alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:renovate/docker.io-postgres-18.x
Branches Tags
alexlebens:main alexlebens:renovate/docker.io-postgres-18.x alexlebens:manifests alexlebens:renovate/php-8.x
..
compare: alexlebens:8b1434811bfc621c2cf5c8032908492c85b8ef85
Branches Tags
alexlebens:renovate/docker.io-postgres-18.x alexlebens:manifests alexlebens:main alexlebens:renovate/php-8.x

1 Commits
renovate/d ... 8b1434811b

Author SHA1 Message Date
Renovate Bot
8b1434811b Update ghcr.io/alex1989hu/kubelet-serving-cert-approver Docker tag to v0.10.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
render-manifests-merge / render-manifests-merge (pull_request) Has been skipped
Details
render-manifests-automerge / render-manifests-automerge (pull_request) Successful in 49s
Details
2025-12-07 03:01:30 +00:00
39 changed files with 133 additions and 365 deletions
Expand all files Collapse all files

21
.gitea/workflows/lint-test-docker.yaml
View File

@@ -6,14 +6,12 @@ on:
- main - main
paths: paths:
- 'hosts/**' - 'hosts/**'
- '!clusters/**'
push: push:
branches: branches:
- main - main
paths: paths:
- 'hosts/**' - 'hosts/**'
- '!clusters/**'
env: env:
BASE_BRANCH: "origin/${{ gitea.base_ref }}" BASE_BRANCH: "origin/${{ gitea.base_ref }}"
@@ -38,20 +36,14 @@ jobs:
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ ${{ github.event_name == 'push' }} ]; then echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo "----" echo "----"
echo "exists=true" >> $GITEA_OUTPUT echo "exists=true" >> $GITEA_OUTPUT
- name: Set up Node.js - name: Set up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.check-branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v6 uses: actions/setup-node@v6
with: with:
node-version: '24' node-version: '24'
@@ -81,7 +73,6 @@ jobs:
for path in $GIT_DIFF; do for path in $GIT_DIFF; do
CHANGED_COMPOSE+=$(echo "$path") CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
done done
else else
@@ -93,27 +84,27 @@ jobs:
if [ -n "${CHANGED_COMPOSE}" ]; then if [ -n "${CHANGED_COMPOSE}" ]; then
echo "" echo ""
echo ">> Compose to Lint:" echo ">> Compose to Lint:"
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
echo "compose-dir<<EOF" >> $GITEA_OUTPUT echo "compose-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT echo "$(echo "${CHANGED_COMPOSE[@]}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT echo "EOF" >> $GITEA_OUTPUT
else else
echo "changes-detected=false" >> $GITEA_OUTPUT echo "changes-detected=false" >> $GITEA_OUTPUT
fi fi
- name: Lint Docker Compose - name: Lint Docker Compose
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-branch-exists.outputs.exists == 'true'
env: env:
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }} CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
run: | run: |
echo ">> Running dclint on changed compose files:" echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE" echo "$CHANGED_COMPOSE"
for compose in $CHANGED_COMPOSE; do echo "$CHANGED_COMPOSE" | while read -r compose; do
echo ">> Linting $compose ..." echo ">> Linting $compose ..."
npx dclint $compose npx dclint $compose
done done

18
.gitea/workflows/lint-test-helm.yaml
View File

@@ -6,14 +6,12 @@ on:
- main - main
paths: paths:
- 'clusters/cl01tl/helm/**' - 'clusters/cl01tl/helm/**'
- '!hosts/**'
push: push:
branches: branches:
- main - main
paths: paths:
- 'clusters/cl01tl/helm/**' - 'clusters/cl01tl/helm/**'
- '!hosts/**'
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -39,13 +37,7 @@ jobs:
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ ${{ github.event_name == 'push' }} ]; then echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo "----" echo "----"
@@ -56,7 +48,7 @@ jobs:
uses: azure/setup-helm@v4 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
version: v3.19.2 version: v3
- name: Check Directories for Changes - name: Check Directories for Changes
id: check-dir-changes id: check-dir-changes
@@ -69,7 +61,6 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then if [ "${{ github.event_name }}" == "pull_request" ]; then
echo "" echo ""
echo ">> Checking for changes in a pull request ..." echo ">> Checking for changes in a pull request ..."
git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+"
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+") GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
else else
echo "" echo ""
@@ -84,7 +75,6 @@ jobs:
for path in $GIT_DIFF; do for path in $GIT_DIFF; do
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}') CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo " ")
done done
else else
@@ -96,13 +86,13 @@ jobs:
if [ -n "${CHANGED_CHARTS}" ]; then if [ -n "${CHANGED_CHARTS}" ]; then
echo "" echo ""
echo ">> Chart to Lint:" echo ">> Chart to Lint:"
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
echo "chart-dir<<EOF" >> $GITEA_OUTPUT echo "chart-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT echo "$(echo "${CHANGED_CHARTS[@]}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT echo "EOF" >> $GITEA_OUTPUT
else else
echo "changes-detected=false" >> $GITEA_OUTPUT echo "changes-detected=false" >> $GITEA_OUTPUT

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 0.46.1 version: 0.46.1
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.19 version: 2.4.18
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 6.16.1 version: 6.16.1
digest: sha256:1f98e04526d7b61fa9ee690c46542bcc2ae6b69bf7619e1107a1592386de9bf2 digest: sha256:6cc24f6ce2b7f67c2eeab9bb6f64ebfedc082a2e809fc1f03f691f99a3006143
generated: "2025-12-07T03:02:14.909953853Z" generated: "2025-12-04T01:01:06.532396136Z"

2
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 0.46.1 version: 0.46.1
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.19 version: 2.4.18
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster

4
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -60,7 +60,7 @@ argo-cd:
enabled: true enabled: true
auth: false auth: false
redisSecretInit: redisSecretInit:
enabled: false enabled: true
server: server:
replicas: 2 replicas: 2
extensions: extensions:
@@ -279,7 +279,7 @@ argo-cd:
- description: Application has degraded - description: Application has degraded
send: send:
- app-health-degraded - app-health-degraded
when: app.status.health.status == 'Degraded' when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15
trigger.on-sync-failed: | trigger.on-sync-failed: |
- description: Application syncing has failed - description: Application syncing has failed
send: send:

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -156,7 +156,6 @@ blocky:
radarr-anime IN CNAME traefik-cl01tl radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v1.13.2 tag: v1.13.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

77
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -125,9 +125,6 @@ gatus:
- name: overseerr - name: overseerr
url: https://overseerr.alexlebens.net url: https://overseerr.alexlebens.net
<<: *defaults <<: *defaults
- name: seerr
url: https://seerr.alexlebens.net
<<: *defaults
- name: yamtrack - name: yamtrack
url: https://yamtrack.alexlebens.net url: https://yamtrack.alexlebens.net
<<: *defaults <<: *defaults
@@ -143,9 +140,6 @@ gatus:
- name: audiobookshelf - name: audiobookshelf
url: https://audiobookshelf.alexlebens.net url: https://audiobookshelf.alexlebens.net
<<: *defaults <<: *defaults
- name: booklore
url: https://booklore.alexlebens.net
<<: *defaults
- name: home-assistant - name: home-assistant
url: https://home-assistant.alexlebens.net url: https://home-assistant.alexlebens.net
<<: *defaults <<: *defaults
@@ -182,11 +176,6 @@ gatus:
- name: n8n - name: n8n
url: https://n8n.alexlebens.net url: https://n8n.alexlebens.net
<<: *defaults <<: *defaults
- name: kronic
url: https://kronic.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: omni-tools - name: omni-tools
url: https://omni-tools.alexlebens.net url: https://omni-tools.alexlebens.net
<<: *defaults <<: *defaults
@@ -256,9 +245,6 @@ gatus:
- name: ceph - name: ceph
url: https://ceph.alexlebens.net url: https://ceph.alexlebens.net
<<: *defaults <<: *defaults
- name: garage
url: https://garage-webui.alexlebens.net
<<: *defaults
- name: pgadmin - name: pgadmin
url: https://pgadmin.alexlebens.net url: https://pgadmin.alexlebens.net
<<: *defaults <<: *defaults
@@ -268,29 +254,6 @@ gatus:
- name: vault - name: vault
url: https://vault.alexlebens.net url: https://vault.alexlebens.net
<<: *defaults <<: *defaults
- name: backrest
url: https://backrest.alexlebens.net
<<: *defaults
- name: qui
url: https://qui.alexlebens.net
<<: *defaults
- name: qbittorrent
url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults
- name: sonarr - name: sonarr
url: https://sonarr.alexlebens.net url: https://sonarr.alexlebens.net
<<: *defaults <<: *defaults
@@ -321,11 +284,25 @@ gatus:
- name: slskd - name: slskd
url: https://slskd.alexlebens.net url: https://slskd.alexlebens.net
<<: *defaults <<: *defaults
- name: ephemera - name: qui
url: https://ephemera.alexlebens.net url: https://qui.alexlebens.net
<<: *defaults <<: *defaults
- name: listenarr - name: qbittorrent
url: https://listenarr.alexlebens.net url: https://qbittorrent.alexlebens.net
<<: *defaults
- name: prowlarr
url: https://prowlarr.alexlebens.net
<<: *defaults
- name: bazarr
url: https://bazarr.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: huntarr
url: https://huntarr.alexlebens.net
<<: *defaults
- name: tdarr
url: https://tdarr.alexlebens.net
<<: *defaults <<: *defaults
- name: www - name: www
url: https://www.alexlebens.dev url: https://www.alexlebens.dev
@@ -370,14 +347,24 @@ gatus:
url: https://codeserver.alexlebens.dev url: https://codeserver.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults
group: external
- name: public homepage - name: public homepage
url: https://home.alexlebens.dev url: https://home.alexlebens.dev
<<: *defaults <<: *defaults
group: external group: external
- name: discord
group: public
url: https://discord.com/app
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
- name: reddit
group: public
url: https://reddit.com
conditions:
- "[STATUS] == 200"
- "[RESPONSE_TIME] < 400"
interval: 10s
postgres-17-cluster: postgres-17-cluster:
mode: recovery mode: recovery
cluster: cluster:

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5 version: 0.20.4
digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6 digest: sha256:4aa24e57233783f99d3de453f997ff4dddecaea729ab09b78745ee89ffa0e4a8
generated: "2025-12-08T03:02:06.697075532Z" generated: "2025-12-06T01:01:30.343689275Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.5 version: 0.20.4
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

2
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -12,6 +12,8 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
matchExpressions:
- { key: app.kubernetes.io/controller, operator: NotIn, values: [backup] }
endpoints: endpoints:
- port: http - port: http

3
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -174,9 +174,6 @@ gitea-actions:
backup: backup:
global: global:
fullnameOverride: gitea-backup fullnameOverride: gitea-backup
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
controllers: controllers:
backup: backup:
type: cronjob type: cronjob

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: harbor - name: harbor
version: 1.18.1 version: 1.18.0
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster

2
clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
View File

@@ -13,7 +13,7 @@ roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
subjects: subjects:
- kind: User - kind: User
name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com name: alexanderlebens@gmail.com
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount - kind: ServiceAccount
name: headlamp-admin name: headlamp-admin

4
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -40,14 +40,14 @@ spec:
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None metadataPolicy: None
property: scopes property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL - secretKey: OIDC_VALIDATOR_ISSUER_URL
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None metadataPolicy: None
property: validator-issuer-url property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID - secretKey: OIDC_VALIDATOR_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None

8
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -143,16 +143,10 @@ homepage:
statusStyle: dot statusStyle: dot
- Media Requests: - Media Requests:
icon: sh-overseerr.webp icon: sh-overseerr.webp
description: Overseerr description: Overseer
href: https://overseerr.alexlebens.net href: https://overseerr.alexlebens.net
siteMonitor: http://overseerr.overseerr:80 siteMonitor: http://overseerr.overseerr:80
statusStyle: dot statusStyle: dot
- Media Requests (New):
icon: sh-overseerr.webp
description: Seerr
href: https://seerr.alexlebens.net
siteMonitor: http://seerr-seerr-chart.seerr:80
statusStyle: dot
- Media Tracking: - Media Tracking:
icon: sh-yamtrack.webp icon: sh-yamtrack.webp
description: Yamtrack description: Yamtrack

6
clusters/cl01tl/helm/n8n/values.yaml
View File

@@ -9,7 +9,7 @@ n8n:
main: main:
image: image:
repository: ghcr.io/n8n-io/n8n repository: ghcr.io/n8n-io/n8n
tag: 1.123.3 tag: 1.123.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: GENERIC_TIMEZONE - name: GENERIC_TIMEZONE
@@ -93,7 +93,7 @@ n8n:
main: main:
image: image:
repository: ghcr.io/n8n-io/n8n repository: ghcr.io/n8n-io/n8n
tag: 1.123.3 tag: 1.123.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- n8n - n8n
@@ -188,7 +188,7 @@ n8n:
main: main:
image: image:
repository: ghcr.io/n8n-io/n8n repository: ghcr.io/n8n-io/n8n
tag: 1.123.3 tag: 1.123.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: command:
- n8n - n8n

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.13.2 tag: 0.13.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.13.2 tag: 0.13.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main: main:
image: image:
repository: ollama/ollama repository: ollama/ollama
tag: 0.13.2 tag: 0.13.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: OLLAMA_KEEP_ALIVE - name: OLLAMA_KEEP_ALIVE

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main: main:
image: image:
repository: ghcr.io/gitroomhq/postiz-app repository: ghcr.io/gitroomhq/postiz-app
tag: v2.10.1 tag: v2.9.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MAIN_URL - name: MAIN_URL

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -28,7 +28,7 @@ qbittorrent:
qbittorrent: qbittorrent:
image: image:
repository: ghcr.io/linuxserver/qbittorrent repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4@sha256:043498de39c3dd63eec94360c5ad966a51271d1581070f42cb73ab0cf4776f29 tag: 5.1.4@sha256:f0465dbb2aa14397fd205a0240ee562eb062354c036ccc444084fe46c6c75091
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

30
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -20,36 +20,6 @@ spec:
metadataPolicy: None metadataPolicy: None
property: private-key property: private-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: searxng-browser-metrics-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: searxng-browser-metrics-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: metrics-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-password
- secretKey: metrics-username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-username
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

11
clusters/cl01tl/helm/searxng/templates/namespace.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: searxng
labels:
app.kubernetes.io/name: searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

32
clusters/cl01tl/helm/searxng/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-searxng
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

21
clusters/cl01tl/helm/searxng/templates/service-monitor.yaml
View File

@@ -1,26 +1,19 @@
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: searxng-browser name: redis-replication-searxng
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: searxng-browser app.kubernetes.io/name: redis-replication-searxng
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec: spec:
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: searxng-browser redis_setup_type: replication
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints: endpoints:
- port: mail - port: redis-exporter
interval: 30s interval: 30s
scrapeTimeout: 15s scrapeTimeout: 10s
path: /metrics
basicAuth:
password:
name: searxng-browser-metrics-auth
key: metrics-password
username:
name: searxng-browser-metrics-auth
key: metrics-username

46
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a tag: latest@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -18,6 +18,10 @@ searxng:
value: http://searxng-api.searxng:8080/search?q=<query> value: http://searxng-api.searxng:8080/search?q=<query>
- name: SEARXNG_HOSTNAME - name: SEARXNG_HOSTNAME
value: searxng-api.searxng value: searxng-api.searxng
- name: UWSGI_WORKERS
value: 4
- name: UWSGI_THREADS
value: 4
- name: ENABLE_RAG_WEB_SEARCH - name: ENABLE_RAG_WEB_SEARCH
value: true value: true
- name: RAG_WEB_SEARCH_ENGINE - name: RAG_WEB_SEARCH_ENGINE
@@ -39,7 +43,7 @@ searxng:
main: main:
image: image:
repository: searxng/searxng repository: searxng/searxng
tag: latest@sha256:95e59f5ba7d48b4c7ee92f2705907e52c5b98715b0d8c4802863322a502a8c4a tag: latest@sha256:c25c6b671382f0464318b2de3b142f1c9fe3721e46fdad027f4d6caf399728ea
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SEARXNG_BASE_URL - name: SEARXNG_BASE_URL
@@ -48,25 +52,16 @@ searxng:
value: https://searxng.alexlebens.net/search?q=<query> value: https://searxng.alexlebens.net/search?q=<query>
- name: SEARXNG_HOSTNAME - name: SEARXNG_HOSTNAME
value: searxng.alexlebens.net value: searxng.alexlebens.net
- name: SEARXNG_VALKEY_URL - name: SEARXNG_REDIS_URL
value: valkey://127.0.0.1:6379/0 value: redis://redis-replication-searxng-master.searxng:6379/0
- name: GRANIAN_HOST - name: UWSGI_WORKERS
value: 0.0.0.0 value: 4
- name: GRANIAN_PORT - name: UWSGI_THREADS
value: 8080 value: 4
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 256Mi memory: 256Mi
valkey:
image:
repository: valkey/valkey
tag: 9.0.0-alpine3.22
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun: gluetun:
image: image:
repository: ghcr.io/qdm12/gluetun repository: ghcr.io/qdm12/gluetun
@@ -82,10 +77,18 @@ searxng:
secretKeyRef: secretKeyRef:
name: searxng-wireguard-conf name: searxng-wireguard-conf
key: private-key key: private-key
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS - name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16 value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS - name: FIREWALL_INPUT_PORTS
value: 8080 value: 8080
- name: DOT
value: "off"
securityContext: securityContext:
privileged: True privileged: True
capabilities: capabilities:
@@ -148,12 +151,3 @@ searxng:
main: main:
- path: /etc/searxng - path: /etc/searxng
readOnly: false readOnly: false
valkey-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
browser:
valkey:
- path: /data
readOnly: false

6
clusters/cl01tl/helm/seerr/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr
version: 3.0.0
digest: sha256:6cf3525ac452922339261fa2a5ecc9d8cdf66b21bc30e032395d8d80bb79dc6c
generated: "2025-12-08T20:48:24.567069-06:00"

22
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: seerr
version: 1.0.0
description: Seerr
keywords:
- seerr
- media
- movies
- tv shows
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/seerr-team/seerr
- https://github.com/seerr-team/seerr/pkgs/container/seerr
- https://github.com/seerr-team/seerr/tree/develop/charts/seerr-chart
maintainers:
- name: alexlebens
dependencies:
- name: seerr-chart
repository: oci://ghcr.io/seerr-team/seerr
version: 3.0.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/overseerr.png
appVersion: develop

55
clusters/cl01tl/helm/seerr/templates/external-secret.yaml
View File

@@ -1,55 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: seerr-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: seerr-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/seerr/seerr-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

28
clusters/cl01tl/helm/seerr/templates/http-route.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-seerr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-seerr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- seerr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: seerr-seerr-chart
port: 80
weight: 100

26
clusters/cl01tl/helm/seerr/templates/replication-source.yaml
View File

@@ -1,26 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: seerr-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: seerr-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: seerr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: seerr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

31
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -1,31 +0,0 @@
seerr-chart:
image:
tag: develop
sha: f96deeef25cfb7bb0ecaa90f324bf6dfb66a844e8ed38501764f4d982a152280
probes:
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
service:
port: 80
config:
persistence:
size: 5Gi
accessModes:
- ReadWriteOnce
storageClass: ceph-block
ingress:
enabled: false
resources:
requests:
cpu: 10m
memory: 128Mi

2
clusters/cl01tl/helm/tubearchivist/templates/redis-replication.yaml
View File

@@ -26,7 +26,7 @@ spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
resources: resources:
requests: requests:
storage: 5Gi storage: 1Gi
redisExporter: redisExporter:
enabled: true enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0 image: quay.io/opstree/redis-exporter:v1.48.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main: main:
image: image:
repository: clidey/whodb repository: clidey/whodb
tag: 0.82.0 tag: 0.81.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: WHODB_OLLAMA_HOST - name: WHODB_OLLAMA_HOST

1
hosts/ps08rp/blocky/config.yml
View File

@@ -132,7 +132,6 @@ customDNS:
radarr-anime IN CNAME traefik-cl01tl radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

1
hosts/ps09rp/blocky/config.yml
View File

@@ -132,7 +132,6 @@ customDNS:
radarr-anime IN CNAME traefik-cl01tl radarr-anime IN CNAME traefik-cl01tl
radarr-standup IN CNAME traefik-cl01tl radarr-standup IN CNAME traefik-cl01tl
searxng IN CNAME traefik-cl01tl searxng IN CNAME traefik-cl01tl
seerr IN CNAME traefik-cl01tl
slskd IN CNAME traefik-cl01tl slskd IN CNAME traefik-cl01tl
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
--- ---
services: services:
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"

2
hosts/ps10rp/gitea/compose.yaml
View File

@@ -19,7 +19,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
postgresql: postgresql:
image: docker.io/postgres:18.1-alpine3.21 image: docker.io/postgres:17.7-alpine3.21
container_name: gitea-postgres container_name: gitea-postgres
env_file: env_file:
- .env - .env

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun - /dev/net/tun:/dev/net/tun
traefik: traefik:
image: ghcr.io/traefik/traefik:v3.6.4 image: ghcr.io/traefik/traefik:v3.6.2
container_name: traefik container_name: traefik
command: command:
- "--global.checkNewVersion=false" - "--global.checkNewVersion=false"