alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions 4 Activity

Compare commits

base: alexlebens:renovate/docker.io-postgres-18.x
Branches Tags
alexlebens:main alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/stalwartlabs-stalwart-0.x
..
compare: alexlebens:a20d954ac8343152bf3f22be948c525d38494991
Branches Tags
alexlebens:renovate/docker.io-postgres-18.x alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:main

1 Commits
renovate/d ... a20d954ac8

Author SHA1 Message Date
Renovate Bot
a20d954ac8 Update actions/checkout action to v6 2025-11-20 17:02:30 +00:00
23 changed files with 75 additions and 387 deletions
Expand all files Collapse all files

206
clusters/cl01tl/applications/booklore/templates/external-secret.yaml
View File

@@ -20,29 +20,6 @@ spec:
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: psk.txt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
@@ -68,21 +45,21 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: BUCKET_ENDPOINT
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
@@ -91,185 +68,14 @@ spec:
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
property: secret_key
---
apiVersion: external-secrets.io/v1

10
clusters/cl01tl/applications/booklore/templates/namespace.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: booklore
annotations:
volsync.backube/privileged-movers: "true"
labels:
app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}

15
clusters/cl01tl/applications/booklore/templates/replication-destination.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: booklore-data-replication-destination
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-destination
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
rsyncTLS:
copyMethod: Direct
accessModes: ["ReadWriteMany"]
destinationPVC: booklore-books-nfs-storage
keySecret: booklore-data-replication-secret

103
clusters/cl01tl/applications/booklore/templates/replication-source.yaml
View File

@@ -1,24 +1,5 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-replication-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: "0 0 * * *"
rsyncTLS:
keySecret: booklore-data-replication-secret
address: volsync-rsync-tls-dst-booklore-data-replication-destination
copyMethod: Snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-config-backup-source
namespace: {{ .Release.Namespace }}
@@ -43,87 +24,3 @@ spec:
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 2 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-local
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 3 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-remote
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-external
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

14
clusters/cl01tl/applications/booklore/templates/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-ps10rp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-ps10rp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
spec:
externalName: placeholder
type: ExternalName

18
clusters/cl01tl/applications/booklore/values.yaml
View File

@@ -50,29 +50,19 @@ booklore:
main:
- path: /app/data
readOnly: false
data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
books:
existingClaim: booklore-books-nfs-storage
advancedMounts:
main:
main:
- path: /data
- path: /books
readOnly: false
books-import:
type: emptyDir
advancedMounts:
main:
main:
- path: /bookdrop
readOnly: false
ingest:
existingClaim: booklore-books-import-nfs-storage
advancedMounts:
main:
main:
- path: /bookdrop/ingest
- path: /bookdrop
readOnly: false
mariadb-cluster:
mariadb:

2
clusters/cl01tl/applications/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.13.4
tag: 11.13.2
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL

6
clusters/cl01tl/applications/ephemera/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ephemera-import-nfs-storage
name: ephemera-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ephemera-import-nfs-storage
app.kubernetes.io/name: ephemera-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: ephemera-import-nfs-storage
volumeName: ephemera-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

4
clusters/cl01tl/applications/ephemera/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: ephemera-import-nfs-storage
name: ephemera-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ephemera-import-nfs-storage
app.kubernetes.io/name: ephemera-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

50
clusters/cl01tl/applications/ephemera/values.yaml
View File

@@ -13,12 +13,12 @@ ephemera:
pullPolicy: IfNotPresent
env:
- name: AA_BASE_URL
value: https://annas-archive.org
# - name: AA_API_KEY
# valueFrom:
# secretKeyRef:
# name: ephemera-key-secret
# key: key
value: 8080
- name: AA_API_KEY
valueFrom:
secretKeyRef:
name: ephemera-key-secret
key: key
- name: FLARESOLVERR_URL
value: http://127.0.0.1:8191
- name: LG_BASE_URL
@@ -27,6 +27,24 @@ ephemera:
value: 0
- name: PGID
value: 0
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:8286/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 50m
@@ -45,6 +63,22 @@ ephemera:
value: none
- name: TZ
value: America/Chicago
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- CMD
- curl
- -f
- http://127.0.0.1:8191/health
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
@@ -98,8 +132,8 @@ ephemera:
main:
- path: /app/downloads
readOnly: false
ingest:
existingClaim: ephemera-import-nfs-storage
books-import:
existingClaim: ephemera-nfs-storage
advancedMounts:
main:
main:

4
clusters/cl01tl/applications/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235
tag: latest@sha256:b1abdaa492716699b839c7b38f052a2679681f7de756c4d8d3a7f9aa46b3a18b
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -43,7 +43,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:7914267d4a3b91132aa888b889dbe0657bdb9e1af5a13eb6fbab99a94990c235
tag: latest@sha256:b1abdaa492716699b839c7b38f052a2679681f7de756c4d8d3a7f9aa46b3a18b
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/applications/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/applications/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/applications/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.16@sha256:2fc9c36769a3f50ab529e7ccc37687d118ab42199b01588573f03b3393cc3223
tag: 4.0.16@sha256:4b8a853b76337cd5de5f69961e23b7d0792ce7bf0a8be083dd7202ef670bfc34
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/monitoring/shelly-plug/values.yaml
View File

@@ -36,7 +36,7 @@ shelly-plug:
main:
image:
repository: php
tag: 8.5.0-apache-bookworm
tag: 8.4.14-apache-bookworm
pullPolicy: IfNotPresent
env:
- name: SHELLY_HOSTNAME

2
clusters/cl01tl/platform/external-secrets/Chart.yaml
View File

@@ -12,7 +12,7 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 1.1.0
version: 1.0.0
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
appVersion: 0.17.0

2
clusters/cl01tl/platform/matrix-synapse/Chart.yaml
View File

@@ -29,7 +29,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: matrix-synapse
version: 3.12.15
version: 3.12.14
repository: https://ananace.gitlab.io/charts
- name: app-template
alias: matrix-hookshot

6
clusters/cl01tl/platform/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.0
tag: 0.12.11
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.0
tag: 0.12.11
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.13.0
tag: 0.12.11
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

4
clusters/cl01tl/platform/vault/values.yaml
View File

@@ -12,7 +12,7 @@ vault:
enabled: true
image:
repository: hashicorp/vault
tag: 1.21.1
tag: 1.21.0
updateStrategyType: "RollingUpdate"
logLevel: debug
logFormat: standard
@@ -170,7 +170,7 @@ snapshot:
snapshot:
image:
repository: hashicorp/vault
tag: 1.21.1
tag: 1.21.0
pullPolicy: IfNotPresent
command:
- /bin/ash

2
clusters/cl01tl/services/tailscale-operator/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: tailscale-operator
version: 1.90.8
version: 1.90.6
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
appVersion: v1.82.5

2
clusters/cl01tl/services/traefik/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: traefik
version: 37.4.0
version: 37.3.0
repository: https://traefik.github.io/charts
# enable pending:
# https://github.com/traefik/traefik-helm-chart/pull/1340

2
clusters/cl01tl/storage/volsync/Chart.yaml
View File

@@ -16,7 +16,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: volsync
version: 0.14.0
version: 0.13.1
repository: https://backube.github.io/helm-charts/
icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
appVersion: 0.12.1

2
hosts/ps10rp/gitea/compose.yaml
View File

@@ -19,7 +19,7 @@ services:
- /dev/net/tun:/dev/net/tun
postgresql:
image: docker.io/postgres:18.1-alpine3.21
image: docker.io/postgres:17.7-alpine3.21
container_name: gitea-postgres
env_file:
- .env