alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:renovate/unified-postgres-cluster
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-elasticsearch alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:da1dd5631b40b9c9eac6ceafa321cccb072deb7a
Branches Tags
alexlebens:renovate/major-unified-elasticsearch alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main

1 Commits
renovate/u ... da1dd5631b

Author SHA1 Message Date
Renovate Bot
da1dd5631b Update external-dns to v0.21.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
2026-04-06 19:54:35 +00:00
94 changed files with 1161 additions and 528 deletions
Expand all files Collapse all files

1
clusters/cl01tl/helm/dependency-track/Chart.yaml
View File

@@ -11,7 +11,6 @@ sources:
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:

6
clusters/cl01tl/helm/dependency-track/values.yaml
View File

@@ -55,7 +55,7 @@ dependency-track:
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "false"
value: "true"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
@@ -74,8 +74,6 @@ dependency-track:
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_FLOW
value: explicit
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
@@ -83,7 +81,7 @@ dependency-track:
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track-api-server.dependency-track
apiBaseUrl: dependency-track.alexlebens.net
httpRoute:
enabled: true
hostnames:

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -32,6 +32,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
# renovate: datasource=github-releases depName=karakeep-app/karakeep
appVersion: 0.31.0

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 83.0.0
version: 82.18.0
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:73bade97f20d9611f03cb3bb16173efb491993a69a1fb8e22eed2c19d535ca2b
generated: "2026-04-06T21:02:50.314276855Z"
digest: sha256:e4632c1c2f0b9d0b37edc7ecf1a008cdf3683737133f2d0b119eab9f968ebf88
generated: "2026-04-05T19:45:07.805154-05:00"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -19,7 +19,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 83.0.0
version: 82.18.0
repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds
version: 28.0.1

1
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- ddns
- job
home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/
sources:
- https://github.com/kubitodev/kubernetes-cloudflare-ddns

2
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -23,6 +23,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/languagetool.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

1
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Libation
keywords:
- libation
- audible
- job
home: https://docs.alexlebens.dev/applications/languagetool/
sources:
- https://github.com/rmcrackan/Libation

3
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -463,9 +463,6 @@ volsync-target-discord:
schedule: 40 10 * * *
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
schedule: 42 8 * * *

2
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -43,7 +43,7 @@ navidrome:
main:
image:
repository: ghcr.io/jeffvli/feishin
tag: 1.11.0@sha256:1eed97d6272d29d0a7de4c3c1357d4bc9c08cf8e304aa1014089f9111d22619c
tag: 1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
env:
- name: SERVER_NAME
value: talos

2
clusters/cl01tl/helm/paperless-ngx/values.yaml
View File

@@ -86,7 +86,7 @@ paperless-ngx:
gotenberg:
image:
repository: gotenberg/gotenberg
tag: 8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
tag: 8.29.1@sha256:36c925776fa0db0fd1030408d131fde7ac3453027a559883555155b72adb16a7
service:
main:
controller: main

2
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -238,7 +238,7 @@ temporal:
cpu: 10m
memory: 50Mi
postgres-18-cluster:
mode: recovery
mode: standalone
cluster:
enableSuperuserAccess: true
recovery:

2
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -6,6 +6,8 @@ qbittorrent:
strategy: Recreate
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:

6
clusters/cl01tl/helm/radarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:f644b5d539a1aa786eae75f7e397ca12383320bcb52618eaf611c45c08e6f205
generated: "2026-04-06T15:33:33.355903-05:00"
digest: sha256:d76563fe1a7a9f8ceaf6937831bd0c5511eb7369abb8eb54110dfb69e6dce224
generated: "2026-03-15T20:08:21.236792423Z"

14
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -4,18 +4,20 @@ version: 1.0.0
description: Radarr 4K
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- 4k
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +27,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -4,6 +4,7 @@ radarr-4k:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -14,22 +15,24 @@ radarr-4k:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
resources:
requests:
cpu: 10m
memory: 220Mi
cpu: 100m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +45,10 @@ radarr-4k:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +56,11 @@ radarr-4k:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +95,11 @@ radarr-4k:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-4k
- group: ''
kind: Service
name: radarr-4k
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +116,7 @@ radarr-4k:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +150,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-4k-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff7a0dc34eba6f1958b56a90fd4b47d5baac88eb5c40349b5b9aa8223fa6ffd6
generated: "2026-04-06T15:33:41.628584-05:00"
digest: sha256:21bde3a8778fb94e40f2177383ca418123e69f3f3f463b31d35e9f9bf83dfa9d
generated: "2026-03-15T20:08:35.497440433Z"

14
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -4,18 +4,20 @@ version: 1.0.0
description: Radarr Anime
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- anime
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +27,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-anime:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +25,12 @@ radarr-anime:
resources:
requests:
cpu: 10m
memory: 220Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +43,10 @@ radarr-anime:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +54,11 @@ radarr-anime:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +93,11 @@ radarr-anime:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-anime
- group: ''
kind: Service
name: radarr-anime
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +114,7 @@ radarr-anime:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-anime-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-standup/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:c032454ad1ce0729f69b7d79571880d4d27af6dc6f638b3a32e0a1633c1ee996
generated: "2026-04-06T15:33:54.620306-05:00"
digest: sha256:ebd25d2a12ca1924b66c62d6dd2c69476ae4526825020796198b65c2ebd2c6eb
generated: "2026-03-15T20:08:49.811429784Z"

13
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Radarr Stand Up
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- standup
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-standup:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +25,12 @@ radarr-standup:
resources:
requests:
cpu: 10m
memory: 220Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +43,10 @@ radarr-standup:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +54,11 @@ radarr-standup:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +93,11 @@ radarr-standup:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-standup
- group: ''
kind: Service
name: radarr-standup
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +114,7 @@ radarr-standup:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-standup-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:26dca3bc43e9b3613d3fe817bf6254ffe8ca31152596fa6a141458734aab6950
generated: "2026-04-06T15:33:25.009896-05:00"
digest: sha256:05ce0d746d9c42a00338df5e6673fde8baeefa6f598ef8c85a32e6bc393b94ca
generated: "2026-03-15T20:09:03.538226001Z"

13
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Radarr
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

46
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -4,6 +4,7 @@ radarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -14,10 +15,11 @@ radarr:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +27,12 @@ radarr:
resources:
requests:
cpu: 100m
memory: 600Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +45,10 @@ radarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +56,11 @@ radarr:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +95,11 @@ radarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr
- group: ''
kind: Service
name: radarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +116,7 @@ radarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +150,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-config
moverSecurityContext:

6
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -4,9 +4,9 @@ version: 1.0.0
description: Rclone
keywords:
- rclone
- s3-sync
- job
home: https://docs.alexlebens.dev/applications/rclone/
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/rclone/rclone
- https://hub.docker.com/r/rclone/rclone
@@ -18,6 +18,6 @@ dependencies:
alias: rclone
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp
# renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.3

72
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -4,15 +4,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:directus-assets
@@ -82,15 +87,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 10 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:karakeep-assets
@@ -160,15 +170,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 20 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "20 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:talos-backups
@@ -239,7 +254,8 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- delete
- dest:talos-backups
@@ -279,15 +295,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 30 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "30 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:web-assets
@@ -357,15 +378,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 40 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "40 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:postgres-backups
@@ -440,7 +466,8 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- delete
- dest:postgres-backups
@@ -480,15 +507,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 50 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.3@sha256:66af24d7c8809af336dc16068149257cf447c80f8c60aa9f5679153f42017b85
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:ntfy-attachments

3
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Reloader
keywords:
- reloader
- config-map
home: https://docs.alexlebens.dev/applications/rclone/
- kubernetes
home: https://wiki.alexlebens.dev/s/e3a68f74-6d9a-484c-a446-4ba32f41d4c8
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader

7
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Rook Ceph
keywords:
- rook-ceph
- ceph
- storage
home: https://docs.alexlebens.dev/applications/rook-ceph/
- kubernetes
home: https://wiki.alexlebens.dev/s/8592da1d-8168-4c6c-a3e4-106902fe878c
sources:
- https://github.com/rook/rook
- https://quay.io/repository/ceph/ceph?tab=tags
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph-cluster
- https://github.com/rook/rook/tree/master/deploy/charts
maintainers:
- name: alexlebens
dependencies:

78
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -1,30 +1,20 @@
rook-ceph:
crds:
enabled: true
resources:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
csi:
rookUseCsiOperator: true
cephFSKernelMountOptions: "ms_mode=secure"
enableMetadata: true
provisionerReplicas: 3
serviceMonitor:
enabled: true
enableDiscoveryDaemon: true
monitoring:
enabled: true
rook-ceph-cluster:
toolbox:
enabled: true
image: quay.io/ceph/ceph:v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
resources:
limits:
memory: 1Gi
requests:
cpu: 1m
memory: 10Mi
monitoring:
enabled: true
createPrometheusRules: true
@@ -32,17 +22,17 @@ rook-ceph-cluster:
CephNodeDiskspaceWarning:
disabled: true
cephImage:
# https://quay.io/repository/ceph/ceph?tab=tags
repository: quay.io/ceph/ceph
tag: v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
tag: v19.2.3-20250717
imagePullPolicy: IfNotPresent
cephClusterSpec:
cephConfig:
osd:
bluestore_slow_ops_warn_lifetime: "60"
bluestore_slow_ops_warn_threshold: "10"
csi:
readAffinity:
enabled: true
mgr:
count: 2
modules:
- name: pg_autoscaler
enabled: true
@@ -51,6 +41,7 @@ rook-ceph-cluster:
- name: volumes
enabled: true
dashboard:
enabled: true
ssl: false
network:
connections:
@@ -83,62 +74,29 @@ rook-ceph-cluster:
operator: Exists
resources:
mgr:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 500Mi
memory: 512Mi
mon:
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 750Mi
cpu: 200m
memory: 256Mi
osd:
limits:
memory: 8Gi
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 200Mi
mgr-sidecar:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 40Mi
crashcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
logcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
cleanup:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
exporter:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
memory: 128Mi
storage:
useAllDevices: false
devicePathFilter: "/dev/disk/by-partlabel/r-csi-disk"
config:
osdsPerDevice: "1"
csi:
readAffinity:
enabled: true
route:
dashboard:
host:
@@ -189,11 +147,9 @@ rook-ceph-cluster:
activeCount: 1
activeStandby: true
resources:
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 400Mi
cpu: "1000m"
memory: "4Gi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:3385cf67283187e62972293322a24c0bd3cf979cd870a3f157728e50b601e4f6
generated: "2026-04-06T17:40:21.003745-05:00"
digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
generated: "2026-03-15T20:09:18.053504671Z"

8
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -4,12 +4,12 @@ version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email-client
home: https://docs.alexlebens.dev/applications/rclone/
- email
home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e
sources:
- https://github.com/roundcube/roundcubemail
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/roundcube/roundcubemail
- https://hub.docker.com/_/nginx
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: DES_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY

63
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -4,11 +4,13 @@ roundcube:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -51,32 +53,40 @@ roundcube:
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 256Mi
nginx:
image:
repository: nginx
tag: 1.29.7-alpine-slim@sha256:0848ca84c476868cbeb6a5c2c009a98821b8540f96c44b1ba06820db50262e35
tag: 1.29.7-alpine-slim
pullPolicy: IfNotPresent
env:
- name: NGINX_HOST
value: mail.alexlebens.net
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
resources:
requests:
cpu: 10m
memory: 128Mi
cleandb:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 30 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
args:
- bin/cleandb.sh
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -113,6 +123,12 @@ roundcube:
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
args:
- bin/cleandb.sh
resources:
requests:
cpu: 100m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -151,9 +167,11 @@ roundcube:
mail:
port: 9000
targetPort: 9000
protocol: HTTP
web:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -166,8 +184,11 @@ roundcube:
- mail.alexlebens.net
rules:
- backendRefs:
- name: roundcube
- group: ''
kind: Service
name: roundcube
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -189,6 +210,7 @@ roundcube:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -217,12 +239,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: roundcube-data
local:

6
clusters/cl01tl/helm/rybbit/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:95bab760e3dc94ba3affe42d2f91bc274ed520865a461cdaac61ba47eab6f39f
generated: "2026-04-06T17:43:01.938961-05:00"
digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
generated: "2026-03-15T20:09:33.800790437Z"

8
clusters/cl01tl/helm/rybbit/Chart.yaml
View File

@@ -5,16 +5,12 @@ description: Rybbit
keywords:
- rybbit
- analytics
home: https://docs.alexlebens.dev/applications/rybbit/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/rybbit-io/rybbit
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-backend
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-client
- https://hub.docker.com/r/clickhouse/clickhouse-server/
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,7 +23,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-clickhouse-data

12
clusters/cl01tl/helm/rybbit/templates/external-secret.yaml
View File

@@ -14,17 +14,29 @@ spec:
data:
- secretKey: clickhouse-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: user
- secretKey: clickhouse-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: password
- secretKey: better-auth-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: mapbox-token

75
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -4,11 +4,13 @@ rybbit:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-backend
tag: v2.5.0@sha256:fd00f61abe592f872a0e4ac13f8c7b190ab2810e72f898faea4809d7ced46eef
tag: v2.5.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -69,12 +71,17 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
httpGet:
path: /api/health
port: 3001
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:3001/api/health
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -83,16 +90,18 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 256Mi
client:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-client
tag: v2.5.0@sha256:741908be311a23ee4e58c5f82c6740bf75bbe4f7430ff2aec420f6189b1378b8
repository: harbor.alexlebens.net/images/rybbit-client
tag: v2.4.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -103,16 +112,18 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 256Mi
clickhouse:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.3.3@sha256:5cfbc0598ee3bd850ac1b2ab150e6c9ec7b9207f1a97617e015325fb5df053d0
tag: 26.3.3
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB
value: analytics
@@ -128,12 +139,17 @@ rybbit:
key: clickhouse-password
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
httpGet:
path: /ping
port: 8123
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost:8123/ping
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -141,8 +157,8 @@ rybbit:
timeoutSeconds: 5
resources:
requests:
cpu: 40m
memory: 300Mi
cpu: 10m
memory: 256Mi
configMaps:
config:
enabled: true
@@ -192,24 +208,28 @@ rybbit:
http:
port: 3001
targetPort: 3001
protocol: HTTP
client:
controller: client
ports:
http:
port: 3002
targetPort: 3002
protocol: TCP
clickhouse:
controller: clickhouse
ports:
http:
port: 8123
targetPort: 8123
protocol: TCP
persistence:
clickhouse:
forceRename: clickhouse-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
clickhouse:
main:
@@ -251,12 +271,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-clickhouse-data:
pvcTarget: clickhouse-data
moverSecurityContext:

5
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: S3 Exporter
keywords:
- s3-exporter
- storage
home: https://docs.alexlebens.dev/applications/s3-exporter/
- monitoring
- metrics
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/molu8bits/s3bucket_exporter
- https://hub.docker.com/r/molu8bits/s3bucket_exporter
@@ -17,6 +19,5 @@ dependencies:
alias: s3-exporter
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/amazon-s3.png
# renovate: datasource=github-releases depName=molu8bits/s3bucket_exporter
appVersion: 1.0.2

15
clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/prometheus-exporter
metadataPolicy: None
property: AWS_REGION
---
@@ -42,9 +51,15 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_SECRET_KEY

27
clusters/cl01tl/helm/s3-exporter/values.yaml
View File

@@ -4,11 +4,13 @@ s3-exporter:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
tag: 1.0.2
pullPolicy: IfNotPresent
env:
- name: S3_NAME
value: digital-ocean
@@ -35,17 +37,19 @@ s3-exporter:
value: false
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 64Mi
garage-local:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
tag: 1.0.2
pullPolicy: IfNotPresent
env:
- name: S3_NAME
value: garage-local
@@ -69,17 +73,19 @@ s3-exporter:
value: true
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 64Mi
garage-remote:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: molu8bits/s3bucket_exporter
tag: 1.0.2@sha256:75fc839c5f12cdbf20babab534959c96356b4483743e730409132bbda6944505
tag: 1.0.2
pullPolicy: IfNotPresent
env:
- name: S3_NAME
value: garage-remote
@@ -103,8 +109,8 @@ s3-exporter:
value: true
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 64Mi
service:
digital-ocean:
controller: digital-ocean
@@ -112,18 +118,21 @@ s3-exporter:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-local:
controller: garage-local
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
garage-remote:
controller: garage-remote
ports:
metrics:
port: 9655
targetPort: 9655
protocol: TCP
serviceMonitor:
digital-ocean:
selector:

5
clusters/cl01tl/helm/searxng/Chart.yaml
View File

@@ -5,13 +5,10 @@ description: Searxng
keywords:
- searxng
- search
home: https://docs.alexlebens.dev/applications/searxng/
home: https://wiki.alexlebens.dev/s/6c6da68a-8725-4439-93c8-990ce824be54
sources:
- https://github.com/searxng/searxng
- https://hub.docker.com/r/searxng/searxng
- https://hub.docker.com/r/valkey/valkey
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

12
clusters/cl01tl/helm/searxng/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: metrics-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-password
- secretKey: metrics-username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cl01tl/searxng/browser
metadataPolicy: None
property: metrics-username
---
@@ -38,9 +44,15 @@ spec:
data:
- secretKey: settings.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: settings.yml
- secretKey: limiter.toml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/searxng/api/config
metadataPolicy: None
property: limiter.toml

11
clusters/cl01tl/helm/searxng/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: searxng
labels:
app.kubernetes.io/name: searxng
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

30
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -4,11 +4,13 @@ searxng:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: searxng/searxng
tag: latest@sha256:4726ed1c4fe132d87abb2707070b761ddb08e769ef2d9408633c599ae28821e7
tag: latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
value: http://searxng-api.searxng:8080
@@ -26,17 +28,19 @@ searxng:
value: 10
resources:
requests:
cpu: 1m
memory: 120Mi
cpu: 10m
memory: 256Mi
browser:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: searxng/searxng
tag: latest@sha256:4726ed1c4fe132d87abb2707070b761ddb08e769ef2d9408633c599ae28821e7
tag: latest@sha256:7b924c76c2cd9e960cc6b522eed5faf57ea3e6796020878455d86fcc3e7c26a3
pullPolicy: IfNotPresent
env:
- name: SEARXNG_BASE_URL
value: https://searxng.alexlebens.net/
@@ -45,7 +49,7 @@ searxng:
- name: SEARXNG_HOSTNAME
value: searxng.alexlebens.net
- name: SEARXNG_VALKEY_URL
value: valkey://localhost:6379/0
value: valkey://127.0.0.1:6379/0
- name: GRANIAN_HOST
value: 0.0.0.0
- name: GRANIAN_PORT
@@ -53,11 +57,16 @@ searxng:
resources:
requests:
cpu: 10m
memory: 250Mi
memory: 256Mi
valkey:
image:
repository: valkey/valkey
tag: 9.0.0-alpine@sha256:bef37d06d4856710973ee31dd1eac1482e4c8e6e7b847f999ad25433e646587b
tag: 9.0.0-alpine3.22
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
service:
api:
controller: api
@@ -65,12 +74,14 @@ searxng:
mail:
port: 8080
targetPort: 8080
protocol: HTTP
browser:
controller: browser
ports:
mail:
port: 80
targetPort: 8080
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -102,8 +113,11 @@ searxng:
- searxng.alexlebens.net
rules:
- backendRefs:
- name: searxng-browser
- group: ''
kind: Service
name: searxng-browser
port: 80
weight: 100
matches:
- path:
type: PathPrefix

8
clusters/cl01tl/helm/seerr/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Seerr
keywords:
- seerr
- media-request
- servarr
home: https://docs.alexlebens.dev/applications/seerr/
- media
- movies
- tv shows
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/seerr-team/seerr
- https://github.com/seerr-team/seerr/pkgs/container/seerr
- https://github.com/seerr-team/seerr/tree/develop/charts/seerr-chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

24
clusters/cl01tl/helm/seerr/values.yaml
View File

@@ -3,16 +3,32 @@ seerr-chart:
registry: ghcr.io
repository: seerr-team/seerr
tag: v3.1.0
sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9
probes:
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 5
config:
persistence:
size: 5Gi
accessModes:
- ReadWriteOnce
storageClass: ceph-block
ingress:
enabled: false
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
@@ -20,10 +36,14 @@ seerr-chart:
namespace: traefik
hostnames:
- seerr.alexlebens.net
matches:
- path:
type: PathPrefix
value: /
resources:
requests:
cpu: 10m
memory: 500Mi
memory: 128Mi
volsync-target-config:
pvcTarget: seerr-seerr-chart-config
local:

5
clusters/cl01tl/helm/shelfmark/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Shelfmark
keywords:
- shelfmark
- books
home: https://docs.alexlebens.dev/applications/shelfmark/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/calibrain/shelfmark
- https://github.com/calibrain/shelfmark/pkgs/container/shelfmark
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,6 +21,6 @@ dependencies:
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/shelfmark.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/shelfmark.webp
# renovate: datasource=github-releases depName=calibrain/shelfmark
appVersion: v1.2.1

9
clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data:
- secretKey: grimmory-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/shelfmark/booklore
metadataPolicy: None
property: user
- secretKey: grimmory-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/shelfmark/booklore
metadataPolicy: None
property: password
- secretKey: prowlarr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/prowlarr/key
metadataPolicy: None
property: key

29
clusters/cl01tl/helm/shelfmark/values.yaml
View File

@@ -4,15 +4,13 @@ shelfmark:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/calibrain/shelfmark
tag: v1.2.1@sha256:5e00d47cccaa3b67234855d950d016c50691b78197a68adf15a624f6c08acee2
tag: v1.2.1
pullPolicy: IfNotPresent
env:
- name: FLASK_PORT
value: 8084
@@ -90,24 +88,27 @@ shelfmark:
enabled: true
custom: true
spec:
httpGet:
path: /api/health
port: 8084
exec:
command:
- /bin/sh
- -c
- "curl -sf http://localhost:8084/api/health"
failureThreshold: 5
initialDelaySeconds: 30
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
timeoutSeconds: 30
resources:
requests:
cpu: 10m
memory: 140Mi
memory: 256Mi
service:
main:
ports:
http:
port: 80
targetPort: 8084
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -120,8 +121,11 @@ shelfmark:
- shelfmark.alexlebens.net
rules:
- backendRefs:
- name: shelfmark
- group: ''
kind: Service
name: shelfmark
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -132,6 +136,7 @@ shelfmark:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

4
clusters/cl01tl/helm/shelly-plug/Chart.yaml
View File

@@ -5,10 +5,9 @@ description: Shelly Plug
keywords:
- shelly-plug
- metrics
home: https://docs.alexlebens.dev/applications/shelly-plug/
home: https://wiki.alexlebens.dev/s/18b5575c-3a57-4515-89a0-b23d6df8dec4
sources:
- https://github.com/geerlingguy/shelly-plug-prometheus
- https://hub.docker.com/r/alpine/git
- https://hub.docker.com/_/php
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template/values.yaml
maintainers:
@@ -18,5 +17,4 @@ dependencies:
alias: shelly-plug
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/shelly.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml
View File

@@ -14,9 +14,15 @@ spec:
data:
- secretKey: SHELLY_HTTP_USERNAME
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /shelly-plug/auth/it05sp
metadataPolicy: None
property: SHELLY_HTTP_USERNAME
- secretKey: SHELLY_HTTP_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /shelly-plug/auth/it05sp
metadataPolicy: None
property: SHELLY_HTTP_PASSWORD

17
clusters/cl01tl/helm/shelly-plug/values.yaml
View File

@@ -4,13 +4,15 @@ shelly-plug:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-fetch-repo:
securityContext:
runAsUser: 0
image:
repository: alpine/git
tag: 2.52.0@sha256:d453f54c83320412aa89c391b076930bd8569bc1012285e8c68ce2d4435826a3
tag: latest
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
@@ -26,11 +28,16 @@ shelly-plug:
git fetch origin
git checkout origin/master -ft
fi
resources:
requests:
cpu: 10m
memory: 128Mi
containers:
main:
image:
repository: php
tag: 8.5.4-apache@sha256:e55a9f8e4caa09c6a31ec752b307675d847bb8546d975f379128cb2a99842b96
tag: 8.5.4-apache-bookworm
pullPolicy: IfNotPresent
env:
- name: SHELLY_HOSTNAME
value: it05sp.alexlebens.net
@@ -41,8 +48,8 @@ shelly-plug:
name: shelly-plug-config-secret
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 64Mi
service:
main:
controller: main
@@ -50,6 +57,7 @@ shelly-plug:
metrics:
port: 80
targetPort: 80
protocol: TCP
serviceMonitor:
main:
selector:
@@ -67,6 +75,7 @@ shelly-plug:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-fetch-repo:

12
clusters/cl01tl/helm/site-documentation/Chart.yaml
View File

@@ -5,11 +5,12 @@ description: Site Documentation
keywords:
- site-documentation
- astro
home: https://docs.alexlebens.dev/applications/site-documentation/
home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584
sources:
- https://gitea.alexlebens.dev/alexlebens/site-documentation
- https://github.com/alexlebens/site-documentation
- https://github.com/withastro/astro
- https://harbor.alexlebens.net/harbor/projects/11/repositories/site-documentation
- https://github.com/cloudflare/cloudflared
- https://github.com/alexlebens/site-documentation/pkgs/container/site-documentation
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
@@ -22,6 +23,5 @@ dependencies:
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
# renovate: datasource=gitea-releases registryUrl=https://gitea.alexlebens.dev depName=alexlebens/site-documentation
appVersion: 0.20.0
icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
appVersion: 0.0.5

7
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -6,15 +6,17 @@ site-documentation:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/site-documentation
tag: 0.21.0@sha256:556d92724306b0949c38185ffbaa7e3f05b9ba0d9b8dcfee0fc7a21985d10199
tag: 0.20.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 40Mi
memory: 128Mi
service:
main:
controller: main
@@ -22,3 +24,4 @@ site-documentation:
http:
port: 80
targetPort: 4321
protocol: HTTP

12
clusters/cl01tl/helm/site-profile/Chart.yaml
View File

@@ -5,11 +5,12 @@ description: Site Profile
keywords:
- site-profile
- astro
home: https://docs.alexlebens.dev/applications/site-profile/
home: https://wiki.alexlebens.dev/s/1c39adb6-e0c6-4b01-b71f-278631adf584
sources:
- https://gitea.alexlebens.dev/alexlebens/site-profile
- https://github.com/alexlebens/site-profile
- https://github.com/withastro/astro
- https://harbor.alexlebens.net/harbor/projects/11/repositories/site-profile
- https://github.com/cloudflare/cloudflared
- https://github.com/alexlebens/site-profile/pkgs/container/site-profile
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
@@ -22,6 +23,5 @@ dependencies:
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
# renovate: datasource=gitea-releases registryUrl=https://gitea.alexlebens.dev depName=alexlebens/site-profile
appVersion: 3.16.1
icon: https://d21zlbwtcn424f.cloudfront.net/logo-new-round.png
appVersion: 2.3.2

7
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -6,15 +6,17 @@ site-profile:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.16.1@sha256:656182fade379a0e8f1e6780c36bb64fe1374afbc8f06894126043105f66d29a
tag: 3.16.1
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 60Mi
memory: 128Mi
service:
main:
controller: main
@@ -22,3 +24,4 @@ site-profile:
http:
port: 80
targetPort: 4321
protocol: HTTP

13
clusters/cl01tl/helm/slskd/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: slskd
keywords:
- slskd
- soulseek
home: https://docs.alexlebens.dev/applications/slskd/
- soularr
- lidarr
- music
home: https://wiki.alexlebens.dev/s/ea931f86-1e70-480c-8002-64380b267cd7
sources:
- https://github.com/slskd/slskd
- https://github.com/qdm12/gluetun
- https://github.com/slskd/slskd/pkgs/container/slskd
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://hub.docker.com/_/busybox
- https://github.com/mrusse/soularr
- https://hub.docker.com/r/slskd/slskd
- https://hub.docker.com/r/mrusse08/soularr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens

39
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -14,10 +14,35 @@ spec:
data:
- secretKey: slskd.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/config
metadataPolicy: None
property: slskd.yml
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: soularr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: soularr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.ini
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/soularr
metadataPolicy: None
property: config.ini
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
@@ -35,17 +60,29 @@ spec:
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

70
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -4,10 +4,8 @@ slskd:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -22,9 +20,14 @@ slskd:
init-sysctl:
image:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: 1.37.0
pullPolicy: IfNotPresent
securityContext:
privileged: True
resources:
requests:
cpu: 10m
memory: 128Mi
command:
- /bin/sh
args:
@@ -36,10 +39,11 @@ slskd:
main:
image:
repository: slskd/slskd
tag: 0.24.5@sha256:17ef977563be206f3b5932080b1e23883b2cb39dc9010640f6f39b4eaec887e3
tag: 0.24.5
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -49,11 +53,12 @@ slskd:
resources:
requests:
cpu: 100m
memory: 330Mi
memory: 512Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
@@ -120,6 +125,36 @@ slskd:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
soularr:
type: deployment
replicas: 0
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: mrusse08/soularr
tag: latest@sha256:69bc29f2072d6256c30f94fb1a0bfe8034c197791a2103d87f15ef1761347ce9
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: SCRIPT_INTERVAL
value: 300
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -127,6 +162,7 @@ slskd:
http:
port: 5030
targetPort: 5030
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -151,8 +187,11 @@ slskd:
- slskd.alexlebens.net
rules:
- backendRefs:
- name: slskd
- group: ''
kind: Service
name: slskd
port: 5030
weight: 100
matches:
- path:
type: PathPrefix
@@ -169,6 +208,17 @@ slskd:
readOnly: true
mountPropagation: None
subPath: slskd.yml
soularr-config:
enabled: true
type: secret
name: soularr-config-secret
advancedMounts:
soularr:
main:
- path: /data/config.ini
readOnly: true
mountPropagation: None
subPath: config.ini
data:
existingClaim: slskd-nfs-storage
advancedMounts:
@@ -176,3 +226,7 @@ slskd:
main:
- path: /mnt/store
readOnly: false
soularr:
main:
- path: /mnt/store
readOnly: false

4
clusters/cl01tl/helm/snapshot-controller/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Snapshot Controller
keywords:
- snapshot-controller
- snapshots
- storage
home: https://docs.alexlebens.dev/applications/snapshot-controller/
- kubernetes
home: https://wiki.alexlebens.dev/s/67c065ac-bbc7-4d35-be62-af5b65ed8330
sources:
- https://github.com/kubernetes-csi/external-snapshotter
- https://github.com/piraeusdatastore/helm-charts/tree/main/charts/snapshot-controller

12
clusters/cl01tl/helm/snapshot-controller/values.yaml
View File

@@ -1,21 +1,15 @@
snapshot-controller:
installCRDs: true
controller:
replicaCount: 3
revisionHistoryLimit: 3
args:
leaderElection: true
leaderElectionNamespace: snapshot-controller
image:
repository: registry.k8s.io/sig-storage/snapshot-controller
tag: v8.5.0@sha256:74ca61ab13e978f03cf0f336a607281d15f04cda0a38a881306365473b28a3d8
tag: v8.5.0
resources:
requests:
cpu: 10m
memory: 40Mi
cpu: 50m
memory: 128Mi
serviceMonitor:
create: true
webhook:
image:
repository: registry.k8s.io/sig-storage/snapshot-conversion-webhook
tag: v8.5.0@sha256:1299486676accf16661d8a040c8715ce03fc5df0351a076f14247a873bfbfc0d

6
clusters/cl01tl/helm/sonarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:83fca5b0c0428efe33183648047cb649ee6ee7931e1441c360bcf63aad3ced20
generated: "2026-04-06T19:13:18.268013-05:00"
digest: sha256:27cc019786592c0e7fce9509543792c9f281a4e676c463ce5d6ba2a6df05e3b2
generated: "2026-03-15T20:09:49.767646568Z"

14
clusters/cl01tl/helm/sonarr-4k/Chart.yaml
View File

@@ -4,18 +4,20 @@ version: 1.0.0
description: Sonarr 4K
keywords:
- sonarr
- tv shows
- servarr
home: https://docs.alexlebens.dev/applications/sonarr/
- tv shows
- 4k
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +27,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.14

45
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -13,10 +13,11 @@ sonarr-4k:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -24,11 +25,12 @@ sonarr-4k:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["sonarr"]
env:
- name: URL
@@ -41,6 +43,10 @@ sonarr-4k:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -48,9 +54,11 @@ sonarr-4k:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -85,8 +93,11 @@ sonarr-4k:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: sonarr-4k
- group: ''
kind: Service
name: sonarr-4k
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -103,6 +114,7 @@ sonarr-4k:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -136,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 55 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-4k-config
moverSecurityContext:

6
clusters/cl01tl/helm/sonarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:d5bb985d028ae1d477dc2b7796e82515ee173232334c3441269cbd0b2a359ab5
generated: "2026-04-06T19:13:52.394776-05:00"
digest: sha256:0f8016577e9fedaf8e5bd36688da2bf19b51185bc8100b817b64ce48ec87433b
generated: "2026-03-15T20:10:04.000906771Z"

13
clusters/cl01tl/helm/sonarr-anime/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Sonarr Anime
keywords:
- sonarr
- tv shows
- servarr
home: https://docs.alexlebens.dev/applications/sonarr/
- anime
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.14

45
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -13,10 +13,11 @@ sonarr-anime:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -24,11 +25,12 @@ sonarr-anime:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["sonarr"]
env:
- name: URL
@@ -41,6 +43,10 @@ sonarr-anime:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -48,9 +54,11 @@ sonarr-anime:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -85,8 +93,11 @@ sonarr-anime:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: sonarr-anime
- group: ''
kind: Service
name: sonarr-anime
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -103,6 +114,7 @@ sonarr-anime:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -136,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 16 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-anime-config
moverSecurityContext:

6
clusters/cl01tl/helm/sonarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:56992d382fb09e68be6f3b20736b323868fe8a0eb694b76c8b5e98635576be7e
generated: "2026-04-06T19:13:09.43392-05:00"
digest: sha256:a20b4dd7e2f0c8777ed2be1bd2c702bc4d7cfeb51e4a29d781c041c555821aa1
generated: "2026-03-15T20:10:17.242764683Z"

13
clusters/cl01tl/helm/sonarr/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Sonarr
keywords:
- sonarr
- tv shows
- servarr
home: https://docs.alexlebens.dev/applications/sonarr/
- tv shows
- metrics
home: https://wiki.alexlebens.dev/s/3f8f5392-2e05-4bff-a798-7faf1bb24991
sources:
- https://github.com/Sonarr/Sonarr
- https://github.com/linuxserver/docker-sonarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-sonarr/pkgs/container/sonarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
appVersion: 4.0.17.2952-ls306
# renovate: datasource=github-releases depName=Sonarr/Sonarr
appVersion: 4.0.16

46
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -4,6 +4,7 @@ sonarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
@@ -12,10 +13,11 @@ sonarr:
main:
image:
repository: ghcr.io/linuxserver/sonarr
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
tag: 4.0.17@sha256:76414c033f290d3c9f1f9dfad71150abe71d92592369a3377a5903d579e6e2b2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -23,11 +25,12 @@ sonarr:
resources:
requests:
cpu: 100m
memory: 250Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["sonarr"]
env:
- name: URL
@@ -40,6 +43,10 @@ sonarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -47,9 +54,11 @@ sonarr:
http:
port: 80
targetPort: 8989
protocol: HTTP
metrics:
port: 9794
targetPort: 9794
protocol: TCP
serviceMonitor:
main:
selector:
@@ -84,8 +93,11 @@ sonarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: sonarr
- group: ''
kind: Service
name: sonarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -102,6 +114,7 @@ sonarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -135,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 50 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: sonarr-config
moverSecurityContext:

6
clusters/cl01tl/helm/speedtest-exporter/Chart.yaml
View File

@@ -4,11 +4,11 @@ version: 1.0.0
description: Speedtest Exporter
keywords:
- speedtest-exporter
- internet-speed
home: https://docs.alexlebens.dev/applications/speedtest-exporter/
- internet
- metrics
home: https://wiki.alexlebens.dev/s/843d4622-ea44-40bc-8fd1-1a6b71ba9a57
sources:
- https://github.com/MiguelNdeCarvalho/speedtest-exporter
- https://github.com/miguelndecarvalho/speedtest-exporter/pkgs/container/speedtest-exporter
- https://gitlab.com/alexander-chernov/helm/speedtest-exporter
maintainers:
- name: alexlebens

11
clusters/cl01tl/helm/speedtest-exporter/values.yaml
View File

@@ -1,7 +1,7 @@
speedtest-exporter:
image:
repository: ghcr.io/miguelndecarvalho/speedtest-exporter
tag: v3.5.4@sha256:f1064d49124c7fc45faabb87c6c876a2fd04e92b3dc14d4b871301217ba30fed
tag: v3.5.4
securityContext:
capabilities:
drop:
@@ -9,9 +9,8 @@ speedtest-exporter:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 1m
memory: 30Mi
serviceMonitor:
interval: 180m
enabled: true
namespace: speedtest-exporter
interval: "180m"
scrapeTimeout: "2m"

6
clusters/cl01tl/helm/stack/Chart.yaml
View File

@@ -3,9 +3,11 @@ name: stack
version: 1.0.0
description: Stack
keywords:
- stack
- argocd
home: https://docs.alexlebens.dev/applications/stack/
- application
- stack
- deployment
home: https://wiki.alexlebens.dev/s/0c2d1896-710d-4972-9bc8-08d71987428a
sources:
- https://github.com/argoproj/argo-cd
- https://gitea.alexlebens.dev/alexlebens/infrastructure

8
clusters/cl01tl/helm/stalwart/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:c4a92f0283952a59f2e4add1a1b9522d2f9eb0a37dce32aa6104e3087c0b5503
generated: "2026-04-06T20:21:29.186267-05:00"
digest: sha256:6ffe4bd6af377f2ba5134389027e86085928d5e1108bb5ecf0d4b1e4cc908b67
generated: "2026-03-15T20:10:31.966910173Z"

13
clusters/cl01tl/helm/stalwart/Chart.yaml
View File

@@ -5,14 +5,15 @@ description: Stalwart
keywords:
- stalwart
- email
home: https://docs.alexlebens.dev/applications/stalwart/
- smtp
home: https://wiki.alexlebens.dev/s/e10d3a19-9329-4443-a023-6ab70ffaff6e
sources:
- https://github.com/stalwartlabs/mail-server
- https://github.com/stalwartlabs/stalwart/pkgs/container/stalwart
- https://github.com/elastic/elasticsearch
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/stalwartlabs/mail-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,11 +23,11 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config

2
clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.13
version: 8.19.8
auth:
fileRealm:
- secretName: stalwart-elasticsearch-secret

9
clusters/cl01tl/helm/stalwart/templates/external-secret.yaml
View File

@@ -14,13 +14,22 @@ spec:
data:
- secretKey: username
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: username
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: password
- secretKey: roles
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/stalwart/elasticsearch
metadataPolicy: None
property: roles

42
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -4,15 +4,17 @@ stalwart:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/stalwartlabs/stalwart
tag: v0.15.5@sha256:dcf575db2d53d9ef86d6ced8abe4ba491984659a0f8862cc6079ee7b41c3c568
repository: stalwartlabs/stalwart
tag: v0.15.5
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 128Mi
service:
main:
controller: main
@@ -20,18 +22,23 @@ stalwart:
http:
port: 80
targetPort: 8080
protocol: HTTP
smtp:
port: 25
targetPort: 25
protocol: TCP
smtps:
port: 465
targetPort: 465
protocol: TCP
imap:
port: 143
targetPort: 143
protocol: TCP
imaps:
port: 993
targetPort: 993
protocol: TCP
route:
main:
kind: HTTPRoute
@@ -44,8 +51,11 @@ stalwart:
- stalwart.alexlebens.net
rules:
- backendRefs:
- name: stalwart
- group: ''
kind: Service
name: stalwart
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -56,6 +66,7 @@ stalwart:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
@@ -74,12 +85,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 16 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: stalwart-config
local:

12
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -4,14 +4,14 @@ version: 1.0.0
description: Tailscale Operator
keywords:
- tailscale-operator
- tailscale
- wireguard
- operator
home: https://docs.alexlebens.dev/applications/tailscale-operator/
- vpn
- kubernetes
home: https://wiki.alexlebens.dev/s/673177ef-e91b-43ad-9b80-d5037ec77852
sources:
- https://github.com/tailscale/tailscale
- https://hub.docker.com/r/tailscale/tailscale
- https://hub.docker.com/r/tailscale/k8s-operator
- https://hub.docker.com/r/tailscale/k8s-nameserver
- https://github.com/tailscale/tailscale/tree/main/cmd/k8s-operator/deploy/chart
maintainers:
- name: alexlebens
@@ -20,5 +20,5 @@ dependencies:
version: 1.94.2
repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=docker depName=tailscale/tailscale
appVersion: v1.94.2
# renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.96.4

6
clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml
View File

@@ -14,9 +14,15 @@ spec:
data:
- secretKey: client_id
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientId
- secretKey: client_secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /tailscale/k8s-operator
metadataPolicy: None
property: clientSecret

25
clusters/cl01tl/helm/tailscale-operator/values.yaml
View File

@@ -1,18 +1,21 @@
tailscale-operator:
oauth: {}
installCRDs: true
operatorConfig:
defaultTags:
- "tag:k8s-operator"
image:
repository: tailscale/k8s-operator
tag: v1.94.2
digest: sha256:7956bd50dca9dc804b98720df94d112b54af85449ed0bf8cc7fad0346b225067
logging: info
hostname: tailscale-operator-cl01tl
ingressClass:
name: tailscale
nodeSelector:
kubernetes.io/os: linux
operatorConfig:
securityContext:
capabilities:
add:
- NET_ADMIN
proxyConfig:
image:
repository: tailscale/tailscale
tag: v1.94.2
digest: sha256:95e528798bebe75f39b10e74e7051cf51188ee615934f232ba7ad06a3390ffa1
defaultProxyClass: no-metrics
defaultTags: "tag:k8s"
firewallMode: auto
defaultProxyClass: "no-metrics"
apiServerProxyConfig:
mode: "false"

14
clusters/cl01tl/helm/talos/Chart.yaml
View File

@@ -4,16 +4,12 @@ version: 1.0.0
description: Talos
keywords:
- talos
- operating-system
- job
home: https://docs.alexlebens.dev/applications/talos/
- etcd
- kubernetes
home: https://wiki.alexlebens.dev/s/c5ead573-34b6-442b-a286-7819e6e71f78
sources:
- https://github.com/siderolabs/talos
- https://github.com/siderolabs/talos-backup
- https://github.com/Angatar/s3cmd
- https://github.com/siderolabs/talos/pkgs/container/talosctl
- https://github.com/siderolabs/talos-backup/pkgs/container/talos-backup
- https://hub.docker.com/r/d3fk/s3cmd
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
@@ -26,6 +22,6 @@ dependencies:
alias: etcd-defrag
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/siderolabs/docs/3989ed11f0622252d7cee03b3ba3a3052be242d7/public/images/talos.svg
icon: https://avatars.githubusercontent.com/u/13804887?s=200&v=4
# renovate: datasource=github-releases depName=siderolabs/talos-backup
appVersion: v0.1.0-beta.3-7-ge8e193c
appVersion: v0.1.0-beta.3

149
clusters/cl01tl/helm/talos/templates/config.yaml
View File

@@ -12,138 +12,91 @@ data:
DATE_RANGE=$(date -d @$(( $(date +%s) - $DATE_RANGE_SECONDS )) +%Y-%m-%dT%H:%M:%SZ);
FILE_MATCH="${BUCKET}/cl01tl/etcd/cl01tl-${DATE_RANGE}.snap.age";
ERROR=false;
MESSAGE="";
echo "";
echo " ";
echo ">> Running S3 prune for Talos backup repository ${TARGET} ...";
echo "";
echo " ";
echo ">> Configured Date Range is $(date -u -d @${DATE_RANGE_SECONDS} +"%j days, %H hours, %M minutes")";
echo ">> Backups prior to '$DATE_RANGE' will be removed";
echo "";
FILES=$(s3cmd ls --no-check-certificate ${BUCKET}/cl01tl/etcd/ |
awk -v file_match="$FILE_MATCH" '$4 < file_match {print $4}');
if [ $? -ne 0 ]; then
echo "";
echo ">> Detected error, will send message to ntfy";
ERROR=true;
MESSAGE="Error collecting files to delete from '${TARGET}'";
echo " ";
echo ">> Detected error, will send message to ntfy";
elif [ -n "${FILES}" ]; then
echo "";
echo " ";
echo ">> Backups to be removed:";
echo "";
echo "$FILES";
echo "";
echo "$FILES"
echo " ";
echo ">> Deleting ...";
for file in $FILES; do
s3cmd del --no-check-certificate -v "${file}";
$FILES | while read file; do
s3cmd del --no-check-certificate -v "$file";
if [ $? -ne 0 ]; then
echo ">> Detected error, will send message to ntfy";
ERROR=true;
MESSAGE="Error deleting file from '${TARGET}'";
echo ">> Detected error, will send message to ntfy";
fi;
done;
else
echo " ";
echo ">> No backups to remove";
fi;
if [ "$ERROR" = "true" ]; then
MAX_RETRIES=5;
SUCCESS=false;
echo " ";
echo ">> Sending message to ntfy using curl ...";
echo " ";
echo ">> Verifying required commands ...";
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
else
echo "";
echo ">> No backups to remove";
exit 0;
fi;
MAX_RETRIES=5;
SUCCESS=false;
echo "";
echo ">> Sending message to ntfy using curl ...";
echo "";
echo ">> Verifying required commands ...";
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update >/dev/null 2>&1; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl >/dev/null 2>&1; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
fi;
echo "";
echo ">> Sending to NTFY ...";
if [ "$ERROR" = "true" ]; then
echo " ";
echo ">> Sending to NTFY ...";
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Talos Backup Prune Failed for ${TARGET}" \
-H "X-Title: Talos Backup Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
);
echo ">> HTTP Status Code: $HTTP_STATUS";
exit 1;
else
MESSAGE="Pruned $(echo "$FILES" | wc -l) files"
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Talos Backup Prune Success for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
);
echo ">> HTTP Status Code: $HTTP_STATUS";
fi;
echo "";
echo " ";
echo ">> Completed S3 prune for Talos backup repository ${TARGET}";

57
clusters/cl01tl/helm/talos/templates/external-secret.yaml
View File

@@ -14,23 +14,38 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: s3cfg-local
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -50,23 +65,38 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: s3cfg-remote
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/talos-backups
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -86,23 +116,38 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: .s3cfg
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: s3cfg
- secretKey: BUCKET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/etcd-backup
metadataPolicy: None
property: BUCKET
- secretKey: AGE_X25519_PUBLIC_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: AGE_X25519_PUBLIC_KEY
---
@@ -122,15 +167,24 @@ spec:
data:
- secretKey: NTFY_TOKEN
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: endpoint
- secretKey: NTFY_TOPIC
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-backup
metadataPolicy: None
property: NTFY_TOPIC
---
@@ -150,5 +204,8 @@ spec:
data:
- secretKey: config
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/talos/etcd-defrag
metadataPolicy: None
property: config

71
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -11,15 +11,20 @@ etcd-backup:
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 2 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 2 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
pullPolicy: IfNotPresent
command:
- /talos-backup
workingDir: /tmp
@@ -64,7 +69,8 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
@@ -90,16 +96,21 @@ etcd-backup:
operator: Exists
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 3 * * *
suspend: true
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 3 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
tag: v0.1.0-beta.3@sha256:05c86663b251a407551dc948097e32e163a345818117eb52c573b0447bd0c7a7
pullPolicy: IfNotPresent
command:
- /talos-backup
workingDir: /tmp
@@ -144,7 +155,8 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
@@ -171,15 +183,20 @@ etcd-backup:
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 4 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 4 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: ghcr.io/siderolabs/talos-backup
tag: v0.1.0-beta.3-7-ge8e193c@sha256:d6f98bf2817bb0bd46be49e41251e24d713945a6af6e893529cc17d524187953
tag: v0.1.0-beta.3-5-g07d09ec@sha256:96054af026b6255ec14d198f2f10ad6c813b335a2e21a76804365c053dd4ba7b
pullPolicy: IfNotPresent
command:
- /talos-backup
workingDir: /tmp
@@ -224,7 +241,8 @@ etcd-backup:
s3-prune:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
@@ -375,15 +393,20 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
tag: v1.12.6
pullPolicy: IfNotPresent
args:
- etcd
- defrag
@@ -403,15 +426,20 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
tag: v1.12.6
pullPolicy: IfNotPresent
args:
- etcd
- defrag
@@ -431,15 +459,20 @@ etcd-defrag:
effect: NoSchedule
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "20 0 * * 0"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: ghcr.io/siderolabs/talosctl
tag: v1.12.6@sha256:a027cf02cf74a75eee83ccffa201f3a9455d77e795d092b87cae5e637f143e54
tag: v1.12.6
pullPolicy: IfNotPresent
args:
- etcd
- defrag

2
clusters/cl01tl/helm/traefik/Chart.yaml
View File

@@ -20,6 +20,6 @@ dependencies:
- name: traefik-crds
version: 1.16.0
repository: https://traefik.github.io/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/traefik.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/traefik.webp
# renovate: datasource=github-releases depName=traefik/traefik
appVersion: v3.6.12

2
clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml
View File

@@ -9,7 +9,7 @@ metadata:
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.13
version: 8.19.8
auth:
fileRealm:
- secretName: tubearchivist-elasticsearch-secret

9
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -187,7 +187,8 @@ snapshot:
s3-backup-local:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
@@ -207,7 +208,8 @@ snapshot:
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:
@@ -227,7 +229,8 @@ snapshot:
s3-backup-external:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
tag: latest@sha256:e3965f8205dfb96fb00e66cee54a0d171f1829a3cc6a1bbb980ab076730e54be
pullPolicy: IfNotPresent
command:
- /bin/sh
args:

6
clusters/cl01tl/helm/vaultwarden/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31
generated: "2026-04-07T07:10:18.646267414Z"
digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1
generated: "2026-03-15T20:10:47.852109985Z"

2
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

6
clusters/cl01tl/helm/yamtrack/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:2d0dc9c81ac07ac67670396d9a2f619f7abc8c1311c6bf03e71377dc1354d642
generated: "2026-04-07T07:10:36.952065971Z"
digest: sha256:71da007e1cef75e45b1678caa51b0d2317cb8f4dfdf7df675d534194f03650aa
generated: "2026-03-15T20:11:03.591727143Z"

2
clusters/cl01tl/helm/yamtrack/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

5
renovate.json
View File

@@ -33,7 +33,7 @@
"/(^|/)templates/.*\\.yaml$/"
],
"matchStrings": [
"#\\s*renovate:\\s*datasource=(?<datasource>\\S+)\\s+depName=(?<depName>\\S+)(?:\\s+versioning=(?<versioning>\\S+))?\\s+(?:tag|version):\\s*[\"']?(?<currentValue>[^@\\s\"']+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
"#\\s*renovate:\\s*datasource=(?<datasource>\\S+)\\s+depName=(?<depName>\\S+)(?:\\s+versioning=(?<versioning>\\S+))?\\s+tag:\\s*[\"']?(?<currentValue>[^@\\s\"']+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?[\"']?"
],
"versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}docker{{/if}}"
},
@@ -123,8 +123,7 @@
],
"matchPackageNames": [
"excalidraw/excalidraw",
"searxng/searxng",
"d3fk/s3cmd"
"searxng/searxng"
],
"addLabels": [
"automerge"