alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:renovate/unified-cilium
Branches Tags
alexlebens:main alexlebens:renovate/unified-clideywhodb alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-clickhouseclickhouse-server alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:8e9b7d85b2c6900317574266350681a27c5b2c8c
Branches Tags
alexlebens:renovate/unified-clideywhodb alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-clickhouseclickhouse-server alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

1 Commits
renovate/u ... 8e9b7d85b2

Author SHA1 Message Date
Alex Lebens
8e9b7d85b2 feat: rebase
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 20s
Details
render-manifests / render-manifests (pull_request) Successful in 26s
Details
2026-03-26 18:29:18 -05:00
35 changed files with 459 additions and 186 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.95.0@sha256:47096353b25eec6ac930f81bbe36686b70e6a40c82b426d53e967b1b57acd6c5
container: ghcr.io/renovatebot/renovate:43.91.1@sha256:63e27dd3ed7dd5feb755e0f3c8e50516f5845be124311b4f6b3c898b5d767b49
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cilium
repository: https://helm.cilium.io/
version: 1.19.2
digest: sha256:11f8eef4733b70c2b9a91ce39fe3c1ea1ad3fa3c46750efb015e03ff6ea3655b
generated: "2026-03-27T14:05:28.957590664Z"
version: 1.18.6
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
generated: "2026-02-05T12:00:20.15778-06:00"

4
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cilium
version: 1.19.2
version: 1.18.6
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.19.2
appVersion: 1.18.6

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Eraser
keywords:
- eraser
- images
home: https://docs.alexlebens.dev/applications/eraser/
- kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers:
- name: alexlebens
@@ -16,6 +16,6 @@ dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

49
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,37 +1,50 @@
eraser:
runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling:
repeatInterval: 24h
beginImmediately: true
profile:
enabled: false
port: 6060
imageJob:
successRatio: 1.0
cleanup:
delayOnSuccess: 0s
delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components:
collector:
image:
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
enabled: true
request:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 128Mi
scanner:
enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request:
cpu: 1m
memory: 20Mi
cpu: 100m
memory: 128Mi
config: ""
remover:
request:
cpu: 10m
memory: 128Mi
deploy:
image:
repo: ghcr.io/eraser-dev/eraser-manager
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
securityContext:
allowPrivilegeEscalation: false
resources:
limits:
memory: null
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,8 +4,7 @@ version: 1.0.0
description: Excalidraw
keywords:
- excalidraw
- drawing
home: https://docs.alexlebens.dev/applications/eraser/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw

11
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,11 +4,13 @@ excalidraw:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -16,8 +18,8 @@ excalidraw:
value: America/Chicago
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -38,8 +40,11 @@ excalidraw:
- excalidraw.alexlebens.net
rules:
- backendRefs:
- name: excalidraw
- group: ''
kind: Service
name: excalidraw
port: 80
weight: 100
matches:
- path:
type: PathPrefix

5
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,10 +5,11 @@ description: External DNS
keywords:
- external-dns
- dns
home: https://docs.alexlebens.dev/applications/eraser/
- unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
- name: alexlebens

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: api-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key

18
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,27 +1,25 @@
external-dns-unifi:
fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor:
enabled: true
interval: 360m
interval: 1m
sources:
- ingress
- crd
- gateway-httproute
- gateway-tlsroute
policy: sync
registry: txt
txtOwnerId: default
txtPrefix: k8s.
domainFilters: ["alexlebens.net"]
excludeDomains: ["alexlebens.dev"]
excludeDomains: []
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
tag: v0.8.2
env:
- name: UNIFI_HOST
value: https://192.168.1.1
@@ -31,14 +29,18 @@ external-dns-unifi:
name: external-dns-unifi-secret
key: api-key
- name: LOG_LEVEL
value: info
value: debug
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs:
- --ignore-ingress-tls-spec

4
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -2,5 +2,5 @@ dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-20T20:53:08.407747649Z"

8
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: External Secrets
keywords:
- external-secrets
- secrets
- operator
home: https://docs.alexlebens.dev/applications/eraser/
- vault
home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
sources:
- https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0

44
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -1,44 +0,0 @@
external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -5,12 +5,10 @@ description: Foldergram
keywords:
- foldergram
- pictures
home: https://docs.alexlebens.dev/applications/foldergram/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -24,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.8
appVersion: v1.0.6

17
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,15 +4,12 @@ foldergram:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9
tag: 1.0.6
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
@@ -27,8 +24,8 @@ foldergram:
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 1m
memory: 230Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,8 +46,11 @@ foldergram:
- foldergram.alexlebens.net
rules:
- backendRefs:
- name: foldergram
- group: ''
kind: Service
name: foldergram
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -61,6 +61,7 @@ foldergram:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: false
advancedMounts:
main:
main:

5
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: FreshRSS
keywords:
- freshrss
- rss
home: https://docs.alexlebens.dev/applications/freshrss/
home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391
sources:
- https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data:
- secretKey: ADMIN_EMAIL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD
---
@@ -42,13 +51,22 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key

125
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,11 +4,84 @@ freshrss:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers:
main:
image:
repository: freshrss/freshrss
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522
tag: 1.28.1
pullPolicy: IfNotPresent
env:
- name: PGID
value: "568"
@@ -78,7 +151,7 @@ freshrss:
name: freshrss-install-secret
resources:
requests:
cpu: 1m
cpu: 10m
memory: 128Mi
service:
main:
@@ -94,11 +167,31 @@ freshrss:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/www/FreshRSS/data
readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster:
mode: recovery
recovery:
@@ -112,12 +205,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 20 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: freshrss-data
moverSecurityContext:
@@ -125,6 +241,11 @@ volsync-target-data:
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local:
enabled: true
schedule: 18 8 * * *

11
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,13 +4,12 @@ version: 1.0.0
description: Garage
keywords:
- garage
- storage
- s3
home: https://docs.alexlebens.dev/applications/garage/
home: https://wiki.alexlebens.dev/s/
sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
@@ -19,6 +18,6 @@ dependencies:
alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
# renovate: datasource=docker depName=dxflrs/garage
appVersion: v2.2.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=deuxfleurs-org/garage
appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data:
- secretKey: GARAGE_RPC_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: rpc
- secretKey: GARAGE_ADMIN_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: admin
- secretKey: GARAGE_METRICS_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: metric

63
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,6 +4,7 @@ garage:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -21,18 +22,32 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 400Mi
memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -50,18 +65,20 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 400Mi
memory: 128Mi
server-3:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -79,23 +96,26 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 400Mi
memory: 128Mi
webui:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: khairul169/garage-webui
tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
tag: 1.1.0
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: http://garage-main.garage:3903
@@ -108,8 +128,8 @@ garage:
key: GARAGE_ADMIN_TOKEN
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -300,8 +320,11 @@ garage:
- garage-webui.alexlebens.net
rules:
- backendRefs:
- name: garage-webui
- group: ''
kind: Service
name: garage-webui
port: 3909
weight: 100
matches:
- path:
type: PathPrefix
@@ -317,8 +340,11 @@ garage:
- garage-s3.alexlebens.net
rules:
- backendRefs:
- name: garage-main
- group: ''
kind: Service
name: garage-main
port: 3900
weight: 100
matches:
- path:
type: PathPrefix
@@ -335,6 +361,11 @@ garage:
readOnly: true
mountPropagation: None
subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2:
main:
- path: /etc/garage.toml
@@ -358,16 +389,21 @@ garage:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-1:
main:
- path: /var/lib/garage/meta
readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2:
forceRename: garage-db-2
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-2:
main:
@@ -378,6 +414,7 @@ garage:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-3:
main:
@@ -388,11 +425,15 @@ garage:
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 800Gi
retain: true
advancedMounts:
server-1:
main:
- path: /var/lib/garage/data
readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2:
forceRename: garage-data-2
storageClass: synology-iscsi-delete

8
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Gatus
keywords:
- gatus
- uptime-monitor
home: https://docs.alexlebens.dev/applications/gatus/
- healthcheck
- uptime
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
sources:
- https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
---
@@ -34,9 +37,15 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: secret

51
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,14 +1,27 @@
gatus:
deployment:
strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
image:
repository: ghcr.io/twin/gatus
tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d
tag: v5.35.0
annotations:
reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway:
apiVersion: gateway.networking.k8s.io/v1
route:
enabled: true
path: /
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
@@ -60,13 +73,24 @@ gatus:
resources:
requests:
cpu: 10m
memory: 20Mi
memory: 128Mi
persistence:
enabled: true
size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block
serviceMonitor:
enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config:
metrics: true
connectivity:
@@ -401,12 +425,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: gatus
local:

3
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Generic Device Plugin
keywords:
- generic-device-plugin
- device
home: https://docs.alexlebens.dev/applications/generic-device-plugin/
- plugin
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
sources:
- https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: gitea
repository: https://dl.gitea.com/charts/
repository: https://dl.gitea.io/charts/
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39
generated: "2026-03-26T20:59:30.690577-05:00"
digest: sha256:65910bce24fc36bd8e3e4ab0d79c2a18ae076b34aff28bfea8a60598707fe617
generated: "2026-03-26T16:02:55.325421053Z"

13
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,28 +5,29 @@ description: Gitea
keywords:
- gitea
- git
home: https://docs.alexlebens.dev/applications/gitea/
- code
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
sources:
- https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: gitea
version: 12.5.0
repository: https://dl.gitea.com/charts/
repository: https://dl.gitea.io/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
@@ -53,6 +54,6 @@ dependencies:
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password
---
@@ -38,11 +44,17 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: client
---
@@ -62,7 +74,10 @@ spec:
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner
metadataPolicy: None
property: token
---
@@ -82,23 +97,38 @@ spec:
data:
- secretKey: RENOVATE_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl
metadataPolicy: None
property: token
---
@@ -118,15 +148,24 @@ spec:
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config
- secretKey: id_rsa
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: id_rsa.pub
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub
---
@@ -152,5 +191,8 @@ spec:
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY

66
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,11 +2,6 @@ gitea:
global:
imageRegistry: registry.hub.docker.com
replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image:
repository: gitea/gitea
tag: 1.25.5
@@ -19,10 +14,8 @@ gitea:
type: ClusterIP
port: 22
clusterIP: 10.103.160.140
resources:
requests:
cpu: 1000m
memory: 600Mi
ingress:
enabled: false
persistence:
storageClass: ceph-filesystem
size: 40Gi
@@ -48,7 +41,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
enabled: false
oauth:
- name: Authentik
provider: openidConnect
@@ -146,10 +139,9 @@ gitea-actions:
replicas: 6
timezone: America/Chicago
actRunner:
registry: docker.io
registry: ""
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
tag: 0.2.13
config: |
log:
level: debug
@@ -162,19 +154,17 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind:
registry: docker.io
registry: ""
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
tag: 28.3.3-dind
persistence:
storageClass: ceph-block
size: 10Gi
size: 5Gi
init:
image:
registry: docker.io
registry: ""
repository: busybox
# renovate: datasource=docker depName=busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: "1.37.0"
existingSecret: gitea-runner-secret
existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000
@@ -185,14 +175,17 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 5Gi
resources:
requests:
cpu: 1m
memory: 160Mi
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
postgres-18-cluster:
@@ -200,8 +193,8 @@ postgres-18-cluster:
cluster:
resources:
requests:
cpu: 100m
memory: 100Mi
memory: 1Gi
cpu: 200m
recovery:
method: objectStore
objectStore:
@@ -213,18 +206,41 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 7 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea:
valkey:
resources:
requests:
cpu: 20m
memory: 2Gi
memory: 256Mi
dataStorage:
requestedSize: 10Gi
replica:

2
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.3
appVersion: v1.6.2

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.3
tag: 0.18.2
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.3
tag: 0.18.2
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.3
tag: 0.18.2
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:032eec8dcd3799007059d0753e9d04837fc8dba8d8b749a08469118a8039b703
tag: latest@sha256:f01ceee858fe70e0ba6bf96934cdfad1ecc51fc528e72e17065b800f98ea87bb
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:032eec8dcd3799007059d0753e9d04837fc8dba8d8b749a08469118a8039b703
tag: latest@sha256:f01ceee858fe70e0ba6bf96934cdfad1ecc51fc528e72e17065b800f98ea87bb
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.11.0
tag: 0.9.0
pullPolicy: IfNotPresent
resources:
requests:

2
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.12
appVersion: v3.6.11

14
renovate.json
View File

@@ -158,10 +158,10 @@
},
{
"description": "Group apps by their keyword",
"groupName": "{{{replace '^.*(dawarich|komodo|immich|home-assistant|element-web|cilium|tdarr|argo-cd|traefik).*$' '$1' depName}}}",
"groupName": "{{{replace '^.*(dawarich|komodo|immich|home-assistant|element-web|cilium|tdarr|argo-cd).*$' '$1' depName}}}",
"groupSlug": "unified-{{{groupName}}}",
"matchPackageNames": [
"/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium|tdarr|argo-cd|traefik)/"
"/(^|/)(?<appName>dawarich|komodo|immich|home-assistant|element-web|cilium|tdarr|argo-cd)/"
]
},
{
@@ -188,16 +188,6 @@
"/^rook(-ceph|\\/rook|\\/ceph)/"
]
},
{
"description": "Open for digest updates, specific packages",
"matchUpdateTypes": [
"digest"
],
"matchPackageNames": [
"excalidraw/excalidraw"
],
"enabled": true
},
{
"description": "Automerge digest updates, specific packages",
"matchUpdateTypes": [