alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:renovate/grafana-operator-5.x
Branches Tags
alexlebens:main alexlebens:renovate/meilisearch-0.x alexlebens:renovate/grafana-operator-5.x alexlebens:manifests
..
compare: alexlebens:25e579a495b70fc82ec478e9a728ae2adf1284e5
Branches Tags
alexlebens:renovate/meilisearch-0.x alexlebens:renovate/grafana-operator-5.x alexlebens:manifests alexlebens:main

1 Commits
renovate/g ... 25e579a495

Author SHA1 Message Date
Renovate Bot
25e579a495 Update directus/directus Docker tag to v11.14.0
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 31s
Details
2025-12-10 21:03:06 +00:00
310 changed files with 4232 additions and 2509 deletions
Expand all files Collapse all files

19
.gitea/workflows/lint-test-docker.yaml
View File

@@ -6,12 +6,14 @@ on:
- main
paths:
- 'hosts/**'
- '!clusters/**'
push:
branches:
- main
paths:
- 'hosts/**'
- '!clusters/**'
env:
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
@@ -65,11 +67,11 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
else
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "hosts/[^/]+/[^/]+")
fi
if [ -n "${GIT_DIFF}" ]; then
@@ -78,12 +80,8 @@ jobs:
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
fi
CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
done
else
@@ -104,11 +102,6 @@ jobs:
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any docker compose files to lint"
echo "----"
echo "changes-detected=false" >> $GITEA_OUTPUT
fi

29
.gitea/workflows/lint-test-helm.yaml
View File

@@ -6,12 +6,14 @@ on:
- main
paths:
- 'clusters/cl01tl/helm/**'
- '!hosts/**'
push:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
- '!hosts/**'
env:
CLUSTER: cl01tl
@@ -67,11 +69,12 @@ jobs:
if [ "${{ github.event_name }}" == "pull_request" ]; then
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+"
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
else
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
fi
if [ -n "${GIT_DIFF}" ]; then
@@ -80,12 +83,8 @@ jobs:
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo "\n")
fi
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo " ")
done
else
@@ -106,11 +105,6 @@ jobs:
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any helm charts files to lint"
echo "----"
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
@@ -124,14 +118,7 @@ jobs:
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo ">> Command: $cmd"
echo "$cmd" | sh;
fi
done || true
| while read cmd; do echo "$cmd" | sh; done || true
done
if helm repo list | tail +2 | read -r; then

12
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -106,13 +106,7 @@ jobs:
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
| while read cmd; do echo "$cmd" | sh; done || true
done
if helm repo list | tail +2 | read -r; then
@@ -167,10 +161,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh

12
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -91,13 +91,7 @@ jobs:
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
| while read cmd; do echo "$cmd" | sh; done || true
done
if helm repo list | tail +2 | read -r; then
@@ -152,10 +146,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh

12
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -111,13 +111,7 @@ jobs:
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
| while read cmd; do echo "$cmd" | sh; done || true
done
if helm repo list | tail +2 | read -r; then
@@ -172,10 +166,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh

12
.gitea/workflows/render-manifests-push.yaml
View File

@@ -109,13 +109,7 @@ jobs:
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
| while read cmd; do echo "$cmd" | sh; done || true
done
if helm repo list | tail +2 | read -r; then
@@ -170,10 +164,6 @@ jobs:
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
digest: sha256:3763d6c5c0b45219235229aa1d72bfa426abd29aa8d92c1b1ca958b6afb3bfc8
generated: "2025-12-15T17:43:51.908308-06:00"
digest: sha256:926b8da839684072fd79954aff0c9852c2ff3b618b0fa35177bdec8e2dff4986
generated: "2025-12-05T17:02:01.15162583Z"

6
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -17,9 +17,5 @@ dependencies:
alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-data
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
appVersion: 25.12.0
appVersion: 25.11.0

55
clusters/cl01tl/helm/actual/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: actual-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: actual-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/actual/actual-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

25
clusters/cl01tl/helm/actual/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: actual-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: actual-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: actual-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: actual-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

2
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -54,5 +54,3 @@ actual:
main:
- path: /data
readOnly: false
volsync-target-data:
pvcTarget: actual-data

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 2.4.19
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
digest: sha256:796a0f9ae054268c9a4e2752f29004b6547e5ee41e623b8506b531f6836b7313
generated: "2025-12-15T14:27:02.068848-06:00"
version: 6.16.1
digest: sha256:d7a4a646857a3f9161d7590857fa18fc5d26861a5cf45e208dd7c2b86378ccb4
generated: "2025-12-10T16:01:53.661262327Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -24,8 +24,8 @@ dependencies:
version: 2.4.19
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: v3.7.6
appVersion: v3.6.7

8
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -31,10 +31,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret
name: argo-workflows-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -61,10 +61,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
name: argo-workflows-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: argo-workflows-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

0
clusters/cl01tl/helm/tailscale-operator/templates/service.yaml → clusters/cl01tl/helm/argo-workflows/templates/service.yaml
View File

58
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -9,15 +9,15 @@ argo-workflows:
nodeStatusOffLoad: true
archive: true
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
host: argo-workflows-postgresql-17-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
name: argo-workflows-postgresql-17-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
name: argo-workflows-postgresql-17-cluster-app
key: password
ssl: false
sslMode: disable
@@ -59,6 +59,20 @@ argo-workflows:
useStaticCredentials: true
artifactRepository:
archiveLogs: false
s3: {}
# accessKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: accesskey
# secretKeySecret:
# name: "{{ .Release.Name }}-minio"
# key: secretkey
# insecure: true
# bucket:
# endpoint:
# region:
# encryptionOptions:
# enableEncryption: true
argo-events:
controller:
resources:
@@ -75,57 +89,59 @@ argo-events:
requests:
cpu: 10m
memory: 128Mi
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: argo-workflows-postgresql-17-cluster-backup-secret-garage
# endpointCredentialsIncludeRegion: true
# retentionPolicy: "30d"
# data:
# compression: bzip2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 9.1.7
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: v3.2.1
appVersion: 3.0.0

1
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -25,7 +25,6 @@ argo-cd:
id: authentik
params:
server.insecure: true
controller.diff.server.side: true
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin

10
clusters/cl01tl/helm/audiobookshelf/Chart.lock
View File

@@ -2,11 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
digest: sha256:88e0d8008795451a64f3a2e4fa4fc120d48cef4badb4305e8e60afbb494352c5
generated: "2025-12-15T18:19:02.989735-06:00"
digest: sha256:977ed15091e9ed30d647a626214701d22f3a8a5232a900e33f753cc7e090042f
generated: "2025-12-05T17:02:13.674405673Z"

10
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -19,13 +19,5 @@ dependencies:
alias: audiobookshelf
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-metadata
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
appVersion: 2.31.0
appVersion: 2.21.0

114
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -19,3 +19,117 @@ spec:
key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-metadata-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-metadata-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-metadata"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

19
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,5 +1,24 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-nfs-storage-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}

52
clusters/cl01tl/helm/audiobookshelf/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: audiobookshelf-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: audiobookshelf-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: audiobookshelf-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: audiobookshelf-metadata-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-metadata-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: audiobookshelf-metadata
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: audiobookshelf-metadata-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

15
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -21,7 +21,7 @@ audiobookshelf:
apprise-api:
image:
repository: caronc/apprise
tag: 1.3.0
tag: 1.2.6
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -59,7 +59,6 @@ audiobookshelf:
protocol: HTTP
persistence:
config:
forceRename: audiobookshelf-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
@@ -70,7 +69,6 @@ audiobookshelf:
- path: /config
readOnly: false
metadata:
forceRename: audiobookshelf-metadata
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
@@ -80,6 +78,13 @@ audiobookshelf:
main:
- path: /metadata
readOnly: false
backup:
existingClaim: audiobookshelf-nfs-storage-backup
advancedMounts:
main:
main:
- path: /metadata/backups
readOnly: false
audiobooks:
existingClaim: audiobookshelf-nfs-storage
advancedMounts:
@@ -87,7 +92,3 @@ audiobookshelf:
main:
- path: /mnt/store/
readOnly: false
volsync-target-config:
pvcTarget: audiobookshelf-config
volsync-target-metadata:
pvcTarget: audiobookshelf-metadata

9
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -7,9 +7,6 @@ dependencies:
version: 1.23.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:e593d25ebf07b1274768045f028e1ceeccbcdc1c8e35414d6bbd9a8d09086991
generated: "2025-12-15T14:36:33.783343-06:00"
version: 6.16.1
digest: sha256:e6ea05d8bdb96164bc19da117078b5101f329ad5f1b461fa02f198bef45454f3
generated: "2025-12-07T02:54:01.695741198Z"

9
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -28,11 +28,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
version: 0.5.0
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
appVersion: 2025.10.2
appVersion: 2025.4.1

8
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -47,10 +47,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret
name: authentik-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -77,10 +77,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-postgresql-18-cluster-backup-secret-garage
name: authentik-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: authentik-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

32
clusters/cl01tl/helm/authentik/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-authentik
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

19
clusters/cl01tl/helm/authentik/templates/service-monitor.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-authentik
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

54
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -9,22 +9,22 @@ authentik:
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: host
- name: AUTHENTIK_POSTGRESQL__NAME
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: dbname
- name: AUTHENTIK_POSTGRESQL__USER
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: user
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql-18-cluster-app
name: authentik-postgresql-17-cluster-app
key: password
authentik:
redis:
@@ -50,65 +50,59 @@ authentik:
enabled: false
cloudflared:
existingSecretName: authentik-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: authentik-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
redisSentinel:
enabled: true
clusterSize: 3

10
clusters/cl01tl/helm/backrest/Chart.lock
View File

@@ -2,11 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
digest: sha256:13c950ad5cd6accd192e6768557c0df74af2cd767d2372dc38c1cdb7e1563399
generated: "2025-12-15T18:33:59.961957-06:00"
digest: sha256:6e6f20320a485b57288a6febae1b7623076059c370f88b7fbe92460fc4047db3
generated: "2025-12-05T17:02:26.599646463Z"

8
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -17,13 +17,5 @@ dependencies:
alias: backrest
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
appVersion: v1.10.1

6
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -35,7 +35,6 @@ backrest:
protocol: TCP
persistence:
data:
forceRename: backrest-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
@@ -46,7 +45,6 @@ backrest:
- path: /data
readOnly: false
config:
forceRename: backrest-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
@@ -84,7 +82,3 @@ backrest:
main:
- path: /mnt/share
readOnly: true
volsync-target-data:
pvcTarget: backrest-data
volsync-target-config:
pvcTarget: backrest-config

7
clusters/cl01tl/helm/bazarr/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:cb702f316026bdb487ace1abec56cc3c505376cf14a45528e3e593e4cc7effab
generated: "2025-12-15T19:04:05.574701-06:00"
digest: sha256:54c88d51b4067dec5b22623957970b64092bf3f417fabb58277f6bc3e01eca20
generated: "2025-12-05T17:02:40.843820962Z"

6
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -19,9 +19,5 @@ dependencies:
alias: bazarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
appVersion: 1.5.3
appVersion: 1.5.2

55
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/bazarr/bazarr-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

30
clusters/cl01tl/helm/bazarr/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: bazarr-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: bazarr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: bazarr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

7
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -55,10 +55,3 @@ bazarr:
main:
- path: /mnt/store
readOnly: false
volsync-target-config:
pvcTarget: bazarr-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch

7
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:a7840240d52d7c66aa2e542132e32907dd0c48d3051eb15190a209215cbd4dce
generated: "2025-12-15T20:06:31.995318697Z"
digest: sha256:b8516161886b87344848ad2b3bdafbd66da61ca8ffc5e9a5ebed462f205c9912
generated: "2025-12-05T17:02:59.562863413Z"

5
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -17,8 +17,5 @@ dependencies:
alias: blocky
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: redis-replication
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
appVersion: v0.28.2
appVersion: v0.25

32
clusters/cl01tl/helm/blocky/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-blocky
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-blocky
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

21
clusters/cl01tl/helm/blocky/templates/service-monitor.yaml
View File

@@ -17,3 +17,24 @@ spec:
interval: 30s
scrapeTimeout: 10s
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-blocky
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-blocky
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

10
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -129,10 +129,10 @@ blocky:
huntarr IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
jellyfin-vue IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl
kronic IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
lidatube IN CNAME traefik-cl01tl
listenarr IN CNAME traefik-cl01tl
@@ -143,6 +143,7 @@ blocky:
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
overseerr IN CNAME traefik-cl01tl
pgadmin IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
@@ -301,10 +302,3 @@ blocky:
readOnly: true
mountPropagation: None
subPath: config.yml
redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
redisSentinel:
enabled: false

10
clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -5,11 +5,5 @@ dependencies:
- name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator
version: 25.10.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:6981b2c060c19bac6517578bd9b5b11a300a4deb431110bf90da317237a4a252
generated: "2025-12-15T19:15:49.886575-06:00"
digest: sha256:58d978bd46c61285b06acc6d9a40404d8059f2df7b953dea13c528b35350d0a8
generated: "2025-12-05T17:03:15.7199669Z"

10
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -20,13 +20,5 @@ dependencies:
- name: mariadb-cluster
version: 25.10.2
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
appVersion: v1.13.2
appVersion: v.1.10.0

228
clusters/cl01tl/helm/booklore/templates/external-secret.yaml
View File

@@ -43,6 +43,234 @@ spec:
metadataPolicy: None
property: psk.txt
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: booklore-data-backup-secret-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/booklore/booklore-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

112
clusters/cl01tl/helm/booklore/templates/replication-source.yaml
View File

@@ -15,3 +15,115 @@ spec:
keySecret: booklore-data-replication-secret
address: volsync-rsync-tls-dst-booklore-data-replication-destination
copyMethod: Snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: booklore-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-local
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-local
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 2 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-local
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-remote
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-remote
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 3 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-remote
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-backup-source-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-backup-source-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: booklore-data-backup-secret-external
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

41
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -41,7 +41,6 @@ booklore:
protocol: HTTP
persistence:
config:
forceRename: booklore-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
@@ -52,7 +51,6 @@ booklore:
- path: /app/data
readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
@@ -121,8 +119,7 @@ mariadb-cluster:
suspend: false
immediate: true
compression: gzip
maxRetention: 2160h
successfulJobsHistoryLimit: 1
maxRetention: 720h
storage:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
@@ -137,28 +134,6 @@ mariadb-cluster:
key: secret
tls:
enabled: true
- name: backup-remote
schedule:
cron: "0 0 * * 0"
suspend: false
immediate: true
compression: gzip
maxRetention: 2160h
successfulJobsHistoryLimit: 1
storage:
s3:
bucket: mariadb-backups
prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1
accessKeyIdSecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: access
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
tls:
enabled: true
- name: backup-garage
schedule:
cron: "0 0 * * *"
@@ -166,7 +141,6 @@ mariadb-cluster:
immediate: true
compression: gzip
maxRetention: 360h
successfulJobsHistoryLimit: 1
storage:
s3:
bucket: mariadb-backups
@@ -179,16 +153,3 @@ mariadb-cluster:
secretAccessKeySecretKeyRef:
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
volsync-target-config:
pvcTarget: booklore-config
volsync-target-data:
pvcTarget: booklore-data
local:
restic:
cacheCapacity: 10Gi
remote:
restic:
cacheCapacity: 10Gi
external:
restic:
cacheCapacity: 10Gi

2
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -17,4 +17,4 @@ dependencies:
version: v1.19.2
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
appVersion: v1.19.2
appVersion: v1.17.2

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 1.18.4
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
appVersion: 1.18.4
appVersion: 1.17.3

3
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -55,9 +55,6 @@ cilium:
metrics:
serviceMonitor:
enabled: true
tls:
auto:
method: cronJob
relay:
enabled: true
metrics:

2
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
version: 0.3.1
repository: https://cloudnative-pg.io/charts/
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
appVersion: 1.28.0
appVersion: 1.26.0

7
clusters/cl01tl/helm/code-server/Chart.lock
View File

@@ -5,8 +5,5 @@ dependencies:
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:bd1cbd66ccb360978a342ee218bfb01006a486fb85c5714acd593b9e1389b151
generated: "2025-12-15T21:50:58.968382-06:00"
digest: sha256:3cf78630cd7670e1157a87fc7ccbeca248ef4ced8a3170e69140ea3e1b0ff564
generated: "2025-12-07T02:54:11.675097664Z"

6
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -24,9 +24,5 @@ dependencies:
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
appVersion: 4.106.3
appVersion: 4.100.2

17
clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: code-server-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: code-server-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

15
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.106.3@sha256:83793e4460090d6c46f4842ff6ab8aa26ad8a567885112bbe754b45c61935055
tag: 4.106.3@sha256:aab9520fe923b2d93dccc2c806f3dc60649c2f4a2847fcd40c942227d0f1ae8f
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -37,11 +37,7 @@ code-server:
protocol: HTTP
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
existingClaim: code-server-nfs-storage
advancedMounts:
main:
main:
@@ -49,10 +45,3 @@ code-server:
readOnly: false
cloudflared:
existingSecretName: code-server-cloudflared-secret
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch

2
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 1.45.0
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
appVersion: v1.13.2
appVersion: v1.12.1

2
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -17,4 +17,4 @@ dependencies:
version: 0.34.0
repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 0.34.0
appVersion: 0.33.0

9
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -7,9 +7,6 @@ dependencies:
version: 1.23.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:1035fe225f5439c73fdc8b498c2164bad362e0198bc2ad40eab6b5d0bae9f86d
generated: "2025-12-15T14:37:45.474556-06:00"
version: 6.16.1
digest: sha256:73ab37385c3d0ec2db83a3640bc03b08ddd06fd015e1b7138e49bc8c3be9382e
generated: "2025-12-07T02:54:20.639142398Z"

9
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -26,11 +26,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
version: 0.5.0
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
appVersion: 11.14.0
appVersion: 11.7.2

38
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -151,10 +151,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret
name: directus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -181,10 +181,40 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-18-cluster-backup-secret-garage
name: directus-postgresql-17-cluster-backup-secret-weekly
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-weekly
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

35
clusters/cl01tl/helm/directus/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.2.1
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.76.0

30
clusters/cl01tl/helm/directus/templates/redis-sentinel.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
name: redis-sentinel-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-sentinel-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
redisSentinelConfig:
redisReplicationName: redis-replication-directus
redisReplicationPassword:
secretKeyRef:
name: directus-redis-config
key: password
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:v7.0.15
imagePullPolicy: IfNotPresent
redisSecret:
name: directus-redis-config
key: password
resources:
requests:
cpu: 10m
memory: 128Mi

21
clusters/cl01tl/helm/directus/templates/service-monitor.yaml
View File

@@ -20,3 +20,24 @@ spec:
bearerTokenSecret:
name: directus-metric-token
key: metric-token
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-directus
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

58
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -41,27 +41,27 @@ directus:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: host
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: dbname
- name: DB_PORT
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: port
- name: DB_USER
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: directus-postgresql-18-cluster-app
name: directus-postgresql-17-cluster-app
key: password
- name: SYNCHRONIZATION_STORE
value: redis
@@ -156,67 +156,59 @@ directus:
cloudflared-directus:
name: cloudflared-directus
existingSecretName: directus-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: directus-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: false
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
redis-replication:
existingSecret:
enabled: true
name: directus-redis-config
key: password
redisReplication:
clusterSize: 3
redisSentinel:
enabled: true
clusterSize: 3

2
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
version: 3.2.0
repository: https://helm.elastic.co
icon: https://helm.elastic.co/icons/eck.png
appVersion: v3.2.0
appVersion: 1.26.0

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
appVersion: v1.12.6
appVersion: v1.11.100

7
clusters/cl01tl/helm/ephemera/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.3.0
digest: sha256:476021b852fbbd829570bcb88309eea92bd096cb4ec79efe2d895ee0c46f1c49
generated: "2025-12-15T21:43:24.262051-06:00"
digest: sha256:b08b2d3923734ba8844754727803a4b4e1de2ad418c3f755ccd64927266c1b5c
generated: "2025-12-05T17:04:04.30013278Z"

4
clusters/cl01tl/helm/ephemera/Chart.yaml
View File

@@ -19,9 +19,5 @@ dependencies:
alias: ephemera
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.3.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
appVersion: 1.3.1

57
clusters/cl01tl/helm/ephemera/templates/external-secret.yaml
View File

@@ -42,3 +42,60 @@ spec:
key: /cl01tl/ephemera/config
metadataPolicy: None
property: ntfy-url
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ephemera-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ephemera-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ephemera/ephemera-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

26
clusters/cl01tl/helm/ephemera/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: ephemera-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ephemera-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: ephemera-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: ephemera-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 10Gi

5
clusters/cl01tl/helm/ephemera/values.yaml
View File

@@ -52,7 +52,7 @@ ephemera:
apprise-api:
image:
repository: caronc/apprise
tag: 1.3.0
tag: 1.2.6
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -82,7 +82,6 @@ ephemera:
protocol: HTTP
persistence:
config:
forceRename: ephemera
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
@@ -106,5 +105,3 @@ ephemera:
main:
- path: /app/ingest
readOnly: false
volsync-target-config:
pvcTarget: ephemera

2
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -17,4 +17,4 @@ dependencies:
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v1.4.1
appVersion: v1.3.1

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 1.19.0
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v0.20.0
appVersion: 1.16.1

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -15,4 +15,4 @@ dependencies:
version: 1.1.1
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
appVersion: v1.1.1
appVersion: 0.17.0

9
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,6 @@ dependencies:
version: 1.23.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:80a27ffb18fd1a635f16e70b90c2395f2de300ed50d072a8b87353f1ec3304cb
generated: "2025-12-15T21:47:10.578165-06:00"
version: 6.16.1
digest: sha256:d4b26fd1608a0c767c6ebb226173cef133ed53f45098851713121e429bc614a1
generated: "2025-12-07T02:54:39.594902963Z"

10
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -26,12 +26,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.5.0
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
appVersion: 1.27.1
appVersion: 1.26.2

65
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -98,10 +98,67 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret
name: freshrss-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: freshrss-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -128,10 +185,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: freshrss-postgresql-18-cluster-backup-secret-garage
name: freshrss-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

35
clusters/cl01tl/helm/freshrss/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: freshrss-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: freshrss-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: freshrss-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: freshrss-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

63
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -98,22 +98,22 @@ freshrss:
- name: DB_HOST
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: host
- name: DB_BASE
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: dbname
- name: DB_USER
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: freshrss-postgresql-18-cluster-app
name: freshrss-postgresql-17-cluster-app
key: password
- name: FRESHRSS_INSTALL
value: |
@@ -163,7 +163,6 @@ freshrss:
protocol: HTTP
persistence:
data:
forceRename: freshrss-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
@@ -194,69 +193,59 @@ freshrss:
readOnly: false
cloudflared:
existingSecretName: freshrss-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: freshrss-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# suspend: false
# schedule: "0 2 4 * * SAT"
# backupName: garage-remote
volsync-target-data:
pvcTarget: freshrss-data
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539

7
clusters/cl01tl/helm/garage/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:3d3469c5177b9501cbb34a5faf376fbe4d9b98bd033ad51ee51487a1c2f28d4e
generated: "2025-12-15T22:10:00.495878-06:00"
digest: sha256:36e920ce6efee3b33b40641652f814c888ae3c50272895ef286fb8236a010924
generated: "2025-12-05T17:04:29.153093714Z"

4
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -18,9 +18,5 @@ dependencies:
alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-db
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: v2.1.0

12
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -123,10 +123,9 @@ garage:
mountPropagation: None
subPath: garage.toml
db:
forceRename: garage-db
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
size: 10Gi
retain: true
advancedMounts:
main:
@@ -153,12 +152,3 @@ garage:
main:
- path: /var/lib/garage/snapshots
readOnly: false
volsync-target-db:
pvcTarget: garage-db
local:
enabled: false
remote:
restic:
cacheCapacity: 10Gi
external:
enabled: false

9
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,6 @@ dependencies:
version: 1.4.4
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:367bfee3e6811bfd4591cf76f09a419f312007d797b83311e76c8d01318e73fe
generated: "2025-12-15T22:11:48.014486-06:00"
version: 6.16.1
digest: sha256:53e3b31b3fa3916ac4478c0ca3733a18f7145a0129b6a9c7aefdaf8169cb525c
generated: "2025-12-04T00:00:45.882393108Z"

10
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -21,12 +21,8 @@ dependencies:
repository: https://twin.github.io/helm-charts
version: 1.4.4
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.5.0
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
appVersion: v5.33.0
appVersion: v5.12.0

8
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -54,10 +54,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret
name: gatus-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -84,10 +84,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gatus-postgresql-18-cluster-backup-secret-garage
name: gatus-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: gatus-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

63
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -36,27 +36,27 @@ gatus:
POSTGRES_USER:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: username
POSTGRES_PASSWORD:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: password
POSTGRES_HOST:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: host
POSTGRES_PORT:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: port
POSTGRES_DB:
valueFrom:
secretKeyRef:
name: gatus-postgresql-18-cluster-app
name: gatus-postgresql-17-cluster-app
key: dbname
resources:
requests:
@@ -122,9 +122,6 @@ gatus:
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
- name: jellyfin-vue
url: https://jellyfin-vue.alexlebens.net
<<: *defaults
- name: overseerr
url: https://overseerr.alexlebens.net
<<: *defaults
@@ -185,6 +182,11 @@ gatus:
- name: n8n
url: https://n8n.alexlebens.net
<<: *defaults
- name: kronic
url: https://kronic.alexlebens.net
<<: *defaults
conditions:
- "[STATUS] == 401"
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -257,6 +259,9 @@ gatus:
- name: garage
url: https://garage-webui.alexlebens.net
<<: *defaults
- name: pgadmin
url: https://pgadmin.alexlebens.net
<<: *defaults
- name: whodb
url: https://whodb.alexlebens.net
<<: *defaults
@@ -373,59 +378,59 @@ gatus:
url: https://home.alexlebens.dev
<<: *defaults
group: external
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-17-cluster
index: 2
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: gatus-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: true
# immediate: true
# suspend: false
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
volsync-target-data:
pvcTarget: gatus

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.8
digest: sha256:166bd29d6e7c70d6a5ffae32b6a140535bc08211140b40cadd93596aa8f4be5f
generated: "2025-12-16T18:01:57.978660845Z"
version: 0.20.5
digest: sha256:329b2d00301ab1467a8654dd92febfd7078db121c00c0960548010c01dee66b6
generated: "2025-12-08T03:02:06.697075532Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.8
version: 0.20.5
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

17
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -5,20 +5,17 @@ dependencies:
- name: gitea-actions
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.18.0
version: 0.17.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:6ba40bb2558ce298d05c6330d3eb34a6beae2b22f9c100649d6bba11efc5092d
generated: "2025-12-15T23:46:50.99338-06:00"
version: 6.16.1
digest: sha256:392636c97a9be96f21c70f9b53559398aa15e67a0cae551041ee64f23088b59a
generated: "2025-12-07T02:54:49.861996743Z"

24
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -31,28 +31,20 @@ dependencies:
- name: gitea-actions
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.1
- name: app-template
alias: backup
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: meilisearch
version: 0.18.0
version: 0.17.2
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
alias: redis-replication-gitea
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
alias: redis-replication-renovate
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
# - name: volsync-target
# alias: volsync-target-storage
# version: 0.5.0
# repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
appVersion: 1.25.2
appVersion: 1.23.7

38
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -168,6 +168,36 @@ spec:
metadataPolicy: None
property: id_rsa.pub
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-s3cmd-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-s3cmd-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/gitea-backup
metadataPolicy: None
property: s3cfg
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/gitea-backup
metadataPolicy: None
property: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
@@ -224,10 +254,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-postgresql-18-cluster-backup-secret
name: gitea-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret
app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -254,10 +284,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-postgresql-18-cluster-backup-secret-garage
name: gitea-postgresql-17-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/name: gitea-postgresql-17-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

23
clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml
View File

@@ -1,5 +1,24 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-nfs-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-nfs-storage-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-themes-storage
namespace: {{ .Release.Namespace }}
@@ -9,9 +28,9 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: ceph-filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteMany
- ReadWriteOnce
resources:
requests:
storage: 1Gi

66
clusters/cl01tl/helm/gitea/templates/redis-replication.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-gitea
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-gitea
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0
---
apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisReplication
metadata:
name: redis-replication-renovate
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-renovate
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
clusterSize: 3
podSecurityContext:
runAsUser: 1000
fsGroup: 1000
kubernetesConfig:
image: quay.io/opstree/redis:v8.0.3
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 128Mi
storage:
volumeClaimTemplate:
spec:
storageClassName: ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
redisExporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.48.0

17
clusters/cl01tl/helm/gitea/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitea-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitea-backup
subjects:
- kind: ServiceAccount
name: gitea-backup
namespace: {{ .Release.Namespace }}

25
clusters/cl01tl/helm/gitea/templates/role.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitea-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-backup
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list

21
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -14,3 +14,24 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: redis-replication-gitea
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: redis-replication-gitea
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
redis-operator: "true"
env: production
spec:
selector:
matchLabels:
redis_setup_type: replication
endpoints:
- port: redis-exporter
interval: 30s
scrapeTimeout: 10s

225
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -108,22 +108,22 @@ gitea:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgresql-18-cluster-app
name: gitea-postgresql-17-cluster-app
key: password
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom:
@@ -171,6 +171,135 @@ gitea-actions:
existingSecret: gitea-runner-secret
existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000
backup:
global:
fullnameOverride: gitea-backup
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
controllers:
backup:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 4 */2 * *
startingDeadlineSeconds: 90
successfulJobsHistory: 3
failedJobsHistory: 3
backoffLimit: 3
parallelism: 1
serviceAccount:
name: gitea-backup
pod:
automountServiceAccountToken: true
labels:
app.kubernetes.io/instance: gitea-backup
app.kubernetes.io/name: gitea-backup
initContainers:
backup:
image:
repository: bitnami/kubectl
tag: latest
pullPolicy: IfNotPresent
command:
- sh
args:
- -ec
- |
kubectl exec -it deploy/gitea -n gitea -- rm -f /opt/backup/gitea-backup.zip;
kubectl exec -it deploy/gitea -n gitea -- /app/gitea/gitea dump -c /data/gitea/conf/app.ini --file /opt/backup/gitea-backup.zip;
resources:
requests:
cpu: 100m
memory: 128Mi
containers:
s3-backup:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
echo ">> Running S3 backup for Gitea"
s3cmd put --no-check-md5 --no-check-certificate -v /opt/backup/gitea-backup.zip ${BUCKET}/cl01tl/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
mv /opt/backup/gitea-backup.zip /opt/backup/gitea-backup-$(date +"%Y%m%d-%H-%M").zip;
echo ">> Completed S3 backup for Gitea"
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: gitea-s3cmd-config
key: BUCKET
resources:
requests:
cpu: 100m
memory: 128Mi
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:a4ef406e37628ee56e608b1567aeb0345e51142f56741b715322111be3b6ebcc
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
- -ec
- |
export DATE_RANGE=$(date -d @$(( $(date +%s) - 604800 )) +%Y%m%d);
export FILE_MATCH="$BUCKET/cl01tl/gitea-backup-$DATE_RANGE-09-00.zip"
echo ">> Running S3 prune for Gitea backup repository"
echo ">> Backups prior to '$DATE_RANGE' will be removed"
echo ">> Backups to be removed:"
s3cmd ls ${BUCKET}/cl01tl/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}'
echo ">> Deleting ..."
s3cmd ls ${BUCKET}/cl01tl/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}' |
while read file; do
s3cmd del "$file";
done;
echo ">> Completed S3 prune for Gitea backup repository"
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: gitea-s3cmd-config
key: BUCKET
resources:
requests:
cpu: 100m
memory: 128Mi
serviceAccount:
gitea-backup:
enabled: true
persistence:
config:
existingClaim: gitea-nfs-storage-backup
advancedMounts:
backup:
s3-backup:
- path: /opt/backup
readOnly: false
s3cmd-config:
enabled: true
type: secret
name: gitea-s3cmd-config
advancedMounts:
backup:
s3-backup:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
s3-prune:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
meilisearch:
environment:
MEILI_NO_ANALYTICS: true
@@ -193,13 +322,17 @@ meilisearch:
enabled: true
cloudflared:
existingSecretName: gitea-cloudflared-secret
postgres-18-cluster:
postgres-17-cluster:
mode: recovery
cluster:
storage:
storageClass: local-path
walStorage:
storageClass: local-path
monitoring:
enabled: true
prometheusRule:
enabled: true
resources:
requests:
memory: 1Gi
@@ -207,95 +340,45 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
endpointURL: http://garage-main.garage:3900
index: 1
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
backup:
objectStore:
- name: external
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-17-cluster
index: 1
retentionPolicy: "30d"
isWALArchiver: false
- name: garage-local
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
index: 1
endpointURL: http://garage-main.garage:3900
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
endpointCredentialsIncludeRegion: true
retentionPolicy: "3d"
isWALArchiver: true
# - name: external
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-18-cluster
# index: 1
# retentionPolicy: "30d"
# isWALArchiver: false
# - name: garage-remote
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-17-cluster
# index: 1
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
# endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
# endpointCredentials: gitea-postgresql-17-cluster-backup-secret-garage
# retentionPolicy: "30d"
# data:
# compression: bzip2
# jobs: 2
scheduledBackups:
- name: daily-backup
suspend: false
schedule: "0 0 0 * * *"
backupName: external
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: daily-backup
# suspend: false
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
# - name: weekly-backup
# suspend: true
# immediate: true
# suspend: false
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
redis-replication-gitea:
replicationNameOverride: redis-replication-gitea
sentinelNameOverride: redis-sentinel-gitea
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
resources:
requests:
cpu: 20m
memory: 400Mi
volumeClaimTemplate:
spec:
resources:
requests:
storage: 10Gi
redisSentinel:
enabled: true
clusterSize: 3
redis-replication-renovate:
replicationNameOverride: redis-replication-renovate
existingSecret:
enabled: false
redisReplication:
clusterSize: 1
redisSentinel:
enabled: false
volsync-target-storage:
pvcTarget: gitea-shared-storage
local:
enabled: true
schedule: 0 0 0 * * *
restic:
pruneIntervalDays: 3
retain:
hourly: 1
daily: 1
weekly: 3
monthly: 0
yearly: 0
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem
cacheCapacity: 40Gi
external:
enabled: false
remote:
enabled: false

14
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,15 +1,9 @@
dependencies:
- name: grafana-operator
repository: https://grafana.github.io/helm-charts
version: 5.21.1
version: v5.20.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.1
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:4268870b640674c1bcde0e75f58d0c0bb0444e5a53f813f33b5ce279df86feb3
generated: "2025-12-16T18:03:38.745478037Z"
version: 6.16.1
digest: sha256:3bd7096e4401df5818733b3e0b08f281c12af9b54a272fbe3e753b2616d725dd
generated: "2025-12-04T00:01:28.278027037Z"

16
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,19 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: grafana-operator
version: 5.21.1
version: v5.20.0
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.1.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
alias: redis-replication-unified-alerting
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: redis-replication
alias: redis-replication-remote-cache
version: 0.5.0
alias: postgres-17-cluster
version: 6.16.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
appVersion: v5.20.0
appVersion: v5.18.0

Some files were not shown because too many files have changed in this diff Show More