alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens:renovate/unified-cilium
Branches Tags
alexlebens:main alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:18a61f60dfd54b648554f31a7eee66df8bfb511f
Branches Tags
alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

1 Commits
renovate/u ... 18a61f60df

Author SHA1 Message Date
Renovate Bot
18a61f60df chore(deps): update ghcr.io/haveagitgat/tdarr_node docker tag to v2.65.01
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 18s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Successful in 36s
Details
2026-03-24 01:46:53 +00:00
134 changed files with 1200 additions and 678 deletions
Expand all files Collapse all files

2
.gitea/workflows/lint-test-docker.yaml
View File

@@ -28,7 +28,7 @@ jobs:
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
with: with:
branch: "${{ github.base_ref }}" branch: "${{ github.base_ref }}"

2
.gitea/workflows/lint-test-helm.yaml
View File

@@ -35,7 +35,7 @@ jobs:
- name: Check Branch Exists - name: Check Branch Exists
id: check-branch-exists id: check-branch-exists
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2 uses: GuillaumeFalourd/branch-exists@009290475dc3d75b5d7ec680c0c5b614b0d9855d # v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ github.base_ref }}

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.92.0@sha256:fc36479074628689b956475db381a71e4c7f85904e83009fe5e29ec3f1eee1d0 container: ghcr.io/renovatebot/renovate:43.84.2@sha256:92285747b3aac062a4f567762c272a12dce037843a20177a02c95b7c420e20cb
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

4
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -14,8 +14,8 @@ actual:
value: 5006 value: 5006
resources: resources:
requests: requests:
cpu: 10m cpu: 25m
memory: 50Mi memory: 64Mi
probes: probes:
liveness: liveness:
enabled: true enabled: true

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.6 version: 1.0.5
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.21 version: 2.4.21
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b digest: sha256:d0d7ebf1c0013d001aa2f17d04a6d3f3d7a1fa7d5c62792eef856b87c24eb26e
generated: "2026-03-24T16:59:01.228848139Z" generated: "2026-03-20T20:48:30.830922259Z"

2
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.6 version: 1.0.5
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.21 version: 2.4.21

10
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -30,8 +30,8 @@ argo-workflows:
cronWorkflowWorkers: 2 cronWorkflowWorkers: 2
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 32Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
workflowNamespaces: workflowNamespaces:
@@ -76,7 +76,7 @@ argo-events:
controller: controller:
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 32Mi memory: 32Mi
metrics: metrics:
enabled: true enabled: true
@@ -86,8 +86,8 @@ argo-events:
enabled: true enabled: true
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 32Mi
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.16 version: 9.4.15
digest: sha256:f9ecc47369d4401df61c17f55cc59c9b2d4543f57cf122653abb1a27a4f7bf35 digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-03-26T21:01:52.678525211Z" generated: "2026-03-20T01:09:07.547016465Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.16 version: 9.4.15
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.5 appVersion: v3.3.4

26
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -34,7 +34,7 @@ argo-cd:
replicas: 1 replicas: 1
resources: resources:
requests: requests:
cpu: 100m cpu: 15m
memory: 1Gi memory: 1Gi
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -77,7 +77,7 @@ argo-cd:
enabled: true enabled: true
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 64Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
@@ -91,14 +91,14 @@ argo-cd:
enabled: true enabled: true
image: image:
repository: redis repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72 tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume: persistentVolume:
enabled: true enabled: true
redis: redis:
resources: resources:
requests: requests:
cpu: 1000m cpu: 1000m
memory: 50Mi memory: 64Mi
haproxy: haproxy:
enabled: true enabled: true
image: image:
@@ -106,8 +106,8 @@ argo-cd:
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources: resources:
requests: requests:
cpu: 5m cpu: 10m
memory: 90Mi memory: 128Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -138,8 +138,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 80Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -157,8 +157,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 50Mi memory: 64Mi
readinessProbe: readinessProbe:
enabled: true enabled: true
failureThreshold: 3 failureThreshold: 3
@@ -182,7 +182,7 @@ argo-cd:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -218,8 +218,8 @@ argo-cd:
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources: resources:
requests: requests:
cpu: 2m cpu: 10m
memory: 50Mi memory: 64Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe:

8
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,10 +4,6 @@ audiobookshelf:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
@@ -18,12 +14,12 @@ audiobookshelf:
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 200Mi memory: 200Mi
apprise-api: apprise-api:
image: image:
repository: ghcr.io/caronc/apprise repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977 tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -33,7 +33,7 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 100m
memory: 700Mi memory: 700Mi
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -66,8 +66,8 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 80m cpu: 100m
memory: 650Mi memory: 512Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

4
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -22,8 +22,8 @@ backrest:
value: /tmp value: /tmp
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 30Mi memory: 80Mi
service: service:
main: main:
controller: main controller: main

8
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -14,7 +14,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -23,11 +23,9 @@ bazarr:
- name: PGID - name: PGID
value: 1000 value: 1000
resources: resources:
limits:
cpu: 100m
requests: requests:
cpu: 1m cpu: 10m
memory: 250Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main

4
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -15,7 +15,7 @@ blocky:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 100Mi memory: 90Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -108,6 +108,7 @@ blocky:
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
@@ -120,7 +121,6 @@ blocky:
gatus IN CNAME traefik-cl01tl gatus IN CNAME traefik-cl01tl
gitea IN CNAME traefik-cl01tl gitea IN CNAME traefik-cl01tl
grafana IN CNAME traefik-cl01tl grafana IN CNAME traefik-cl01tl
grimmory IN CNAME traefik-cl01tl
harbor IN CNAME traefik-cl01tl harbor IN CNAME traefik-cl01tl
headlamp IN CNAME traefik-cl01tl headlamp IN CNAME traefik-cl01tl
home IN CNAME traefik-cl01tl home IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/grimmory/Chart.lock → clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -8,5 +8,8 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6ee403da03c1bcc0289a9abdef0508344072d51173da996eda69b8305d5feefa - name: volsync-target
generated: "2026-03-23T20:35:19.743257-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"

19
clusters/cl01tl/helm/grimmory/Chart.yaml → clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -1,22 +1,23 @@
apiVersion: v2 apiVersion: v2
name: grimmory name: booklore
version: 1.0.0 version: 1.0.0
description: Grimmory description: booklore
keywords: keywords:
- booklore
- grimmory - grimmory
- books - books
home: https://docs.alexlebens.dev/applications/grimmory/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/booklore-app/BookLore
- https://github.com/grimmory-tools/grimmory - https://github.com/grimmory-tools/grimmory
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory - https://github.com/grimmory-tools/grimmory/pkgs/container/grimmory
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: app-template - name: app-template
alias: grimmory alias: booklore
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: mariadb-cluster - name: mariadb-cluster
@@ -26,6 +27,10 @@ dependencies:
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grimmory.png - name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=grimmory-tools/grimmory # renovate: datasource=github-releases depName=grimmory-tools/grimmory
appVersion: v2.3.0 appVersion: v2.3.0

38
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml → clusters/cl01tl/helm/booklore/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-database-secret name: booklore-database-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-database-secret app.kubernetes.io/name: booklore-database-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -14,17 +14,20 @@ spec:
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/grimmory/database conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/database
metadataPolicy: None
property: password property: password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-data-replication-secret name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-data-replication-secret app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -34,17 +37,20 @@ spec:
data: data:
- secretKey: psk.txt - secretKey: psk.txt
remoteRef: remoteRef:
key: /cl01tl/grimmory/replication conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt property: psk.txt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -54,21 +60,27 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -78,9 +90,15 @@ spec:
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: access property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: secret property: secret

4
clusters/cl01tl/helm/grimmory/templates/namespace.yaml → clusters/cl01tl/helm/booklore/templates/namespace.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: grimmory name: booklore
annotations: annotations:
volsync.backube/privileged-movers: "true" volsync.backube/privileged-movers: "true"
labels: labels:
app.kubernetes.io/name: grimmory app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged

12
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-nfs-storage volumeName: booklore-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -20,14 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: grimmory-books-import-nfs-storage volumeName: booklore-books-import-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

8
clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-nfs-storage name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-nfs-storage app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -26,10 +26,10 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: grimmory-books-import-nfs-storage name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:

109
clusters/cl01tl/helm/grimmory/values.yaml → clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -1,18 +1,16 @@
grimmory: booklore:
controllers: controllers:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/grimmory-tools/grimmory repository: ghcr.io/grimmory-tools/grimmory
tag: v2.3.0@sha256:9014247f591074529894f81115ca40f899db697e89f72c2fe91ec530e3f19597 tag: v2.3.0
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -21,22 +19,22 @@ grimmory:
- name: GROUP_ID - name: GROUP_ID
value: 1000 value: 1000
- name: DATABASE_URL - name: DATABASE_URL
value: jdbc:mariadb://grimmory-mariadb-cluster-primary.grimmory:3306/booklore value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME - name: DATABASE_USERNAME
value: grimmory value: booklore
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
- name: GRIMMORY_PORT - name: BOOKLORE_PORT
value: 6060 value: 6060
- name: SWAGGER_ENABLED - name: SWAGGER_ENABLED
value: false value: false
resources: resources:
requests: requests:
cpu: 10m cpu: 50m
memory: 1Gi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -54,26 +52,41 @@ grimmory:
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
hostnames: hostnames:
- grimmory.alexlebens.net - booklore.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: grimmory - group: ''
kind: Service
name: booklore
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
value: / value: /
persistence: persistence:
config: config:
forceRename: grimmory-config forceRename: booklore-config
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /app/data - path: /app/data
readOnly: false readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books-import: books-import:
type: emptyDir type: emptyDir
advancedMounts: advancedMounts:
@@ -81,15 +94,8 @@ grimmory:
main: main:
- path: /bookdrop - path: /bookdrop
readOnly: false readOnly: false
data:
existingClaim: grimmory-books-nfs-storage
advancedMounts:
main:
main:
- path: /data
readOnly: false
ingest: ingest:
existingClaim: grimmory-books-import-nfs-storage existingClaim: booklore-books-import-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -99,7 +105,7 @@ mariadb-cluster:
mariadb: mariadb:
rootPasswordSecretKeyRef: rootPasswordSecretKeyRef:
generate: false generate: false
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
storage: storage:
size: 5Gi size: 5Gi
@@ -109,14 +115,14 @@ mariadb-cluster:
bootstrapFrom: bootstrapFrom:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -128,22 +134,21 @@ mariadb-cluster:
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
users: users:
- name: grimmory - name: booklore
passwordSecretKeyRef: passwordSecretKeyRef:
name: grimmory-database-secret name: booklore-database-secret
key: password key: password
host: '%' host: '%'
maxUserConnections: 100
cleanupPolicy: Delete cleanupPolicy: Delete
requeueInterval: 10h requeueInterval: 10h
retryInterval: 30s retryInterval: 30s
grants: grants:
- name: grimmory - name: booklore
privileges: privileges:
- "ALL PRIVILEGES" - "ALL PRIVILEGES"
database: "booklore" database: "booklore"
table: "*" table: "*"
username: grimmory username: booklore
grantOption: true grantOption: true
host: '%' host: '%'
cleanupPolicy: Delete cleanupPolicy: Delete
@@ -161,14 +166,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08 bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com endpoint: nyc3.digitaloceanspaces.com
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external name: booklore-mariadb-cluster-backup-secret-external
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -183,14 +188,14 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900 endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
tls: tls:
enabled: true enabled: true
@@ -205,20 +210,17 @@ mariadb-cluster:
storage: storage:
s3: s3:
bucket: mariadb-backups bucket: mariadb-backups
prefix: cl01tl/grimmory prefix: cl01tl/booklore
endpoint: garage-main.garage:3900 endpoint: garage-main.garage:3900
region: us-east-1 region: us-east-1
accessKeyIdSecretKeyRef: accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: access key: access
secretAccessKeySecretKeyRef: secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage name: booklore-mariadb-cluster-backup-secret-garage
key: secret key: secret
volsync-target-config: volsync-target-config:
pvcTarget: grimmory-config pvcTarget: booklore-config
moverSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 12 8 * * * schedule: 12 8 * * *
@@ -228,3 +230,20 @@ volsync-target-config:
external: external:
enabled: true enabled: true
schedule: 12 10 * * * schedule: 12 10 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
enabled: true
schedule: 14 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi

5
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords: keywords:
- cert-manager - cert-manager
- certificates - certificates
home: https://docs.alexlebens.dev/applications/cert-manager/ - kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources: sources:
- https://github.com/cert-manager/cert-manager - https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -15,6 +16,6 @@ dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.0 version: v1.20.0
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.0 appVersion: v1.20.0

5
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,11 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-issuer name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com

3
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-token - secretKey: api-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true enabled: true
keep: true keep: true
replicaCount: 2 replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs: extraArgs:
- --enable-gateway-api - --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus: prometheus:
enabled: true
servicemonitor: servicemonitor:
enabled: true enabled: true
honorLabels: true honorLabels: true

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cilium - name: cilium
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
version: 1.19.2 version: 1.18.6
digest: sha256:11f8eef4733b70c2b9a91ce39fe3c1ea1ad3fa3c46750efb015e03ff6ea3655b digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
generated: "2026-03-27T03:31:51.524057432Z" generated: "2026-02-05T12:00:20.15778-06:00"

11
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Cilium description: Cilium
keywords: keywords:
- cilium - cilium
- operator - cni
- network - network
home: https://docs.alexlebens.dev/applications/cilium/ - kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources: sources:
- https://github.com/cilium/cilium - https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium - https://github.com/cilium/charts
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cilium - name: cilium
version: 1.19.2 version: 1.18.6
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.19.2 appVersion: 1.19.1

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
- SYS_RESOURCE - SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane: bgpControlPlane:
enabled: false enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf: bpf:
hostLegacyRouting: true hostLegacyRouting: true
devices: end0 enp6s0 devices: end0 enp6s0
ciliumEndpointSlice: ciliumEndpointSlice:
enabled: true enabled: true
ingressController:
enabled: false
gatewayAPI: gatewayAPI:
enabled: true enabled: true
enableAppProtocol: true
enableAlpn: true enableAlpn: true
secretsNamespace: enableAppProtocol: true
create: false gatewayClass:
name: kube-system create: auto
externalIPs:
enabled: true
socketLB: socketLB:
enabled: true enabled: true
hostNamespaceOnly: true hostNamespaceOnly: true
hubble: hubble:
enabled: true
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
ingress:
enabled: false
ipam: ipam:
mode: "kubernetes" mode: "kubernetes"
ipv4: ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6: ipv6:
enabled: false enabled: false
kubeProxyReplacement: true kubeProxyReplacement: true
l7Proxy: true
prometheus: prometheus:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true
trustCRDsExist: true trustCRDsExist: true
enabled: true
envoy: envoy:
enabled: true enabled: true
securityContext: securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON - PERFMON
- BPF - BPF
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
operator: operator:
enabled: true
rollOutPods: true rollOutPods: true
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
cgroup: cgroup:

7
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,11 +6,10 @@ keywords:
- cloudnative-pg - cloudnative-pg
- operator - operator
- postgresql - postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/ - kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources: sources:
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers: maintainers:
@@ -22,6 +21,6 @@ dependencies:
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.5.0 version: 0.5.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.28.1 appVersion: 1.28.1

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg: cloudnative-pg:
replicaCount: 2 replicaCount: 2
resources:
requests:
cpu: 10m
memory: 100Mi
monitoring: monitoring:
podMonitorEnabled: true podMonitorEnabled: true
plugin-barman-cloud: plugin-barman-cloud:
replicaCount: 1 replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds: crds:
create: true create: true
resources:
requests:
cpu: 1m
memory: 20Mi

12
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -5,14 +5,14 @@ description: Code Server
keywords: keywords:
- code-server - code-server
- code - code
home: https://docs.alexlebens.dev/applications/code-server/ - ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources: sources:
- https://github.com/coder/code-server - https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server - https://github.com/cloudflare/cloudflared
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server - https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -28,5 +28,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server # renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.112.0 appVersion: 4.108.1

6
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data: data:
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD property: PASSWORD
- secretKey: SUDO_PASSWORD - secretKey: SUDO_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD property: SUDO_PASSWORD

18
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -4,18 +4,16 @@ code-server:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: US/Central
- name: PUID - name: PUID
value: 1000 value: 1000
- name: PGID - name: PGID
@@ -27,8 +25,8 @@ code-server:
name: codeserver-password-secret name: codeserver-password-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 50Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -49,8 +47,11 @@ code-server:
- code-server.alexlebens.net - code-server.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: code-server - group: ''
kind: Service
name: code-server
port: 8443 port: 8443
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -61,6 +62,7 @@ code-server:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords: keywords:
- coredns - coredns
- dns - dns
home: https://docs.alexlebens.dev/applications/coredns/ - network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns - name: coredns
version: 1.45.2 version: 1.45.2
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 tag: v1.14.2
replicaCount: 3 replicaCount: 3
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 30m cpu: 50m
memory: 30Mi memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus: prometheus:
service: service:
enabled: true enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor: monitor:
enabled: true enabled: true
namespace: kube-system namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount: serviceAccount:
create: true create: true
name: coredns name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers: servers:
- zones: - zones:
- zone: . - zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.111.232.172 parameters: . 10.111.232.172
- zones: - zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.97.20.219 parameters: . 10.97.20.219
nodeSelector: nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists operator: Exists
effect: NoSchedule effect: NoSchedule
deployment: deployment:
skipConfig: false
enabled: true
name: coredns name: coredns

5
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Dawarich
keywords: keywords:
- dawarich - dawarich
- location - location
home: https://docs.alexlebens.dev/applications/dawarich/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/Freika/dawarich - https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
metadataPolicy: None
property: key property: key
--- ---
@@ -34,9 +37,15 @@ spec:
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret property: secret

75
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "web-entrypoint.sh" command: ["web-entrypoint.sh"]
args: args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -91,14 +86,14 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10 timeoutSeconds: 10
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 750Mi memory: 128Mi
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.4.0@sha256:07adb7643b00d1d8f606c675931d3604317fa3851b91b74ec503df8d50734cb8 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "sidekiq-entrypoint.sh" command: ["sidekiq-entrypoint.sh"]
args: args: ["sidekiq"]
- "sidekiq"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -191,19 +185,23 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- pgrep - /bin/sh
- -f - -c
- sidekiq - pgrep -f sidekiq
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -240,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net - dawarich.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: dawarich - group: ""
kind: Service
name: dawarich
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -252,6 +253,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -265,6 +267,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -278,6 +281,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -309,9 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 10 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords: keywords:
- democratic-csi-synology-iscsi - democratic-csi-synology-iscsi
- iscsi - iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/ - kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources: sources:
- https://github.com/democratic-csi/democratic-csi - https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi - https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml property: driver-config-file.yaml

7
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -3,13 +3,12 @@ democratic-csi:
existingConfigSecret: synology-iscsi-config-secret existingConfigSecret: synology-iscsi-config-secret
config: config:
driver: synology-iscsi driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver: csiDriver:
name: "org.democratic-csi.iscsi-synology" name: "org.democratic-csi.iscsi-synology"
controller: controller:
enabled: true
rbac:
enabled: true
replicaCount: 2 replicaCount: 2
storageClasses: storageClasses:
- name: synology-iscsi-delete - name: synology-iscsi-delete

3
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Descheduler
keywords: keywords:
- descheduler - descheduler
- kube-scheduler - kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/ - kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources: sources:
- https://github.com/kubernetes-sigs/descheduler - https://github.com/kubernetes-sigs/descheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler - https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler

41
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,22 +1,27 @@
descheduler: descheduler:
kind: Deployment kind: Deployment
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m deschedulingInterval: 5m
replicas: 3 replicas: 1
leaderElection: leaderElection:
enabled: true enabled: false
leaseDuration: 15s command:
renewDeadline: 10s - "/bin/descheduler"
retryPeriod: 2s cmdOptions:
resourceLock: "leases" v: 3
resourceName: "descheduler" deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
resourceNamespace: "descheduler"
deschedulerPolicy: deschedulerPolicy:
profiles: profiles:
- name: default - name: default
@@ -48,13 +53,13 @@ descheduler:
- name: LowNodeUtilization - name: LowNodeUtilization
args: args:
thresholds: thresholds:
cpu: 20 cpu: 30
memory: 20 memory: 30
pods: 20 pods: 50
targetThresholds: targetThresholds:
cpu: 50 cpu: 60
memory: 50 memory: 40
pods: 60 pods: 80
plugins: plugins:
balance: balance:
enabled: enabled:

12
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus description: Directus
keywords: keywords:
- directus - directus
- content-management-system - cms
home: https://docs.alexlebens.dev/applications/descheduler/ home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -29,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.0 appVersion: 11.16.1

39
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data: data:
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email property: admin-email
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: key property: key
--- ---
@@ -46,11 +58,17 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus key: /authentik/oidc/directus
metadataPolicy: None
property: secret property: secret
--- ---
@@ -70,7 +88,10 @@ spec:
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token property: metric-token
--- ---
@@ -90,15 +111,24 @@ spec:
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
--- ---
@@ -118,13 +148,22 @@ spec:
data: data:
- secretKey: default - secretKey: default
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None
property: password property: password

37
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,12 @@ directus:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/directus/directus repository: directus/directus
tag: 11.17.0@sha256:076269ccbe7d4a0c44ce5f5b7f11e2ea5f7b3e4c4f704c0f88a52805e069c1c6 tag: 11.16.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
@@ -143,7 +144,7 @@ directus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 1Gi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -179,8 +180,11 @@ directus:
- directus.alexlebens.net - directus.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: directus - group: ''
kind: Service
name: directus
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -198,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 15 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey: valkey:
valkey: valkey:
auth: auth:
@@ -212,3 +239,5 @@ valkey:
aclUsers: aclUsers:
default: default:
permissions: "~* &* +@all" permissions: "~* &* +@all"
metrics:
enabled: false

5
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator - elastic-operator
- operator - operator
- elastic-search - elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/ - kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator - https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -16,6 +17,6 @@ dependencies:
- name: eck-operator - name: eck-operator
version: 3.3.1 version: 3.3.1
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.1 appVersion: v3.3.1

7
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -4,13 +4,6 @@ eck-operator:
- stalwart - stalwart
installCRDs: true installCRDs: true
replicaCount: 2 replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry: telemetry:
disabled: true disabled: true
config: config:

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.33 version: 1.4.32
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0 digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-24T16:11:50.424321433Z" generated: "2026-03-11T16:04:17.556777286Z"

12
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,22 +4,24 @@ version: 1.0.0
description: Element Web description: Element Web
keywords: keywords:
- element-web - element-web
- matrix-chat - chat
home: https://docs.alexlebens.dev/applications/element-web/ - matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources: sources:
- https://github.com/element-hq/element-web - https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web - https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.33 version: 1.4.32
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.13 appVersion: v1.12.12

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web: element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: vectorim/element-web
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6 tag: v1.12.12
pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true immediate: true
default_theme: dark default_theme: dark
default_country_code: US default_country_code: US
ingress:
enabled: false
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Eraser
keywords: keywords:
- eraser - eraser
- images - images
home: https://docs.alexlebens.dev/applications/eraser/ - kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources: sources:
- https://github.com/eraser-dev/eraser - https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser - https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -16,6 +16,6 @@ dependencies:
- name: eraser - name: eraser
version: 1.4.1 version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=eraser-dev/eraser # renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1 appVersion: v1.4.1

49
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,37 +1,50 @@
eraser: eraser:
runtimeConfig: runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager: manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling: scheduling:
repeatInterval: 24h repeatInterval: 24h
beginImmediately: true beginImmediately: true
profile:
enabled: false
port: 6060
imageJob: imageJob:
successRatio: 1.0
cleanup: cleanup:
delayOnSuccess: 0s delayOnSuccess: 0s
delayOnFailure: 24h delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components: components:
collector: collector:
image: enabled: true
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
request: request:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
scanner: scanner:
enabled: false enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request: request:
cpu: 1m cpu: 100m
memory: 20Mi memory: 128Mi
config: ""
remover:
request:
cpu: 10m
memory: 128Mi
deploy: deploy:
image: securityContext:
repo: ghcr.io/eraser-dev/eraser-manager allowPrivilegeEscalation: false
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
resources: resources:
limits:
memory: null
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,8 +4,7 @@ version: 1.0.0
description: Excalidraw description: Excalidraw
keywords: keywords:
- excalidraw - excalidraw
- drawing home: https://wiki.alexlebens.dev/
home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/excalidraw/excalidraw - https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw

11
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,11 +4,13 @@ excalidraw:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: excalidraw/excalidraw repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env: env:
- name: NODE_ENV - name: NODE_ENV
value: production value: production
@@ -16,8 +18,8 @@ excalidraw:
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -38,8 +40,11 @@ excalidraw:
- excalidraw.alexlebens.net - excalidraw.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: excalidraw - group: ''
kind: Service
name: excalidraw
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

5
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,10 +5,11 @@ description: External DNS
keywords: keywords:
- external-dns - external-dns
- dns - dns
home: https://docs.alexlebens.dev/applications/eraser/ - unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
sources: sources:
- https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns - https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers: maintainers:
- name: alexlebens - name: alexlebens

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key property: api-key

18
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,27 +1,25 @@
external-dns-unifi: external-dns-unifi:
fullnameOverride: external-dns-unifi fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 360m interval: 1m
sources: sources:
- ingress
- crd - crd
- gateway-httproute - gateway-httproute
- gateway-tlsroute - gateway-tlsroute
policy: sync policy: sync
registry: txt
txtOwnerId: default txtOwnerId: default
txtPrefix: k8s. txtPrefix: k8s.
domainFilters: ["alexlebens.net"] domainFilters: ["alexlebens.net"]
excludeDomains: ["alexlebens.dev"] excludeDomains: []
provider: provider:
name: webhook name: webhook
webhook: webhook:
image: image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0 tag: v0.8.2
env: env:
- name: UNIFI_HOST - name: UNIFI_HOST
value: https://192.168.1.1 value: https://192.168.1.1
@@ -31,14 +29,18 @@ external-dns-unifi:
name: external-dns-unifi-secret name: external-dns-unifi-secret
key: api-key key: api-key
- name: LOG_LEVEL - name: LOG_LEVEL
value: info value: debug
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /readyz path: /readyz
port: http-webhook port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs: extraArgs:
- --ignore-ingress-tls-spec - --ignore-ingress-tls-spec

4
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -2,5 +2,5 @@ dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.2.0 version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-26T19:19:15.734454-05:00" generated: "2026-03-20T20:53:08.407747649Z"

8
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: External Secrets
keywords: keywords:
- external-secrets - external-secrets
- secrets - secrets
- operator - vault
home: https://docs.alexlebens.dev/applications/eraser/ home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
sources: sources:
- https://github.com/external-secrets/external-secrets - https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
alias: external-secrets
version: 2.2.0 version: 2.2.0
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0 appVersion: v2.2.0

44
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -1,44 +0,0 @@
external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -5,12 +5,10 @@ description: Foldergram
keywords: keywords:
- foldergram - foldergram
- pictures - pictures
home: https://docs.alexlebens.dev/applications/foldergram/ home: https://wiki.alexlebens.dev/
sources: sources:
- https://github.com/foldergram/foldergram - https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -24,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram # renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.8 appVersion: v1.0.5

17
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,15 +4,12 @@ foldergram:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod: revisionHistoryLimit: 3
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:
repository: ghcr.io/foldergram/foldergram repository: ghcr.io/foldergram/foldergram
tag: 1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9 tag: 1.0.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: IMAGE_DETAIL_SOURCE - name: IMAGE_DETAIL_SOURCE
@@ -27,8 +24,8 @@ foldergram:
value: https://foldergram.alexlebens.net value: https://foldergram.alexlebens.net
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 230Mi memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -49,8 +46,11 @@ foldergram:
- foldergram.alexlebens.net - foldergram.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: foldergram - group: ''
kind: Service
name: foldergram
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -61,6 +61,7 @@ foldergram:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: false
advancedMounts: advancedMounts:
main: main:
main: main:

5
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: FreshRSS
keywords: keywords:
- freshrss - freshrss
- rss - rss
home: https://docs.alexlebens.dev/applications/freshrss/ home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391
sources: sources:
- https://github.com/FreshRSS/FreshRSS - https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss - https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD property: ADMIN_API_PASSWORD
--- ---
@@ -42,13 +51,22 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key property: crypto-key

125
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,11 +4,84 @@ freshrss:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers: containers:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522 tag: 1.28.1
pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
value: "568" value: "568"
@@ -78,7 +151,7 @@ freshrss:
name: freshrss-install-secret name: freshrss-install-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 128Mi memory: 128Mi
service: service:
main: main:
@@ -94,11 +167,31 @@ freshrss:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /var/www/FreshRSS/data - path: /var/www/FreshRSS/data
readOnly: false readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -112,12 +205,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 20 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: freshrss-data pvcTarget: freshrss-data
moverSecurityContext: moverSecurityContext:
@@ -125,6 +241,11 @@ volsync-target-data:
runAsGroup: 568 runAsGroup: 568
fsGroup: 568 fsGroup: 568
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local: local:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *

11
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,13 +4,12 @@ version: 1.0.0
description: Garage description: Garage
keywords: keywords:
- garage - garage
- storage
- s3 - s3
home: https://docs.alexlebens.dev/applications/garage/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage - https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage - https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -19,6 +18,6 @@ dependencies:
alias: garage alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=docker depName=dxflrs/garage # renovate: datasource=github-releases depName=deuxfleurs-org/garage
appVersion: v2.2.0 appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: rpc property: rpc
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: admin property: admin
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: metric property: metric

63
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,6 +4,7 @@ garage:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -21,18 +22,32 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2: server-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -50,18 +65,20 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
server-3: server-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -79,23 +96,26 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4 tag: v2.2.0
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 400Mi memory: 128Mi
webui: webui:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: khairul169/garage-webui repository: khairul169/garage-webui
tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c tag: 1.1.0
pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-main.garage:3903
@@ -108,8 +128,8 @@ garage:
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -300,8 +320,11 @@ garage:
- garage-webui.alexlebens.net - garage-webui.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-webui - group: ''
kind: Service
name: garage-webui
port: 3909 port: 3909
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -317,8 +340,11 @@ garage:
- garage-s3.alexlebens.net - garage-s3.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: garage-main - group: ''
kind: Service
name: garage-main
port: 3900 port: 3900
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -335,6 +361,11 @@ garage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2: server-2:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
@@ -358,16 +389,21 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/meta - path: /var/lib/garage/meta
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2: db-2:
forceRename: garage-db-2 forceRename: garage-db-2
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-2: server-2:
main: main:
@@ -378,6 +414,7 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-3: server-3:
main: main:
@@ -388,11 +425,15 @@ garage:
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 800Gi size: 800Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/data - path: /var/lib/garage/data
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2: data-2:
forceRename: garage-data-2 forceRename: garage-data-2
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete

8
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Gatus description: Gatus
keywords: keywords:
- gatus - gatus
- uptime-monitor - healthcheck
home: https://docs.alexlebens.dev/applications/gatus/ - uptime
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
sources: sources:
- https://github.com/TwiN/gatus - https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus - https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus - https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -34,9 +37,15 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: secret property: secret

55
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,14 +1,27 @@
gatus: gatus:
deployment: deployment:
strategy: Recreate strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
image: image:
repository: ghcr.io/twin/gatus repository: ghcr.io/twin/gatus
tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d tag: v5.35.0
annotations: annotations:
reloader.stakater.com/auto: "true" reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway: gateway:
apiVersion: gateway.networking.k8s.io/v1
route: route:
enabled: true enabled: true
path: /
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
kind: Gateway kind: Gateway
@@ -60,13 +73,24 @@ gatus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 128Mi
persistence: persistence:
enabled: true enabled: true
size: 1Gi size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block storageClassName: ceph-block
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config: config:
metrics: true metrics: true
connectivity: connectivity:
@@ -140,8 +164,8 @@ gatus:
- name: foldergram - name: foldergram
url: https://foldergram.alexlebens.net url: https://foldergram.alexlebens.net
<<: *defaults <<: *defaults
- name: grimmory - name: booklore
url: https://grimmory.alexlebens.net url: https://booklore.alexlebens.net
<<: *defaults <<: *defaults
- name: directus - name: directus
url: https://directus.alexlebens.net url: https://directus.alexlebens.net
@@ -401,12 +425,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 25 14 * * *" schedule: "0 25 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: gatus pvcTarget: gatus
local: local:

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.25
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b digest: sha256:04f987ed54b51b4401ab056b4627cfce7d1fe660bb496a459e975f4dcc8ff466
generated: "2026-03-24T16:59:26.537547513Z" generated: "2026-03-24T00:12:00.102697457Z"

5
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Generic Device Plugin
keywords: keywords:
- generic-device-plugin - generic-device-plugin
- device - device
home: https://docs.alexlebens.dev/applications/generic-device-plugin/ - plugin
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
sources: sources:
- https://github.com/squat/generic-device-plugin - https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin
@@ -14,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.26 version: 0.20.25
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

8
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,13 +1,13 @@
dependencies: dependencies:
- name: gitea - name: gitea
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.io/charts/
version: 12.5.0 version: 12.5.0
- name: actions - name: actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.29.0 version: 0.28.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39 digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
generated: "2026-03-26T20:59:30.690577-05:00" generated: "2026-03-16T15:56:55.197735783Z"

15
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,34 +5,35 @@ description: Gitea
keywords: keywords:
- gitea - gitea
- git - git
home: https://docs.alexlebens.dev/applications/gitea/ - code
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
sources: sources:
- https://github.com/go-gitea/gitea - https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate - https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch - https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea - https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate - https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/ - https://hub.docker.com/r/d3fk/s3cmd/
- https://gitea.com/gitea/helm-chart - https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: gitea - name: gitea
version: 12.5.0 version: 12.5.0
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.io/charts/
- name: actions - name: actions
alias: gitea-actions alias: gitea-actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
version: 0.29.0 version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
@@ -53,6 +54,6 @@ dependencies:
alias: volsync-target-storage alias: volsync-target-storage
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username property: username
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password property: password
--- ---
@@ -38,11 +44,17 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: client property: client
--- ---
@@ -62,7 +74,10 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner key: /cl01tl/gitea/runner
metadataPolicy: None
property: token property: token
--- ---
@@ -82,23 +97,38 @@ spec:
data: data:
- secretKey: RENOVATE_ENDPOINT - secretKey: RENOVATE_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR - secretKey: RENOVATE_GIT_AUTHOR
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN - secretKey: RENOVATE_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY - secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN - secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl key: /github/gitea-cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -118,15 +148,24 @@ spec:
data: data:
- secretKey: config - secretKey: config
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config property: ssh_config
- secretKey: id_rsa - secretKey: id_rsa
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: id_rsa.pub - secretKey: id_rsa.pub
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub property: id_rsa.pub
--- ---
@@ -152,5 +191,8 @@ spec:
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY property: MEILI_MASTER_KEY

66
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,11 +2,6 @@ gitea:
global: global:
imageRegistry: registry.hub.docker.com imageRegistry: registry.hub.docker.com
replicaCount: 3 replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image: image:
repository: gitea/gitea repository: gitea/gitea
tag: 1.25.5 tag: 1.25.5
@@ -19,10 +14,8 @@ gitea:
type: ClusterIP type: ClusterIP
port: 22 port: 22
clusterIP: 10.103.160.140 clusterIP: 10.103.160.140
resources: ingress:
requests: enabled: false
cpu: 1000m
memory: 600Mi
persistence: persistence:
storageClass: ceph-filesystem storageClass: ceph-filesystem
size: 40Gi size: 40Gi
@@ -48,7 +41,7 @@ gitea:
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: false
oauth: oauth:
- name: Authentik - name: Authentik
provider: openidConnect provider: openidConnect
@@ -146,10 +139,9 @@ gitea-actions:
replicas: 6 replicas: 6
timezone: America/Chicago timezone: America/Chicago
actRunner: actRunner:
registry: docker.io registry: ""
repository: gitea/act_runner repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner tag: 0.2.13
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
config: | config: |
log: log:
level: debug level: debug
@@ -162,19 +154,17 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind: dind:
registry: docker.io registry: ""
repository: docker repository: docker
# renovate: datasource=docker depName=docker tag: 28.3.3-dind
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
persistence: persistence:
storageClass: ceph-block storageClass: ceph-block
size: 10Gi size: 5Gi
init: init:
image: image:
registry: docker.io registry: ""
repository: busybox repository: busybox
# renovate: datasource=docker depName=busybox tag: "1.37.0"
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
existingSecret: gitea-runner-secret existingSecret: gitea-runner-secret
existingSecretKey: token existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000 giteaRootURL: http://gitea-http.gitea:3000
@@ -185,14 +175,17 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block
size: 5Gi size: 5Gi
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 160Mi memory: 128Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:
@@ -200,8 +193,8 @@ postgres-18-cluster:
cluster: cluster:
resources: resources:
requests: requests:
cpu: 100m memory: 1Gi
memory: 100Mi cpu: 200m
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
@@ -213,18 +206,41 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 7 * * *" schedule: "0 0 7 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea: valkey-gitea:
valkey: valkey:
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
memory: 2Gi memory: 256Mi
dataStorage: dataStorage:
requestedSize: 10Gi requestedSize: 10Gi
replica: replica:

22
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -40,21 +40,21 @@ harbor:
enabled: true enabled: true
portal: portal:
image: image:
repository: ghcr.io/goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.15.0@sha256:541d5fa95bf77240d46a438f86245cdfd6afa6dd7fdd0cf4dd4c905af6a980b1 tag: v2.15.0
replicas: 2 replicas: 2
core: core:
image: image:
repository: ghcr.io/goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.15.0@sha256:32a13f6693a278261e9c9cb7eb606c5e2aa021308ae44fdc73225755048500a8 tag: v2.15.0
replicas: 2 replicas: 2
existingSecret: harbor-secret existingSecret: harbor-secret
secretName: harbor-secret secretName: harbor-secret
existingXsrfSecret: harbor-secret existingXsrfSecret: harbor-secret
jobservice: jobservice:
image: image:
repository: ghcr.io/goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.15.0@sha256:a22c7cccba4673b26ffb96f5c37971d85d879dd837bc82448e01c0170b68cf28 tag: v2.15.0
replicas: 2 replicas: 2
jobLoggers: jobLoggers:
- stdout - stdout
@@ -63,11 +63,11 @@ harbor:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.15.0@sha256:beb49fd16cf0906c04a2bf51a22f7210289e7cc2ae43a733e2a0364380aceae6 tag: v2.15.0
controller: controller:
image: image:
repository: ghcr.io/goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.15.0@sha256:463172f71d3a1e8d4f9e3b4e687a447f41fbc3126316d8c150dba04a903bbc47 tag: v2.15.0
existingSecret: harbor-secret existingSecret: harbor-secret
relativeurls: true relativeurls: true
credentials: credentials:
@@ -93,8 +93,8 @@ harbor:
addr: harbor-valkey.harbor:6379 addr: harbor-valkey.harbor:6379
exporter: exporter:
image: image:
repository: ghcr.io/goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.15.0@sha256:ad065e4e1a0ee900a0bb1a03d57028ed4b51dc04933f5c1cb5c4aee301a72ddb tag: v2.15.0
replicas: 2 replicas: 2
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: headlamp - name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.41.0 version: 0.40.1
digest: sha256:b1cbc64b393c6c9e1c460510adab528cee8336735659040b9c517976e5c6f15d digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03
generated: "2026-03-26T15:07:50.703213905Z" generated: "2026-03-14T15:02:53.184950913Z"

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: headlamp - name: headlamp
version: 0.41.0 version: 0.40.1
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp # renovate: datasource=github-releases depName=headlamp-k8s/headlamp

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core # renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.4 appVersion: 2026.3.3

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.4 tag: 2026.3.3
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

18
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -40,6 +40,20 @@ homepage:
html { html {
font-size: 18px; font-size: 18px;
} }
ul#myTab {
background-color: rgba(240, 230, 215, 0.12) !important;
color: white !important;
}
li.service div.service-card,
li.bookmark a.rounded-md {
color: white !important;
background-color: rgba(240, 230, 215, 0.12) !important;
transition: all 150ms ease !important;
}
li.service div.service-card:hover,
li.bookmark a.rounded-md:hover {
background-color: rgba(240, 230, 215, 0.18) !important;
}
docker.yaml: "" docker.yaml: ""
kubernetes.yaml: | kubernetes.yaml: |
mode: cluster mode: cluster
@@ -197,8 +211,8 @@ homepage:
- Books: - Books:
icon: sh-booklore.webp icon: sh-booklore.webp
description: Grimmory description: Grimmory
href: https://grimmory.alexlebens.net href: https://booklore.alexlebens.net
siteMonitor: http://grimmory.grimmory:80 siteMonitor: http://booklore.booklore:80
statusStyle: dot statusStyle: dot
- Public: - Public:
- Site: - Site:

2
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -9,7 +9,7 @@ houndarr:
main: main:
image: image:
repository: ghcr.io/av1155/houndarr repository: ghcr.io/av1155/houndarr
tag: v1.6.2 tag: v1.6.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.2 appVersion: v2.6.1

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-server repository: ghcr.io/immich-app/immich-server
tag: v2.6.2 tag: v2.6.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.29.0 version: 0.28.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:0dcc864984130902acce6d81fa2cf708c3ac748246f94b11d2db90c0b488cce2 digest: sha256:57b007c6e19dda1300f5025332d9e8104bfb9a50cd7124260bfa68ce2432628b
generated: "2026-03-26T16:03:11.654482999Z" generated: "2026-03-16T15:57:13.466372254Z"

2
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.29.0 version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config

6
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.29.0 version: 0.28.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:a3a3400d95d62591012d33ce318075b67412c4b321a30fe5c2c19d9c9566eb86 digest: sha256:49e37e17dc859927048c6474ce27cb063a020f291d6d2d24876d0427eddc3656
generated: "2026-03-26T16:03:24.623811889Z" generated: "2026-03-16T15:57:28.156797159Z"

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.29.0 version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

7
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -5,8 +5,5 @@ dependencies:
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0 version: 7.10.0
- name: volsync-target digest: sha256:a6f33512d929c5a1b70bde6c3294902f5d707855aabbaa815f32e23aa54b266f
repository: oci://harbor.alexlebens.net/helm-charts generated: "2026-03-15T20:06:49.233053802Z"
version: 0.8.0
digest: sha256:c1bbed66c94b64ba44ef1caadf74d46d9bce551e37b62b1cd0a3af9b81046251
generated: "2026-03-24T14:00:56.813765-05:00"

6
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -25,10 +25,6 @@ dependencies:
alias: postgresql-17-fdb-cluster alias: postgresql-17-fdb-cluster
version: 7.10.0 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-keys
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo # renovate: datasource=github-releases depName=moghtech/komodo
appVersion: v2.0.0 appVersion: v1.19.5

24
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -9,7 +9,7 @@ komodo:
main: main:
image: image:
repository: ghcr.io/moghtech/komodo-core repository: ghcr.io/moghtech/komodo-core
tag: 2.0.0@sha256:3cc134272b39313ae1fb34ea8a3c8a0c2f629a3c2eeaf71258702159f154f9e9 tag: 1.19.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: COMPOSE_LOGGING_DRIVER - name: COMPOSE_LOGGING_DRIVER
@@ -145,17 +145,6 @@ komodo:
type: PathPrefix type: PathPrefix
value: / value: /
persistence: persistence:
keys:
forceRename: komodo-keys
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config/keys
readOnly: false
cache: cache:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
@@ -253,14 +242,3 @@ postgresql-17-fdb-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
volsync-target-keys:
pvcTarget: komodo-keys
local:
enabled: true
schedule: 54 11 * * *
remote:
enabled: true
schedule: 54 12 * * *
external:
enabled: true
schedule: 54 13 * * *

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.15.0 version: 82.13.0
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:524759b57f9500d5742b962bcdb114ec556d80ec4418921c93a722e00df57647 digest: sha256:1d90bebd9c0afd20f8ff780edd15da18b20f89cf35fd85832d6d8d44b2e0544b
generated: "2026-03-26T23:02:03.558664114Z" generated: "2026-03-20T18:02:38.368086545Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.15.0 version: 82.13.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.1 appVersion: v0.90.0

2
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -23,4 +23,4 @@ dependencies:
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/loki.png
# renovate: datasource=github-releases depName=grafana/loki # renovate: datasource=github-releases depName=grafana/loki
appVersion: 3.7.0 appVersion: 3.6.7

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.12.24 version: 3.12.23
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:8fb2d00605ade15db97e778f47ecc1ffae3705ce3408a17e0a21f7def65de884 digest: sha256:1578e2c48447f217e72bffb3afcb6f1f15c427a4acce5dbca830cdd7045b1348
generated: "2026-03-24T16:59:56.540825394Z" generated: "2026-03-15T20:07:12.751000922Z"

4
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -29,7 +29,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
version: 3.12.24 version: 3.12.23
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: app-template - name: app-template
alias: matrix-hookshot alias: matrix-hookshot
@@ -81,4 +81,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
# renovate: datasource=github-releases depName=element-hq/synapse # renovate: datasource=github-releases depName=element-hq/synapse
appVersion: v1.150.0 appVersion: v1.149.1

Some files were not shown because too many files have changed in this diff Show More