alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 3 Activity

Compare commits

base: alexlebens:renovate/unified-cloudnative-pg
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-home-assistant alexlebens:renovate/unified-whatsapp alexlebens:renovate/unified-cloudnative-pg alexlebens:manifests alexlebens:renovate/unified-musicgrabber
..
compare: alexlebens:758252cee67f5057d6c6adacd1827836b7e07733
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:main alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-home-assistant alexlebens:renovate/unified-whatsapp alexlebens:renovate/unified-cloudnative-pg alexlebens:manifests alexlebens:renovate/unified-musicgrabber

1 Commits
renovate/u ... 758252cee6

Author SHA1 Message Date
Renovate Bot
758252cee6 chore(deps): update helm release cilium to v1.19.2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 12s
Details
render-manifests / render-manifests (pull_request) Has been skipped
Details
2026-03-25 00:15:36 +00:00
157 changed files with 1464 additions and 1196 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.102.8@sha256:e230599b399a3ed960987fe652550e39cd4f514dbe9a693839da1b99f049a0e1
container: ghcr.io/renovatebot/renovate:43.89.3@sha256:95ef56f2595ea6ee1acac7c9ef6c8e2112a9be0699a42df9921310923aed7167
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

5
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -14,8 +14,8 @@ actual:
value: 5006
resources:
requests:
cpu: 10m
memory: 50Mi
cpu: 25m
memory: 64Mi
probes:
liveness:
enabled: true
@@ -39,6 +39,7 @@ actual:
http:
port: 80
targetPort: 5006
protocol: HTTP
route:
main:
kind: HTTPRoute

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
digest: sha256:a249bd8faad886fa267cb42e843fd6465b3c4147961d182b73dd64ef9e6ca06e
generated: "2026-03-31T18:36:18.025982-05:00"
version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b
generated: "2026-03-24T16:59:01.228848139Z"

2
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows

10
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -30,8 +30,8 @@ argo-workflows:
cronWorkflowWorkers: 2
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 32Mi
serviceMonitor:
enabled: true
workflowNamespaces:
@@ -76,7 +76,7 @@ argo-events:
controller:
resources:
requests:
cpu: 1m
cpu: 10m
memory: 32Mi
metrics:
enabled: true
@@ -86,8 +86,8 @@ argo-events:
enabled: true
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 32Mi
postgres-18-cluster:
mode: recovery
recovery:

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.17
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-03-28T01:51:34.832601868Z"
version: 9.4.15
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-03-20T01:09:07.547016465Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.17
version: 9.4.15
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.6
appVersion: v3.3.4

24
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -34,7 +34,7 @@ argo-cd:
replicas: 1
resources:
requests:
cpu: 100m
cpu: 15m
memory: 1Gi
readinessProbe:
failureThreshold: 3
@@ -77,7 +77,7 @@ argo-cd:
enabled: true
resources:
requests:
cpu: 1m
cpu: 10m
memory: 64Mi
metrics:
enabled: true
@@ -98,7 +98,7 @@ argo-cd:
resources:
requests:
cpu: 1000m
memory: 50Mi
memory: 64Mi
haproxy:
enabled: true
image:
@@ -106,8 +106,8 @@ argo-cd:
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources:
requests:
cpu: 5m
memory: 90Mi
cpu: 10m
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
@@ -138,8 +138,8 @@ argo-cd:
replicas: 2
resources:
requests:
cpu: 20m
memory: 80Mi
cpu: 10m
memory: 64Mi
metrics:
enabled: true
serviceMonitor:
@@ -157,8 +157,8 @@ argo-cd:
replicas: 2
resources:
requests:
cpu: 1m
memory: 50Mi
cpu: 10m
memory: 64Mi
readinessProbe:
enabled: true
failureThreshold: 3
@@ -182,7 +182,7 @@ argo-cd:
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 64Mi
metrics:
enabled: true
serviceMonitor:
@@ -218,8 +218,8 @@ argo-cd:
value: Bearer $ntfy-token
resources:
requests:
cpu: 2m
memory: 50Mi
cpu: 10m
memory: 64Mi
livenessProbe:
enabled: true
readinessProbe:

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -18,7 +18,7 @@ audiobookshelf:
value: America/Chicago
resources:
requests:
cpu: 1m
cpu: 10m
memory: 200Mi
apprise-api:
image:
@@ -49,9 +49,11 @@ audiobookshelf:
http:
port: 80
targetPort: 80
protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
serviceMonitor:
main:
selector:

8
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:4b90c5af4cc7f37b04284aafd75ddda1241c71acb726932e7e21520b5bf98543
generated: "2026-03-31T18:36:26.87524-05:00"
version: 0.4.0
digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-03-15T20:04:35.99407071Z"

4
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -25,11 +25,11 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

10
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -33,7 +33,7 @@ authentik:
replicas: 2
resources:
requests:
cpu: 20m
cpu: 100m
memory: 700Mi
livenessProbe:
failureThreshold: 3
@@ -66,8 +66,8 @@ authentik:
replicas: 2
resources:
requests:
cpu: 80m
memory: 650Mi
cpu: 100m
memory: 512Mi
metrics:
enabled: true
serviceMonitor:
@@ -77,10 +77,6 @@ authentik:
enabled: true
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery:
method: objectStore
objectStore:

5
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -22,8 +22,8 @@ backrest:
value: /tmp
resources:
requests:
cpu: 1m
memory: 30Mi
cpu: 10m
memory: 80Mi
service:
main:
controller: main
@@ -31,6 +31,7 @@ backrest:
http:
port: 80
targetPort: 9898
protocol: TCP
serviceMonitor:
main:
selector:

9
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -14,7 +14,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
env:
- name: TZ
value: America/Chicago
@@ -23,11 +23,9 @@ bazarr:
- name: PGID
value: 1000
resources:
limits:
cpu: 100m
requests:
cpu: 1m
memory: 250Mi
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -35,6 +33,7 @@ bazarr:
http:
port: 80
targetPort: 6767
protocol: HTTP
route:
main:
kind: HTTPRoute

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:49b0e666059bad492ebaa4a20119ce5bbd1959a1ee6b22b271a9ca9529122697
generated: "2026-03-31T18:37:20.549898-05:00"
version: 0.4.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-09T23:06:16.853255429Z"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -15,7 +15,7 @@ blocky:
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 90Mi
configMaps:
config:
enabled: true
@@ -144,7 +144,6 @@ blocky:
objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.20.1
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
generated: "2026-03-28T01:35:24.542754563Z"
version: v1.20.0
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-03-10T16:06:49.332999536Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.20.1
version: v1.20.0
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.1
appVersion: v1.20.0

6
clusters/cl01tl/helm/cilium/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cilium
repository: https://helm.cilium.io/
version: 1.18.6
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
generated: "2026-02-05T12:00:20.15778-06:00"
version: 1.19.2
digest: sha256:11f8eef4733b70c2b9a91ce39fe3c1ea1ad3fa3c46750efb015e03ff6ea3655b
generated: "2026-03-25T00:15:27.521801416Z"

2
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: cilium
version: 1.18.6
version: 1.19.2
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.28.0
version: 0.27.1
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.5.0
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
generated: "2026-04-01T18:06:35.828735622Z"
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-02-05T19:36:19.473447121Z"

4
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.28.0
version: 0.27.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0
appVersion: 1.28.1

8
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -3,14 +3,14 @@ cloudnative-pg:
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 64Mi
monitoring:
podMonitorEnabled: true
plugin-barman-cloud:
replicaCount: 1
replicaCount: 2
crds:
create: true
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 64Mi

12
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -5,14 +5,14 @@ description: Code Server
keywords:
- code-server
- code
home: https://docs.alexlebens.dev/applications/code-server/
- ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources:
- https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -28,5 +28,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.112.0
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.108.1

6
clusters/cl01tl/helm/code-server/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

21
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -4,18 +4,16 @@ code-server:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0-ls325@sha256:a17ee95f4e1b43284fe5dfea99e82c8a26f096534215ff36817fa80161eec220
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -27,8 +25,8 @@ code-server:
name: codeserver-password-secret
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -36,6 +34,7 @@ code-server:
http:
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -48,8 +47,11 @@ code-server:
- code-server.alexlebens.net
rules:
- backendRefs:
- name: code-server
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
@@ -60,6 +62,7 @@ code-server:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords:
- coredns
- dns
home: https://docs.alexlebens.dev/applications/coredns/
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/coredns/coredns
- https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns
version: 1.45.2
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
tag: v1.14.2
replicaCount: 3
resources:
limits:
cpu: null
memory: null
requests:
cpu: 30m
memory: 30Mi
cpu: 50m
memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus:
service:
enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor:
enabled: true
namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount:
create: true
name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers:
- zones:
- zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.111.232.172
- zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.97.20.219
nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists
effect: NoSchedule
deployment:
skipConfig: false
enabled: true
name: coredns

8
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:1f513bd53430dd0fbba301ab5577aca85e984394dfdca9f615aae944a09c6bc0
generated: "2026-03-31T18:37:35.858603-05:00"
version: 0.4.0
digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-03-15T20:04:49.68456485Z"

11
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Dawarich
keywords:
- dawarich
- location
home: https://docs.alexlebens.dev/applications/dawarich/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -21,12 +18,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.0
appVersion: 1.4.0

9
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key
metadataPolicy: None
property: key
---
@@ -34,9 +37,15 @@ spec:
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret

77
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freikin/dawarich
tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
command:
- "web-entrypoint.sh"
args:
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
tag: 1.4.0
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
env:
- name: RAILS_ENV
value: production
@@ -91,14 +86,14 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10
resources:
requests:
cpu: 20m
memory: 750Mi
cpu: 10m
memory: 128Mi
sidekiq:
image:
repository: freikin/dawarich
tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
command:
- "sidekiq-entrypoint.sh"
args:
- "sidekiq"
tag: 1.4.0
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
env:
- name: RAILS_ENV
value: production
@@ -191,19 +185,23 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- pgrep
- -f
- sidekiq
- /bin/sh
- -c
- pgrep -f sidekiq
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -211,9 +209,11 @@ dawarich:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
@@ -238,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net
rules:
- backendRefs:
- name: dawarich
- group: ""
kind: Service
name: dawarich
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -250,6 +253,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -263,6 +267,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -276,6 +281,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
@@ -307,9 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords:
- democratic-csi-synology-iscsi
- iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/
- kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources:
- https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: driver-config-file.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml

32
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,35 +1,15 @@
democratic-csi:
driver:
image:
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
replicaCount: 3
externalAttacher:
image:
registry: registry.k8s.io/sig-storage/csi-attacher
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
enabled: true
rbac:
enabled: true
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
@@ -55,7 +35,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

3
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Descheduler
keywords:
- descheduler
- kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/
- kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler

41
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,22 +1,27 @@
descheduler:
kind: Deployment
resources:
limits:
cpu: null
memory: null
requests:
cpu: 10m
memory: 50Mi
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m
replicas: 3
replicas: 1
leaderElection:
enabled: true
leaseDuration: 15s
renewDeadline: 10s
retryPeriod: 2s
resourceLock: "leases"
resourceName: "descheduler"
resourceNamespace: "descheduler"
enabled: false
command:
- "/bin/descheduler"
cmdOptions:
v: 3
deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
deschedulerPolicy:
profiles:
- name: default
@@ -48,13 +53,13 @@ descheduler:
- name: LowNodeUtilization
args:
thresholds:
cpu: 20
memory: 20
pods: 20
cpu: 30
memory: 30
pods: 50
targetThresholds:
cpu: 50
memory: 50
pods: 60
cpu: 60
memory: 40
pods: 80
plugins:
balance:
enabled:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:116183cdff428293215553b7e60be9aefafbbaaaf64c01f1fc974badd3e0754b
generated: "2026-03-31T18:37:42.414041-05:00"
version: 0.4.0
digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-03-15T20:05:03.156596646Z"

16
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus
keywords:
- directus
- content-management-system
home: https://docs.alexlebens.dev/applications/descheduler/
- cms
home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources:
- https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -21,12 +23,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.1
appVersion: 11.16.1

39
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data:
- secretKey: admin-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: key
---
@@ -46,11 +58,17 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
---
@@ -70,7 +88,10 @@ spec:
data:
- secretKey: metric-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token
---
@@ -90,15 +111,24 @@ spec:
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
---
@@ -118,13 +148,22 @@ spec:
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password

38
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,12 @@ directus:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.1@sha256:1dd2080a50a9f6df2b6f49df15a7734424bbd1a5902983c4b6e447f22027b80b
repository: directus/directus
tag: 11.16.1
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
@@ -143,7 +144,7 @@ directus:
resources:
requests:
cpu: 10m
memory: 300Mi
memory: 256Mi
service:
main:
controller: main
@@ -151,6 +152,7 @@ directus:
http:
port: 80
targetPort: 8055
protocol: TCP
serviceMonitor:
main:
selector:
@@ -178,8 +180,11 @@ directus:
- directus.alexlebens.net
rules:
- backendRefs:
- name: directus
- group: ''
kind: Service
name: directus
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -197,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey:
valkey:
auth:
@@ -211,7 +239,5 @@ valkey:
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false

5
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator
- operator
- elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -16,6 +17,6 @@ dependencies:
- name: eck-operator
version: 3.3.1
repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.1

7
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -4,13 +4,6 @@ eck-operator:
- stalwart
installCRDs: true
replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry:
disabled: true
config:

8
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,11 +4,13 @@ version: 1.0.0
description: Element Web
keywords:
- element-web
- matrix-chat
home: https://docs.alexlebens.dev/applications/element-web/
- chat
- matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources:
- https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
repository: vectorim/element-web
tag: v1.12.13
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true
default_theme: dark
default_country_code: US
ingress:
enabled: false
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Eraser
keywords:
- eraser
- images
home: https://docs.alexlebens.dev/applications/eraser/
- kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers:
- name: alexlebens
@@ -16,6 +16,6 @@ dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

49
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,37 +1,50 @@
eraser:
runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling:
repeatInterval: 24h
beginImmediately: true
profile:
enabled: false
port: 6060
imageJob:
successRatio: 1.0
cleanup:
delayOnSuccess: 0s
delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components:
collector:
image:
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
enabled: true
request:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 128Mi
scanner:
enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request:
cpu: 1m
memory: 20Mi
cpu: 100m
memory: 128Mi
config: ""
remover:
request:
cpu: 10m
memory: 128Mi
deploy:
image:
repo: ghcr.io/eraser-dev/eraser-manager
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
securityContext:
allowPrivilegeEscalation: false
resources:
limits:
memory: null
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 30Mi
nodeSelector:
kubernetes.io/os: linux

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,8 +4,7 @@ version: 1.0.0
description: Excalidraw
keywords:
- excalidraw
- drawing
home: https://docs.alexlebens.dev/applications/eraser/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw

12
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,11 +4,13 @@ excalidraw:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -16,8 +18,8 @@ excalidraw:
value: America/Chicago
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -25,6 +27,7 @@ excalidraw:
http:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -37,8 +40,11 @@ excalidraw:
- excalidraw.alexlebens.net
rules:
- backendRefs:
- name: excalidraw
- group: ''
kind: Service
name: excalidraw
port: 80
weight: 100
matches:
- path:
type: PathPrefix

5
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,10 +5,11 @@ description: External DNS
keywords:
- external-dns
- dns
home: https://docs.alexlebens.dev/applications/eraser/
- unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:
- name: alexlebens

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: api-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key

18
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,27 +1,25 @@
external-dns-unifi:
fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor:
enabled: true
interval: 360m
interval: 1m
sources:
- ingress
- crd
- gateway-httproute
- gateway-tlsroute
policy: sync
registry: txt
txtOwnerId: default
txtPrefix: k8s.
domainFilters: ["alexlebens.net"]
excludeDomains: ["alexlebens.dev"]
excludeDomains: []
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
tag: v0.8.2
env:
- name: UNIFI_HOST
value: https://192.168.1.1
@@ -31,14 +29,18 @@ external-dns-unifi:
name: external-dns-unifi-secret
key: api-key
- name: LOG_LEVEL
value: info
value: debug
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
extraArgs:
- --ignore-ingress-tls-spec

4
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -2,5 +2,5 @@ dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-20T20:53:08.407747649Z"

8
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: External Secrets
keywords:
- external-secrets
- secrets
- operator
home: https://docs.alexlebens.dev/applications/eraser/
- vault
home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
sources:
- https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0

44
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -1,44 +0,0 @@
external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

6
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -5,12 +5,10 @@ description: Foldergram
keywords:
- foldergram
- pictures
home: https://docs.alexlebens.dev/applications/foldergram/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -24,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
# renovate: datasource=github-releases depName=foldergram/foldergram
appVersion: v1.0.9
appVersion: v1.0.6

18
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,15 +4,12 @@ foldergram:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.0.9@sha256:aa6707e7456386f2d74b8f2769d0281f4127d1276349583b8531dbaa8f844883
tag: 1.0.6
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
@@ -27,8 +24,8 @@ foldergram:
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 1m
memory: 230Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -36,6 +33,7 @@ foldergram:
http:
port: 80
targetPort: 4141
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -48,8 +46,11 @@ foldergram:
- foldergram.alexlebens.net
rules:
- backendRefs:
- name: foldergram
- group: ''
kind: Service
name: foldergram
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -60,6 +61,7 @@ foldergram:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: false
advancedMounts:
main:
main:

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ebf08159809ef0d69fcb8742b47245c82994b528c2f58e5ed40293555e085ecd
generated: "2026-03-31T18:37:59.187695-05:00"
digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
generated: "2026-03-15T20:05:14.085780861Z"

7
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: FreshRSS
keywords:
- freshrss
- rss
home: https://docs.alexlebens.dev/applications/freshrss/
home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391
sources:
- https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,7 +26,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data:
- secretKey: ADMIN_EMAIL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD
---
@@ -42,13 +51,22 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key

128
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,11 +4,84 @@ freshrss:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers:
main:
image:
repository: freshrss/freshrss
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522
tag: 1.28.1
pullPolicy: IfNotPresent
env:
- name: PGID
value: "568"
@@ -78,8 +151,8 @@ freshrss:
name: freshrss-install-secret
resources:
requests:
cpu: 1m
memory: 100Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -87,17 +160,38 @@ freshrss:
http:
port: 80
targetPort: 80
protocol: HTTP
persistence:
data:
forceRename: freshrss-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/www/FreshRSS/data
readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster:
mode: recovery
recovery:
@@ -111,12 +205,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 20 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: freshrss-data
moverSecurityContext:
@@ -124,6 +241,11 @@ volsync-target-data:
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local:
enabled: true
schedule: 18 8 * * *

11
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,13 +4,12 @@ version: 1.0.0
description: Garage
keywords:
- garage
- storage
- s3
home: https://docs.alexlebens.dev/applications/garage/
home: https://wiki.alexlebens.dev/s/
sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
@@ -19,6 +18,6 @@ dependencies:
alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
# renovate: datasource=docker depName=dxflrs/garage
appVersion: v2.2.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=deuxfleurs-org/garage
appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data:
- secretKey: GARAGE_RPC_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: rpc
- secretKey: GARAGE_ADMIN_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: admin
- secretKey: GARAGE_METRICS_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token
metadataPolicy: None
property: metric

76
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,6 +4,7 @@ garage:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -21,18 +22,32 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 128Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -50,18 +65,20 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 128Mi
server-3:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
garage-type: server
@@ -79,23 +96,26 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
tag: v2.2.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: garage-token-secret
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 128Mi
webui:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: khairul169/garage-webui
tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
tag: 1.1.0
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: http://garage-main.garage:3903
@@ -108,8 +128,8 @@ garage:
key: GARAGE_ADMIN_TOKEN
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -212,15 +232,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-2:
forceRename: garage-2
controller: server-2
@@ -228,15 +252,19 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-3:
forceRename: garage-3
controller: server-3
@@ -244,21 +272,26 @@ garage:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol: HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
webui:
controller: webui
ports:
webui:
port: 3909
targetPort: 3909
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -287,8 +320,11 @@ garage:
- garage-webui.alexlebens.net
rules:
- backendRefs:
- name: garage-webui
- group: ''
kind: Service
name: garage-webui
port: 3909
weight: 100
matches:
- path:
type: PathPrefix
@@ -304,8 +340,11 @@ garage:
- garage-s3.alexlebens.net
rules:
- backendRefs:
- name: garage-main
- group: ''
kind: Service
name: garage-main
port: 3900
weight: 100
matches:
- path:
type: PathPrefix
@@ -322,6 +361,11 @@ garage:
readOnly: true
mountPropagation: None
subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2:
main:
- path: /etc/garage.toml
@@ -345,16 +389,21 @@ garage:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-1:
main:
- path: /var/lib/garage/meta
readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2:
forceRename: garage-db-2
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-2:
main:
@@ -365,6 +414,7 @@ garage:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 50Gi
retain: true
advancedMounts:
server-3:
main:
@@ -375,11 +425,15 @@ garage:
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 800Gi
retain: true
advancedMounts:
server-1:
main:
- path: /var/lib/garage/data
readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2:
forceRename: garage-data-2
storageClass: synology-iscsi-delete

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:1f530794c6d9c4a487d30443dce7ddf556524c7f875c6e5249b135e81528f0c5
generated: "2026-03-31T19:06:30.871275-05:00"
digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
generated: "2026-03-15T20:05:27.625292422Z"

10
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Gatus
keywords:
- gatus
- uptime-monitor
home: https://docs.alexlebens.dev/applications/gatus/
- healthcheck
- uptime
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
sources:
- https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -20,7 +22,7 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
---
@@ -34,9 +37,15 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus
metadataPolicy: None
property: secret

57
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,14 +1,27 @@
gatus:
deployment:
strategy: Recreate
readinessProbe:
enabled: true
livenessProbe:
enabled: true
image:
repository: ghcr.io/twin/gatus
tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d
tag: v5.35.0
annotations:
reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway:
apiVersion: gateway.networking.k8s.io/v1
route:
enabled: true
path: /
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
@@ -60,13 +73,24 @@ gatus:
resources:
requests:
cpu: 10m
memory: 20Mi
memory: 128Mi
persistence:
enabled: true
size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block
serviceMonitor:
enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config:
metrics: true
connectivity:
@@ -164,15 +188,15 @@ gatus:
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
<<: *defaults
- name: kiwix
url: https://kiwix.alexlebens.net
<<: *defaults
- name: excalidraw
url: https://excalidraw.alexlebens.net
<<: *defaults
- name: languagetool
url: https://languagetool.alexlebens.net
<<: *defaults
- name: gitea
url: https://gitea.alexlebens.net
<<: *defaults
@@ -401,12 +425,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: gatus
local:

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.27
digest: sha256:b66a7ab013f5eda47ccf94824796e026642e1abfc051e498957ee0f59743e9fc
generated: "2026-03-31T21:37:08.823163353Z"
version: 0.20.26
digest: sha256:47d12b7555d345dea0438d13ac538896994dbd44b142b9a546dbfe5c0939a92b
generated: "2026-03-24T16:59:26.537547513Z"

5
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Generic Device Plugin
keywords:
- generic-device-plugin
- device
home: https://docs.alexlebens.dev/applications/generic-device-plugin/
- plugin
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
sources:
- https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin
@@ -14,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.27
version: 0.20.26
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

12
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,13 +1,13 @@
dependencies:
- name: gitea
repository: https://dl.gitea.com/charts/
repository: https://dl.gitea.io/charts/
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
version: 0.0.3
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.30.0
version: 0.28.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
@@ -16,12 +16,12 @@ dependencies:
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:bbc7c8c9da52c79c8b8cfe93ec75a1df75fd2985e82417e61eae6ba11da52a89
generated: "2026-03-31T18:38:06.461077-05:00"
digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
generated: "2026-03-16T15:56:55.197735783Z"

19
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,34 +5,35 @@ description: Gitea
keywords:
- gitea
- git
home: https://docs.alexlebens.dev/applications/gitea/
- code
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
sources:
- https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: gitea
version: 12.5.0
repository: https://dl.gitea.com/charts/
repository: https://dl.gitea.io/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.0.3
- name: meilisearch
version: 0.30.0
version: 0.28.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
@@ -43,16 +44,16 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-renovate
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password
---
@@ -38,11 +44,17 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea
metadataPolicy: None
property: client
---
@@ -62,7 +74,10 @@ spec:
data:
- secretKey: token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner
metadataPolicy: None
property: token
---
@@ -82,23 +97,38 @@ spec:
data:
- secretKey: RENOVATE_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl
metadataPolicy: None
property: token
---
@@ -118,15 +148,24 @@ spec:
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config
- secretKey: id_rsa
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa
- secretKey: id_rsa.pub
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub
---
@@ -152,5 +191,8 @@ spec:
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY

66
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,11 +2,6 @@ gitea:
global:
imageRegistry: registry.hub.docker.com
replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image:
repository: gitea/gitea
tag: 1.25.5
@@ -19,10 +14,8 @@ gitea:
type: ClusterIP
port: 22
clusterIP: 10.103.160.140
resources:
requests:
cpu: 1000m
memory: 600Mi
ingress:
enabled: false
persistence:
storageClass: ceph-filesystem
size: 40Gi
@@ -48,7 +41,7 @@ gitea:
metrics:
enabled: true
serviceMonitor:
enabled: true
enabled: false
oauth:
- name: Authentik
provider: openidConnect
@@ -146,10 +139,9 @@ gitea-actions:
replicas: 6
timezone: America/Chicago
actRunner:
registry: docker.io
registry: ""
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
tag: 0.2.13
config: |
log:
level: debug
@@ -162,19 +154,17 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind:
registry: docker.io
registry: ""
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
tag: 28.3.3-dind
persistence:
storageClass: ceph-block
size: 10Gi
size: 5Gi
init:
image:
registry: docker.io
registry: ""
repository: busybox
# renovate: datasource=docker depName=busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: "1.37.0"
existingSecret: gitea-runner-secret
existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000
@@ -185,14 +175,17 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence:
enabled: true
storageClass: ceph-block
size: 5Gi
resources:
requests:
cpu: 1m
memory: 160Mi
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
postgres-18-cluster:
@@ -200,8 +193,8 @@ postgres-18-cluster:
cluster:
resources:
requests:
cpu: 100m
memory: 150Mi
memory: 1Gi
cpu: 200m
recovery:
method: objectStore
objectStore:
@@ -213,18 +206,41 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 7 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea:
valkey:
resources:
requests:
cpu: 20m
memory: 1Gi
memory: 256Mi
dataStorage:
requestedSize: 10Gi
replica:

10
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:1f6bf4f0f24f85d8c362766010e4f42d26458c0412b67afab9b05f2e17eacced
generated: "2026-03-31T19:12:08.326471-05:00"
version: 0.4.0
digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2
generated: "2026-03-18T10:04:15.165729555Z"

13
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -5,13 +5,14 @@ description: Grafana Operator
keywords:
- grafana-operator
- dashboard
home: https://docs.alexlebens.dev/applications/grafana-operator/
- metrics
- logs
home: https://wiki.alexlebens.dev/s/3e5723e1-2ab7-45ab-b496-b8854907fa39
sources:
- https://github.com/grafana/grafana-operator
- https://github.com/grafana/grafana/pkgs/container/grafana%2Fgrafana
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/grafana/grafana-operator/tree/master/deploy/helm/grafana-operator
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -20,15 +21,15 @@ dependencies:
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-remote-cache
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator

27
clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: admin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-user
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/grafana/auth
metadataPolicy: None
property: admin-password
---
@@ -38,11 +44,17 @@ spec:
data:
- secretKey: AUTH_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: client
- secretKey: AUTH_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/grafana
metadataPolicy: None
property: secret
---
@@ -62,11 +74,17 @@ spec:
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret
---
@@ -86,13 +104,22 @@ spec:
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION

136
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -11,9 +11,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/ceph.json
---
@@ -30,9 +30,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/coredns.json
---
@@ -49,9 +49,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/etcd.json
---
@@ -68,9 +68,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/garage.json
---
@@ -87,9 +87,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/loki.json
---
@@ -106,9 +106,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-full.json
---
@@ -125,9 +125,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/node-short.json
---
@@ -144,9 +144,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-system
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/system/pods.json
---
@@ -163,9 +163,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/argocd.json
---
@@ -182,9 +182,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/blocky.json
---
@@ -201,9 +201,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cert-manager.json
---
@@ -220,9 +220,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/cloudnative-pg.json
---
@@ -239,9 +239,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
---
@@ -258,9 +258,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/gatus.json
---
@@ -277,9 +277,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/grafana-operator.json
---
@@ -296,9 +296,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json
---
@@ -315,9 +315,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/speedtest-exporter.json
---
@@ -334,9 +334,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/spegel.json
---
@@ -353,9 +353,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
---
@@ -372,9 +372,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
---
@@ -391,9 +391,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/unpoller.json
---
@@ -410,9 +410,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/volsync.json
---
@@ -429,9 +429,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/s3.json
---
@@ -448,9 +448,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/authentik.json
---
@@ -467,9 +467,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/gitea.json
---
@@ -486,9 +486,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
---
@@ -505,9 +505,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/qbittorrent.json
---
@@ -524,9 +524,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-platform
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
---
@@ -543,9 +543,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-iot
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/airgradient.json
---
@@ -562,9 +562,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-iot
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/iot/server-power-consumption.json
---
@@ -581,9 +581,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-application
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/immich.json
---
@@ -600,9 +600,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-application
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
---
@@ -619,9 +619,9 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-application
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
---
@@ -638,7 +638,7 @@ spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
contentCacheDuration: 1h
folderUID: grafana-folder-application
resyncPeriod: 6h
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/sonarr.json

16
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -56,12 +56,11 @@ spec:
spec:
containers:
- name: grafana
# renovate: datasource=docker depName=grafana/grafana
image: grafana/grafana:12.4.2@sha256:83749231c3835e390a3144e5e940203e42b9589761f20ef3169c716e734ad505
image: grafana/grafana:12.0.0
resources:
requests:
cpu: 20m
memory: 150Mi
cpu: 100m
memory: 128Mi
env:
- name: AUTH_CLIENT_ID
valueFrom:
@@ -108,12 +107,3 @@ spec:
secretKeyRef:
name: grafana-operator-postgresql-18-cluster-app
key: password
httpRoute:
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- grafana.alexlebens.net

28
clusters/cl01tl/helm/grafana-operator/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: grafana
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- grafana.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: grafana-main-service
port: 3000
weight: 100

38
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -1,16 +1,17 @@
grafana-operator:
image:
registry: ghcr.io
repository: grafana/grafana-operator
# renovate: datasource=docker depName=ghcr.io/grafana/grafana-operator
tag: v5.22.2@sha256:d45fc24e8f43d83286d81625ee8d919d0fc88255a6500b63f68d7966a4f9e9af
replicas: 2
serviceAccount:
create: true
rbac:
create: true
resources:
requests:
cpu: 1m
memory: 50Mi
cpu: 10m
memory: 64Mi
serviceMonitor:
enabled: true
dashboard:
enabled: false
postgres-18-cluster:
mode: recovery
recovery:
@@ -24,12 +25,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-unified-alerting:
valkey:
nameOverride: valkey-unified-alerting

1
clusters/cl01tl/helm/grimmory/values.yaml
View File

@@ -44,6 +44,7 @@ grimmory:
http:
port: 80
targetPort: 6060
protocol: HTTP
route:
main:
kind: HTTPRoute

8
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.1
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
generated: "2026-03-31T18:38:15.510833-05:00"
version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa
generated: "2026-03-19T04:16:54.362332682Z"

13
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: Harbor
keywords:
- harbor
- image-registry
home: https://docs.alexlebens.dev/applications/harbor/
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9
sources:
- https://github.com/goharbor
- https://github.com/orgs/goharbor/packages
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goharbor/harbor-helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -20,11 +21,11 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
version: 7.10.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor

36
clusters/cl01tl/helm/harbor/templates/external-secret.yaml
View File

@@ -14,49 +14,85 @@ spec:
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: CSRF_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: CSRF_KEY
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: secret
- secretKey: tls.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.crt
- secretKey: tls.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.key
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/jobservice
metadataPolicy: None
property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD

38
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -21,9 +21,13 @@ harbor:
size: 100Gi
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
internalTLS:
enabled: false
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
@@ -69,12 +73,12 @@ harbor:
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 72h
interval: 24h
dryrun: false
trivy:
enabled: true
image:
repository: ghcr.io/goharbor/trivy-adapter-photon
tag: v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
database:
type: external
external:
@@ -105,14 +109,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 14 * * *"
backupName: garage-local
valkey:
valkey:
resources:
requests:
memory: 30Mi
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.41.0
digest: sha256:b1cbc64b393c6c9e1c460510adab528cee8336735659040b9c517976e5c6f15d
generated: "2026-03-26T15:07:50.703213905Z"
version: 0.40.1
digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03
generated: "2026-03-14T15:02:53.184950913Z"

5
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Headlamp
keywords:
- headlamp
- dashboard
home: https://docs.alexlebens.dev/applications/headlamp/
- kubernetes
home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243
sources:
- https://github.com/headlamp-k8s/headlamp
- https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp
@@ -13,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: headlamp
version: 0.41.0
version: 0.40.1
repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp

18
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -14,25 +14,43 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: secret
- secretKey: OIDC_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: issuer
- secretKey: OIDC_SCOPES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-client-id

28
clusters/cl01tl/helm/headlamp/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: headlamp
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: headlamp
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100

28
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -1,9 +1,5 @@
headlamp:
replicaCount: 2
image:
registry: ghcr.io
repository: headlamp-k8s/headlamp
tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb
config:
oidc:
secret:
@@ -14,30 +10,10 @@ headlamp:
watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
httpRoute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: headlamp
port: 80
weight: 100
resources:
requests:
cpu: 1m
memory: 80Mi
cpu: 10m
memory: 128Mi
pluginsManager:
enabled: true
securityContext:

7
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Home Assistant
keywords:
- home-assistant
- home-automation
home: https://docs.alexlebens.dev/applications/home-assistant/
- home
- automation
home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca
sources:
- https://www.home-assistant.io/
- https://github.com/home-assistant/core
- https://github.com/home-assistant/core/pkgs/container/home-assistant
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

9
clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
@@ -38,5 +44,8 @@ spec:
data:
- secretKey: bearer-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token

37
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -4,29 +4,28 @@ home-assistant:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.4@sha256:916682086154a7390114a9788782b8efb199852d4f7d47066722c2bc5d1829e6
tag: 2026.3.4
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 1m
memory: 400Mi
cpu: 50m
memory: 512Mi
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0-ls325@sha256:a17ee95f4e1b43284fe5dfea99e82c8a26f096534215ff36817fa80161eec220
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -36,6 +35,10 @@ home-assistant:
envFrom:
- secretRef:
name: home-assistant-code-server-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -43,12 +46,14 @@ home-assistant:
http:
port: 80
targetPort: 8123
protocol: TCP
code-server:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -77,8 +82,11 @@ home-assistant:
- home-assistant.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-main
- group: ''
kind: Service
name: home-assistant-main
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -94,8 +102,11 @@ home-assistant:
- home-assistant-code-server.alexlebens.net
rules:
- backendRefs:
- name: home-assistant-code-server
- group: ''
kind: Service
name: home-assistant-code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
@@ -117,6 +128,8 @@ home-assistant:
volsync-target-config:
pvcTarget: home-assistant-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:

4
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Homepage
keywords:
- homepage
- dashboard
home: https://docs.alexlebens.dev/applications/homepage/
home: https://wiki.alexlebens.dev/s/a5fabd91-3d89-4e2b-9417-06111aedaeaa
sources:
- https://github.com/gethomepage/homepage
- https://github.com/gethomepage/homepage/pkgs/container/homepage
@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.12.2
appVersion: v1.11.0

51
clusters/cl01tl/helm/homepage/templates/external-secret.yaml
View File

@@ -14,69 +14,120 @@ spec:
data:
- secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/homepage
metadataPolicy: None
property: token
- secretKey: HOMEPAGE_VAR_KOMODO_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_KOMODO_API_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/homepage
metadataPolicy: None
property: secret
- secretKey: HOMEPAGE_VAR_JELLYSTAT_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellystat/homepage
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: user
- secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /synology/auth/cl01tl
metadataPolicy: None
property: password
- secretKey: HOMEPAGE_VAR_UNIFI_API_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key
- secretKey: HOMEPAGE_VAR_SONARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/sonarr4-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARR4K_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-4k/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-anime/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/radarr5-standup/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_LIDARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/lidarr2/key
metadataPolicy: None
property: key
- secretKey: HOMEPAGE_VAR_PROWLARR_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

180
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -5,7 +5,7 @@ homepage:
main:
type: deployment
replicas: 1
strategy: Recreate
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
serviceAccount:
@@ -16,7 +16,8 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.12.3@sha256:cc84f2f5eb3c7734353701ccbaa24ed02dacb0d119114e50e4251e2005f3990a
tag: v1.11.0
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
value: home.alexlebens.net
@@ -25,8 +26,8 @@ homepage:
name: homepage-keys-secret
resources:
requests:
cpu: 1m
memory: 128Mi
cpu: 10m
memory: 256Mi
serviceAccount:
homepage:
enabled: true
@@ -39,6 +40,20 @@ homepage:
html {
font-size: 18px;
}
ul#myTab {
background-color: rgba(240, 230, 215, 0.12) !important;
color: white !important;
}
li.service div.service-card,
li.bookmark a.rounded-md {
color: white !important;
background-color: rgba(240, 230, 215, 0.12) !important;
transition: all 150ms ease !important;
}
li.service div.service-card:hover,
li.bookmark a.rounded-md:hover {
background-color: rgba(240, 230, 215, 0.18) !important;
}
docker.yaml: ""
kubernetes.yaml: |
mode: cluster
@@ -56,7 +71,7 @@ homepage:
- Media:
tab: Applications
icon: mdi-multimedia-#ffffff
- External:
- Public:
tab: Applications
icon: mdi-earth-#ffffff
- Internal:
@@ -188,7 +203,7 @@ homepage:
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Pictures:
icon: sh-foldergram.webp
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
description: Foldergram
href: https://foldergram.alexlebens.net
siteMonitor: http://foldergram.foldergram:80
@@ -199,7 +214,7 @@ homepage:
href: https://grimmory.alexlebens.net
siteMonitor: http://grimmory.grimmory:80
statusStyle: dot
- External:
- Public:
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Profile Website
@@ -303,12 +318,6 @@ homepage:
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Documents:
icon: sh-paperless-ngx.webp
description: Paperless-ngx
href: https://paperless-ngx.alexlebens.net
siteMonitor: http://paperless-ngx.paperless-ngx:80
statusStyle: dot
- Wiki:
icon: sh-kiwix-light.webp
description: Kiwix
@@ -322,7 +331,7 @@ homepage:
siteMonitor: http://excalidraw.excalidraw:80
statusStyle: dot
- Code:
- Code (External):
- Code (Public):
icon: sh-gitea.webp
description: Gitea
href: https://gitea.alexlebens.dev
@@ -344,13 +353,13 @@ homepage:
href: https://gitea.alexlebens.net
siteMonitor: https://gitea.alexlebens.net
statusStyle: dot
- Code (Remote):
- Code (ps10rp):
icon: sh-gitea.webp
description: Gitea
href: https://gitea-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- IDE (External):
- IDE (Public):
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
@@ -468,31 +477,25 @@ homepage:
query: prometheus_tsdb_storage_blocks_bytes
format:
type: bytes
- Jellyfin Monitor:
- Jellystat:
icon: sh-jellystat.webp
description: Jellystat
description: Jellyfin Monitoring
href: https://jellystat.alexlebens.net
siteMonitor: http://jellystat.jellystat:80
statusStyle: dot
- Media Library Statistics:
- MediaLyze:
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
description: MediaLyze
description: Jellyfin Media Monitoring
href: https://medialyze.alexlebens.net
siteMonitor: http://medialyze.medialyze:80
statusStyle: dot
- Services:
- Auth (External):
- Auth (Public):
icon: sh-authentik.webp
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
namespace: authentik
app: authentik
podSelector: >-
app.kubernetes.io/instance in (
authentik
)
- Auth (Local):
icon: sh-authentik.webp
description: Authentik
@@ -505,36 +508,18 @@ homepage:
href: https://stalwart.alexlebens.net
siteMonitor: http://stalwart.stalwart:80
statusStyle: dot
namespace: stalwart
app: stalwart
podSelector: >-
app.kubernetes.io/instance in (
stalwart
)
- Notifications:
icon: sh-ntfy.webp
description: ntfy
href: https://ntfy.alexlebens.net
siteMonitor: http://ntfy.ntfy:80
statusStyle: dot
namespace: ntfy
app: ntfy
podSelector: >-
app.kubernetes.io/instance in (
ntfy
)
- Reverse Proxy:
icon: sh-traefik.webp
description: Traefik
href: https://traefik-cl01tl.alexlebens.net/dashboard/#/
siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/
statusStyle: dot
namespace: traefik
app: traefik
podSelector: >-
app.kubernetes.io/name in (
traefik
)
widget:
type: traefik
url: https://traefik-cl01tl.alexlebens.net
@@ -544,14 +529,8 @@ homepage:
href: https://harbor.alexlebens.net
siteMonitor: http://harbor-portal.harbor:80
statusStyle: dot
namespace: harbor
app: harbor
podSelector: >-
app.kubernetes.io/instance in (
harbor
)
- Hardware:
- Network Management (Local):
- Network Management (alexlebens.net):
icon: sh-ubiquiti-unifi.webp
description: Unifi
href: https://unifi.alexlebens.net
@@ -604,22 +583,13 @@ homepage:
href: https://ceph.alexlebens.net
siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
statusStyle: dot
namespace: rook-ceph
app: rook-ceph
podSelector: ""
- Object Storage (Local):
- Object Storage (NAS):
icon: sh-garage.webp
description: Garage
href: https://garage-webui.alexlebens.net
siteMonitor: http://garage-webui.garage:3909
statusStyle: dot
namespace: garage
app: garage
podSelector: >-
app.kubernetes.io/instance in (
garage
)
- Object Storage (Remote):
- Object Storage (ps10rp):
icon: sh-garage.webp
description: Garage
href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
@@ -637,24 +607,12 @@ homepage:
href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
namespace: vault
app: vault
podSelector: >-
app.kubernetes.io/instance in (
vault
)
- Backups:
icon: sh-backrest-light.webp
description: Backrest
href: https://backrest.alexlebens.net
siteMonitor: http://backrest.backrest:80
statusStyle: dot
namespace: backrest
app: backrest
podSelector: >-
app.kubernetes.io/instance in (
backrest
)
widget:
type: backrest
url: http://backrest.backrest:80
@@ -665,12 +623,6 @@ homepage:
href: https://qui.alexlebens.net
siteMonitor: http://qbittorrent-qui.qbittorrent:80
statusStyle: dot
namespace: qbittorrent
app: qbittorrent
podSelector: >-
app.kubernetes.io/instance in (
qbittorrent
)
widget:
type: qbittorrent
url: http://qbittorrent.qbittorrent:8080
@@ -699,12 +651,6 @@ homepage:
href: https://tdarr.alexlebens.net
siteMonitor: http://tdarr-web.tdarr:8265
statusStyle: dot
namespace: tdarr
app: tdarr
podSelector: >-
app.kubernetes.io/instance in (
tdarr
)
widget:
type: tdarr
url: http://tdarr-web.tdarr:8265
@@ -715,12 +661,6 @@ homepage:
href: https://sonarr.alexlebens.net
siteMonitor: http://sonarr.sonarr:80
statusStyle: dot
namespace: sonarr
app: sonarr
podSelector: >-
app.kubernetes.io/instance in (
sonarr
)
widget:
type: sonarr
url: http://sonarr.sonarr:80
@@ -733,12 +673,6 @@ homepage:
href: https://sonarr-4k.alexlebens.net
siteMonitor: http://sonarr-4k.sonarr-4k:80
statusStyle: dot
namespace: sonarr-4k
app: sonarr-4k
podSelector: >-
app.kubernetes.io/instance in (
sonarr-4k
)
widget:
type: sonarr
url: http://sonarr-4k.sonarr-4k:80
@@ -751,12 +685,6 @@ homepage:
href: https://sonarr-anime.alexlebens.net
siteMonitor: http://sonarr-anime.sonarr-anime:80
statusStyle: dot
namespace: sonarr-anime
app: sonarr-anime
podSelector: >-
app.kubernetes.io/instance in (
sonarr-anime
)
widget:
type: sonarr
url: http://sonarr-anime.sonarr-anime:80
@@ -770,12 +698,6 @@ homepage:
href: https://radarr.alexlebens.net
siteMonitor: http://radarr.radarr:80
statusStyle: dot
namespace: radarr
app: radarr
podSelector: >-
app.kubernetes.io/instance in (
radarr
)
widget:
type: radarr
url: http://radarr.radarr:80
@@ -788,12 +710,6 @@ homepage:
href: https://radarr-4k.alexlebens.net
siteMonitor: http://radarr-4k.radarr-4k:80
statusStyle: dot
namespace: radarr-4k
app: radarr-4k
podSelector: >-
app.kubernetes.io/instance in (
radarr-4k
)
widget:
type: radarr
url: http://radarr-4k.radarr-4k:80
@@ -806,12 +722,6 @@ homepage:
href: https://radarr-anime.alexlebens.net
siteMonitor: http://radarr-anime.radarr-anime:80
statusStyle: dot
namespace: radarr-anime
app: radarr-anime
podSelector: >-
app.kubernetes.io/instance in (
radarr-anime
)
widget:
type: radarr
url: http://radarr-anime.radarr-anime:80
@@ -824,12 +734,6 @@ homepage:
href: https://radarr-standup.alexlebens.net
siteMonitor: http://radarr-standup.radarr-standup:80
statusStyle: dot
namespace: radarr-standup
app: radarr-standup
podSelector: >-
app.kubernetes.io/instance in (
radarr-standup
)
widget:
type: radarr
url: http://radarr-standup.radarr-standup:80
@@ -843,12 +747,6 @@ homepage:
href: https://lidarr.alexlebens.net
siteMonitor: http://lidarr.lidarr:80
statusStyle: dot
namespace: lidarr
app: lidarr
podSelector: >-
app.kubernetes.io/instance in (
lidarr
)
widget:
type: lidarr
url: http://lidarr.lidarr:80
@@ -872,12 +770,6 @@ homepage:
href: https://slskd.alexlebens.net
siteMonitor: http://slskd.slskd:5030
statusStyle: dot
namespace: slskd
app: slskd
podSelector: >-
app.kubernetes.io/instance in (
slskd
)
- Books:
- Shelfmark:
icon: sh-shelfmark.webp
@@ -944,6 +836,7 @@ homepage:
http:
port: 80
targetPort: 3000
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -956,8 +849,11 @@ homepage:
- home.alexlebens.net
rules:
- backendRefs:
- name: homepage
- group: ''
kind: Service
name: homepage
port: 80
weight: 100
matches:
- path:
type: PathPrefix

2
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/av1155/houndarr/main/src/houndarr/static/img/houndarr-logo-dark.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.6.4
appVersion: v1.6.2

2
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -9,7 +9,7 @@ houndarr:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.6.5
tag: v1.6.2
pullPolicy: IfNotPresent
env:
- name: TZ

Some files were not shown because too many files have changed in this diff Show More