alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Compare commits

base: alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-haveagitgattdarr_node alexlebens:renovate/unified-haveagitgattdarr alexlebens:renovate/unified-harbor.alexlebens.netimagessite-documentation alexlebens:manifests alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp
...
compare: alexlebens:d2f78c8637eab1aa0fe29a146ce9b18f040ba29b
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-haveagitgattdarr_node alexlebens:renovate/unified-haveagitgattdarr alexlebens:renovate/unified-harbor.alexlebens.netimagessite-documentation alexlebens:manifests alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:main

5 Commits
renovate/u ... d2f78c8637

Author SHA1 Message Date
Alex Lebens
d2f78c8637 feat: add template to detect authentik versioning
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 36s
Details
2026-03-22 21:28:08 -05:00
Alex Lebens
7dbb6952df feat: refactor authentik 2026-03-22 21:27:52 -05:00
Alex Lebens
6a0e05f54f feat: add reference 2026-03-22 21:27:36 -05:00
Alex Lebens
1ab326ce2c feat: refactor audiobookshelf 2026-03-22 20:53:43 -05:00
Alex Lebens
0e5c5dba5b Merge branch 'main' into tmp/refactor 2026-03-22 20:20:36 -05:00
7 changed files with 41 additions and 67 deletions
Expand all files Collapse all files

5
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -7,11 +7,14 @@ keywords:
- books - books
- podcasts - podcasts
- audiobooks - audiobooks
home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7 home: https://docs.alexlebens.dev/applications/audiobookshelf/
sources: sources:
- https://github.com/advplyr/audiobookshelf - https://github.com/advplyr/audiobookshelf
- https://github.com/caronc/apprise
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data: data:
- secretKey: ntfy-url - secretKey: ntfy-url
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url property: ntfy-url

26
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,28 +4,25 @@ audiobookshelf:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1 tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 200Mi
apprise-api: apprise-api:
image: image:
repository: caronc/apprise repository: ghcr.io/caronc/apprise
tag: v1.3.2 tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903
pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: PGID - name: PGID
value: "1000" value: "1000"
- name: PUID - name: PUID
@@ -41,10 +38,6 @@ audiobookshelf:
secretKeyRef: secretKeyRef:
name: audiobookshelf-apprise-config name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -82,11 +75,8 @@ audiobookshelf:
- audiobookshelf.alexlebens.net - audiobookshelf.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: audiobookshelf
kind: Service
name: audiobookshelf
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -97,7 +87,6 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 2Gi size: 2Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -108,7 +97,6 @@ audiobookshelf:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:

5
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -6,10 +6,8 @@ keywords:
- authentik - authentik
- sso - sso
- oidc - oidc
- ldap
- idp
- authentication - authentication
home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d home: https://docs.alexlebens.dev/applications/authentik/
sources: sources:
- https://github.com/goauthentik/authentik - https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared - https://github.com/cloudflare/cloudflared
@@ -17,6 +15,7 @@ sources:
- https://github.com/goauthentik/helm - https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

3
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key key: /cl01tl/authentik/key
metadataPolicy: None
property: key property: key

63
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -30,8 +30,23 @@ authentik:
redis: redis:
host: authentik-valkey host: authentik-valkey
server: server:
name: server replicas: 2
replicas: 1 resources:
requests:
cpu: 100m
memory: 700Mi
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -39,8 +54,6 @@ authentik:
route: route:
main: main:
enabled: true enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames: hostnames:
- authentik.alexlebens.net - authentik.alexlebens.net
parentRefs: parentRefs:
@@ -48,21 +61,20 @@ authentik:
kind: Gateway kind: Gateway
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker: worker:
name: worker name: worker
replicas: 1 replicas: 2
resources:
requests:
cpu: 100m
memory: 512Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
prometheus: prometheus:
rules: rules:
enabled: true enabled: true
postgresql:
enabled: false
redis:
enabled: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -76,32 +88,9 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 5 14 * * *" schedule: "0 5 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

3
renovate.json
View File

@@ -22,7 +22,8 @@
], ],
"matchStrings": [ "matchStrings": [
"#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?" "#\\s*renovate:\\s*datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s+appVersion:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
] ],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}"
}, },
{ {
"description": "Update images in templates", "description": "Update images in templates",