alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:renovate/unified-linuxservercode-server
Branches Tags
alexlebens:main alexlebens:renovate/loki-6.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-harbor.alexlebens.netimagessite-profile alexlebens:renovate/unified-linuxservercode-server alexlebens:manifests
..
compare: alexlebens:c301ba8862580090c923dd149286478ce0cdc514
Branches Tags
alexlebens:renovate/loki-6.x alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-harbor.alexlebens.netimagessite-profile alexlebens:renovate/unified-linuxservercode-server alexlebens:manifests alexlebens:main

1 Commits
renovate/u ... c301ba8862

Author SHA1 Message Date
Renovate Bot
c301ba8862 chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v3
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 33s
Details
2026-03-11 06:02:52 +00:00
129 changed files with 561 additions and 1296 deletions
Expand all files Collapse all files

5
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -81,8 +81,7 @@ volsync-target-data:
enabled: true
schedule: 0 8 * * *
remote:
enabled: true
schedule: 0 9 * * *
enabled: false
external:
enabled: true
schedule: 0 10 * * *
schedule: 0 9 * * *

6
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
digest: sha256:c3f9876ca432887c05eaa87d4e6006dcb8b3a5e654dc976103426a313fde12bc
generated: "2026-03-11T22:55:29.202299472Z"
version: 7.8.0
digest: sha256:772ba83a6e0fa6a7e3633ff1fff0f8221b45a1f36ec890489cfa383330d99f81
generated: "2026-02-27T18:14:32.22595048Z"

2
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows

2
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -105,7 +105,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

10
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -127,19 +127,17 @@ volsync-target-config:
enabled: true
schedule: 2 8 * * *
remote:
enabled: true
schedule: 2 9 * * *
enabled: false
external:
enabled: true
schedule: 2 10 * * *
schedule: 2 9 * * *
volsync-target-metadata:
pvcTarget: audiobookshelf-metadata
local:
enabled: true
schedule: 4 8 * * *
remote:
enabled: true
schedule: 4 9 * * *
enabled: false
external:
enabled: true
schedule: 4 10 * * *
schedule: 4 9 * * *

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:abb34b7bb54393236e695453aa1940497cb4def3d3a56a45ca004a22f8e05648
generated: "2026-03-11T22:55:49.936164674Z"
digest: sha256:fad7059feb4ac80e06cd571a56215d56e4894eba69fb54aaa1e53ced9ec1b2b1
generated: "2026-03-09T23:06:05.608952158Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -28,7 +28,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

6
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -68,7 +68,7 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -91,9 +91,9 @@ postgres-18-cluster:
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
suspend: true
immediate: true
schedule: "0 5 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

2
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -27,4 +27,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
# renovate: datasource=github-releases depName=garethgeorge/backrest
appVersion: v1.12.1
appVersion: v1.12.0

12
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -8,7 +8,7 @@ backrest:
main:
image:
repository: garethgeorge/backrest
tag: v1.12.1
tag: v1.12.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -111,19 +111,17 @@ volsync-target-data:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
enabled: false
external:
enabled: true
schedule: 6 10 * * *
schedule: 6 9 * * *
volsync-target-config:
pvcTarget: backrest-config
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
enabled: false
external:
enabled: true
schedule: 8 10 * * *
schedule: 8 9 * * *

5
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -87,8 +87,7 @@ volsync-target-config:
enabled: true
schedule: 10 8 * * *
remote:
enabled: true
schedule: 10 9 * * *
enabled: false
external:
enabled: true
schedule: 10 10 * * *
schedule: 10 9 * * *

2
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -30,4 +30,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.0
appVersion: v2.1.0

11
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main:
image:
repository: ghcr.io/booklore-app/booklore
tag: v2.2.0
tag: v2.1.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -225,11 +225,10 @@ volsync-target-config:
enabled: true
schedule: 12 8 * * *
remote:
enabled: true
schedule: 12 9 * * *
enabled: false
external:
enabled: true
schedule: 12 10 * * *
schedule: 12 9 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
@@ -239,11 +238,11 @@ volsync-target-data:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi

7
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:04107645b21f33215d1087773e2c889dfed823434f5dc4c7e9ae20df218a8ef3
tag: 4.110.0@sha256:8473aa16fba93fccc3ca772173d095bccd2e44d4d3104467fee923df10d57cd2
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -79,8 +79,7 @@ volsync-target-config:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
enabled: false
external:
enabled: true
schedule: 16 10 * * *
schedule: 16 9 * * *

6
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:9524709cf393c01f28b0d073ef6870a2f1afd46f3bc5f564e73c55450aba8dd0
generated: "2026-03-11T22:56:11.749729235Z"
digest: sha256:f21fb0c49396d888de95d0b4c59ed535437422c1b24e622bf074ed0fbb22e03a
generated: "2026-03-09T23:06:27.025881262Z"

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -18,7 +18,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

2
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -330,7 +330,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:0b50b4938669a7210930d6ee86a9602611b54cd13774f3386dbad04b4771e7f4
generated: "2026-03-11T22:56:26.818980186Z"
digest: sha256:2c38827f09e57aeff21409bf223edf3f889069db6d05c39f0404ed0c974cabb3
generated: "2026-03-09T23:06:37.271648311Z"

4
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.16.1
appVersion: 11.16.0

37
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -94,43 +94,6 @@ spec:
metadataPolicy: None
property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-bucket-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

11
clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

26
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.16.1
tag: 11.16.0
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
@@ -90,22 +90,22 @@ directus:
- name: STORAGE_S3_KEY
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_KEY_ID
name: ceph-bucket-directus
key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_SECRET_KEY
- name: STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_REGION
name: ceph-bucket-directus
key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET
value: directus-assets
valueFrom:
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT
value: http://garage-main.garage:3900
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: STORAGE_S3_FORCE_PATH_STYLE
value: true
- name: AUTH_PROVIDERS
@@ -219,7 +219,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.32
version: 1.4.31
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-11T16:04:17.556777286Z"
digest: sha256:5066932d870c4803fca9bc4d7b686793e801d96b14026c299e467d8c107fb7eb
generated: "2026-03-09T22:04:10.470135964Z"

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.32
version: 1.4.31
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:a3703e245881145524304af8a03c89d309c602479be3f7f8953c2fba120bf341
generated: "2026-03-11T22:56:41.856429843Z"
digest: sha256:99f1993c99c23ba5b3af6997d859cbb18f26343e424c1312f8b6169f285a3418
generated: "2026-03-09T22:04:20.416597531Z"

2
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -197,7 +197,7 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 20 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -250,8 +250,7 @@ volsync-target-data:
enabled: true
schedule: 18 8 * * *
remote:
enabled: true
schedule: 18 9 * * *
enabled: false
external:
enabled: true
schedule: 18 10 * * *
schedule: 18 9 * * *

32
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-main
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ports:
- name: admin
port: 3903
protocol: TCP
targetPort: 3903
- name: rpc
port: 3901
protocol: TCP
targetPort: 3901
- name: s3
port: 3900
protocol: TCP
targetPort: 3900
- name: web
port: 3902
protocol: TCP
targetPort: 3902
selector:
app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage
garage-type: server

24
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -118,9 +118,9 @@ garage:
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: http://garage-main.garage:3903
value: http://garage-1.garage:3903
- name: S3_ENDPOINT_URL
value: http://garage-main.garage:3900
value: http://garage-1.garage:3900
- name: API_ADMIN_KEY
valueFrom:
secretKeyRef:
@@ -225,6 +225,26 @@ garage:
api_bind_addr = "[::]:3903"
metrics_require_token = true
service:
garage-main:
forceRename: garage-main
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol : HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-1:
forceRename: garage-1
controller: server-1

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:2fe7c088e99a11e0c6dd09fe48bb1e292eb58e22d9f8ff681bb6c6790945d54e
generated: "2026-03-11T22:56:56.957400817Z"
digest: sha256:c0c46db33b89b7a53dd512d19d07623a1eaafcc93668f0afacbb8d8c56d71e47
generated: "2026-03-06T01:07:17.642671539Z"

2
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -430,7 +430,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -446,10 +446,9 @@ volsync-target-data:
pvcTarget: gatus
local:
enabled: true
schedule: 20 8 * * *
schedule: 22 8 * * *
remote:
enabled: true
schedule: 20 9 * * *
enabled: false
external:
enabled: true
schedule: 20 10 * * *
schedule: 22 9 * * *

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -13,7 +13,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:8f243465537fe443e97a8813e23e95d3608a6a2898b93209d03cf43f4ca8cc5d
generated: "2026-03-11T22:57:17.026946319Z"
digest: sha256:177a591c68e99a6f63f8acaf904cfc444774814db4ccd3ac410be511d67bbf9c
generated: "2026-03-09T23:06:50.110952088Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -40,7 +40,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea

4
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 7 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -259,7 +259,7 @@ volsync-target-storage:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 0 0 7 * * *
schedule: 0 0 0 * * *
restic:
pruneIntervalDays: 3
retain:

6
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:45cdb638fe815c3fc9703626b902d0f69ed8ffd0625e0f95bd7b33682126433b
generated: "2026-03-11T22:57:43.133815464Z"
digest: sha256:6f4dc1456854cad04f387cef6e0a9c846e76eb811bf97f2b7b13877cb3f577bd
generated: "2026-03-09T23:07:06.293890171Z"

2
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting

2
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -42,7 +42,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.2
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:898f51eabee5959b9e7ebe90640cb915cb2dee446e6a6649a29499fecab8b6c7
generated: "2026-03-11T22:58:00.955579445Z"
digest: sha256:ee8ed34cd53d8fa36497df28cba9cf16ef656250b0bc3ff6690fb958b22caf6f
generated: "2026-03-09T23:07:20.650108569Z"

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey

4
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -101,7 +101,7 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -126,7 +126,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

9
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:04107645b21f33215d1087773e2c889dfed823434f5dc4c7e9ae20df218a8ef3
tag: 4.110.0@sha256:8473aa16fba93fccc3ca772173d095bccd2e44d4d3104467fee923df10d57cd2
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -134,10 +134,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 22 8 * * *
schedule: 24 8 * * *
remote:
enabled: true
schedule: 22 9 * * *
enabled: false
external:
enabled: true
schedule: 22 10 * * *
schedule: 24 9 * * *

6
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:b886b0a1555ea75fbff52a58ccbf1659acbda20e933107bcbab9b00192aa25bd
generated: "2026-03-11T22:58:20.294240859Z"
digest: sha256:360f79209535cd9132b7db774aabd6492c2c287e62f00795e5f4ae4cc6a038c0
generated: "2026-03-09T23:07:40.320287247Z"

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

8
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -209,7 +209,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -225,16 +225,16 @@ volsync-target-data:
pvcTarget: immich
local:
enabled: true
schedule: 24 8 * * *
schedule: 28 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 24 9 * * *
schedule: 28 10 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 24 10 * * *
schedule: 28 9 * * *
restic:
cacheCapacity: 10Gi

6
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -143,16 +143,14 @@ volsync-target-config:
pvcTarget: jellyfin-config
local:
enabled: true
schedule: 26 8 * * *
schedule: 30 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 26 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 26 10 * * *
schedule: 30 9 * * *
restic:
cacheCapacity: 10Gi

6
clusters/cl01tl/helm/jellystat/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:29b92b08c230d5f3abc13949b299acccd1e9f8ff7df1f691a5dec41df5405595
generated: "2026-03-11T22:58:35.766813121Z"
digest: sha256:0f8868c6e89c0f283650db5446e8f36f162cb2179f62eb58e67b5b08c03ac84d
generated: "2026-03-06T01:09:37.09922161Z"

2
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -129,7 +129,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -145,10 +145,9 @@ volsync-target-data:
pvcTarget: jellystat-data
local:
enabled: true
schedule: 28 8 * * *
schedule: 32 8 * * *
remote:
enabled: true
schedule: 28 9 * * *
enabled: false
external:
enabled: true
schedule: 28 10 * * *
schedule: 32 9 * * *

37
clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
View File

@@ -57,43 +57,6 @@ spec:
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-bucket-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret

11
clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-karakeep
labels:
app.kubernetes.io/name: ceph-bucket-karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-karakeep
storageClassName: ceph-bucket

27
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -29,24 +29,24 @@ karakeep:
name: karakeep-key-secret
key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT
value: http://garage-main.garage:3900
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION
valueFrom:
secretKeyRef:
name: karakeep-bucket-garage
key: ACCESS_REGION
value: us-east-1
- name: ASSET_STORE_S3_BUCKET
value: karakeep-assets
valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: karakeep-bucket-garage
key: ACCESS_KEY_ID
name: ceph-bucket-karakeep
key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: karakeep-bucket-garage
key: ACCESS_SECRET_KEY
name: ceph-bucket-karakeep
key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true
- name: MEILI_ADDR
@@ -172,10 +172,9 @@ volsync-target-data:
pvcTarget: karakeep
local:
enabled: true
schedule: 30 8 * * *
schedule: 34 8 * * *
remote:
enabled: true
schedule: 30 9 * * *
enabled: false
external:
enabled: true
schedule: 30 10 * * *
schedule: 34 9 * * *

6
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
digest: sha256:833a88f82c14f78d63abea99244f2473bee2f5124a533a898a34844956f62b27
generated: "2026-03-11T22:58:51.287064579Z"
version: 7.8.0
digest: sha256:dd1ccfe8d0bfc7248141d2f72806c6437572f21d818941e9071f58d1a0a47259
generated: "2026-02-27T18:17:12.586352018Z"

2
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgresql-17-fdb-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo

4
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -205,7 +205,7 @@ postgresql-17-fdb-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -230,7 +230,7 @@ postgresql-17-fdb-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 50 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

7
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -75,10 +75,9 @@ volsync-target-config:
pvcTarget: libation
local:
enabled: true
schedule: 32 8 * * *
schedule: 36 8 * * *
remote:
enabled: true
schedule: 32 9 * * *
enabled: false
external:
enabled: true
schedule: 32 10 * * *
schedule: 36 9 * * *

6
clusters/cl01tl/helm/lidarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:d43b95fa1fc70c93541b9d73180406b31059c6cc45aa57a0cc8d9386c64833c3
generated: "2026-03-11T22:59:07.151659257Z"
digest: sha256:4511a3475316ebf0bd5da452e69602b7d52746253c659a433e61851f51093285
generated: "2026-03-06T01:10:55.882802086Z"

2
clusters/cl01tl/helm/lidarr/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

9
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -167,7 +167,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 55 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -188,10 +188,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 34 8 * * *
schedule: 38 8 * * *
remote:
enabled: true
schedule: 34 9 * * *
enabled: false
external:
enabled: true
schedule: 34 10 * * *
schedule: 38 9 * * *

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -19,7 +19,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:3b61539bbe5efd66392178ded30fc80f23ca1bb54c1e552ab183037e478ad2a0
generated: "2026-03-11T22:59:22.883997608Z"
digest: sha256:fc6e3a04b828daf3a0861aec6a7a6d1c9a45fabaf29abd3fb3be2e8db4d0875b
generated: "2026-03-09T23:08:07.610958823Z"

2
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -53,7 +53,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-matrix-synapse

30
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -434,7 +434,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -470,24 +470,22 @@ volsync-target-synapse:
pvcTarget: matrix-synapse
local:
enabled: true
schedule: 36 8 * * *
schedule: 44 8 * * *
remote:
enabled: true
schedule: 36 9 * * *
enabled: false
external:
enabled: true
schedule: 36 10 * * *
schedule: 44 9 * * *
volsync-target-hookshot:
pvcTarget: matrix-hookshot
local:
enabled: true
schedule: 38 8 * * *
schedule: 46 8 * * *
remote:
enabled: true
schedule: 38 9 * * *
enabled: false
external:
enabled: true
schedule: 38 10 * * *
schedule: 46 9 * * *
volsync-target-discord:
pvcTarget: mautrix-discord
moverSecurityContext:
@@ -495,13 +493,12 @@ volsync-target-discord:
runAsGroup: 1337
local:
enabled: true
schedule: 40 8 * * *
schedule: 48 8 * * *
remote:
enabled: true
schedule: 40 9 * * *
enabled: false
external:
enabled: true
schedule: 40 10 * * *
schedule: 48 9 * * *
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
@@ -509,10 +506,9 @@ volsync-target-whatsapp:
runAsGroup: 1337
local:
enabled: true
schedule: 42 8 * * *
schedule: 50 8 * * *
remote:
enabled: true
schedule: 42 9 * * *
enabled: false
external:
enabled: true
schedule: 42 10 * * *
schedule: 50 9 * * *

7
clusters/cl01tl/helm/movie-roulette/values.yaml
View File

@@ -119,10 +119,9 @@ volsync-target-data:
pvcTarget: movie-roulette-data
local:
enabled: true
schedule: 44 8 * * *
schedule: 44 11 * * *
remote:
enabled: true
schedule: 44 9 * * *
enabled: false
external:
enabled: true
schedule: 44 10 * * *
schedule: 44 12 * * *

7
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -178,10 +178,9 @@ volsync-target-data:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 46 8 * * *
schedule: 52 8 * * *
remote:
enabled: true
schedule: 46 9 * * *
enabled: false
external:
enabled: true
schedule: 46 10 * * *
schedule: 52 9 * * *

6
clusters/cl01tl/helm/ollama/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:a3201fc53ddfbaeb5a81d08e9d20135fb59174879e20f0b4986b1b8540011e03
generated: "2026-03-11T22:59:44.389634096Z"
digest: sha256:a6aa65545de5125a27cf0324f6e8cbd6d69471ca32f32083cc0f1d3fd49efa15
generated: "2026-03-06T01:12:09.026288121Z"

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -289,7 +289,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -308,10 +308,9 @@ volsync-target-data:
runAsGroup: 1337
local:
enabled: true
schedule: 48 8 * * *
schedule: 54 8 * * *
remote:
enabled: true
schedule: 48 9 * * *
enabled: false
external:
enabled: true
schedule: 48 10 * * *
schedule: 54 9 * * *

9
clusters/cl01tl/helm/outline/Chart.lock
View File

@@ -7,12 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:1f2e4e46e3ae2985ff3e7708c7d75a36f506f0402e02921d95f797ea0403db93
generated: "2026-03-11T23:00:00.871137498Z"
digest: sha256:315941cca92632a42d42fe2d98f01d3e8a18dbde1c729e466f76a446a7d93440
generated: "2026-03-09T23:08:20.752831748Z"

6
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -27,16 +27,12 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
# renovate: datasource=github-releases depName=outline/outline
appVersion: 1.5.0

30
clusters/cl01tl/helm/outline/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-outline
labels:
app.kubernetes.io/name: ceph-bucket-outline
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-outline
storageClassName: ceph-bucket
# additionalConfig:
# bucketPolicy: |
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Sid": "VisualEditor",
# "Effect": "Allow",
# "Action": [
# "s3:GetObjectAcl",
# "s3:DeleteObject",
# "s3:PutObject",
# "s3:GetObject",
# "s3:PutObjectAcl"
# ],
# "Resource": "arn:aws:s3:::bucket-outline-630c57e0-d475-4d78-926c-c1c082291d73/*"
# }
# ]
# }

55
clusters/cl01tl/helm/outline/values.yaml
View File

@@ -5,9 +5,6 @@ outline:
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1001
containers:
main:
image:
@@ -69,7 +66,30 @@ outline:
- name: REDIS_URL
value: redis://outline-valkey.outline:6379
- name: FILE_STORAGE
value: local
value: s3
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: ceph-bucket-outline
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: ceph-bucket-outline
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
value: us-east-1
- name: AWS_S3_UPLOAD_BUCKET_NAME
valueFrom:
configMapKeyRef:
name: ceph-bucket-outline
key: BUCKET_NAME
- name: AWS_S3_UPLOAD_BUCKET_URL
value: https://objects.alexlebens.dev
- name: AWS_S3_FORCE_PATH_STYLE
value: true
- name: AWS_S3_ACL
value: private
- name: FILE_STORAGE_UPLOAD_MAX_SIZE
value: "26214400"
- name: FORCE_HTTPS
@@ -122,18 +142,6 @@ outline:
port: 3000
targetPort: 3000
protocol: HTTP
persistence:
data:
forceRename: outline-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /var/lib/outline/data
readOnly: false
postgres-18-cluster:
mode: recovery
recovery:
@@ -164,7 +172,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -176,16 +184,3 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: outline-data
moverSecurityContext:
fsGroup: 1001
local:
enabled: true
schedule: 50 8 * * *
remote:
enabled: true
schedule: 50 9 * * *
external:
enabled: true
schedule: 50 10 * * *

6
clusters/cl01tl/helm/photoview/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
digest: sha256:e9b0673f31b8309beb326635e784964c41bafc10f3bde7eb17ea316d83076854
generated: "2026-03-11T23:00:19.541959816Z"
version: 7.8.0
digest: sha256:6f244ab97d43b183eeb3beac0bfa9f769c7f1035012d158d3123d64877adfc6f
generated: "2026-02-27T18:18:28.642875392Z"

2
clusters/cl01tl/helm/photoview/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
# renovate: datasource=github-releases depName=photoview/photoview

2
clusters/cl01tl/helm/photoview/values.yaml
View File

@@ -123,7 +123,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
@@ -17,5 +17,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:cf9b71f29450c69550b0f59d792193788f9dd7ffa2c623db27eb423c0f6e3109
generated: "2026-03-11T23:00:37.739141183Z"
digest: sha256:219e5c5fc45cba34092606802cf1024d99325d8af71d07bbb8758899c0ad5a8f
generated: "2026-03-09T23:08:31.811042987Z"

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

16
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -155,7 +155,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 20 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -181,21 +181,19 @@ volsync-target-config:
pvcTarget: postiz-config
local:
enabled: true
schedule: 52 8 * * *
schedule: 56 8 * * *
remote:
enabled: true
schedule: 52 9 * * *
enabled: false
external:
enabled: true
schedule: 52 10 * * *
schedule: 56 9 * * *
volsync-target-upload:
pvcTarget: postiz-uploads
local:
enabled: true
schedule: 54 8 * * *
schedule: 58 8 * * *
remote:
enabled: true
schedule: 54 9 * * *
enabled: false
external:
enabled: true
schedule: 54 10 * * *
schedule: 58 9 * * *

9
clusters/cl01tl/helm/prowlarr/values.yaml
View File

@@ -20,7 +20,7 @@ prowlarr:
main:
image:
repository: ghcr.io/linuxserver/prowlarr
tag: 2.3.0@sha256:9ef5d8bf832edcacb6082f9262cb36087854e78eb7b1c3e1d4375056055b2d82
tag: 2.3.0@sha256:a8fe7b9c502f979146b6d0f22438b825c38e068241bb8a708c473062dffdbb03
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -84,10 +84,9 @@ volsync-target-config:
- 65539
local:
enabled: true
schedule: 56 8 * * *
schedule: 0 11 * * *
remote:
enabled: true
schedule: 56 9 * * *
enabled: false
external:
enabled: true
schedule: 56 10 * * *
schedule: 0 12 * * *

20
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -452,21 +452,19 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 58 8 * * *
schedule: 2 11 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem-snapshot
remote:
enabled: true
schedule: 58 9 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem-snapshot
external:
enabled: true
schedule: 58 10 * * *
schedule: 2 12 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
@@ -475,21 +473,19 @@ volsync-target-qbit-manage-config:
pvcTarget: qbittorrent-qbit-manage-config-data
local:
enabled: true
schedule: 0 11 * * *
schedule: 4 11 * * *
remote:
enabled: true
schedule: 0 12 * * *
enabled: false
external:
enabled: true
schedule: 0 13 * * *
schedule: 4 12 * * *
volsync-target-qui-config:
pvcTarget: qbittorrent-qui-config-data
local:
enabled: true
schedule: 2 11 * * *
schedule: 6 11 * * *
remote:
enabled: true
schedule: 2 12 * * *
enabled: false
external:
enabled: true
schedule: 2 13 * * *
schedule: 6 12 * * *

6
clusters/cl01tl/helm/radarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:7e873c90668a70b423efb04d4f2683d25022e8982248ba32a8e5820e323f9b7d
generated: "2026-03-11T23:00:55.780623797Z"
digest: sha256:7c2af31e2b514924903696d7abc42b7a1b7af579f4767940d2d11386a33d6e9a
generated: "2026-03-06T01:13:39.866546092Z"

2
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

9
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -167,7 +167,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -188,10 +188,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 6 11 * * *
schedule: 10 11 * * *
remote:
enabled: true
schedule: 6 12 * * *
enabled: false
external:
enabled: true
schedule: 6 13 * * *
schedule: 10 12 * * *

6
clusters/cl01tl/helm/radarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:0a7ae6aa3062beedc4b4bcba61edb9f70d441dab0146e5b9559583fa12a319a8
generated: "2026-03-11T23:01:12.399079707Z"
digest: sha256:5c309596e527f674f20f0e97b3228cefd31e345e322febe9a7671d71ac584f14
generated: "2026-03-06T01:14:03.937638747Z"

2
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

9
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -165,7 +165,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -186,10 +186,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 8 11 * * *
schedule: 12 11 * * *
remote:
enabled: true
schedule: 8 12 * * *
enabled: false
external:
enabled: true
schedule: 8 13 * * *
schedule: 12 12 * * *

6
clusters/cl01tl/helm/radarr-standup/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:600685215060deb3d8bb6530fa0df437c0ed3d9d6bad2792cedcce959207c7e6
generated: "2026-03-11T23:01:28.449666027Z"
digest: sha256:a2638c3a568bcf40b3bb98cd3f1a0d0dd853cffebe065b8db3fb7ea4f17e242a
generated: "2026-03-06T01:14:35.841557366Z"

2
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

9
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -165,7 +165,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -186,10 +186,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 10 11 * * *
schedule: 14 11 * * *
remote:
enabled: true
schedule: 10 12 * * *
enabled: false
external:
enabled: true
schedule: 10 13 * * *
schedule: 14 12 * * *

6
clusters/cl01tl/helm/radarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:fdad6659ae4ef46c46d62b4213d7fcf85dbb478809e094bbe7de4a86a98589f2
generated: "2026-03-11T23:01:46.420629722Z"
digest: sha256:2bd8e6ca55da6da8b81d28221100dd06d228a905783f78622218d6c0b205bdfd
generated: "2026-03-06T01:15:02.096741976Z"

2
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

9
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -167,7 +167,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -188,10 +188,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 4 11 * * *
schedule: 8 11 * * *
remote:
enabled: true
schedule: 4 12 * * *
enabled: false
external:
enabled: true
schedule: 4 13 * * *
schedule: 8 12 * * *

6
clusters/cl01tl/helm/rclone/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:8ed5a7025cbfee661770c4f525b6e1376f412114a7ab88cea1ab1de538eea500
generated: "2026-03-11T18:19:57.681245-05:00"

23
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: v2
name: rclone
version: 1.0.0
description: Rclone
keywords:
- rclone
- job
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/rclone/rclone
- https://hub.docker.com/r/rclone/rclone
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: rclone
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp
# renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.2

253
clusters/cl01tl/helm/rclone/templates/external-secret.yaml
View File

@@ -1,253 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-directus-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-directus-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-karakeep-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-karakeep-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-talos-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-talos-backups-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-web-assets-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-web-assets-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/web-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: garage-postgres-backups-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-postgres-backups-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/postgres-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: SRC_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/local
metadataPolicy: None
property: ENDPOINT
- secretKey: DEST_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/config/remote
metadataPolicy: None
property: ENDPOINT

505
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -1,505 +0,0 @@
rclone:
controllers:
directus-assets:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- sync
- src:directus-assets
- dest:directus-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-directus-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
karakeep-assets:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- sync
- src:karakeep-assets
- dest:karakeep-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-karakeep-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
talos-backups:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "20 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- sync
- src:talos-backups
- dest:talos-backups
- --s3-no-check-bucket
- --max-age
- 90d
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
prune:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- delete
- dest:talos-backups
- --min-age
- 90d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-talos-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
web-assets:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "30 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- sync
- src:web-assets
- dest:web-assets
- --s3-no-check-bucket
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-web-assets-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
value: true
postgres-backups:
type: cronjob
cronjob:
suspend: false
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "40 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- sync
- src:postgres-backups
- dest:postgres-backups
- --s3-no-check-bucket
- --max-age
- 30d
- --include
- "/cl01tl/*/*/*/base/**"
- --exclude
- "**/walls/**"
- --verbose
env:
- name: RCLONE_S3_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_TYPE
value: s3
- name: RCLONE_CONFIG_SRC_PROVIDER
value: Other
- name: RCLONE_CONFIG_SRC_ENV_AUTH
value: false
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_SRC_REGION
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_SRC_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: SRC_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
value: true
prune:
image:
repository: rclone/rclone
tag: 1.73.2
pullPolicy: IfNotPresent
args:
- delete
- dest:postgres-backups
- --min-age
- 30d
- --verbose
env:
- name: RCLONE_CONFIG_DEST_TYPE
value: s3
- name: RCLONE_CONFIG_DEST_PROVIDER
value: Other
- name: RCLONE_CONFIG_DEST_ENV_AUTH
value: false
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_KEY_ID
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_SECRET_KEY
- name: RCLONE_CONFIG_DEST_REGION
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: ACCESS_REGION
- name: RCLONE_CONFIG_DEST_ENDPOINT
valueFrom:
secretKeyRef:
name: garage-postgres-backups-secret
key: DEST_ENDPOINT
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
value: true

4
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -21,6 +21,10 @@ dependencies:
- name: rook-ceph-cluster
version: v1.19.2
repository: https://charts.rook.io/release
- name: cloudflared
alias: cloudflared-rgw
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
# renovate: datasource=github-releases depName=rook/rook
appVersion: v1.19.2

49
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -177,4 +177,51 @@ rook-ceph-cluster:
name: ceph-blockpool-snapshot
isDefault: true
deletionPolicy: Delete
cephObjectStores: []
cephObjectStores:
- name: ceph-objectstore
spec:
metadataPool:
failureDomain: host
replicated:
size: 3
dataPool:
failureDomain: host
erasureCoded:
dataChunks: 2
codingChunks: 1
parameters:
bulk: "true"
preservePoolsOnDelete: true
gateway:
port: 80
resources:
requests:
cpu: "1000m"
memory: "1Gi"
instances: 1
priorityClassName: system-cluster-critical
hosting:
dnsNames:
- objects.alexlebens.dev
- objects.alexlebens.net
storageClass:
enabled: true
name: ceph-bucket
reclaimPolicy: Delete
volumeBindingMode: "Immediate"
parameters:
region: us-east-1
route:
enabled: true
port: 80
host:
name: objects.alexlebens.net
path: /
pathType: PathPrefix
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
cloudflared-rgw:
name: rgw

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:5cfad7a46f5671378adac77c3e39df224430a7481aeb16f7d3713f134e5d1dab
generated: "2026-03-11T23:02:03.844844518Z"
digest: sha256:6885799edd2217270ad37df5fb6fdd7582504622f2df8f6a4cbe67bd9a9abc94
generated: "2026-03-06T01:15:27.781474945Z"

2
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.9.1
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -256,7 +256,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -272,10 +272,9 @@ volsync-target-data:
pvcTarget: roundcube-data
local:
enabled: true
schedule: 12 11 * * *
schedule: 16 11 * * *
remote:
enabled: true
schedule: 12 12 * * *
enabled: false
external:
enabled: true
schedule: 12 13 * * *
schedule: 16 12 * * *

Some files were not shown because too many files have changed in this diff Show More