alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 14 Actions 1 Activity

Compare commits

base: alexlebens:renovate/meilisearch-0.x
Branches Tags
alexlebens:main alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/meilisearch-0.x alexlebens:renovate/grafana-operator-5.x alexlebens:auto/update-manifests alexlebens:manifests alexlebens:renovate/volsync-target-0.x alexlebens:renovate/tailscale-operator-1.x alexlebens:renovate/ghcr.io-unpoller-unpoller-2.x alexlebens:renovate/ghcr.io-tailscale-tailscale-1.x alexlebens:renovate/ghcr.io-booklore-app-booklore-1.x alexlebens:renovate/ghcr.io-autobrr-qui-1.x alexlebens:renovate/dock.mau.dev-mautrix-whatsapp-0.x alexlebens:renovate/registry.k8s.io-coredns-coredns-1.x alexlebens:renovate/ghcr.io-tecnativa-docker-socket-proxy-0.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x
..
compare: alexlebens:renovate/ghcr.io-tecnativa-docker-socket-proxy-0.x
Branches Tags
alexlebens:renovate/stalwartlabs-stalwart-0.x alexlebens:renovate/meilisearch-0.x alexlebens:renovate/grafana-operator-5.x alexlebens:auto/update-manifests alexlebens:main alexlebens:manifests alexlebens:renovate/volsync-target-0.x alexlebens:renovate/tailscale-operator-1.x alexlebens:renovate/ghcr.io-unpoller-unpoller-2.x alexlebens:renovate/ghcr.io-tailscale-tailscale-1.x alexlebens:renovate/ghcr.io-booklore-app-booklore-1.x alexlebens:renovate/ghcr.io-autobrr-qui-1.x alexlebens:renovate/dock.mau.dev-mautrix-whatsapp-0.x alexlebens:renovate/registry.k8s.io-coredns-coredns-1.x alexlebens:renovate/ghcr.io-tecnativa-docker-socket-proxy-0.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x

1 Commits
renovate/m ... renovate/g

Author SHA1 Message Date
Renovate Bot
422ff7048a Update ghcr.io/tecnativa/docker-socket-proxy Docker tag to v0.4.2
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 19s
Details
lint-test-helm / lint-helm (pull_request) Successful in 18s
Details
2025-12-17 16:28:41 +00:00
50 changed files with 820 additions and 331 deletions
Expand all files Collapse all files

6
README.md
View File

@@ -2,12 +2,6 @@
GitOps definied infrastrucutre for the alexlebens.net domain.
## Stack-cl01tl
https://argocd.alexlebens.net/api/badge?name=stack-cl01tl&revision=true&showAppName=true
App-of-Apps Application for cl01tl
## License
This project is licensed under the terms of the Apache 2.0 License license.

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 0.2.1
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.19.0
version: 0.18.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:acc2ca18acea2ad344c2c20a45e8fe5a5df9025aac4583f04b1bf9283bfe77bc
generated: "2025-12-17T18:51:15.071844552Z"
digest: sha256:4d1894d82bb3c9ca4672378e79ba8c6a7b1d1d691c6ac0e5ac369759a015f1dd
generated: "2025-12-17T16:09:49.625523528Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -32,7 +32,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.2.1
- name: meilisearch
version: 0.19.0
version: 0.18.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared

6
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.5.0
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.19.0
version: 0.18.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 1.23.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:2880343c35353a7216758f31810c7d7a840bc6f91fa17495dd6b34bc73ccf8d7
generated: "2025-12-17T18:51:34.221604541Z"
digest: sha256:75ae21505394e7f5d2c0308665400aa249598612b141c6632bffe99230d454d3
generated: "2025-12-16T23:01:47.968439-06:00"

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: meilisearch
version: 0.19.0
version: 0.18.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
alias: cloudflared

2
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -149,7 +149,7 @@ redis-replication:
spec:
resources:
requests:
storage: 10Gi
storage: 5Gi
redisSentinel:
enabled: true
clusterSize: 3

19
clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml
View File

@@ -1,5 +1,24 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: libation-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: libation-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: libation-nfs-storage
namespace: {{ .Release.Namespace }}

2
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -45,7 +45,7 @@ libation:
cpu: 10m
memory: 32Mi
persistence:
config:
config-new:
forceRename: libation
storageClass: ceph-block
accessMode: ReadWriteOnce

7
clusters/cl01tl/helm/lidarr/Chart.lock
View File

@@ -5,8 +5,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.3
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:b12b64a6fac9ef6c2743b404547e40451bb47d04c13b509f8a07179aaad6071d
generated: "2025-12-17T10:41:06.633712-06:00"
digest: sha256:66944bedb53a1cf3aff6cb8e1218f23cd9ccf3cca9489064f0eee46c66f59ac4
generated: "2025-12-17T16:10:52.803256851Z"

4
clusters/cl01tl/helm/lidarr/Chart.yaml
View File

@@ -26,9 +26,5 @@ dependencies:
alias: postgres-18-cluster
version: 7.1.3
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
appVersion: 3.1.0

57
clusters/cl01tl/helm/lidarr/templates/external-secret.yaml
View File

@@ -1,5 +1,62 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: lidarr-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: lidarr-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}

28
clusters/cl01tl/helm/lidarr/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: lidarr-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidarr-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: lidarr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: lidarr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

7
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -144,10 +144,3 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
volsync-target-config:
pvcTarget: lidarr-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch

7
clusters/cl01tl/helm/lidatube/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:8dc18a31138c2e4eb4f6499058aaec0437ecd76ba4f0c5db4ec1ef46e90f9628
generated: "2025-12-17T10:07:48.72533-06:00"
digest: sha256:486139f48e88e912593a7ee18973bc4872a6ddc4881fcfa933558f5a7749503b
generated: "2025-12-05T17:08:12.627557611Z"

4
clusters/cl01tl/helm/lidatube/Chart.yaml
View File

@@ -18,9 +18,5 @@ dependencies:
alias: lidatube
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidatube.png
appVersion: 0.2.42

7
clusters/cl01tl/helm/lidatube/values.yaml
View File

@@ -64,10 +64,3 @@ lidatube:
main:
- path: /lidatube/downloads
readOnly: false
volsync-target-config:
pvcTarget: lidatube-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch

7
clusters/cl01tl/helm/listenarr/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:bb2dd513e76b8f2597967ea48a9c7df7018ed5d40a5f8dabc3402e15cdb4c74a
generated: "2025-12-17T10:10:10.316764-06:00"
digest: sha256:1f215356d77b524ae23c0bb178d48fd2d602d9224dd7459658628903ff5b6e4c
generated: "2025-12-05T17:08:24.614701742Z"

4
clusters/cl01tl/helm/listenarr/Chart.yaml
View File

@@ -17,8 +17,4 @@ dependencies:
alias: listenarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
appVersion: 0.2.35

8
clusters/cl01tl/helm/listenarr/values.yaml
View File

@@ -28,7 +28,6 @@ listenarr:
protocol: HTTP
persistence:
config:
forceRename: listenarr
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
@@ -45,10 +44,3 @@ listenarr:
main:
- path: /data
readOnly: false
volsync-target-config:
pvcTarget: listenarr
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch

16
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -26,17 +26,5 @@ dependencies:
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:d7487cc29147c4cc2719ffca559a77a3c9c50abf5087ba34f9557eb36a9302fc
generated: "2025-12-17T10:23:12.737976-06:00"
digest: sha256:c08d2fd5436ca9f0d1b159d6d424ab42d171a967ca97178b2f8dd60de83f9cc9
generated: "2025-12-15T15:56:54.377467-06:00"

16
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -63,21 +63,5 @@ dependencies:
alias: redis-replication-hookshot
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-synapse
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-hookshot
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-discord
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-whatsapp
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
appVersion: 1.144.0

169
clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml
View File

@@ -245,6 +245,175 @@ spec:
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: matrix-synapse-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/matrix-synapse"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: mautrix-discord-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-discord-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: mautrix-whatsapp-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/matrix-synapse/mautrix-whatsapp-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

85
clusters/cl01tl/helm/matrix-synapse/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,85 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: matrix-synapse-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: matrix-synapse-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: matrix-synapse
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: matrix-synapse-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: mautrix-discord-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: mautrix-discord-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: mautrix-discord
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: mautrix-discord-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: mautrix-whatsapp-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: mautrix-whatsapp-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: mautrix-whatsapp
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: mautrix-whatsapp-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

17
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -204,7 +204,6 @@ matrix-hookshot:
mountPropagation: None
subPath: passkey.pem
data:
forceRename: matrix-hookshot
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
@@ -286,7 +285,6 @@ mautrix-discord:
mountPropagation: None
subPath: mautrix-discord-registration.yaml
data:
forceRename: mautrix-discord
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
@@ -371,7 +369,6 @@ mautrix-whatsapp:
mountPropagation: None
subPath: mautrix-whatsapp-registration.yaml
data:
forceRename: mautrix-whatsapp
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
@@ -476,17 +473,3 @@ redis-replication-hookshot:
redisSentinel:
enabled: true
clusterSize: 3
volsync-target-synapse:
pvcTarget: matrix-synapse
volsync-target-hookshot:
pvcTarget: matrix-hookshot
volsync-target-discord:
pvcTarget: mautrix-discord
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337

7
clusters/cl01tl/helm/n8n/Chart.lock
View File

@@ -8,8 +8,5 @@ dependencies:
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:d5f9a1471b38c11f4ca44bd764243309b5be739a3bb1605ee229e1f456d19643
generated: "2025-12-17T10:42:04.895167-06:00"
digest: sha256:4f3ed81241b432b988d6b6277192d360f98a5258ad34c88ac0645505d0acc0a5
generated: "2025-12-17T16:11:02.717745162Z"

4
clusters/cl01tl/helm/n8n/Chart.yaml
View File

@@ -26,9 +26,5 @@ dependencies:
- name: redis-replication
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
appVersion: 2.0.1

2
clusters/cl01tl/helm/n8n/values.yaml
View File

@@ -375,5 +375,3 @@ redis-replication:
redisSentinel:
enabled: true
clusterSize: 3
volsync-target-data:
pvcTarget: n8n

7
clusters/cl01tl/helm/ollama/Chart.lock
View File

@@ -5,8 +5,5 @@ dependencies:
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.1.3
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:d3b6a59e3f33b0f9b75ab5de98a027df2cff8d8a8fd5eb921d86eb2b62f6b072
generated: "2025-12-17T11:28:44.339984-06:00"
digest: sha256:639e6a2931f61cba27b306b6949bf5dd1fffb04682b4179f29b2561dc1f22b48
generated: "2025-12-17T16:11:11.863081712Z"

4
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -25,9 +25,5 @@ dependencies:
alias: postgres-18-cluster
version: 7.1.3
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
appVersion: 0.13.3

57
clusters/cl01tl/helm/ollama/templates/external-secret.yaml
View File

@@ -51,6 +51,63 @@ spec:
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ollama-web-data-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-web-data-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/ollama/ollama-web"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

28
clusters/cl01tl/helm/ollama/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: ollama-web-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ollama-web-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: ollama-web-data
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: ollama-web-data-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -227,7 +227,6 @@ ollama:
- path: /root/.ollama
readOnly: false
web-data:
forceRename: ollama-web-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
@@ -293,8 +292,3 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
volsync-target-data:
pvcTarget: ollama-web-data
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337

10
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -11,11 +11,5 @@ dependencies:
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:8bca371950ea2088ed3229f2e2dbfaa859668de408077b3ffc6c9ade8cacc4b7
generated: "2025-12-17T11:32:26.293547-06:00"
digest: sha256:89320b12971fe3aca51771776352f6841cc8ad85ce4e67799e47d34c28d0dd10
generated: "2025-12-17T16:11:43.175332626Z"

8
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -31,13 +31,5 @@ dependencies:
- name: redis-replication
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-upload
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
appVersion: v2.10.1

114
clusters/cl01tl/helm/postiz/templates/external-secret.yaml
View File

@@ -87,6 +87,120 @@ spec:
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-uploads-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-uploads-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/postiz/postiz-uploads"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

52
clusters/cl01tl/helm/postiz/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: postiz-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: postiz-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: postiz-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: postiz-uploads-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-uploads-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: postiz-uploads
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: postiz-uploads-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

6
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -83,7 +83,6 @@ postiz:
protocol: HTTP
persistence:
config:
forceRename: postiz-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
@@ -94,7 +93,6 @@ postiz:
- path: /config
readOnly: false
uploads:
forceRename: postiz-uploads
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
@@ -171,7 +169,3 @@ redis-replication:
redisSentinel:
enabled: true
clusterSize: 3
volsync-target-config:
pvcTarget: postiz-config
volsync-target-upload:
pvcTarget: postiz-uploads

7
clusters/cl01tl/helm/prowlarr/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:e6c51831324467888dcfcf2434761f15e165312d38fa583c495096d59cb741d6
generated: "2025-12-17T11:34:01.003589-06:00"
digest: sha256:dfdb5ed2a8dafc2d0cb125af396032c4d7b4bff96eb54934fcb776df39dee5e9
generated: "2025-12-05T17:10:55.27077318Z"

4
clusters/cl01tl/helm/prowlarr/Chart.yaml
View File

@@ -19,9 +19,5 @@ dependencies:
alias: prowlarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
appVersion: 2.3.0

55
clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: prowlarr-config-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: prowlarr-config-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key

35
clusters/cl01tl/helm/prowlarr/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: prowlarr-config-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: prowlarr-config-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: prowlarr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: prowlarr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

12
clusters/cl01tl/helm/prowlarr/values.yaml
View File

@@ -49,15 +49,3 @@ prowlarr:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: prowlarr-config
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539

13
clusters/cl01tl/helm/qbittorrent/Chart.lock
View File

@@ -2,14 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:2a52a5e028dbfd6c197857815b084e474f0a2c34e2b17fdd718386fd4a949287
generated: "2025-12-17T12:42:06.415903-06:00"
digest: sha256:6a7348951304a43f3e848889ceae04a0a66c4dc6ebf619efe6d69397d8af3437
generated: "2025-12-05T17:11:05.489733462Z"

12
clusters/cl01tl/helm/qbittorrent/Chart.yaml
View File

@@ -26,17 +26,5 @@ dependencies:
alias: qbittorrent
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.5.0
- name: volsync-target
alias: volsync-target-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-qbit-manage-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-qui-config
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png
appVersion: 5.1.4

84
clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml
View File

@@ -14,86 +14,10 @@ data:
echo "curl could not be found, installing";
apk add curl;
fi;
if ! command -v jq 2>&1 >/dev/null
then
echo "jq could not be found, installing";
apk add jq;
fi;
API_ENDPOINT="http://localhost:8080/api/v2";
# echo " ";
# echo ">> Authentication ...";
# curl -i --silent --header 'Referer: http://localhost:8080' --output response_body_auth.json --data 'username=admin&password=adminadmin' "${API_ENDPOINT}/auth/login" -c cookie;
echo " ";
echo ">> Test access ...";
HTTP_STATUS=$(curl -i -X GET --silent --write-out '%{http_code}' --output response_body_test.json -b cookie -c cookie "${API_ENDPOINT}/app/version");
echo ">> HTTP Status Code: $HTTP_STATUS"
VERSION=$(tail -n 1 ./test/response_body_test.json)
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Access confirmed, qBittorrent version: ${VERSION}"
HTTP_STATUS=""
else
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
exit 1
fi
PAYLOAD=$( jq -n \
--arg random_port "true" \
'{random_port: $random_port' );
echo " ";
echo ">> Setting port to random ...";
HTTP_STATUS=$(curl -i -X POST --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_random.json --data "$PAYLOAD" "${API_ENDPOINT}/app/setPreferences");
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Random port set"
HTTP_STATUS=""
else
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
exit 1
fi
echo " ";
echo ">> Sleeping for changes to take effect";
sleep 5;
PAYLOAD=$( jq -n \
--arg listen_port "${1}" \
'{listen_port: $listen_port' );
echo " ";
echo ">> Updating port with ${1} ...";
curl -i -X POST --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_update.json --data "$PAYLOAD" "${API_ENDPOINT}/app/setPreferences";
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Port set"
HTTP_STATUS=""
else
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
exit 1
fi
echo " ";
echo ">> Sleeping for changes to take effect";
sleep 5;
echo " ";
echo ">> Qbittorrent's post is now:";
curl -i -X GET --silent -b cookie -c cookie --write-out '%{http_code}' --output response_body_check.json "${API_ENDPOINT}/app/preferences";
LISTEN_PORT=$(cat response_body_check.json | jq -r .listen_port)
[[ "$HTTP_STATUS" == "200" || "$LISTEN_PORT" == "${1}" ]];
echo ">> Port updated successfully!"
else
echo ">> ERROR: HTTP status code: $HTTP_STATUS"
exit 1
fi
curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"random_port\": \"true\"}" "http://localhost:8080/api/v2/app/setPreferences";
sleep 10
echo "updating port with $1";
curl -i -X POST --silent --write-out '%{http_code}' -d "json={\"listen_port\": \"${1}\"}" "http://localhost:8080/api/v2/app/setPreferences";
---
apiVersion: v1

19
clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml
View File

@@ -1,5 +1,24 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: qbittorrent-config
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-nfs-storage
namespace: {{ .Release.Namespace }}

25
clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml
View File

@@ -1,5 +1,30 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: qbittorrent-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: qbittorrent-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Torrent/QBITTORRENT
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: qbittorrent-nfs-storage
namespace: {{ .Release.Namespace }}

88
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -41,6 +41,12 @@ qbittorrent:
value: "002"
- name: WEBUI_PORT
value: 8080
- name: DOCKER_MODS
value: ghcr.io/themepark-dev/theme.park:qbittorrent
- name: TP_COMMUNITY_THEME
value: true
- name: TP_THEME
value: catppuccin-mocha
resources:
requests:
cpu: 500m
@@ -251,6 +257,28 @@ qbittorrent:
targetPort: 9074
protocol: HTTP
persistence:
config:
type: persistentVolumeClaim
existingClaim: qbittorrent-config
advancedMounts:
main:
qbittorrent:
- path: /config
readOnly: false
qbit-manage:
qbit-manage:
- path: /qbittorrent
readOnly: false
theme-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
qbittorrent:
- path: /themepark
readOnly: false
update-script:
enabled: true
type: configMap
@@ -261,6 +289,19 @@ qbittorrent:
gluetun:
- path: /gluetun/update.sh
subPath: update.sh
qbit-manage-config-data:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
qbit-manage:
init-copy-config:
- path: /app/config
readOnly: false
qbit-manage:
- path: /app/config
readOnly: false
qbit-manage-config:
enabled: true
type: configMap
@@ -277,37 +318,14 @@ qbittorrent:
readOnly: true
mountPropagation: None
subPath: config.yml
config-data:
forceRename: qbittorrent-config-data
storageClass: ceph-filesystem
accessMode: ReadWriteMany
size: 1Gi
retain: true
advancedMounts:
main:
qbittorrent:
- path: /config/qBittorrent
readOnly: false
qbit-manage:
qbit-manage:
- path: /qbittorrent/qBittorrent
readOnly: false
qbit-manage-config-data:
forceRename: qbittorrent-qbit-manage-config-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
qbit-manage-config-var:
type: emptyDir
advancedMounts:
qbit-manage:
init-copy-config:
- path: /app/config
readOnly: false
qbit-manage:
- path: /app/config
- path: /app/var
readOnly: false
qui-config-data:
forceRename: qbittorrent-qui-config-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
@@ -317,13 +335,6 @@ qbittorrent:
qui:
- path: /config
readOnly: false
qbit-manage-config-var:
type: emptyDir
advancedMounts:
qbit-manage:
qbit-manage:
- path: /app/var
readOnly: false
storage:
type: persistentVolumeClaim
existingClaim: qbittorrent-nfs-storage
@@ -336,14 +347,3 @@ qbittorrent:
qbit-manage:
- path: /mnt/store
readOnly: false
volsync-target-config:
pvcTarget: qbittorrent-config-data
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
volsync-target-qbit-manage-config:
pvcTarget: qbittorrent-qbit-manage-config-data
volsync-target-qui-config:
pvcTarget: qbittorrent-qui-config-data

2
clusters/cl01tl/helm/stack/templates/application.yaml
View File

@@ -9,8 +9,6 @@ metadata:
app.kubernetes.io/part-of: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
annotations:
argocd.argoproj.io/compare-options: ServerSideDiff=false
spec:
project: default
source:

2
hosts/ps10rp/homepage/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
dockerproxy:
image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.1
image: ghcr.io/tecnativa/docker-socket-proxy:v0.4.2
container_name: homepage-dockerproxy
environment:
- CONTAINERS=1