Compare commits
1 Commits
renovate/g
...
renovate/t
| Author | SHA1 | Date | |
|---|---|---|---|
85595db3c9
|
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,4 +1,3 @@
|
||||
/**/archive/
|
||||
/**/charts/
|
||||
/**/manifests/
|
||||
/**/tmpcharts*/
|
||||
|
||||
@@ -2,12 +2,6 @@
|
||||
|
||||
GitOps definied infrastrucutre for the alexlebens.net domain.
|
||||
|
||||
## Stack-cl01tl
|
||||
|
||||
https://argocd.alexlebens.net/api/badge?name=stack-cl01tl&revision=true&showAppName=true
|
||||
|
||||
App-of-Apps Application for cl01tl
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the terms of the Apache 2.0 License license.
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:bec79e67c86a1cd074c421313d4637012248b2a66fbac1972de69b8fd17f10d6
|
||||
generated: "2025-12-17T16:30:59.656583956Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:3763d6c5c0b45219235229aa1d72bfa426abd29aa8d92c1b1ca958b6afb3bfc8
|
||||
generated: "2025-12-15T17:43:51.908308-06:00"
|
||||
|
||||
@@ -19,7 +19,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
appVersion: 25.12.0
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:72965155699ed10d43c41c2efdd11685e8d2e272eaab1706131d17a4bd103fc2
|
||||
generated: "2025-12-17T16:31:16.276478437Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:88e0d8008795451a64f3a2e4fa4fc120d48cef4badb4305e8e60afbb494352c5
|
||||
generated: "2025-12-15T18:19:02.989735-06:00"
|
||||
|
||||
@@ -21,11 +21,11 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-metadata
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
appVersion: 2.31.0
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 2025.10.3
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:ec4d196c502021555fef8e13789b7ce683163270dc0dc76ee63df614e74b5969
|
||||
generated: "2025-12-17T16:33:20.824676-06:00"
|
||||
digest: sha256:529f2ddaef6ef3584461ae31e4e3ffcc1146f19ece74ef054a7ddbc7eb36a0d8
|
||||
generated: "2025-12-17T16:09:03.696627571Z"
|
||||
|
||||
@@ -26,7 +26,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
|
||||
@@ -20,6 +20,29 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/authentik
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -48,6 +48,8 @@ authentik:
|
||||
enabled: false
|
||||
redis:
|
||||
enabled: false
|
||||
cloudflared:
|
||||
existingSecretName: authentik-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:b7d1700ed373d9a9b761989a8e63f01e0e969491ac05d94cf888f9f5befb32bf
|
||||
generated: "2025-12-17T16:31:33.168858369Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:13c950ad5cd6accd192e6768557c0df74af2cd767d2372dc38c1cdb7e1563399
|
||||
generated: "2025-12-15T18:33:59.961957-06:00"
|
||||
|
||||
@@ -19,11 +19,11 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
|
||||
appVersion: v1.10.1
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:f1b9b79c1c7fb5730f85637e6191978b1b75cebe2102453f7a3b2303ca055501
|
||||
generated: "2025-12-17T16:29:17.857247-06:00"
|
||||
digest: sha256:bd1cbd66ccb360978a342ee218bfb01006a486fb85c5714acd593b9e1389b151
|
||||
generated: "2025-12-15T21:50:58.968382-06:00"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
|
||||
@@ -26,3 +26,26 @@ spec:
|
||||
key: /cl01tl/code-server/auth
|
||||
metadataPolicy: None
|
||||
property: SUDO_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: code-server-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: code-server-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/codeserver
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
@@ -47,6 +47,8 @@ code-server:
|
||||
main:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
existingSecretName: code-server-cloudflared-secret
|
||||
volsync-target-config:
|
||||
pvcTarget: code-server-config
|
||||
moverSecurityContext:
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:381d2e9dba91716b569b4533c55f922baea35e36e631626e12e509ba0ff42abf
|
||||
generated: "2025-12-17T16:40:44.294195-06:00"
|
||||
digest: sha256:984cd51b50663cda85c4861949d2dc724de730a415344936a4fe39745aca31d3
|
||||
generated: "2025-12-17T16:09:15.230017239Z"
|
||||
|
||||
@@ -24,7 +24,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared-directus
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
|
||||
@@ -41,36 +41,6 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -124,6 +94,59 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/directus
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -153,6 +153,9 @@ directus:
|
||||
port: 80
|
||||
targetPort: 8055
|
||||
protocol: TCP
|
||||
cloudflared-directus:
|
||||
name: cloudflared-directus
|
||||
existingSecretName: directus-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 1.4.26
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
digest: sha256:167c380390784b7f9838ae1123f60c546fcb25cbba026e1de6820546a4e28c01
|
||||
generated: "2025-12-17T16:40:48.510486-06:00"
|
||||
version: 1.23.2
|
||||
digest: sha256:f9196cbede894c6da6ecedd9ae05d3f1fd0e20304eca8ca38c18334a923b2235
|
||||
generated: "2025-12-07T02:54:29.895481505Z"
|
||||
|
||||
@@ -22,6 +22,6 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
|
||||
appVersion: v1.12.6
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: element-web-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: element-web-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/element
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
@@ -24,3 +24,5 @@ element-web:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
cloudflared:
|
||||
existingSecretName: element-web-cloudflared-secret
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:72f17798177136bbc72e8c96b588735b40833e9520430aa82968c0f7335354d3
|
||||
generated: "2025-12-17T16:31:50.696337227Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:476021b852fbbd829570bcb88309eea92bd096cb4ec79efe2d895ee0c46f1c49
|
||||
generated: "2025-12-15T21:43:24.262051-06:00"
|
||||
|
||||
@@ -21,7 +21,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
|
||||
appVersion: 1.3.1
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:65c3f3e803b60090d43f6b5d8eca56e1da6bfeb8212d66d23cfdb8460d13ecba
|
||||
generated: "2025-12-17T16:40:58.956142-06:00"
|
||||
digest: sha256:5900e87dbe27e52b72edc6dd34e36aeb89c491ac8729b3be499cbd6e09ce88ff
|
||||
generated: "2025-12-17T16:09:27.525526677Z"
|
||||
|
||||
@@ -24,7 +24,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
|
||||
@@ -71,6 +71,29 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: crypto-key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/freshrss
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -192,6 +192,8 @@ freshrss:
|
||||
main:
|
||||
- path: /var/www/FreshRSS/extensions
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
existingSecretName: freshrss-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
|
||||
@@ -10,7 +10,7 @@ dependencies:
|
||||
version: 0.18.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
@@ -23,5 +23,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:15b7a7d8b69b876dc63705a75070cb522e90d6f8ead610209fd88b39f1ba28e4
|
||||
generated: "2025-12-17T16:41:08.82906-06:00"
|
||||
digest: sha256:4d1894d82bb3c9ca4672378e79ba8c6a7b1d1d691c6ac0e5ac369759a015f1dd
|
||||
generated: "2025-12-17T16:09:49.625523528Z"
|
||||
|
||||
@@ -37,7 +37,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
|
||||
@@ -197,6 +197,29 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: MEILI_MASTER_KEY
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/gitea
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -185,6 +185,8 @@ meilisearch:
|
||||
memory: 128Mi
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
cloudflared:
|
||||
existingSecretName: gitea-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: grafana-operator
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
version: 5.21.1
|
||||
version: v5.20.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
@@ -11,5 +11,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:485cf44121c365717b671a4c9538d7498bd9279f7cceb856dad5a796f9482afe
|
||||
generated: "2025-12-17T22:47:19.041363006Z"
|
||||
digest: sha256:7efeacd496cb0dc009013164641868c9de71acc3f26dab8c6eee10e0a9f82c06
|
||||
generated: "2025-12-17T16:10:04.690538844Z"
|
||||
|
||||
@@ -17,7 +17,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: grafana-operator
|
||||
version: 5.21.1
|
||||
version: v5.20.0
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
digest: sha256:96923099c2893374540fe8cf354fc1805205c08819dcb6367f4f8ac14b4221bc
|
||||
generated: "2025-12-17T16:41:26.330656-06:00"
|
||||
version: 1.23.2
|
||||
digest: sha256:fbfdebf734560044cfe5d2c4771b63cbcabc121d13c44b751f914877b5bdc83f
|
||||
generated: "2025-12-07T02:55:01.91141803Z"
|
||||
|
||||
@@ -22,6 +22,6 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
|
||||
appVersion: v1.8.0
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: homepage-dev-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: homepage-dev-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/homepage-dev
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
@@ -163,3 +163,5 @@ homepage:
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: widgets.yaml
|
||||
cloudflared:
|
||||
existingSecretName: homepage-dev-cloudflared-secret
|
||||
|
||||
@@ -27,7 +27,7 @@ jellyfin:
|
||||
memory: 2Gi
|
||||
vue:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
replicas: 3
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
containers:
|
||||
|
||||
@@ -7,9 +7,9 @@ dependencies:
|
||||
version: 0.18.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:9e808d0a415bb032c8565c99c59b15f25cbffd22df8c1c70e16c80e8799505fb
|
||||
generated: "2025-12-17T16:41:40.280667-06:00"
|
||||
digest: sha256:75ae21505394e7f5d2c0308665400aa249598612b141c6632bffe99230d454d3
|
||||
generated: "2025-12-16T23:01:47.968439-06:00"
|
||||
|
||||
@@ -27,7 +27,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
|
||||
@@ -79,3 +79,26 @@ spec:
|
||||
key: /cl01tl/karakeep/meilisearch
|
||||
metadataPolicy: None
|
||||
property: MEILI_MASTER_KEY
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: karakeep-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: karakeep-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/karakeep
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
@@ -152,5 +152,7 @@ meilisearch:
|
||||
memory: 128Mi
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
cloudflared:
|
||||
existingSecretName: karakeep-cloudflared-secret
|
||||
volsync-target-data:
|
||||
pvcTarget: karakeep
|
||||
|
||||
@@ -149,7 +149,7 @@ redis-replication:
|
||||
spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
storage: 5Gi
|
||||
redisSentinel:
|
||||
enabled: true
|
||||
clusterSize: 3
|
||||
|
||||
@@ -8,8 +8,8 @@ kubernetes-cloudflare-ddns:
|
||||
timeZone: US/Central
|
||||
schedule: "30 4 * * *"
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
|
||||
@@ -1,5 +1,24 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: libation-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: libation-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
volumeMode: Filesystem
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: libation-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -8,8 +8,8 @@ libation:
|
||||
timeZone: US/Central
|
||||
schedule: 0 0 1 1 *
|
||||
startingDeadlineSeconds: 90
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 3
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
@@ -45,7 +45,7 @@ libation:
|
||||
cpu: 10m
|
||||
memory: 32Mi
|
||||
persistence:
|
||||
config:
|
||||
config-new:
|
||||
forceRename: libation
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:b12b64a6fac9ef6c2743b404547e40451bb47d04c13b509f8a07179aaad6071d
|
||||
generated: "2025-12-17T10:41:06.633712-06:00"
|
||||
digest: sha256:66944bedb53a1cf3aff6cb8e1218f23cd9ccf3cca9489064f0eee46c66f59ac4
|
||||
generated: "2025-12-17T16:10:52.803256851Z"
|
||||
|
||||
@@ -26,9 +26,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
|
||||
appVersion: 3.1.0
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: lidarr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: lidarr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: lidarr-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: lidarr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: lidarr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: lidarr-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: lidarr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -144,10 +144,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: lidarr-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:8dc18a31138c2e4eb4f6499058aaec0437ecd76ba4f0c5db4ec1ef46e90f9628
|
||||
generated: "2025-12-17T10:07:48.72533-06:00"
|
||||
digest: sha256:486139f48e88e912593a7ee18973bc4872a6ddc4881fcfa933558f5a7749503b
|
||||
generated: "2025-12-05T17:08:12.627557611Z"
|
||||
|
||||
@@ -18,9 +18,5 @@ dependencies:
|
||||
alias: lidatube
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png
|
||||
appVersion: 0.2.42
|
||||
|
||||
@@ -64,10 +64,3 @@ lidatube:
|
||||
main:
|
||||
- path: /lidatube/downloads
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: lidatube-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:bb2dd513e76b8f2597967ea48a9c7df7018ed5d40a5f8dabc3402e15cdb4c74a
|
||||
generated: "2025-12-17T10:10:10.316764-06:00"
|
||||
digest: sha256:1f215356d77b524ae23c0bb178d48fd2d602d9224dd7459658628903ff5b6e4c
|
||||
generated: "2025-12-05T17:08:24.614701742Z"
|
||||
|
||||
@@ -17,8 +17,4 @@ dependencies:
|
||||
alias: listenarr
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
appVersion: 0.2.35
|
||||
|
||||
@@ -28,7 +28,6 @@ listenarr:
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
config:
|
||||
forceRename: listenarr
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
@@ -45,10 +44,3 @@ listenarr:
|
||||
main:
|
||||
- path: /data
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: listenarr
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -13,10 +13,10 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
@@ -26,17 +26,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:ccb371d89141f57b6fcddbb132406ef783e27be124e8f44af480e5f0eeb11de6
|
||||
generated: "2025-12-17T16:42:10.9332-06:00"
|
||||
digest: sha256:c08d2fd5436ca9f0d1b159d6d424ab42d171a967ca97178b2f8dd60de83f9cc9
|
||||
generated: "2025-12-15T15:56:54.377467-06:00"
|
||||
|
||||
@@ -45,11 +45,11 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
alias: cloudflared-synapse
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: cloudflared
|
||||
alias: cloudflared-hookshot
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
@@ -63,21 +63,5 @@ dependencies:
|
||||
alias: redis-replication-hookshot
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-synapse
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-hookshot
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-discord
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-whatsapp
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
|
||||
appVersion: 1.144.0
|
||||
|
||||
@@ -199,6 +199,221 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: matrix-synapse-cloudflared-synapse-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-synapse-cloudflared-synapse-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/matrix-synapse
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: matrix-synapse-cloudflared-hookshot-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-synapse-cloudflared-hookshot-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/matrix-hookshot
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: matrix-synapse-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-synapse-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: mautrix-discord-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: mautrix-whatsapp-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: matrix-synapse-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: matrix-synapse-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: matrix-synapse
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: matrix-synapse-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: mautrix-discord-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: mautrix-discord-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: mautrix-discord
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: mautrix-discord-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: mautrix-whatsapp-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: mautrix-whatsapp-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: mautrix-whatsapp
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: mautrix-whatsapp-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -204,7 +204,6 @@ matrix-hookshot:
|
||||
mountPropagation: None
|
||||
subPath: passkey.pem
|
||||
data:
|
||||
forceRename: matrix-hookshot
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Mi
|
||||
@@ -286,7 +285,6 @@ mautrix-discord:
|
||||
mountPropagation: None
|
||||
subPath: mautrix-discord-registration.yaml
|
||||
data:
|
||||
forceRename: mautrix-discord
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Mi
|
||||
@@ -371,7 +369,6 @@ mautrix-whatsapp:
|
||||
mountPropagation: None
|
||||
subPath: mautrix-whatsapp-registration.yaml
|
||||
data:
|
||||
forceRename: mautrix-whatsapp
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Mi
|
||||
@@ -384,6 +381,12 @@ mautrix-whatsapp:
|
||||
main:
|
||||
- path: /data
|
||||
readOnly: false
|
||||
cloudflared-synapse:
|
||||
name: cloudflared-synapse
|
||||
existingSecretName: matrix-synapse-cloudflared-synapse-secret
|
||||
cloudflared-hookshot:
|
||||
name: cloudflared-hookshot
|
||||
existingSecretName: matrix-synapse-cloudflared-hookshot-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
@@ -470,17 +473,3 @@ redis-replication-hookshot:
|
||||
redisSentinel:
|
||||
enabled: true
|
||||
clusterSize: 3
|
||||
volsync-target-synapse:
|
||||
pvcTarget: matrix-synapse
|
||||
volsync-target-hookshot:
|
||||
pvcTarget: matrix-hookshot
|
||||
volsync-target-discord:
|
||||
pvcTarget: mautrix-discord
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
volsync-target-whatsapp:
|
||||
pvcTarget: mautrix-whatsapp
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
|
||||
@@ -8,8 +8,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:d5f9a1471b38c11f4ca44bd764243309b5be739a3bb1605ee229e1f456d19643
|
||||
generated: "2025-12-17T10:42:04.895167-06:00"
|
||||
digest: sha256:4f3ed81241b432b988d6b6277192d360f98a5258ad34c88ac0645505d0acc0a5
|
||||
generated: "2025-12-17T16:11:02.717745162Z"
|
||||
|
||||
@@ -26,9 +26,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
|
||||
appVersion: 2.0.1
|
||||
|
||||
@@ -375,5 +375,3 @@ redis-replication:
|
||||
redisSentinel:
|
||||
enabled: true
|
||||
clusterSize: 3
|
||||
volsync-target-data:
|
||||
pvcTarget: n8n
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:d3b6a59e3f33b0f9b75ab5de98a027df2cff8d8a8fd5eb921d86eb2b62f6b072
|
||||
generated: "2025-12-17T11:28:44.339984-06:00"
|
||||
digest: sha256:639e6a2931f61cba27b306b6949bf5dd1fffb04682b4179f29b2561dc1f22b48
|
||||
generated: "2025-12-17T16:11:11.863081712Z"
|
||||
|
||||
@@ -25,9 +25,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
|
||||
appVersion: 0.13.3
|
||||
|
||||
@@ -51,6 +51,63 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: ollama-web-data-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ollama-web-data-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: ollama-web-data-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ollama-web-data-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: ollama-web-data
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: ollama-web-data-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -227,7 +227,6 @@ ollama:
|
||||
- path: /root/.ollama
|
||||
readOnly: false
|
||||
web-data:
|
||||
forceRename: ollama-web-data
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
@@ -293,8 +292,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-data:
|
||||
pvcTarget: ollama-web-data
|
||||
moverSecurityContext:
|
||||
runAsUser: 1337
|
||||
runAsGroup: 1337
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:522fd84d35b1aa3e761cce7e878bfbaa3981a7abca590b1cae87395ad8f0c354
|
||||
generated: "2025-12-17T16:42:30.713283-06:00"
|
||||
digest: sha256:f88a6de488648be3e889b6791ea10f2bbdc93b185b23fe1ce6f011e0c52e8795
|
||||
generated: "2025-12-17T16:11:20.961903473Z"
|
||||
|
||||
@@ -25,7 +25,7 @@ dependencies:
|
||||
- name: cloudflared
|
||||
alias: cloudflared-outline
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
|
||||
@@ -57,6 +57,29 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: outline-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: outline-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/outline
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -142,6 +142,9 @@ outline:
|
||||
port: 3000
|
||||
targetPort: 3000
|
||||
protocol: HTTP
|
||||
cloudflared-outline:
|
||||
existingSecretName: outline-cloudflared-secret
|
||||
name: cloudflared-outline
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
|
||||
@@ -4,18 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:87746040a5bc493b609900567800bd57764849ffc35949df11ba8c1a53c77852
|
||||
generated: "2025-12-17T16:42:38.213421-06:00"
|
||||
digest: sha256:89320b12971fe3aca51771776352f6841cc8ad85ce4e67799e47d34c28d0dd10
|
||||
generated: "2025-12-17T16:11:43.175332626Z"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.1
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
@@ -31,13 +31,5 @@ dependencies:
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-upload
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
|
||||
appVersion: v2.10.1
|
||||
|
||||
@@ -87,6 +87,143 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: postiz-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: postiz-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: postiz-uploads-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: postiz-uploads-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-uploads"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: postiz-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: postiz-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/postiz
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: postiz-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: postiz-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: postiz-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: postiz-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
|
||||
---
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: postiz-uploads-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: postiz-uploads-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: postiz-uploads
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: postiz-uploads-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -83,7 +83,6 @@ postiz:
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
config:
|
||||
forceRename: postiz-config
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 2Gi
|
||||
@@ -94,7 +93,6 @@ postiz:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
uploads:
|
||||
forceRename: postiz-uploads
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 10Gi
|
||||
@@ -104,6 +102,9 @@ postiz:
|
||||
main:
|
||||
- path: /uploads
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
name: cloudflared-postiz
|
||||
existingSecretName: postiz-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
@@ -168,7 +169,3 @@ redis-replication:
|
||||
redisSentinel:
|
||||
enabled: true
|
||||
clusterSize: 3
|
||||
volsync-target-config:
|
||||
pvcTarget: postiz-config
|
||||
volsync-target-upload:
|
||||
pvcTarget: postiz-uploads
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:e6c51831324467888dcfcf2434761f15e165312d38fa583c495096d59cb741d6
|
||||
generated: "2025-12-17T11:34:01.003589-06:00"
|
||||
digest: sha256:dfdb5ed2a8dafc2d0cb125af396032c4d7b4bff96eb54934fcb776df39dee5e9
|
||||
generated: "2025-12-05T17:10:55.27077318Z"
|
||||
|
||||
@@ -19,9 +19,5 @@ dependencies:
|
||||
alias: prowlarr
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
|
||||
appVersion: 2.3.0
|
||||
|
||||
55
clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml
Normal file
55
clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml
Normal file
@@ -0,0 +1,55 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: prowlarr-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: prowlarr-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
@@ -0,0 +1,35 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: prowlarr-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: prowlarr-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: prowlarr-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: prowlarr-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
supplementalGroups:
|
||||
- 44
|
||||
- 100
|
||||
- 109
|
||||
- 65539
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -49,15 +49,3 @@ prowlarr:
|
||||
main:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: prowlarr-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
supplementalGroups:
|
||||
- 44
|
||||
- 100
|
||||
- 109
|
||||
- 65539
|
||||
|
||||
@@ -2,14 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:2a52a5e028dbfd6c197857815b084e474f0a2c34e2b17fdd718386fd4a949287
|
||||
generated: "2025-12-17T12:42:06.415903-06:00"
|
||||
digest: sha256:6a7348951304a43f3e848889ceae04a0a66c4dc6ebf619efe6d69397d8af3437
|
||||
generated: "2025-12-05T17:11:05.489733462Z"
|
||||
|
||||
@@ -26,17 +26,5 @@ dependencies:
|
||||
alias: qbittorrent
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-qbit-manage-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-qui-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png
|
||||
appVersion: 5.1.4
|
||||
|
||||
@@ -14,86 +14,10 @@ data:
|
||||
echo "curl could not be found, installing";
|
||||
apk add curl;
|
||||
fi;
|
||||
|
||||
if ! command -v jq 2>&1 >/dev/null
|
||||
then
|
||||
echo "jq could not be found, installing";
|
||||
apk add jq;
|
||||
fi;
|
||||
|
||||
API_ENDPOINT="http://localhost:8080/api/v2";
|
||||
|
||||
# echo " ";
|
||||
# echo ">> Authentication ...";
|
||||
# curl -i --silent --header 'Referer: http://localhost:8080' --output response_body_auth.json --data 'username=admin&password=adminadmin' "${API_ENDPOINT}/auth/login" -c cookie;
|
||||
|
||||
echo " ";
|
||||
echo ">> Test access ...";
|
||||
HTTP_STATUS=$(curl -i -X GET --silent --write-out '%{http_code}' --output response_body_test.json -b cookie -c cookie "${API_ENDPOINT}/app/version");
|
||||
echo ">> HTTP Status Code: $HTTP_STATUS"
|
||||
|
||||
VERSION=$(tail -n 1 response_body_test.json)
|
||||
|
||||
if [ "$HTTP_STATUS" == "200" ]; then
|
||||
echo ">> Access confirmed, qBittorrent version: ${VERSION}"
|
||||
HTTP_STATUS=""
|
||||
else
|
||||
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PAYLOAD=$( jq -n \
|
||||
--arg random_port "true" \
|
||||
'{random_port: $random_port}' );
|
||||
|
||||
echo " ";
|
||||
echo ">> Setting port to random ...";
|
||||
HTTP_STATUS=$(curl -i -X POST --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_random.json --data "$PAYLOAD" "${API_ENDPOINT}/app/setPreferences");
|
||||
|
||||
if [ "$HTTP_STATUS" == "200" ]; then
|
||||
echo ">> Random port set"
|
||||
HTTP_STATUS=""
|
||||
else
|
||||
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " ";
|
||||
echo ">> Sleeping for changes to take effect";
|
||||
sleep 5;
|
||||
|
||||
PAYLOAD=$( jq -n \
|
||||
--arg listen_port "${1}" \
|
||||
'{listen_port: $listen_port}' );
|
||||
|
||||
echo " ";
|
||||
echo ">> Updating port with ${1} ...";
|
||||
curl -i -X POST --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_update.json --data "$PAYLOAD" "${API_ENDPOINT}/app/setPreferences";
|
||||
|
||||
if [ "$HTTP_STATUS" == "200" ]; then
|
||||
echo ">> Port set"
|
||||
HTTP_STATUS=""
|
||||
else
|
||||
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo " ";
|
||||
echo ">> Sleeping for changes to take effect";
|
||||
sleep 5;
|
||||
|
||||
echo " ";
|
||||
echo ">> Qbittorrent's post is now:";
|
||||
curl -i -X GET --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_check.json "${API_ENDPOINT}/app/preferences";
|
||||
|
||||
LISTEN_PORT=$(cat response_body_check.json | jq -r .listen_port)
|
||||
|
||||
[[ "$HTTP_STATUS" == "200" || "$LISTEN_PORT" == "${1}" ]];
|
||||
echo ">> Port updated successfully!"
|
||||
else
|
||||
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
|
||||
exit 1
|
||||
fi
|
||||
curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"random_port\": \"true\"}" "http://localhost:8080/api/v2/app/setPreferences";
|
||||
sleep 10
|
||||
echo "updating port with $1";
|
||||
curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences";
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
||||
@@ -1,5 +1,24 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: qbittorrent-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: qbittorrent-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: qbittorrent-config
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: qbittorrent-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -1,5 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: qbittorrent-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: qbittorrent-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Torrent/QBITTORRENT
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
- minorversion=1
|
||||
- noac
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: qbittorrent-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -41,6 +41,12 @@ qbittorrent:
|
||||
value: "002"
|
||||
- name: WEBUI_PORT
|
||||
value: 8080
|
||||
- name: DOCKER_MODS
|
||||
value: ghcr.io/themepark-dev/theme.park:qbittorrent
|
||||
- name: TP_COMMUNITY_THEME
|
||||
value: true
|
||||
- name: TP_THEME
|
||||
value: catppuccin-mocha
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
@@ -251,6 +257,28 @@ qbittorrent:
|
||||
targetPort: 9074
|
||||
protocol: HTTP
|
||||
persistence:
|
||||
config:
|
||||
type: persistentVolumeClaim
|
||||
existingClaim: qbittorrent-config
|
||||
advancedMounts:
|
||||
main:
|
||||
qbittorrent:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
qbit-manage:
|
||||
qbit-manage:
|
||||
- path: /qbittorrent
|
||||
readOnly: false
|
||||
theme-data:
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
qbittorrent:
|
||||
- path: /themepark
|
||||
readOnly: false
|
||||
update-script:
|
||||
enabled: true
|
||||
type: configMap
|
||||
@@ -261,6 +289,19 @@ qbittorrent:
|
||||
gluetun:
|
||||
- path: /gluetun/update.sh
|
||||
subPath: update.sh
|
||||
qbit-manage-config-data:
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
qbit-manage:
|
||||
init-copy-config:
|
||||
- path: /app/config
|
||||
readOnly: false
|
||||
qbit-manage:
|
||||
- path: /app/config
|
||||
readOnly: false
|
||||
qbit-manage-config:
|
||||
enabled: true
|
||||
type: configMap
|
||||
@@ -277,37 +318,14 @@ qbittorrent:
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: config.yml
|
||||
config-data:
|
||||
forceRename: qbittorrent-config-data
|
||||
storageClass: ceph-filesystem
|
||||
accessMode: ReadWriteMany
|
||||
size: 1Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
qbittorrent:
|
||||
- path: /config/qBittorrent
|
||||
readOnly: false
|
||||
qbit-manage:
|
||||
qbit-manage:
|
||||
- path: /qbittorrent/qBittorrent
|
||||
readOnly: false
|
||||
qbit-manage-config-data:
|
||||
forceRename: qbittorrent-qbit-manage-config-data
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
retain: true
|
||||
qbit-manage-config-var:
|
||||
type: emptyDir
|
||||
advancedMounts:
|
||||
qbit-manage:
|
||||
init-copy-config:
|
||||
- path: /app/config
|
||||
readOnly: false
|
||||
qbit-manage:
|
||||
- path: /app/config
|
||||
- path: /app/var
|
||||
readOnly: false
|
||||
qui-config-data:
|
||||
forceRename: qbittorrent-qui-config-data
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
@@ -317,13 +335,6 @@ qbittorrent:
|
||||
qui:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
qbit-manage-config-var:
|
||||
type: emptyDir
|
||||
advancedMounts:
|
||||
qbit-manage:
|
||||
qbit-manage:
|
||||
- path: /app/var
|
||||
readOnly: false
|
||||
storage:
|
||||
type: persistentVolumeClaim
|
||||
existingClaim: qbittorrent-nfs-storage
|
||||
@@ -336,29 +347,3 @@ qbittorrent:
|
||||
qbit-manage:
|
||||
- path: /mnt/store
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: qbittorrent-config-data
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
local:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
remote:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
external:
|
||||
restic:
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
volsync-target-qbit-manage-config:
|
||||
pvcTarget: qbittorrent-qbit-manage-config-data
|
||||
volsync-target-qui-config:
|
||||
pvcTarget: qbittorrent-qui-config-data
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:9d66ccb57066b202b4bdb12ff82fe58ce6f223b8cf52f41dbe71b63e2a06e1da
|
||||
generated: "2025-12-17T13:19:56.898192-06:00"
|
||||
digest: sha256:b61b9bd12d2576cc2ce7686283c34a4ca572e1a6004edaa4333f6298a81cfa6c
|
||||
generated: "2025-12-17T16:11:55.289060592Z"
|
||||
|
||||
@@ -29,9 +29,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
@@ -1,5 +1,62 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-4k-config-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-4k-config-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config"
|
||||
data:
|
||||
- secretKey: BUCKET_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: S3_BUCKET_ENDPOINT
|
||||
- secretKey: RESTIC_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: RESTIC_PASSWORD
|
||||
- secretKey: AWS_DEFAULT_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/volsync/restic/config
|
||||
metadataPolicy: None
|
||||
property: AWS_DEFAULT_REGION
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: access_key
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/volsync-backups
|
||||
metadataPolicy: None
|
||||
property: secret_key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: radarr-4k-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: radarr-4k-config-backup-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: radarr-4k-config-backup-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: radarr-4k-config
|
||||
trigger:
|
||||
schedule: 0 4 * * *
|
||||
restic:
|
||||
pruneIntervalDays: 7
|
||||
repository: radarr-4k-config-backup-secret
|
||||
retain:
|
||||
hourly: 1
|
||||
daily: 3
|
||||
weekly: 2
|
||||
monthly: 2
|
||||
yearly: 4
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
copyMethod: Snapshot
|
||||
storageClassName: ceph-block
|
||||
volumeSnapshotClassName: ceph-blockpool-snapshot
|
||||
@@ -144,10 +144,3 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
volsync-target-config:
|
||||
pvcTarget: radarr-4k-config
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
|
||||
@@ -5,8 +5,5 @@ dependencies:
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.1.3
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:1a14ec1d5d6a61c3428e4578c391e38ecc87f8995c572e53982e950e35a4705f
|
||||
generated: "2025-12-17T13:19:58.852583-06:00"
|
||||
digest: sha256:faf85a053ac36925b51a326d638fcbea233a76e718a40fce46354889c1bd7afa
|
||||
generated: "2025-12-17T16:12:05.3064082Z"
|
||||
|
||||
@@ -29,9 +29,5 @@ dependencies:
|
||||
alias: postgres-18-cluster
|
||||
version: 7.1.3
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
appVersion: 6.0.4
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user