alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

Compare commits

base: alexlebens:renovate/kube-prometheus-stack-82.x
Branches Tags
alexlebens:main alexlebens:renovate/kube-prometheus-stack-82.x alexlebens:renovate/meilisearch-0.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-haveagitgattdarr_node alexlebens:renovate/unified-haveagitgattdarr alexlebens:renovate/unified-brainicismbgutil-ytdlp-pot-provider alexlebens:manifests alexlebens:renovate/redis-replication-1.x
..
compare: alexlebens:c8c955c8e0314e08ddcf2cfc7cd295533ab20bef
Branches Tags
alexlebens:renovate/kube-prometheus-stack-82.x alexlebens:renovate/meilisearch-0.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-haveagitgattdarr_node alexlebens:renovate/unified-haveagitgattdarr alexlebens:renovate/unified-brainicismbgutil-ytdlp-pot-provider alexlebens:manifests alexlebens:main alexlebens:renovate/redis-replication-1.x

1 Commits
renovate/k ... c8c955c8e0

Author SHA1 Message Date
Renovate Bot
c8c955c8e0 chore(deps): update dependency unpackerr/unpackerr to v0.15.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 22s
Details
2026-03-02 07:04:39 +00:00
47 changed files with 424 additions and 524 deletions
Expand all files Collapse all files

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.3.0
appVersion: 26.2.1

2
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -9,7 +9,7 @@ actual:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.3.0
tag: 26.2.1
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.7
digest: sha256:9fc78ed4a6a55f65e3250e687caf67ad09e852eb7b01313e372127e75f451a79
generated: "2026-03-03T20:05:52.081769174Z"
version: 9.4.6
digest: sha256:0eb9b1925e946d56b9281b801fd92beb74ed952382e1d1fa0f6a0090a105ec96
generated: "2026-03-02T00:09:30.041548831Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.7
version: 9.4.6
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.1
version: 2026.2.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.3.0
@@ -11,5 +11,5 @@ dependencies:
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.4
digest: sha256:c356de948612277945be5dd1a7898399482434be1bab6bec85f8d3c03ca78307
generated: "2026-03-03T22:11:01.686244657Z"
digest: sha256:d8431fb5a658a6e0e2600c25531c389627e228e5e9c0317f1efcc78428f3166f
generated: "2026-02-27T18:14:49.72388334Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -21,7 +21,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.1
version: 2026.2.0
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.6@sha256:94eee5e3e14430b7b144d4556be73963a7daf6f1bddc25586627f426465482ce
tag: 1.5.6@sha256:b0bc617664dbca25845ac3b1bb6411b145b6a44a6d173071c9d2f426524fdd9f
pullPolicy: IfNotPresent
env:
- name: TZ

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -100,7 +100,6 @@ blocky:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -113,7 +112,6 @@ blocky:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
@@ -159,6 +157,7 @@ blocky:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
tag: 4.109.2@sha256:e142dcf071e493ea04705441d1c7b22b62ca846c42b68e05193a5e55cb4af2d1
pullPolicy: IfNotPresent
env:
- name: TZ

12
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -1,12 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.0
digest: sha256:2682dcbc71417a103cf4c1ed920caac5b14272b021dc579fb8a3cf2fedfa0490
generated: "2026-03-03T16:10:42.029406-06:00"

29
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v2
name: dawarich
version: 1.0.0
description: Dawarich
keywords:
- dawarich
- location
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Freika/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: dawarich
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.2.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.1

51
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,51 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret

344
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -1,344 +0,0 @@
dawarich:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freikin/dawarich
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
env:
- name: RAILS_ENV
value: production
- name: REDIS_URL
value: redis://dawarich-valkey.dawarich:6379
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: host
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: port
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: password
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: dbname
- name: APPLICATION_HOSTS
value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
- name: TIME_ZONE
value: America/Chicago
- name: APPLICATION_PROTOCOL
value: http
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/darwich/
- name: OIDC_REDIRECT_URI
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
- name: OIDC_AUTO_REGISTER
value: true
- name: PROMETHEUS_EXPORTER_ENABLED
value: true
- name: PROMETHEUS_EXPORTER_HOST
value: 0.0.0.0
- name: PROMETHEUS_EXPORTER_PORT
value: 9394
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
- name: SELF_HOSTED
value: true
- name: STORE_GEODATA
value: true
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
sidekiq:
image:
repository: freikin/dawarich
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
env:
- name: RAILS_ENV
value: production
- name: REDIS_URL
value: redis://dawarich-valkey.dawarich:6379
- name: DATABASE_HOST
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: host
- name: DATABASE_PORT
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: port
- name: DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: user
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: password
- name: DATABASE_NAME
valueFrom:
secretKeyRef:
name: dawarich-postgresql-18-cluster-app
key: dbname
- name: APPLICATION_HOSTS
value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
- name: TIME_ZONE
value: America/Chicago
- name: APPLICATION_PROTOCOL
value: http
- name: DISTANCE_UNIT
value: mi
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/darwich/
- name: OIDC_REDIRECT_URI
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
- name: OIDC_AUTO_REGISTER
value: true
- name: PROMETHEUS_EXPORTER_ENABLED
value: true
- name: PROMETHEUS_EXPORTER_HOST
value: 0.0.0.0
- name: PROMETHEUS_EXPORTER_PORT
value: 9394
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
- name: SELF_HOSTED
value: true
- name: STORE_GEODATA
value: true
probes:
liveness:
enabled: false
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- pgrep -f sidekiq
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: dawarich
app.kubernetes.io/instance: dawarich
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- dawarich.alexlebens.net
rules:
- backendRefs:
- group: ""
kind: Service
name: dawarich
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
storage:
forceRename: dawarich-storage
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/storage
readOnly: false
sidekiq:
- path: /var/app/storage
readOnly: false
public:
forceRename: dawarich-public
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/public
readOnly: false
sidekiq:
- path: /var/app/public
readOnly: false
watched:
forceRename: dawarich-watched
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /var/app/tmp/imports/watched
readOnly: false
sidekiq:
- path: /var/app/tmp/imports/watched
readOnly: false
postgres-18-cluster:
mode: recovery
cluster:
image:
repository: ghcr.io/cloudnative-pg/postgis
tag: 18-3-system-trixie
initdb:
postInitTemplateSQL:
- CREATE EXTENSION postgis;
- CREATE EXTENSION postgis_topology;
- CREATE EXTENSION fuzzystrmatch;
- CREATE EXTENSION postgis_tiger_geocoder;
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.31
version: 1.4.30
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.3.0
digest: sha256:7447f3828246d85acd5a2a75b6d086d8fbe29ee90ad61b96dd25de8dcfefbc4e
generated: "2026-03-03T18:08:31.901975101Z"
digest: sha256:90a1767a625f0a5ba0f5f23015b2ae7c2ae2cecac311e6cb2dc2ce3c483916b3
generated: "2026-02-16T20:12:50.293216516Z"

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.31
version: 1.4.30
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

22
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -167,9 +167,6 @@ gatus:
- name: home-assistant
url: https://home-assistant.alexlebens.net
<<: *defaults
- name: dawarich
url: https://dawarich.alexlebens.net
<<: *defaults
- name: actual
url: https://actual.alexlebens.net
<<: *defaults
@@ -301,49 +298,36 @@ gatus:
- name: sonarr
url: http://sonarr.sonarr:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: sonarr-4k
url: http://sonarr-4k.sonarr-4k:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: sonarr-anime
url: http://sonarr-anime.sonarr-anime:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: radarr
url: http://radarr.radarr:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: radarr-4k
url: http://radarr-4k.radarr-4k:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: radarr-anime
url: http://radarr-anime.radarr-anime:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: radarr-standup
url: http://radarr-standup.radarr-standup:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: lidarr
url: http://lidarr.lidarr:80
<<: *defaults
conditions:
- "[STATUS] == 200"
- name: yubal
url: https://yubal.alexlebens.net
<<: *defaults
- name: music-grabber
url: https://music-grabber.alexlebens.net
<<: *defaults
- name: spotisub
url: https://spotisub.alexlebens.net
<<: *defaults
- name: slskd
url: https://slskd.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.20
digest: sha256:8841709955381394b6304b7c53345692517e419c197ddc59b66a505ae742ec04
generated: "2026-03-03T03:03:20.457381608Z"
version: 0.20.19
digest: sha256:b5183b9e68c8ca65327588f8577b7e6c09988667498839445f8f797da5d1935b
generated: "2026-03-02T01:31:13.326419153Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.20
version: 0.20.19
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

7
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -28,10 +28,9 @@ dependencies:
- name: gitea
version: 12.5.0
repository: https://dl.gitea.io/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.0.3
- name: gitea-actions
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.1
- name: meilisearch
version: 0.25.1
repository: https://meilisearch.github.io/meilisearch-kubernetes

8
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -134,11 +134,11 @@ gitea:
enabled: false
gitea-actions:
enabled: true
global:
fullnameOverride: gitea-actions
statefulset:
replicas: 6
timezone: America/Chicago
actRunner:
registry: ""
repository: gitea/act_runner
tag: 0.2.13
config: |
@@ -153,15 +153,13 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind:
registry: ""
repository: docker
tag: 28.3.3-dind
tag: 25.0.2-dind
persistence:
storageClass: ceph-block
size: 5Gi
init:
image:
registry: ""
repository: busybox
tag: "1.37.0"
existingSecret: gitea-runner-secret

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
tag: 4.109.2@sha256:e142dcf071e493ea04705441d1c7b22b62ca846c42b68e05193a5e55cb4af2d1
pullPolicy: IfNotPresent
env:
- name: TZ

12
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -252,12 +252,6 @@ homepage:
href: https://home-assistant.alexlebens.net
siteMonitor: http://home-assistant-main.home-assistant:80
statusStyle: dot
- Location:
icon: sh-dawarich.webp
description: Dawarich
href: https://dawarich.alexlebens.net
siteMonitor: http://dawarich.dawarich:80
statusStyle: dot
- Budgeting:
icon: sh-actual-budget.webp
description: Actual
@@ -722,6 +716,12 @@ homepage:
href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80
statusStyle: dot
- Spotisub:
icon: sh-spotify.webp
description: Replicate Spotify playlists
href: https://spotisub.alexlebens.net
siteMonitor: http://spotisub.spotisub:80
statusStyle: dot
- slskd:
icon: sh-slskd.webp
description: slskd

2
clusters/cl01tl/helm/kiwix/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kiwix-dark.png
# renovate: datasource=github-releases depName=kiwix/kiwix-tools
appVersion: 3.8.2
appVersion: 3.8.1

2
clusters/cl01tl/helm/kiwix/values.yaml
View File

@@ -9,7 +9,7 @@ kiwix:
main:
image:
repository: ghcr.io/kiwix/kiwix-serve
tag: 3.8.2
tag: 3.8.1
pullPolicy: IfNotPresent
args:
- '*.zim'

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.8.0
version: 82.4.3
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.4
digest: sha256:99a9b7f8699fac9c0691c2a00f175e99d4857bf2a134fd332fd263952fbad4d8
generated: "2026-03-03T23:52:05.90556034Z"
digest: sha256:4c91341624420da7cb0502f0bf04aded7945b599d4791c71f0ed14c1bbcbcdc1
generated: "2026-02-27T18:11:53.485436384Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.8.0
version: 82.4.3
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

6
clusters/cl01tl/helm/loki/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 6.53.0
- name: alloy
repository: https://grafana.github.io/helm-charts
version: 1.6.1
digest: sha256:ec17a816dcdc476ad67cd056556d9a42a9fb8057ef75a928f8604939006e3416
generated: "2026-03-02T15:18:56.219024346Z"
version: 1.6.0
digest: sha256:a65f68b2e68defa63d15cf84317ba45a770b5b9cbb5bebc6fed219cefed99b69
generated: "2026-02-10T19:12:00.80383488Z"

2
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -19,7 +19,7 @@ dependencies:
version: 6.53.0
repository: https://grafana.github.io/helm-charts
- name: alloy
version: 1.6.1
version: 1.6.0
repository: https://grafana.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png
# renovate: datasource=github-releases depName=grafana/loki

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.17.5
appVersion: 0.17.4

2
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -117,7 +117,7 @@ ollama:
main:
image:
repository: ghcr.io/open-webui/open-webui
tag: v0.8.8
tag: v0.8.7
pullPolicy: IfNotPresent
env:
- name: ENV

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -9,7 +9,7 @@ plex:
main:
image:
repository: ghcr.io/linuxserver/plex
tag: 1.43.0@sha256:79dfc89947410ec120a3e34cf68f746f6f154de20772e6f27b9998ca9bd65a5e
tag: 1.43.0@sha256:55c2def2eb662c2ce1a13e569278aeb87b2509ac7c57711d0da0a5d6d1607ad8
pullPolicy: IfNotPresent
env:
- name: TZ

7
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -27,13 +27,6 @@ rook-ceph-cluster:
tag: v19.2.3-20250717
imagePullPolicy: IfNotPresent
cephClusterSpec:
cephConfig:
global:
bdev_enable_discard: "true"
bdev_async_discard: "true"
bdev_async_discard_threads: "1"
# osd:
# bluestore_slow_ops_warn_lifetime: "0"
mgr:
count: 2
modules:

2
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -122,7 +122,7 @@ rybbit:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.2.3
tag: 26.2.2
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:dc9c7aae0b77f8cd819dd8c7e6d489eab456000838e062c399f2bf37d230500e
tag: latest@sha256:615f9043e978f0a43b95d7ea85ed5751ff2152bd3a3455618494549f891f89ef
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:dc9c7aae0b77f8cd819dd8c7e6d489eab456000838e062c399f2bf37d230500e
tag: latest@sha256:615f9043e978f0a43b95d7ea85ed5751ff2152bd3a3455618494549f891f89ef
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 2.19.0
tag: 2.17.1
pullPolicy: IfNotPresent
resources:
requests:

6
clusters/cl01tl/helm/spotisub/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:3b63381e4968f95ce2d99fae620f3d1ae6af295b1bacc4ed0fbe9f1ccb0e9405
generated: "2026-02-06T11:04:57.311195-06:00"

21
clusters/cl01tl/helm/spotisub/Chart.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v2
name: spotisub
version: 1.0.0
description: Spotisub
keywords:
- spotisub
- music
- spotify
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/blastbeng/spotisub
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: spotisub
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=blastbeng/spotisub
appVersion: v0.3.6

93
clusters/cl01tl/helm/spotisub/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,93 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: spotify-client-id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-id
- secretKey: spotify-client-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: client-secret
- secretKey: spotify-redirect-uri
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /spotify/andrew
metadataPolicy: None
property: redirect-uri
- secretKey: subsonic-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: user
- secretKey: subsonic-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/andrew
metadataPolicy: None
property: password
- secretKey: lidarr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: spotisub-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: password

11
clusters/cl01tl/helm/spotisub/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: spotisub
labels:
app.kubernetes.io/name: spotisub
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

17
clusters/cl01tl/helm/spotisub/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: spotisub-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/spotisub/templates/persistent-volume.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: spotisub-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: spotisub-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Music Youtube/
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

194
clusters/cl01tl/helm/spotisub/values.yaml Normal file
View File

@@ -0,0 +1,194 @@
spotisub:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: blastbeng/spotisub
tag: v0.3.7
pullPolicy: IfNotPresent
env:
- name: SPOTIPY_CLIENT_ID
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-id
- name: SPOTIPY_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-client-secret
- name: SPOTIPY_REDIRECT_URI
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: spotify-redirect-uri
- name: SUBSONIC_API_HOST
value: http://navidrome-main.navidrome
- name: SUBSONIC_API_PORT
value: 80
- name: SUBSONIC_API_USER
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-user
- name: SUBSONIC_API_PASS
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: subsonic-password
- name: PLAYLIST_PREFIX
value: "Spotify - "
- name: NUM_USER_PLAYLISTS
value: 0
- name: ARTIST_GEN_SCHED
value: 0
- name: RECOMEND_GEN_SCHED
value: 0
- name: SPOTDL_ENABLED
value: 1
- name: SPOTDL_OUT_FORMAT
value: "/mnt/store/Music Youtube/{artist}/{year} - {album}/{track-number} - {title}.{output-ext}"
- name: LIDARR_ENABLED
value: 1
- name: LIDARR_IP
value: http://lidarr.lidarr
- name: LIDARR_PORT
value: 80
- name: LIDARR_TOKEN
valueFrom:
secretKeyRef:
name: spotisub-config-secret
key: lidarr-key
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "curl -s http://127.0.0.1:5183/api/v1/utils/healthcheck | grep -q 'Ok!'"
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
requests:
cpu: 10m
memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: spotisub-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 5183
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 5183
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- spotisub.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: spotisub
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /home/user/spotisub/cache
readOnly: false
music:
existingClaim: spotisub-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Music Youtube/
readOnly: false

2
clusters/cl01tl/helm/unpackerr/values.yaml
View File

@@ -9,7 +9,7 @@ unpackerr:
main:
image:
repository: golift/unpackerr
tag: 0.15.0
tag: 0.14.5
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
# renovate: datasource=github-releases depName=clidey/whodb
appVersion: 0.97.0
appVersion: 0.95.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.97.0
tag: 0.95.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

3
hosts/ps08rp/blocky/config.yml
View File

@@ -75,7 +75,6 @@ customDNS:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -88,7 +87,6 @@ customDNS:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
@@ -134,6 +132,7 @@ customDNS:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

3
hosts/ps09rp/blocky/config.yml
View File

@@ -96,7 +96,6 @@ customDNS:
blocky IN A 10.232.1.22
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
@@ -109,7 +108,6 @@ customDNS:
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
@@ -155,6 +153,7 @@ customDNS:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
spotisub IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl