alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

Compare commits

base: alexlebens:renovate/external-secrets-2.x
Branches Tags
alexlebens:main alexlebens:renovate/external-secrets-2.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-gitroomhqpostiz-app alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-external-secretsexternal-secrets alexlebens:manifests alexlebens:auto/update-manifests
..
compare: alexlebens:816bda85169490e3731cac9d3e7b6ae2dfc36dba
Branches Tags
alexlebens:renovate/external-secrets-2.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-gitroomhqpostiz-app alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-external-secretsexternal-secrets alexlebens:manifests alexlebens:main alexlebens:auto/update-manifests

1 Commits
renovate/e ... 816bda8516

Author SHA1 Message Date
Renovate Bot
816bda8516 chore(deps): update dependency tailscale/tailscale to v1.96.2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 41s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 1m6s
Details
render-manifests / render-manifests (pull_request) Successful in 31s
Details
2026-03-18 17:05:13 +00:00
61 changed files with 350 additions and 255 deletions
Expand all files Collapse all files

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.5
version: 1.0.2
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:d0d7ebf1c0013d001aa2f17d04a6d3f3d7a1fa7d5c62792eef856b87c24eb26e
generated: "2026-03-20T20:48:30.830922259Z"
digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-15T20:04:18.080966008Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,10 +18,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.5
version: 1.0.2
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
version: 2.4.20
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3
appVersion: v4.0.2

2
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -8,7 +8,7 @@ argo-workflows:
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
tag: v1.35.2
controller:
metricsConfig:
enabled: true

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.15
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-03-20T01:09:07.547016465Z"
version: 9.4.12
digest: sha256:2bea48f3d44a453b8cdc83c7a18f9e417116d300dfad9672bab4ac97cefa891d
generated: "2026-03-18T11:03:53.835514883Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.15
version: 9.4.12
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.1
appVersion: 2.33.0

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1
tag: 2.33.0
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.2.0
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-20T20:53:08.407747649Z"
version: 2.1.0
digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-07T18:02:23.908145348Z"

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,7 +12,7 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 2.2.0
version: 2.1.0
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
digest: sha256:36bf651c24198d299458046aaf449e9fb50942e1143389092a746357d402b731
generated: "2026-03-20T01:18:36.687250976Z"
version: 0.20.22
digest: sha256:14e5aa3f02ce6a1271dadc3f76997c739fc9434e669b05655c079d0b873c56ca
generated: "2026-03-15T20:35:40.676997293Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
version: 0.20.22
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: harbor
repository: https://helm.goharbor.io
version: 1.18.3
version: 1.18.2
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa
generated: "2026-03-19T04:16:54.362332682Z"
digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
generated: "2026-03-15T20:06:13.615175051Z"

4
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.18.3
version: 1.18.2
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0
appVersion: v2.14.3

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.2
tag: 2026.3.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

9
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -780,6 +780,9 @@ homepage:
- Digital Ocean:
- abbr: DO
href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare:
- abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
@@ -789,12 +792,12 @@ homepage:
- ProtonVPN:
- abbr: PV
href: https://account.protonvpn.com/
- AirVPN:
- abbr: AV
href: https://airvpn.org/
- Unifi:
- abbr: UF
href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha:
- abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.1
appVersion: v2.5.6

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.6.1
tag: v2.5.6
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.13.0
version: 82.10.4
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:1d90bebd9c0afd20f8ff780edd15da18b20f89cf35fd85832d6d8d44b2e0544b
generated: "2026-03-20T18:02:38.368086545Z"
digest: sha256:d6bbbfdd1a781b5eb82c2dc8571836a43d23bf8526eac1bcd40f38030be642db
generated: "2026-03-15T20:38:11.961621853Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.13.0
version: 82.10.4
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

2
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.2
appVersion: 13.3.0

2
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -16,7 +16,7 @@ libation:
main:
image:
repository: rmcrackan/libation
tag: 13.3.2
tag: 13.3.0
pullPolicy: IfNotPresent
env:
- name: SLEEP_TIME

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.2.2
appVersion: 0.2.1

2
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -9,7 +9,7 @@ medialyze:
main:
image:
repository: ghcr.io/frederikemmer/medialyze
tag: 0.2.2
tag: 0.2.1
pullPolicy: IfNotPresent
env:
- name: HOST_PORT

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,27 +60,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

134
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.4.6
tag: 2.4.5
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR
@@ -50,72 +50,72 @@ music-grabber:
requests:
cpu: 10m
memory: 512Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.18.2
appVersion: 0.18.1

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.1
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

2
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -39,4 +39,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
# renovate: datasource=github-releases depName=outline/outline
appVersion: 1.6.1
appVersion: 1.6.0

2
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -12,7 +12,7 @@ outline:
main:
image:
repository: outlinewiki/outline
tag: 1.6.1
tag: 1.6.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.0
digest: sha256:82e19c59373b1dd1a854a4e5699c7b864cfbb96e58a065f53ad76e64d7109cff
generated: "2026-03-19T22:02:57.659253727Z"
version: 27.0.1
digest: sha256:c66f0099390741388fce480670ce5f40f0e8459f3471a9f49da6f3f217c028a0
generated: "2026-03-17T20:57:34.001956235Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 28.0.0
version: 27.0.1
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,30 +16,23 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password
---
apiVersion: external-secrets.io/v1

25
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -64,29 +64,28 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
@@ -217,7 +216,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.15.0
tag: v1.14.1
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED

2
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
# renovate: datasource=github-releases depName=roundcube/roundcubemail
appVersion: 1.6.14
appVersion: 1.6.13

4
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -9,7 +9,7 @@ roundcube:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE

4
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -71,7 +71,7 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
@@ -122,7 +122,7 @@ rybbit:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.2.5
tag: 26.2.4
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b41b861ff61c7ab36dfb9b7901744c44d5a3e13e51c624d6b1c2ede027ee0dec
tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:b41b861ff61c7ab36dfb9b7901744c44d5a3e13e51c624d6b1c2ede027ee0dec
tag: latest@sha256:67a3e2e339eb33e60d16df2b328961583c908c4b6f3a176b23ecb9ddd6f137fd
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.15.0
tag: 3.14.0
pullPolicy: IfNotPresent
resources:
requests:

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,27 +62,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

21
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,7 +54,7 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -62,29 +62,26 @@ slskd:
secretKeyRef:
name: slskd-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.3
appVersion: v1.96.2

4
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -9,7 +9,7 @@ tdarr:
main:
image:
repository: ghcr.io/haveagitgat/tdarr
tag: 2.64.02
tag: 2.63.01
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -48,7 +48,7 @@ tdarr:
main:
image:
repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.64.02
tag: 2.63.01
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/traefik/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: traefik
repository: https://traefik.github.io/charts
version: 39.0.6
version: 39.0.5
- name: traefik-crds
repository: https://traefik.github.io/charts
version: 1.15.0
digest: sha256:45b11c0cb1083daff76df3c90ecf7d73fc09979239bdc0f272d826fab92a3ba4
generated: "2026-03-20T20:50:42.131002257Z"
digest: sha256:8edf8d2dcabdba2c2b8d6a9508f001ba5ef4bec205423f864b92f2adedd73b60
generated: "2026-03-16T15:32:49.364653199Z"

4
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: traefik
version: 39.0.6
version: 39.0.5
repository: https://traefik.github.io/charts
- name: traefik-crds
version: 1.15.0
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.11
appVersion: v3.6.10

6
clusters/cl01tl/helm/trivy/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: trivy-operator
repository: https://aquasecurity.github.io/helm-charts/
version: 0.32.1
digest: sha256:7e25850fc3115f52e6c65151c76668929eee6713228e935862d9f156397c2ede
generated: "2026-03-15T17:21:41.373519-05:00"

23
clusters/cl01tl/helm/trivy/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v2
name: trivy
version: 1.0.0
description: Trivy
keywords:
- trivy
- vulnerability
- monitoring
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/aquasecurity/trivy
- https://github.com/aquasecurity/trivy-operator
- https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
maintainers:
- name: alexlebens
dependencies:
- name: trivy-operator
version: 0.32.1
repository: https://aquasecurity.github.io/helm-charts/
icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
# renovate: github=aquasecurity/trivy
appVersion: 0.32.1

11
clusters/cl01tl/helm/trivy/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: trivy
labels:
app.kubernetes.io/name: trivy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

91
clusters/cl01tl/helm/trivy/values.yaml Normal file
View File

@@ -0,0 +1,91 @@
trivy-operator:
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
operator:
replicas: 1
scanJobsConcurrentLimit: 1
vulnerabilityScannerEnabled: true
sbomGenerationEnabled: false
clusterSbomCacheEnabled: false
configAuditScannerEnabled: true
rbacAssessmentScannerEnabled: true
infraAssessmentScannerEnabled: false
clusterComplianceEnabled: false
vulnerabilityScannerScanOnlyCurrentRevisions: true
accessGlobalSecretsAndServiceAccount: true
metricsFindingsEnabled: true
exposedSecretScannerEnabled: true
serviceMonitor:
enabled: true
trivy:
createConfig: true
image:
registry: mirror.gcr.io
repository: aquasec/trivy
tag: 0.69.3
storageClassEnabled: true
storageClassName: ceph-block
storageSize: "10Gi"
registry:
mirror:
"registry-1.docker.io": proxy-registry-1.docker.io
"quay.io": proxy-quay.io
"registry.k8s.io": proxy-registry.k8s
"gcr.io": proxy-gcr.io
"ghcr.io": proxy-ghcr.io
"hub.docker": proxy-hub.docker
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
slow: true
resources:
requests:
cpu: 100m
memory: 128M
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
server:
resources:
requests:
cpu: 200m
memory: 512Mi
replicas: 1
nodeCollector:
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
volumeMounts:
- name: var-lib-etcd
mountPath: /var/lib/etcd
readOnly: true
- name: var-lib-kubelet
mountPath: /var/lib/kubelet
readOnly: true
- name: var-lib-kube-scheduler
mountPath: /var/lib/kube-scheduler
readOnly: true
- name: var-lib-kube-controller-manager
mountPath: /var/lib/kube-controller-manager
readOnly: true
- name: etc-kubernetes
mountPath: /etc/kubernetes
readOnly: true
- name: etc-cni-netd
mountPath: /etc/cni/net.d/
readOnly: true
volumes:
- name: var-lib-etcd
hostPath:
path: /var/lib/etcd
- name: var-lib-kubelet
hostPath:
path: /var/lib/kubelet
- name: var-lib-kube-scheduler
hostPath:
path: /var/lib/kube-scheduler
- name: var-lib-kube-controller-manager
hostPath:
path: /var/lib/kube-controller-manager
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes
- name: etc-cni-netd
hostPath:
path: /etc/cni/net.d/

21
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -83,27 +83,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

10
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -53,7 +53,7 @@ tubearchivist:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -61,16 +61,16 @@ tubearchivist:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: addresses
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS

2
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
# renovate: datasource=github-releases depName=clidey/whodb
appVersion: 0.100.0
appVersion: 0.99.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.100.0
tag: 0.99.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

21
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -16,27 +16,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

18
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -40,7 +40,11 @@ yubal:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# value: protonvpn
# - name: PUID
# value: "1000"
# - name: PGID
# value: "1000"
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
@@ -48,26 +52,22 @@ yubal:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# - name: UPDATER_PROTONVPN_EMAIL
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# key: proton-email
# - name: UPDATER_PROTONVPN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: addresses
# key: proton-password
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"