittorrent
url: https://listenarr.alexlebens.net url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults <<: *defaults
- name: www - name: www
url: https://www.alexlebens.dev url: https://www.alexlebens.dev
@@ -367,14 +347,24 @@ gatus:
url: https://codeserver.alexlebens.dev url: https://codeserver.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults
group: external
- name: public homepage - name: public homepage
url: https://home.alexlebens.dev url: https://home.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: discord
group: public
url: https://discord.com/app
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
- name: reddit
group: public
url: https://reddit.com
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: recovery
cluster: cluster:

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5 version: 0.20.4
digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6 digest: sha256:4aa24e57233783f99d3de453f997ff4dddecaea729ab09b78745ee89ffa0e4a8
generated: "2025-12-08T03:02:06.697075532Z" generated: "2025-12-06T01:01:30.343689275Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5 version: 0.20.4
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

2
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -12,6 +12,8 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
matchExpressions:
- { key: app.kubernetes.io/controller, operator: NotIn, values: [backup] }
endpoints: endpoints:
- port: http - port: http

3
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -174,9 +174,6 @@ gitea-actions:
backup: backup:
global: global:
fullnameOverride: gitea-backup fullnameOverride: gitea-backup
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
controllers: controllers:
backup: backup:
type: cronjob type: cronjob

2
clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
View File

@@ -13,7 +13,7 @@ roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
subjects: subjects:
- kind: User - kind: User
name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com name: alexanderlebens@gmail.com
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount - kind: ServiceAccount
name: headlamp-admin name: headlamp-admin

4
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -40,14 +40,14 @@ spec:
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None metadataPolicy: None
property: scopes property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL - secretKey: OIDC_VALIDATOR_ISSUER_URL
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None metadataPolicy: None
property: validator-issuer-url property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID - secretKey: OIDC_VALIDATOR_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None

2
clusters/cl01tl/helm/kubelet-serving-cert-approver/values.yaml
View File

@@ -38,7 +38,7 @@ kubelet-serving-cert-approver:
main: main:
image: image:
repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
tag: 0.10.1 tag: 0.10.0
pullPolicy: Always pullPolicy: Always
args: args:
- serve - serve

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -28,7 +28,7 @@ qbittorrent:
qbittorrent: qbittorrent:
image: image:
repository: ghcr.io/linuxserver/qbittorrent repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4@sha256:043498de39c3dd63eec94360c5ad966a51271d1581070f42cb73ab0cf4776f29 tag: 5.1.4@sha256:f0465dbb2aa14397fd205a0240ee562eb062354c036ccc444084fe46c6c75091
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468 tag: latest@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:8354c2e3fdc4e400379c0fa906e42961dfc55a570d9769c70ab07e410dfb1468 tag: latest@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/shelly-plug/values.yaml
View File

@@ -36,7 +36,7 @@ shelly-plug:
main: main:
image: image:
repository: php repository: php
tag: 8.4.15-apache-bookworm tag: 8.5.0-apache-bookworm
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SHELLY_HOSTNAME - name: SHELLY_HOSTNAME

2
clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml
View File

@@ -26,7 +26,7 @@ spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 5Gi storage: 1Gi
redisExporter: redisExporter:
enabled: true enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0 image: quay.io/opstree/redis-exporter:v1.48.0

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps10rp/gitea/compose.yaml
View File

@@ -19,7 +19,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
postgresql: postgresql:
image: docker.io/postgres:18.1-alpine3.21 image: docker.io/postgres:17.7-alpine3.21
container_name: gitea-postgres container_name: gitea-postgres
env_file: env_file:
- .env - .env

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"