alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:renovate/unified-gitroomhqpostiz-app
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-gitroomhqpostiz-app alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-external-secretsexternal-secrets alexlebens:manifests
..
compare: alexlebens:2632801eae89d0aad3980a58e72d2dee9d327fad
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-gitroomhqpostiz-app alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:renovate/unified-external-secretsexternal-secrets alexlebens:manifests alexlebens:main

1 Commits
renovate/u ... 2632801eae

Author SHA1 Message Date
Renovate Bot
2632801eae chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3.14.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 34s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 33s
Details
render-manifests / render-manifests (pull_request) Successful in 2m27s
Details
2026-03-17 21:00:12 +00:00
74 changed files with 353 additions and 427 deletions
Expand all files Collapse all files

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.4
version: 1.0.2
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:84e79ab455d1e8e5d12637b4f1fcc87efaa04f51558824ab9fa1f38963198c8b
generated: "2026-03-20T01:09:49.976096171Z"
digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-15T20:04:18.080966008Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,10 +18,10 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.4
version: 1.0.2
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
version: 2.4.20
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3
appVersion: v4.0.2

2
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -8,7 +8,7 @@ argo-workflows:
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
tag: v1.35.2
controller:
metricsConfig:
enabled: true

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.15
digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-03-20T01:09:07.547016465Z"
version: 9.4.11
digest: sha256:7726a0806d7ab4e0c2f5942aceee4ce363decf63d54a545a91b537559e5a9f0f
generated: "2026-03-17T13:05:43.394982076Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,7 +15,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.15
version: 9.4.11
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.1
appVersion: 2.33.0

2
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.1
tag: 2.33.0
pullPolicy: IfNotPresent
env:
- name: TZ

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -135,7 +135,6 @@ blocky:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl

2
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -34,7 +34,7 @@ garage:
debug:
image:
repository: ubuntu
tag: resolute-20260312
tag: resolute-20260108
pullPolicy: IfNotPresent
command:
- "sleep"

3
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -227,9 +227,6 @@ gatus:
- name: jellystat
url: https://jellystat.alexlebens.net
<<: *defaults
- name: medialyze
url: https://medialyze.alexlebens.net
<<: *defaults
- name: authentik
url: https://authentik.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
digest: sha256:36bf651c24198d299458046aaf449e9fb50942e1143389092a746357d402b731
generated: "2026-03-20T01:18:36.687250976Z"
version: 0.20.22
digest: sha256:14e5aa3f02ce6a1271dadc3f76997c739fc9434e669b05655c079d0b873c56ca
generated: "2026-03-15T20:35:40.676997293Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.24
version: 0.20.22
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: grafana-operator
repository: https://grafana.github.io/helm-charts
version: 5.22.2
version: 5.22.1
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:a3bf183bcecb4d4b5354fe91a549075997dccb41c193da9daec9ccbe4d659fe2
generated: "2026-03-18T10:04:15.165729555Z"
digest: sha256:9cbba52d093e40b20917af87263e1fb0e478912440f660543f3527e70452edc7
generated: "2026-03-15T20:05:59.855514102Z"

4
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: grafana-operator
version: 5.22.2
version: 5.22.1
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator
appVersion: v5.22.2
appVersion: v5.22.1

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: harbor
repository: https://helm.goharbor.io
version: 1.18.3
version: 1.18.2
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:e7a5cee56dddb4abc07ff18677cb6ddf55571b38da2eeb7e654e8ad8f7709bfa
generated: "2026-03-19T04:16:54.362332682Z"
digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
generated: "2026-03-15T20:06:13.615175051Z"

4
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.18.3
version: 1.18.2
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.15.0
appVersion: v2.14.3

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.2
tag: 2026.3.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ

15
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -477,12 +477,6 @@ homepage:
href: https://jellystat.alexlebens.net
siteMonitor: http://jellystat.jellystat:80
statusStyle: dot
- MediaLyze:
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
description: Jellyfin Media Monitoring
href: https://medialyze.alexlebens.net
siteMonitor: http://medialyze.medialyze:80
statusStyle: dot
- Services:
- Auth (Public):
icon: sh-authentik.webp
@@ -780,6 +774,9 @@ homepage:
- Digital Ocean:
- abbr: DO
href: https://www.digitalocean.com/
- AWS:
- abbr: AW
href: https://aws.amazon.com/console/
- Cloudflare:
- abbr: CF
href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
@@ -789,12 +786,12 @@ homepage:
- ProtonVPN:
- abbr: PV
href: https://account.protonvpn.com/
- AirVPN:
- abbr: AV
href: https://airvpn.org/
- Unifi:
- abbr: UF
href: https://unifi.ui.com/
- Pushover:
- abbr: PO
href: https://pushover.net
- ReCaptcha:
- abbr: RC
href: https://www.google.com/recaptcha/admin/site/698983587

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.6.1
appVersion: v2.5.6

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -9,7 +9,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.6.1
tag: v2.5.6
pullPolicy: IfNotPresent
env:
- name: TZ

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.12.0
version: 82.10.4
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:05c8453c68596a58884eb65cc0e2f86f5aaa764a63fe4b8c53d40b5f9b40670e
generated: "2026-03-19T09:02:27.865169773Z"
digest: sha256:d6bbbfdd1a781b5eb82c2dc8571836a43d23bf8526eac1bcd40f38030be642db
generated: "2026-03-15T20:38:11.961621853Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.12.0
version: 82.10.4
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager
@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

2
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.2
appVersion: 13.3.0

4
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -16,7 +16,7 @@ libation:
main:
image:
repository: rmcrackan/libation
tag: 13.3.2
tag: 13.3.0
pullPolicy: IfNotPresent
env:
- name: SLEEP_TIME
@@ -35,7 +35,7 @@ libation:
main:
image:
repository: ubuntu
tag: resolute-20260312
tag: resolute-20260108
pullPolicy: IfNotPresent
command:
- "sleep"

6
clusters/cl01tl/helm/medialyze/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:17ac9bc0cc2eac395c630c22ab095e3e34e5d75a34523c3f39629ca1c56ecbc8
generated: "2026-03-17T17:46:15.885193-05:00"

22
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: medialyze
version: 1.0.0
description: MediaLyze
keywords:
- medialyze
- jellyfin
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/frederikemmer/MediaLyze
- https://github.com/frederikemmer/MediaLyze/pkgs/container/medialyze
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: medialyze
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.2.2

17
clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: medialyze-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: medialyze-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: medialyze-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

23
clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: medialyze-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: medialyze-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

85
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -1,85 +0,0 @@
medialyze:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/frederikemmer/medialyze
tag: 0.2.2
pullPolicy: IfNotPresent
env:
- name: HOST_PORT
value: 8080
- name: SCAN_RUNTIME_WORKER_COUNT
value: 2
- name: TZ
value: America/Chicago
- name: MEDIA_HOST_DIR
value: /media
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- medialyze.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: medialyze
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: medialyze-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
media:
existingClaim: medialyze-nfs-storage
advancedMounts:
main:
main:
- path: /media
readOnly: true
volsync-target-data:
pvcTarget: medialyze-data
local:
enabled: true
schedule: 36 11 * * *
remote:
enabled: true
schedule: 36 12 * * *
external:
enabled: true
schedule: 36 14 * * *

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,27 +60,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

134
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.4.6
tag: 2.4.4
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR
@@ -50,72 +50,72 @@ music-grabber:
requests:
cpu: 10m
memory: 512Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
service:
main:
controller: main

2
clusters/cl01tl/helm/ntfy/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
# renovate: datasource=github-releases depName=binwiederhier/ntfy
appVersion: 2.19.2
appVersion: 2.19.1

2
clusters/cl01tl/helm/ntfy/values.yaml
View File

@@ -9,7 +9,7 @@ ntfy:
main:
image:
repository: binwiederhier/ntfy
tag: v2.19.2
tag: v2.19.1
pullPolicy: IfNotPresent
args: ["serve"]
env:

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.18.2
appVersion: 0.18.0

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -22,7 +22,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -58,7 +58,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
@@ -94,7 +94,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.18.2
tag: 0.18.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE

2
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -39,4 +39,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
# renovate: datasource=github-releases depName=outline/outline
appVersion: 1.6.1
appVersion: 1.6.0

2
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -12,7 +12,7 @@ outline:
main:
image:
repository: outlinewiki/outline
tag: 1.6.1
tag: 1.6.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -42,4 +42,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
# renovate: datasource=github-releases depName=gitroomhq/postiz-app
appVersion: v2.21.0
appVersion: v2.20.2

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -9,7 +9,7 @@ postiz:
main:
image:
repository: ghcr.io/gitroomhq/postiz-app
tag: v2.21.0
tag: v2.20.2
pullPolicy: IfNotPresent
env:
- name: MAIN_URL

6
clusters/cl01tl/helm/prometheus-operator-crds/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.0
digest: sha256:82e19c59373b1dd1a854a4e5699c7b864cfbb96e58a065f53ad76e64d7109cff
generated: "2026-03-19T22:02:57.659253727Z"
version: 27.0.1
digest: sha256:c66f0099390741388fce480670ce5f40f0e8459f3471a9f49da6f3f217c028a0
generated: "2026-03-17T20:57:34.001956235Z"

4
clusters/cl01tl/helm/prometheus-operator-crds/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: prometheus-operator-crds
version: 28.0.0
version: 27.0.1
repository: oci://ghcr.io/prometheus-community/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
appVersion: v0.90.0
appVersion: v0.89.0

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,30 +16,23 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password
---
apiVersion: external-secrets.io/v1

25
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -64,29 +64,28 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
@@ -217,7 +216,7 @@ qbittorrent:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.15.0
tag: v1.14.1
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED

2
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
# renovate: datasource=github-releases depName=roundcube/roundcubemail
appVersion: 1.6.14
appVersion: 1.6.13

4
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -9,7 +9,7 @@ roundcube:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
@@ -85,7 +85,7 @@ roundcube:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.14-fpm-alpine
tag: 1.6.13-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE

4
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -71,7 +71,7 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: false
enabled: true
custom: true
spec:
exec:
@@ -122,7 +122,7 @@ rybbit:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.2.5
tag: 26.2.4
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB

4
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -9,7 +9,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:aa1dca9aa92b185649d67ea2fdd1891a221de08054dff9dca141c1806c8c3e91
tag: latest@sha256:090d7ef2e61cb540baf0db0656bfd4dfbcbba82604adb8ebfb5e316d09289fef
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
@@ -39,7 +39,7 @@ searxng:
main:
image:
repository: searxng/searxng
tag: latest@sha256:aa1dca9aa92b185649d67ea2fdd1891a221de08054dff9dca141c1806c8c3e91
tag: latest@sha256:090d7ef2e61cb540baf0db0656bfd4dfbcbba82604adb8ebfb5e316d09289fef
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.15.0
tag: 3.14.0
pullPolicy: IfNotPresent
resources:
requests:

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,27 +62,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

21
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,7 +54,7 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -62,29 +62,26 @@ slskd:
secretKeyRef:
name: slskd-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: input-ports
key: proton-password
- name: VPN_PORT_FORWARDING
value: "on"
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS

2
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -13,7 +13,7 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
tag: 4.0.16@sha256:21c1c3d52248589bb064f5adafec18cad45812d7a01d317472955eef051e619b
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.3
appVersion: v1.94.2

6
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -69,7 +69,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -155,7 +155,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -241,7 +241,7 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh

4
clusters/cl01tl/helm/tdarr/values.yaml
View File

@@ -9,7 +9,7 @@ tdarr:
main:
image:
repository: ghcr.io/haveagitgat/tdarr
tag: 2.64.02
tag: 2.63.01
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -48,7 +48,7 @@ tdarr:
main:
image:
repository: ghcr.io/haveagitgat/tdarr_node
tag: 2.64.02
tag: 2.63.01
pullPolicy: IfNotPresent
env:
- name: TZ

2
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -22,4 +22,4 @@ dependencies:
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.11
appVersion: v3.6.10

6
clusters/cl01tl/helm/trivy/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: trivy-operator
repository: https://aquasecurity.github.io/helm-charts/
version: 0.32.1
digest: sha256:7e25850fc3115f52e6c65151c76668929eee6713228e935862d9f156397c2ede
generated: "2026-03-15T17:21:41.373519-05:00"

23
clusters/cl01tl/helm/trivy/Chart.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v2
name: trivy
version: 1.0.0
description: Trivy
keywords:
- trivy
- vulnerability
- monitoring
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/aquasecurity/trivy
- https://github.com/aquasecurity/trivy-operator
- https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
maintainers:
- name: alexlebens
dependencies:
- name: trivy-operator
version: 0.32.1
repository: https://aquasecurity.github.io/helm-charts/
icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
# renovate: github=aquasecurity/trivy
appVersion: 0.32.1

11
clusters/cl01tl/helm/trivy/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: trivy
labels:
app.kubernetes.io/name: trivy
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

87
clusters/cl01tl/helm/trivy/values.yaml Normal file
View File

@@ -0,0 +1,87 @@
trivy-operator:
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
operator:
replicas: 1
scanJobsConcurrentLimit: 3
vulnerabilityScannerEnabled: true
sbomGenerationEnabled: true
clusterSbomCacheEnabled: true
configAuditScannerEnabled: true
rbacAssessmentScannerEnabled: true
infraAssessmentScannerEnabled: true
clusterComplianceEnabled: false
vulnerabilityScannerScanOnlyCurrentRevisions: true
accessGlobalSecretsAndServiceAccount: true
metricsFindingsEnabled: true
exposedSecretScannerEnabled: true
serviceMonitor:
enabled: true
trivy:
createConfig: true
image:
registry: mirror.gcr.io
repository: aquasec/trivy
tag: 0.69.3
storageClassEnabled: true
storageClassName: ceph-block
storageSize: "10Gi"
registry:
mirror:
"registry-1.docker.io": proxy-registry-1.docker.io
"quay.io": proxy-quay.io
"registry.k8s.io": proxy-registry.k8s
"gcr.io": proxy-gcr.io
"ghcr.io": proxy-ghcr.io
"hub.docker": proxy-hub.docker
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
slow: true
resources:
requests:
cpu: 100m
memory: 128M
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
server:
resources:
requests:
cpu: 200m
memory: 512Mi
replicas: 1
nodeCollector:
volumeMounts:
- name: var-lib-etcd
mountPath: /var/lib/etcd
readOnly: true
- name: var-lib-kubelet
mountPath: /var/lib/kubelet
readOnly: true
- name: var-lib-kube-scheduler
mountPath: /var/lib/kube-scheduler
readOnly: true
- name: var-lib-kube-controller-manager
mountPath: /var/lib/kube-controller-manager
readOnly: true
- name: etc-kubernetes
mountPath: /etc/kubernetes
readOnly: true
- name: etc-cni-netd
mountPath: /etc/cni/net.d/
readOnly: true
volumes:
- name: var-lib-etcd
hostPath:
path: /var/lib/etcd
- name: var-lib-kubelet
hostPath:
path: /var/lib/kubelet
- name: var-lib-kube-scheduler
hostPath:
path: /var/lib/kube-scheduler
- name: var-lib-kube-controller-manager
hostPath:
path: /var/lib/kube-controller-manager
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes
- name: etc-cni-netd
hostPath:
path: /etc/cni/net.d/

21
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -83,27 +83,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

10
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -53,7 +53,7 @@ tubearchivist:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -61,16 +61,16 @@ tubearchivist:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: addresses
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS

6
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -187,7 +187,7 @@ snapshot:
s3-backup-local:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -208,7 +208,7 @@ snapshot:
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh
@@ -229,7 +229,7 @@ snapshot:
s3-backup-external:
image:
repository: d3fk/s3cmd
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
tag: latest@sha256:a41234c2b43d6cfa0d51c9523a2d7925f7f21297a41d69932946c3e364d32b5e
pullPolicy: IfNotPresent
command:
- /bin/sh

2
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/whodb.png
# renovate: datasource=github-releases depName=clidey/whodb
appVersion: 0.100.0
appVersion: 0.99.0

2
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -8,7 +8,7 @@ whodb:
main:
image:
repository: clidey/whodb
tag: 0.100.0
tag: 0.99.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST

21
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -16,27 +16,20 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
- secretKey: proton-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
property: email
- secretKey: proton-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
key: /protonvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
property: password

18
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -40,7 +40,11 @@ yubal:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# value: protonvpn
# - name: PUID
# value: "1000"
# - name: PGID
# value: "1000"
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
@@ -48,26 +52,22 @@ yubal:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# - name: UPDATER_PROTONVPN_EMAIL
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# key: proton-email
# - name: UPDATER_PROTONVPN_PASSWORD
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: addresses
# key: proton-password
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:

1
hosts/ps08rp/blocky/config.yml
View File

@@ -110,7 +110,6 @@ customDNS:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"

1
hosts/ps09rp/blocky/config.yml
View File

@@ -131,7 +131,6 @@ customDNS:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
traefik:
image: ghcr.io/traefik/traefik:v3.6.11
image: ghcr.io/traefik/traefik:v3.6.10
container_name: traefik
command:
- "--global.checkNewVersion=false"