alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

Compare commits

base: alexlebens:renovate/unified-postgres-cluster
Branches Tags
alexlebens:main alexlebens:renovate/unified-actual alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:tmp/matrix-2
..
compare: alexlebens:ed2be36ba1c858a1d0a8bc2c8c832d9ff2719828
Branches Tags
alexlebens:renovate/unified-actual alexlebens:renovate/unified-valkey alexlebens:renovate/unified-postgres-cluster alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main alexlebens:tmp/matrix-2

1 Commits
renovate/u ... ed2be36ba1

Author SHA1 Message Date
Renovate Bot
ed2be36ba1 Update ghcr.io/stuffanthings/qbit_manage Docker tag to v4.7.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 29s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 32s
Details
render-manifests / render-manifests (pull_request) Has been skipped
Details
2026-04-03 23:50:12 +00:00
147 changed files with 1584 additions and 599 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.104.3@sha256:8248aad190150ce3f1016f9e93b45185679f075c428bca093e724a59f1fd426e
container: ghcr.io/renovatebot/renovate:43.104.2@sha256:450cc98e3f218e08850ca564d5f99f6ef6e9b4c7a88b4af1dde4487d335848b0
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.7
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.1
digest: sha256:bcf7ba94885125ce6dac62ee376299f9868bf6ad391597deab0b08ae697a0c5b
generated: "2026-04-03T23:47:41.400540573Z"

32
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.7
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.4

14
clusters/cl01tl/helm/ntfy/templates/external-secret.yaml → clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ntfy-config-secret
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-config-secret
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: attachment-cache-dir
- secretKey: secret
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: attachment-cache-dir
key: /authentik/oidc/argo-workflows
property: secret
- secretKey: client
remoteRef:
key: /authentik/oidc/argo-workflows
property: client

109
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
argo-workflows:
crds:
install: true
keep: true
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
controller:
metricsConfig:
enabled: true
persistence:
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
resources:
requests:
cpu: 1m
memory: 20Mi
serviceMonitor:
enabled: true
workflowNamespaces:
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 1m
memory: 32Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 1m
memory: 20Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
generated: "2026-04-04T21:00:59.689114-05:00"
digest: sha256:4b90c5af4cc7f37b04284aafd75ddda1241c71acb726932e7e21520b5bf98543
generated: "2026-03-31T18:36:26.87524-05:00"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

3
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Bazarr
keywords:
- bazarr
- subtitles
- servarr
home: https://docs.alexlebens.dev/applications/bazarr/
sources:
- https://github.com/morpheus65535/bazarr
@@ -25,5 +24,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
# renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: 1.5.6

4
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -102,12 +102,14 @@ blocky:
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
@@ -135,6 +137,7 @@ blocky:
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl
@@ -142,6 +145,7 @@ blocky:
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl

12
clusters/cl01tl/helm/code-server/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
home: https://docs.alexlebens.dev/applications/code-server/
sources:
- https://github.com/coder/code-server
- https://github.com/linuxserver/docker-code-server
- https://github.com/linuxserver/docker-code-server/pkgs/container/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=coder/code-server
appVersion: 4.113.1

22
clusters/cl01tl/helm/code-server/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
key: /cl01tl/code-server/auth
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
key: /cl01tl/code-server/auth
property: SUDO_PASSWORD

83
clusters/cl01tl/helm/code-server/values.yaml Normal file
View File

@@ -0,0 +1,83 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.113.1-ls327@sha256:d8c435da5f062deffc0478de5983b1bb6ffb88fe56ed901bd9f0f8f21d1db837
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 1m
memory: 40Mi
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- name: code-server
port: 8443
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
external:
enabled: true
schedule: 16 10 * * *

6
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:b070640b7006e3ad528193ca784cfbca602994c87afbef4ef4b40a05229cab10
generated: "2026-04-04T21:01:27.376484-05:00"
digest: sha256:1f513bd53430dd0fbba301ab5577aca85e984394dfdca9f615aae944a09c6bc0
generated: "2026-03-31T18:37:35.858603-05:00"

4
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1
appVersion: 1.6.0

4
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
command:
- "web-entrypoint.sh"
args:
@@ -111,7 +111,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
command:
- "sidekiq-entrypoint.sh"
args:

1
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/descheduler/
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens

3
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,7 +1,4 @@
descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment
resources:
limits:

6
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:5fa84b2d82a160c35e002690e4d299275b8136463da9da789be9ca7c6ff998c4
generated: "2026-04-04T21:01:37.322862-05:00"
digest: sha256:116183cdff428293215553b7e60be9aefafbbaaaf64c01f1fc974badd3e0754b
generated: "2026-03-31T18:37:42.414041-05:00"

2
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

1
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,6 +9,7 @@ directus:
image:
repository: ghcr.io/directus/directus
tag: 11.17.1@sha256:1dd2080a50a9f6df2b6f49df15a7734424bbd1a5902983c4b6e447f22027b80b
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net

1
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -8,7 +8,6 @@ keywords:
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
- https://github.com/kashalls/external-dns-unifi-webhook
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
maintainers:

3
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,7 +1,4 @@
external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.20.0@sha256:ddc7f4212ed09a21024deb1f470a05240837712e74e4b9f6d1f2632ff10672e7
fullnameOverride: external-dns-unifi
resources:
requests:

1
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -13,6 +13,7 @@ foldergram:
image:
repository: ghcr.io/foldergram/foldergram
tag: 1.1.0@sha256:b08c7f30a15a3d3e4cf0877a5271cb76be6a36ab83751f040c115ccdb76b736a
pullPolicy: IfNotPresent
env:
- name: IMAGE_DETAIL_SOURCE
value: original

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:f709ef2ce041d934faf75dfa31cc86e536aa62ab31ab82584c9751652561744c
generated: "2026-04-04T21:02:01.689182-05:00"
digest: sha256:ebf08159809ef0d69fcb8742b47245c82994b528c2f58e5ed40293555e085ecd
generated: "2026-03-31T18:37:59.187695-05:00"

2
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:b2a7ef962a91dff4313f66c1d04356f1b2aeefc752d672a9a27ea227db4b8c7d
generated: "2026-04-04T21:02:09.187828-05:00"
digest: sha256:1f530794c6d9c4a487d30443dce7ddf556524c7f875c6e5249b135e81528f0c5
generated: "2026-03-31T19:06:30.871275-05:00"

2
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

15
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -113,6 +113,9 @@ gatus:
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
@@ -131,6 +134,9 @@ gatus:
- name: immich
url: https://immich.alexlebens.net
<<: *defaults
- name: photoview
url: https://photoview.alexlebens.net
<<: *defaults
- name: foldergram
url: https://foldergram.alexlebens.net
<<: *defaults
@@ -179,6 +185,9 @@ gatus:
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: argo-workflows
url: https://argo-workflows.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -350,7 +359,7 @@ gatus:
<<: *defaults
group: external
- name: outline
url: https://outline.alexlebens.dev
url: https://wiki.alexlebens.dev
<<: *defaults
group: external
- name: vaultwarden
@@ -371,6 +380,10 @@ gatus:
url: https://gitea.alexlebens.dev
<<: *defaults
group: external
- name: codeserver
url: https://codeserver.alexlebens.dev
<<: *defaults
group: external
- name: authentik
url: https://auth.alexlebens.dev
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.28
digest: sha256:16e4470b394110a11721fe38a57ad1cfa7c994bca440bfbbc5b3b7a46a79f165
generated: "2026-04-05T02:12:22.980217268Z"
version: 0.20.27
digest: sha256:b66a7ab013f5eda47ccf94824796e026642e1abfc051e498957ee0f59743e9fc
generated: "2026-03-31T21:37:08.823163353Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -14,6 +14,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.28
version: 0.20.27
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -13,7 +13,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:4dc7ea441a81261a431f917521e528819ab708f6ddb4b3a77412464aecec3598
generated: "2026-04-04T21:14:18.193631-05:00"
digest: sha256:a31820970bf7a7e5fa51ff09668238ab5e3b9d4433a71e35d07b779ff632b94c
generated: "2026-04-01T21:57:18.743604859Z"

2
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -39,7 +39,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea

1
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -245,6 +245,7 @@ postgres-18-cluster:
resources:
requests:
cpu: 100m
memory: 150Mi
recovery:
method: objectStore
objectStore:

6
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 5.22.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:6c096d1ce729469f12e66b2d0d0c677990d06643ff49401ee8fa69f5ed738e9c
generated: "2026-04-04T21:02:18.686653-05:00"
digest: sha256:1f6bf4f0f24f85d8c362766010e4f42d26458c0412b67afab9b05f2e17eacced
generated: "2026-03-31T19:12:08.326471-05:00"

2
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -23,7 +23,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.114.0-ls328@sha256:928e63f0b775d76cda606f181bae9d81c6d3fbd2d1daeef9438e3ba5579f391d
tag: 4.113.1-ls327@sha256:d8c435da5f062deffc0478de5983b1bb6ffb88fe56ed901bd9f0f8f21d1db837
env:
- name: TZ
value: America/Chicago

36
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -145,6 +145,12 @@ homepage:
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV:
icon: sh-jellyfin.webp
description: Jellyfin
@@ -175,6 +181,12 @@ homepage:
href: https://immich.alexlebens.net
siteMonitor: http://immich.immich:2283
statusStyle: dot
- Pictures:
icon: sh-photoview.webp
description: Photoview
href: https://photoview.alexlebens.net
siteMonitor: http://photoview.photoview:80
statusStyle: dot
- Pictures:
icon: sh-foldergram.webp
description: Foldergram
@@ -196,7 +208,7 @@ homepage:
statusStyle: dot
- Documentation:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Homelab Docs
description: Documentation Wiki
href: https://docs.alexlebens.dev
siteMonitor: https://docs.alexlebens.dev
statusStyle: dot
@@ -224,11 +236,11 @@ homepage:
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Knowledge Base:
- Wiki:
icon: sh-outline.webp
description: Outline
href: https://outline.alexlebens.dev
siteMonitor: https://outline.alexlebens.dev
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.webp
@@ -297,7 +309,7 @@ homepage:
href: https://paperless-ngx.alexlebens.net
siteMonitor: http://paperless-ngx.paperless-ngx:80
statusStyle: dot
- Wikipedia:
- Wiki:
icon: sh-kiwix-light.webp
description: Kiwix
href: https://kiwix.alexlebens.net
@@ -338,6 +350,12 @@ homepage:
href: https://gitea-ps10rp.boreal-beaufort.ts.net
siteMonitor: https://gitea-ps10rp.boreal-beaufort.ts.net
statusStyle: dot
- IDE (External):
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- IDE (Home Assistant):
icon: sh-visual-studio-code.webp
description: Edit config for Home Assistant
@@ -375,6 +393,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Deployment Workflows:
icon: sh-argo-cd.webp
description: Argo Workflows
href: https://argo-workflows.alexlebens.net
siteMonitor: http://argo-workflows-server.argo-workflows:2746
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
@@ -837,7 +861,7 @@ homepage:
siteMonitor: http://yubal.yubal:80
statusStyle: dot
- Music Grabber:
icon: sh-music-grabber.webp
icon: sh-music-service.webp
description: Replicate Music playlists
href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80

3
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -4,7 +4,6 @@ version: 1.0.0
description: Houndarr
keywords:
- houndarr
- rescan
- servarr
home: https://docs.alexlebens.dev/applications/houndarr/
sources:
@@ -25,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.7.0
appVersion: v1.6.6

2
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -8,7 +8,7 @@ houndarr:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
tag: v1.6.6@sha256:6ecf6c92759a82068a3fbef3eae9065c88e1d8706b538832d07dc4854bc94ec0
env:
- name: TZ
value: America/Chicago

6
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:8b9129d1bbef82d6e0033610da9c25b2b98ce078027d389429cd947c8d22823e
generated: "2026-04-04T21:02:46.154937-05:00"
digest: sha256:b52be61811b2c4b8f1ac733be19de51e33540589b71337af99fc97727a1894e8
generated: "2026-04-01T19:49:30.408077-05:00"

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

2
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -40,7 +40,7 @@ jellyfin:
exporter:
image:
repository: rebelcore/jellyfin-exporter
tag: v1.5.0@sha256:37e6d389654180ad9e1661210a48fee71a6dc355a160670235a00329da0dbf80
tag: v1.4.0@sha256:dd35d901df663141025670b4b44a62a178b331e9fa084b17016f6fba46343ce9
args:
- '--jellyfin.address=http://127.0.0.1:8096'
- '--jellyfin.token=$(TOKEN)'

6
clusters/cl01tl/helm/jellystat/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:4ff8555c97c457923957fac499a0c9469edac8b3dd7ab0fab46f7d4e07e8eff5
generated: "2026-04-04T21:02:58.694365-05:00"
digest: sha256:a5b2ddd5097971d246b0d1f519ffafb662594d9f84ddc854b8eedf8702d2035f
generated: "2026-04-01T19:49:45.674314-05:00"

2
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

6
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ed3362c98ab60b195a47d0789f2420e041e907be955cdd122f84e363a00f4c73
generated: "2026-04-04T21:03:12.459168-05:00"
digest: sha256:9af0fa5ab5e1895e94d64ea5983b5ee58c8b4dd9c5c8ef8021c8c7f950fd54c4
generated: "2026-04-02T20:28:17.818342-05:00"

2
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgresql-17-fdb-cluster
version: 7.11.2
version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-keys

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 82.18.0
version: 82.17.0
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:bd480d8e4de9a528a73ec1bbadff5afb4d1f37ba6a85d98ec82a607283148f3d
generated: "2026-04-04T21:48:51.739477322Z"
digest: sha256:fa498f2d44d84f34ce09e1b8c8f2e871c143a2cf129fa63f2e1f3328ed5f01e3
generated: "2026-04-03T18:02:30.415481231Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 82.18.0
version: 82.17.0
repository: oci://ghcr.io/prometheus-community/charts
- name: app-template
alias: ntfy-alertmanager

3
clusters/cl01tl/helm/kubelet-serving-cert-approver/Chart.yaml
View File

@@ -4,8 +4,9 @@ version: 1.0.0
description: Kubelet Serving Cert Approver
keywords:
- kubelet-serving-cert-approver
- kubernetes
- certificate
home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/
home: https://wiki.alexlebens.dev/s/3aa80722-db85-41b4-ba1e-8d4c3d8643b5
sources:
- https://github.com/alex1989hu/kubelet-serving-cert-approver
- https://github.com/alex1989hu/kubelet-serving-cert-approver/pkgs/container/kubelet-serving-cert-approver

10
clusters/cl01tl/helm/kubelet-serving-cert-approver/values.yaml
View File

@@ -29,6 +29,7 @@ kubelet-serving-cert-approver:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
serviceAccount:
name: kubelet-serving-cert-approver
pod:
@@ -37,7 +38,8 @@ kubelet-serving-cert-approver:
main:
image:
repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
tag: 0.10.3@sha256:4cdc92140c48341433513dce3201806309d5256cfbac6f830feae1e7e9fb0d7d
tag: 0.10.3
pullPolicy: Always
args:
- serve
env:
@@ -47,8 +49,8 @@ kubelet-serving-cert-approver:
fieldPath: metadata.namespace
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -68,6 +70,8 @@ kubelet-serving-cert-approver:
health:
port: 8080
targetPort: 8080
protocol: HTTP
metrics:
port: 9090
targetPort: 9090
protocol: HTTP

4
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- cloudflare
- ddns
home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/
- kubernetes
home: https://wiki.alexlebens.dev/s/49513b51-cf91-4efd-b2a5-957555bc3ad7
sources:
- https://github.com/kubitodev/kubernetes-cloudflare-ddns
- https://hub.docker.com/r/kubitodev/kubernetes-cloudflare-ddns

12
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml
View File

@@ -14,17 +14,29 @@ spec:
data:
- secretKey: AUTH_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: token
- secretKey: NAME
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: name
- secretKey: RECORD_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: record-id
- secretKey: ZONE_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/ddns
metadataPolicy: None
property: zone-id

11
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/values.yaml
View File

@@ -4,19 +4,24 @@ kubernetes-cloudflare-ddns:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "30 4 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: kubitodev/kubernetes-cloudflare-ddns
tag: 2.0.0@sha256:80979b046e32ecccedfa6c00804676d070ef87c7f77a65e4afa4e91ffdeb7309
tag: 2.0.0
pullPolicy: IfNotPresent
envFrom:
- secretRef:
name: kubernetes-cloudflare-ddns-secret
resources:
requests:
cpu: 10m
memory: 32Mi
memory: 128Mi

3
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -5,13 +5,12 @@ description: LanguageTool
keywords:
- languagetool
- spellchecking
home: https://docs.alexlebens.dev/applications/languagetool/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/languagetool-org/languagetool
- https://github.com/Erikvl87/docker-languagetool
- https://hub.docker.com/r/erikvl87/languagetool
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

15
clusters/cl01tl/helm/languagetool/values.yaml
View File

@@ -4,11 +4,13 @@ languagetool:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: erikvl87/languagetool
tag: 6.7@sha256:454acc9b3d232bdf37a0eddb1c8d0e93513ce41b914a8a374e3c44a884122364
tag: 6.7
pullPolicy: IfNotPresent
env:
- name: langtool_languageModel
value: /ngrams
@@ -18,8 +20,8 @@ languagetool:
value: 1g
resources:
requests:
cpu: 1m
memory: 800Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -27,6 +29,7 @@ languagetool:
http:
port: 80
targetPort: 8010
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -39,8 +42,11 @@ languagetool:
- languagetool.alexlebens.net
rules:
- backendRefs:
- name: languagetool
- group: ''
kind: Service
name: languagetool
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -51,6 +57,7 @@ languagetool:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

5
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -4,14 +4,13 @@ version: 1.0.0
description: Libation
keywords:
- libation
- audiobooks
- audible
home: https://docs.alexlebens.dev/applications/languagetool/
home: https://wiki.alexlebens.dev/s/63beac50-a63f-45fe-b8e5-e1691dd5e9b0
sources:
- https://github.com/rmcrackan/Libation
- https://hub.docker.com/r/rmcrackan/libation
- https://hub.docker.com/_/ubuntu/tags
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

15
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -4,15 +4,20 @@ libation:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 0 0 1 1 *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
main:
image:
repository: rmcrackan/libation
tag: 13.3.2@sha256:d1c45260f3ba34b0fb1432c2b51763e00c5174864961856c1c31e7f2b0c3a39e
tag: 13.3.2
pullPolicy: IfNotPresent
env:
- name: SLEEP_TIME
value: "-1"
@@ -21,7 +26,7 @@ libation:
resources:
requests:
cpu: 10m
memory: 32Mi
memory: 128Mi
debug:
type: deployment
replicas: 0
@@ -30,7 +35,8 @@ libation:
main:
image:
repository: ubuntu
tag: resolute-20260401@sha256:a072b64036a738e55bff8f9a9682cbb893bf20c213772effc1de8dee8df1cea9
tag: resolute-20260401
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
@@ -44,6 +50,7 @@ libation:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
main:

6
clusters/cl01tl/helm/lidarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:eaa092df6ae81137c5a62622f9e09495a9bc886ae908202b120969948206d786
generated: "2026-04-04T21:03:34.837519-05:00"
digest: sha256:0f1a2923a7042b364a817edc64729d5e1c18b0552555c035d974de626f372692
generated: "2026-03-15T20:07:00.750754951Z"

12
clusters/cl01tl/helm/lidarr/Chart.yaml
View File

@@ -4,18 +4,17 @@ version: 1.0.0
description: Lidarr
keywords:
- lidarr
- music
- servarr
home: https://docs.alexlebens.dev/applications/lidarr/
- music
- metrics
home: https://wiki.alexlebens.dev/s/f7c4e892-aa3b-435f-b220-317dc53137ac
sources:
- https://github.com/Lidarr/Lidarr
- https://github.com/linuxserver/docker-lidarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-lidarr/pkgs/container/lidarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +24,11 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-lidarr
appVersion: 3.1.2-nightly

44
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -4,6 +4,7 @@ lidarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -15,9 +16,10 @@ lidarr:
image:
repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:034055feee43b11eb2f7a8438a9af1c99ab564dd2b43e5df2fe5b3c9b3b8b1ac
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +27,12 @@ lidarr:
resources:
requests:
cpu: 100m
memory: 300Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["lidarr"]
env:
- name: URL
@@ -42,6 +45,10 @@ lidarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +56,11 @@ lidarr:
http:
port: 80
targetPort: 8686
protocol: HTTP
metrics:
port: 9792
targetPort: 9792
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +95,11 @@ lidarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: lidarr
- group: ''
kind: Service
name: lidarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +116,7 @@ lidarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +150,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 55 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: lidarr-config
moverSecurityContext:

3
clusters/cl01tl/helm/local-path-provisioner/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Local Path Provisioner
keywords:
- local-path-provisioner
- storage
home: https://docs.alexlebens.dev/applications/local-path-provisioner/
- kubernetes
home: https://wiki.alexlebens.dev/s/fa4d4152-b9dd-4fdc-a6f2-93a2c0df7f4a
sources:
- https://github.com/rancher/local-path-provisioner
- https://hub.docker.com/r/rancher/local-path-provisioner

9
clusters/cl01tl/helm/local-path-provisioner/values.yaml
View File

@@ -1,11 +1,10 @@
local-path-provisioner:
replicaCount: 1
image:
repository: rancher/local-path-provisioner
tag: v0.0.35@sha256:34ff0847cc47ebf69656ba44a3de9324596d0036b66ffd323b21614dd8221530
tag: v0.0.35
helperImage:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: 1.37.0
storageClass:
create: true
defaultClass: false
@@ -13,10 +12,6 @@ local-path-provisioner:
name: local-path
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
resources:
limits:
cpu: 1m
memory: 30Mi
nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
paths:

7
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Loki
keywords:
- loki
- promtail
- logs
home: https://docs.alexlebens.dev/applications/loki/
- kubernetes
home: https://wiki.alexlebens.dev/s/c5a4dc61-5487-46c9-88f1-cac363742d30
sources:
- https://github.com/grafana/loki
- https://github.com/grafana/alloy
- https://github.com/grafana/loki/tree/main/production/helm/loki
- https://github.com/grafana/alloy/tree/main/operations/helm/charts/alloy
- https://github.com/grafana/helm-charts/tree/main/charts/promtail
maintainers:
- name: alexlebens
dependencies:

37
clusters/cl01tl/helm/loki/values.yaml
View File

@@ -2,14 +2,25 @@ loki:
deploymentMode: SingleBinary
loki:
auth_enabled: false
commonConfig:
replication_factor: 1
ingester_client:
pool_config:
remote_timeout: 10s
remote_timeout: 10s
limits_config:
allow_structured_metadata: false
max_streams_per_user: 100000
ingestion_rate_mb: 1024
ingestion_burst_size_mb: 1024
retention_period: 7d
commonConfig:
replication_factor: 1
compactor:
delete_request_store: filesystem
working_directory: /var/loki/compactor
compaction_interval: 10m
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
storage:
type: filesystem
schemaConfig:
@@ -20,34 +31,16 @@ loki:
schema: v13
index:
period: 24h
compactor:
delete_request_store: filesystem
working_directory: /var/loki/compactor
compaction_interval: 10m
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
ingester_client:
pool_config:
remote_timeout: 10s
remote_timeout: 10s
enterprise:
enabled: false
gateway:
enabled: true
resources:
requests:
cpu: 10m
memory: 20Mi
basicAuth:
enabled: false
singleBinary:
replicas: 1
resources:
requests:
cpu: 100m
memory: 800Mi
persistence:
enableStatefulSetAutoDeletePVC: true
enabled: true
size: 150Gi
storageClass: synology-iscsi-delete
@@ -128,5 +121,7 @@ alloy:
url = "http://loki-gateway.loki.svc.cluster.local:80/loki/api/v1/push"
}
}
controller:
type: 'daemonset'
serviceMonitor:
enabled: true

8
clusters/cl01tl/helm/mariadb-operator/Chart.yaml
View File

@@ -5,12 +5,12 @@ description: MariaDB Operator
keywords:
- mariadb-operator
- database
- operator
home: https://docs.alexlebens.dev/applications/mariadb-operator/
- storage
- kubernetes
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/mariadb-operator/mariadb-operator
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-operator
- https://github.com/mariadb-operator/mariadb-operator/tree/main/deploy/charts/mariadb-operator-crds
maintainers:
- name: alexlebens
dependencies:
@@ -20,6 +20,6 @@ dependencies:
- name: mariadb-operator-crds
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/mariadb.png
icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
# renovate: datasource=github-releases depName=mariadb-operator/mariadb-operator
appVersion: 26.3.0

6
clusters/cl01tl/helm/mariadb-operator/values.yaml
View File

@@ -1,9 +1,11 @@
mariadb-operator:
crds:
enabled: false
ha:
enabled: true
replicas: 3
metrics:
enabled: true
serviceMonitor:
enabled: true
pdb:
enabled: true
maxUnavailable: 1

10
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -19,13 +19,13 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:0e8b1b79a98952ed49c87c6da83dcc2eed2aabbd755d9ebf1bdd3090f3ccc44c
generated: "2026-04-04T21:03:48.737144-05:00"
digest: sha256:8fb2d00605ade15db97e778f47ecc1ffae3705ce3408a17e0a21f7def65de884
generated: "2026-03-24T16:59:56.540825394Z"

19
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -4,15 +4,20 @@ version: 1.0.0
description: Matrix Synapse
keywords:
- matrix-synapse
- matrix
- chat
home: https://docs.alexlebens.dev/applications/matrix-synapse/
- bridge
- matrix-hookshot
- mautrix-discord
- mautrix-whatsapp
home: https://wiki.alexlebens.dev/s/bd7e7f66-136a-41b8-8144-847bacbb3059
sources:
- https://github.com/element-hq/synapse
- https://github.com/matrix-org/matrix-hookshot
- https://github.com/mautrix/discord
- https://github.com/mautrix/whatsapp
- https://github.com/rtsp/docker-lighttpd/pkgs/container/docker-lighttpd
- https://hub.docker.com/_/alpine
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/halfshot/matrix-hookshot
- https://mau.dev/mautrix/discord/container_registry
- https://mau.dev/mautrix/whatsapp/container_registry
@@ -20,8 +25,6 @@ sources:
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -50,15 +53,15 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-matrix-synapse
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-hookshot
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-synapse

42
clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: oidc.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: oidc.yaml
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: config.yaml
---
@@ -38,7 +44,10 @@ spec:
data:
- secretKey: signing.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/config
metadataPolicy: None
property: signing-key
---
@@ -58,19 +67,31 @@ spec:
data:
- secretKey: config.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: config
- secretKey: registration.yml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: hookshot-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: registration
- secretKey: passkey.pem
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/hookshot
metadataPolicy: None
property: passkey
---
@@ -89,11 +110,17 @@ spec:
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/mautrix-discord
metadataPolicy: None
property: config
- secretKey: mautrix-discord-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/mautrix-discord
metadataPolicy: None
property: registration
---
@@ -113,11 +140,17 @@ spec:
data:
- secretKey: config.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/mautrix-whatsapp
metadataPolicy: None
property: config
- secretKey: mautrix-whatsapp-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/mautrix-whatsapp
metadataPolicy: None
property: registration
---
@@ -137,7 +170,10 @@ spec:
data:
- secretKey: double-puppet-registration.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/double-puppet
metadataPolicy: None
property: registration
---
@@ -157,9 +193,15 @@ spec:
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/redis
metadataPolicy: None
property: password
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/matrix-synapse/redis
metadataPolicy: None
property: password

85
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -1,7 +1,4 @@
matrix-synapse:
image:
repository: ghcr.io/element-hq/synapse
tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true
@@ -80,7 +77,7 @@ matrix-synapse:
resources:
requests:
cpu: 10m
memory: 130Mi
memory: 128Mi
workers:
default:
replicaCount: 0
@@ -103,9 +100,6 @@ matrix-synapse:
client:
m.homeserver:
base_url: https://matrix.alexlebens.dev
image:
repository: ghcr.io/rtsp/docker-lighttpd
tag: 1.4.76@sha256:b4b58d217a35dbd6cade82927677de404a46fb3d2b1d5fcb42042b6a6f17b2fb
postgresql:
enabled: false
externalPostgresql:
@@ -131,9 +125,6 @@ matrix-synapse:
enabled: true
uid: 666
gid: 666
image:
repository: alpine
tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
ingress:
enabled: false
gateway:
@@ -147,15 +138,17 @@ matrix-hookshot:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: halfshot/matrix-hookshot
tag: 7.3.2@sha256:44283e5131a1a5818bbbf6d9d1e07dccdc29ac5bb6002fcf159af6ac09cf8085
tag: 7.3.2
pullPolicy: IfNotPresent
resources:
requests:
cpu: 5m
memory: 90Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -163,15 +156,19 @@ matrix-hookshot:
webhook:
port: 9000
targetPort: 9000
protocol: HTTP
metrics:
port: 9001
targetPort: 9001
protocol: HTTP
widgets:
port: 9002
targetPort: 9002
protocol: HTTP
appservice:
port: 9993
targetPort: 9993
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -223,6 +220,7 @@ matrix-hookshot:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
main:
@@ -237,11 +235,17 @@ mautrix-discord:
type: statefulset
replicas: 1
strategy: RollingUpdate
revisionHistoryLimit: 3
# initContainers:
# init-copy-config:
# image:
# repository: busybox
# tag: 1.37.0
# pullPolicy: IfNotPresent
# resources:
# requests:
# cpu: 10m
# memory: 128Mi
# command:
# - /bin/sh
# - -ec
@@ -256,11 +260,12 @@ mautrix-discord:
main:
image:
repository: dock.mau.dev/mautrix/discord
tag: v0.7.6@sha256:e4946b0df6a2786c88ed490e0d2692e352f1b79b9ff0e821a33764bd8bd1fffd
tag: v0.7.6
pullPolicy: IfNotPresent
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -268,6 +273,7 @@ mautrix-discord:
http:
port: 29334
targetPort: 29334
protocol: HTTP
persistence:
config:
enabled: true
@@ -296,6 +302,7 @@ mautrix-discord:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
init-copy-config:
@@ -311,13 +318,19 @@ mautrix-whatsapp:
controllers:
main:
type: statefulset
replicas: 1
replicas: 0
strategy: RollingUpdate
revisionHistoryLimit: 3
# initContainers:
# init-copy-config:
# image:
# repository: busybox
# tag: 1.37.0
# pullPolicy: IfNotPresent
# resources:
# requests:
# cpu: 10m
# memory: 128Mi
# command:
# - /bin/sh
# - -ec
@@ -332,11 +345,12 @@ mautrix-whatsapp:
main:
image:
repository: dock.mau.dev/mautrix/whatsapp
tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
tag: v0.2602.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 64Mi
service:
main:
controller: main
@@ -344,6 +358,7 @@ mautrix-whatsapp:
http:
port: 29318
targetPort: 29318
protocol: HTTP
persistence:
config:
enabled: true
@@ -372,6 +387,7 @@ mautrix-whatsapp:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 500Mi
retain: true
advancedMounts:
main:
init-copy-config:
@@ -386,6 +402,10 @@ cloudflared-hookshot:
name: hookshot
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
cpu: 200m
recovery:
method: objectStore
objectStore:
@@ -397,12 +417,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
databases:
- name: mautrix-discord
ensure: present
@@ -418,8 +461,6 @@ valkey-matrix-synapse:
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false
valkey-hookshot:

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: MediaLyze
keywords:
- medialyze
- jellyfin
home: https://docs.alexlebens.dev/applications/medialyze/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/frederikemmer/MediaLyze
- https://github.com/frederikemmer/MediaLyze/pkgs/container/medialyze

19
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -4,15 +4,13 @@ medialyze:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/frederikemmer/medialyze
tag: 0.4.1@sha256:d4f2e04d3759f308bea605c9b7242ab6da98813adc0b276dc3cbe9c283071eb8
tag: 0.4.1
pullPolicy: IfNotPresent
env:
- name: HOST_PORT
value: 8080
@@ -24,8 +22,8 @@ medialyze:
value: /media
resources:
requests:
cpu: 5m
memory: 400Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -33,6 +31,7 @@ medialyze:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -45,8 +44,11 @@ medialyze:
- medialyze.alexlebens.net
rules:
- backendRefs:
- name: medialyze
- group: ''
kind: Service
name: medialyze
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -57,6 +59,7 @@ medialyze:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

4
clusters/cl01tl/helm/metrics-server/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Metrics Server
keywords:
- metrics-server
- metrics
home: https://docs.alexlebens.dev/applications/metrics-server/
- kubernetes
home: https://wiki.alexlebens.dev/s/feb71856-e3d9-4655-9808-6c4bfb330872
sources:
- https://github.com/kubernetes-sigs/metrics-server
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fmetrics-server%2Fmetrics-server
- https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server
maintainers:
- name: alexlebens

17
clusters/cl01tl/helm/metrics-server/values.yaml
View File

@@ -1,19 +1,12 @@
metrics-server:
image:
repository: registry.k8s.io/metrics-server/metrics-server
tag: v0.8.1@sha256:b2d2efaf5ac3b366ed0f839d2412a2c4279d4fc2a2a733f12c52133faed36c41
replicas: 2
replicas: 3
metrics:
enabled: true
serviceMonitor:
enabled: true
defaultArgs:
- --cert-dir=/tmp
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
metrics:
enabled: true
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi

6
clusters/cl01tl/helm/movie-roulette/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:faa35ccfc18b2d47fad558e168bd3c68e64790fe2b1356881452ae4f5cd8b443
generated: "2026-03-10T16:01:13.738843-05:00"

22
clusters/cl01tl/helm/movie-roulette/Chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v2
name: movie-roulette
version: 1.0.0
description: Movie Roulette
keywords:
- movie-roulette
- jellyfin
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/sahara101/Movie-Roulette
- https://github.com/sahara101/Movie-Roulette/pkgs/container/movie-roulette
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: movie-roulette
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
# renovate: datasource=github-releases depName=sahara101/Movie-Roulette
appVersion: v5.4.2

42
clusters/cl01tl/helm/movie-roulette/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: movie-roulette-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: movie-roulette-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/movie-roulette/key
metadataPolicy: None
property: secret-key
- secretKey: jellyfin-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: jellyfin-key
- secretKey: jellyfin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: user
- secretKey: seerr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/seerr/key
metadataPolicy: None
property: key

128
clusters/cl01tl/helm/movie-roulette/values.yaml Normal file
View File

@@ -0,0 +1,128 @@
movie-roulette:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/sahara101/movie-roulette
tag: v5.4.2
pullPolicy: IfNotPresent
env:
- name: FLASK_SECRET_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: secret-key
- name: CORS_ALLOWED_ORIGINS
value: movie-roulette.alexlebens.net
- name: DISABLE_SETTINGS
value: "TRUE"
- name: AUTH_ENABLED
value: "TRUE"
- name: AUTH_SESSION_LIFETIME
value: "86400"
- name: JELLYFIN_URL
value: http://jellyfin.alexlebens.net
- name: JELLYFIN_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-key
- name: JELLYFIN_USER_ID
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-user
- name: LOGIN_BACKDROP_ENABLED
value: "TRUE"
- name: HOMEPAGE_MODE
value: "FALSE"
- name: USE_LINKS
value: "TRUE"
- name: USE_FILTER
value: "TRUE"
- name: USE_WATCH_BUTTON
value: "TRUE"
- name: USE_NEXT_BUTTON
value: "TRUE"
- name: USE_GRID_VIEW
value: "true"
- name: ENABLE_MOBILE_TRUNCATION
value: "TRUE"
- name: SHOW_NOW_WATCHING_CARD
value: "FALSE"
- name: USE_HEROUI_THEME
value: "FALSE"
- name: ENABLE_MOVIE_LOGOS
value: "TRUE"
- name: LOAD_MOVIE_ON_START
value: "FALSE"
- name: SEERR_URL
value: http://seerr.alexlebens.net
- name: SEERR_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: seerr-key
- name: REQUEST_SERVICE_DEFAULT
value: "seerr"
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4000
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- movie-roulette.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: movie-roulette
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: movie-roulette-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-data:
pvcTarget: movie-roulette-data
local:
enabled: true
schedule: 44 8 * * *
remote:
enabled: true
schedule: 44 9 * * *
external:
enabled: true
schedule: 44 10 * * *

7
clusters/cl01tl/helm/music-grabber/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:abc3e3772be3542b02abd3453d3f23fd12bb11166202eaedd01b6fb67f040a3e
generated: "2026-04-04T17:57:13.966422-05:00"
digest: sha256:ed8d23326d2567f51cd8391aab6afd5f53c57df3c9f2bfc352cd22f9759d596e
generated: "2026-02-20T18:33:14.633756-06:00"

12
clusters/cl01tl/helm/music-grabber/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Music Grabber
keywords:
- music-grabber
- music
home: https://docs.alexlebens.dev/applications/music-grabber/
home: https://wiki.alexlebens.dev/s/
sources:
- https://gitlab.com/g33kphr33k/musicgrabber
- https://hub.docker.com/r/g33kphr33k/musicgrabber
- https://hub.docker.com/r/g33kphr33k/musicgrabber/tags
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -18,10 +17,5 @@ dependencies:
alias: music-grabber
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
appVersion: 2.5.6
appVersion: 2.5.5

24
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data:
- secretKey: navidrome-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin
metadataPolicy: None
property: user
- secretKey: navidrome-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin
metadataPolicy: None
property: password
- secretKey: slskd-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth
metadataPolicy: None
property: user
- secretKey: slskd-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth
metadataPolicy: None
property: password
---
@@ -46,17 +58,29 @@ spec:
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

11
clusters/cl01tl/helm/music-grabber/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: music-grabber
labels:
app.kubernetes.io/name: music-grabber
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

97
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -4,15 +4,13 @@ music-grabber:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.5.6@sha256:457b149917fa0f525c83c08d2cf3a39b4e42c64513b272ecc2d41edcd4cb6c7c
tag: 2.5.5
pullPolicy: IfNotPresent
env:
- name: MUSIC_DIR
value: /mnt/store/Music Grabber/
@@ -51,7 +49,73 @@ music-grabber:
cpu: 100m
requests:
cpu: 10m
memory: 50Mi
memory: 512Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
service:
main:
controller: main
@@ -59,6 +123,7 @@ music-grabber:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -71,18 +136,21 @@ music-grabber:
- music-grabber.alexlebens.net
rules:
- backendRefs:
- name: music-grabber
- group: ''
kind: Service
name: music-grabber
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: music-grabber-data
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
@@ -95,14 +163,3 @@ music-grabber:
main:
- path: /mnt/store/
readOnly: false
volsync-target-data:
pvcTarget: music-grabber-data
local:
enabled: true
schedule: 46 8 * * *
remote:
enabled: true
schedule: 46 9 * * *
external:
enabled: true
schedule: 46 10 * * *

5
clusters/cl01tl/helm/navidrome/Chart.yaml
View File

@@ -6,14 +6,11 @@ keywords:
- navidrome
- feishin
- music
home: https://docs.alexlebens.dev/applications/navidrome/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/navidrome/navidrome
- https://github.com/jeffvli/feishin
- https://github.com/navidrome/navidrome/pkgs/container/navidrome
- https://github.com/jeffvli/feishin/pkgs/container/feishin
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

32
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -4,15 +4,13 @@ navidrome:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/navidrome/navidrome
tag: 0.61.1@sha256:1e1660054a856cc09f227d6929252e45a519fdb16004b464dd637f7294ca3ec1
repository: deluan/navidrome
tag: 0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b
pullPolicy: IfNotPresent
env:
- name: ND_MUSICFOLDER
value: /music
@@ -34,16 +32,18 @@ navidrome:
requests:
gpu.intel.com/i915: 1
cpu: 10m
memory: 50Mi
memory: 128Mi
feishin:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/jeffvli/feishin
tag: 1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
tag: 1.0.1-beta.1@sha256:61239641f23a33f99c2858419b14afb66683f3cd82010363fba92be3993fd894
pullPolicy: IfNotPresent
env:
- name: SERVER_NAME
value: talos
@@ -53,10 +53,6 @@ navidrome:
value: navidrome
- name: SERVER_URL
value: https://navidrome.alexlebens.net
resources:
requests:
cpu: 1m
memory: 20Mi
service:
main:
controller: main
@@ -64,12 +60,14 @@ navidrome:
http:
port: 80
targetPort: 4533
protocol: HTTP
feishin:
controller: feishin
ports:
http:
port: 80
targetPort: 9180
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -96,8 +94,11 @@ navidrome:
- navidrome.alexlebens.net
rules:
- backendRefs:
- name: navidrome-main
- group: ''
kind: Service
name: navidrome-main
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -113,8 +114,11 @@ navidrome:
- feishin.alexlebens.net
rules:
- backendRefs:
- name: navidrome-feishin
- group: ''
kind: Service
name: navidrome-feishin
port: 80
weight: 100
matches:
- path:
type: PathPrefix

4
clusters/cl01tl/helm/node-feature-discovery/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Node Feature Discovery
keywords:
- node-feature-discovery
- labels
home: https://docs.alexlebens.dev/applications/node-feature-discovery/
- kubernetes
home: https://wiki.alexlebens.dev/s/b6fb2588-8212-4dca-b4c6-3021020b2ae1
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
- https://console.cloud.google.com/artifacts/docker/k8s-staging-nfd/us/gcr.io/node-feature-discovery
- https://github.com/kubernetes-sigs/node-feature-discovery/tree/master/deployment/helm/node-feature-discovery
maintainers:
- name: alexlebens

26
clusters/cl01tl/helm/node-feature-discovery/values.yaml
View File

@@ -1,18 +1,12 @@
node-feature-discovery:
image:
repository: gcr.io/k8s-staging-nfd/node-feature-discovery
tag: v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862
pullPolicy: IfNotPresent
featureGates:
NodeFeatureGroupAPI: true
master:
replicaCount: 1
replicaCount: 2
resources:
limits:
memory: null
requests:
cpu: 10m
memory: 20Mi
cpu: 20m
memory: 60Mi
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
@@ -66,23 +60,17 @@ node-feature-discovery:
class: ["0300"]
vendor: ["8086"]
resources:
limits:
memory: null
requests:
cpu: 1m
memory: 20Mi
cpu: 20m
memory: 60Mi
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: Exists
effect: NoSchedule
topologyUpdater:
enable: false
gc:
resources:
limits:
memory: null
requests:
cpu: 1m
memory: 20Mi
cpu: 20m
memory: 60Mi
prometheus:
enable: true

7
clusters/cl01tl/helm/ntfy/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:a689da8f05654c3e83e3f1459670cc201c28b9b4444c6891dca7ac4b70c5a4be
generated: "2026-04-04T19:19:40.397469-05:00"
digest: sha256:30d747f8b08ed690202fda39ab6e19bd74ebc45548847a087ddbf175abe1438c
generated: "2026-01-16T18:50:22.233502056Z"

7
clusters/cl01tl/helm/ntfy/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Ntfy
keywords:
- ntfy
- notifications
home: https://docs.alexlebens.dev/applications/ntfy/
- messaging
home: https://wiki.alexlebens.dev/s/5bfc09dd-688b-48f0-8d33-b9bf452df98a
sources:
- https://github.com/binwiederhier/ntfy
- https://hub.docker.com/r/binwiederhier/ntfy
@@ -17,10 +18,6 @@ dependencies:
alias: ntfy
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ntfy.png
# renovate: datasource=github-releases depName=binwiederhier/ntfy
appVersion: 2.21.0

95
clusters/cl01tl/helm/ntfy/values.yaml
View File

@@ -4,59 +4,80 @@ ntfy:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: binwiederhier/ntfy
tag: v2.21.0@sha256:2b9e12d56a538f4402da51328eeca02696c4b207ab7fbe031c27e51a22ca9b86
tag: v2.21.0
pullPolicy: IfNotPresent
args: ["serve"]
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: NTFY_BASE_URL
value: https://ntfy.alexlebens.net
- name: NTFY_LISTEN_HTTP
value: :80
- name: NTFY_CACHE_FILE
value: /var/cache/ntfy/cache.db
- name: NTFY_CACHE_DURATION
value: 36h
- name: NTFY_CACHE_STARTUP_QUERIES
value: |
pragma journal_mode = WAL;
pragma synchronous = normal;
pragma temp_store = memory;
pragma busy_timeout = 15000;
vacuum;
- name: NTFY_BEHIND_PROXY
value: true
- name: NTFY_DATABASE_URL
valueFrom:
secretKeyRef:
name: ntfy-postgresql-18-cluster-app
key: uri
- name: NTFY_ATTACHMENT_CACHE_DIR
valueFrom:
secretKeyRef:
name: ntfy-config-secret
key: attachment-cache-dir
value: /var/cache/ntfy/attachments
- name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
value: 10G
value: 4G
- name: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
value: 150M
value: 15M
- name: NTFY_ATTACHMENT_EXPIRY_DURATION
value: 72h
value: 36h
- name: NTFY_ENABLE_SIGNUP
value: false
- name: NTFY_ENABLE_LOGIN
value: true
- name: NTFY_ENABLE_RESERVATIONS
value: false
# - name: NTFY_UPSTREAM_BASE_URL
# value: https://ntfy.sh
- name: NTFY_AUTH_FILE
value: /var/cache/ntfy/user.db
- name: NTFY_AUTH_DEFAULT_ACCESS
value: deny-all
# - name: NTFY_UPSTREAM_ACCESS_TOKEN
# value: ""
# - name: NTFY_WEB_PUSH_PUBLIC_KEY
# value: ""
# - name: NTFY_WEB_PUSH_PRIVATE_KEY
# value: ""
# - name: NTFY_WEB_PUSH_FILE
# value: /var/lib/ntfy/webpush.db
# - name: NTFY_WEB_PUSH_EMAIL_ADDRESS
# value: ""
- name: NTFY_METRICS_LISTEN_HTTP
value: :9090
- name: NTFY_LOG_LEVEL
value: info
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
httpGet:
path: /v1/health
port: 80
exec:
command:
- /usr/bin/env
- sh
- -c
- wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1
failureThreshold: 10
initialDelaySeconds: 60
periodSeconds: 60
successThreshold: 1
@@ -64,7 +85,7 @@ ntfy:
resources:
requests:
cpu: 10m
memory: 40Mi
memory: 128Mi
service:
main:
controller: main
@@ -72,9 +93,11 @@ ntfy:
http:
port: 80
targetPort: 80
protocol: HTTP
metrics:
port: 9090
targetPort: 9090
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -99,28 +122,22 @@ ntfy:
- ntfy.alexlebens.net
rules:
- backendRefs:
- name: ntfy
- group: ''
kind: Service
name: ntfy
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
backupName: garage-local
persistence:
cache:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
advancedMounts:
main:
main:
- path: /var/cache/ntfy
readOnly: false

6
clusters/cl01tl/helm/ollama/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:440e79999ff635a9c687e92515866b741dc610743753f2d494f3ef523a4746a7
generated: "2026-04-04T21:04:23.125059-05:00"
digest: sha256:d0f47712bf5d2bab8136c43f1d5bac41860f067b53c741282a4647ce93a7cd93
generated: "2026-03-15T20:07:27.179378683Z"

6
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -5,15 +5,15 @@ description: Ollama
keywords:
- ollama
- ai
home: https://docs.alexlebens.dev/applications/ollama/
home: https://wiki.alexlebens.dev/s/9f4823e0-8488-4c23-b85e-81ca0ee7ea1a
sources:
- https://github.com/ollama/ollama
- https://github.com/open-webui/open-webui
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/ollama/ollama
- https://github.com/open-webui/open-webui/pkgs/container/open-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

9
clusters/cl01tl/helm/ollama/templates/external-secret.yaml
View File

@@ -15,7 +15,10 @@ spec:
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/ollama/key
metadataPolicy: None
property: key
---
@@ -35,9 +38,15 @@ spec:
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/ollama
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/ollama
metadataPolicy: None
property: secret

66
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -4,6 +4,7 @@ ollama:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
@@ -21,7 +22,8 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733
tag: 0.20.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
@@ -31,13 +33,14 @@ ollama:
limits:
gpu.intel.com/i915: 1
requests:
cpu: 10m
memory: 20Mi
cpu: 100m
memory: 1Gi
gpu.intel.com/i915: 1
server-2:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
@@ -55,7 +58,8 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733
tag: 0.20.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
@@ -65,13 +69,14 @@ ollama:
limits:
gpu.intel.com/i915: 1
requests:
cpu: 10m
memory: 20Mi
cpu: 100m
memory: 1Gi
gpu.intel.com/i915: 1
server-3:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
labels:
ollama-type: server
@@ -89,7 +94,8 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.0@sha256:6eb118589b440c05b62e7e5e73a0bdf7240f6c79d968e60e6fd49f919eee5733
tag: 0.20.0
pullPolicy: IfNotPresent
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
@@ -99,18 +105,20 @@ ollama:
limits:
gpu.intel.com/i915: 1
requests:
cpu: 10m
memory: 20Mi
cpu: 100m
memory: 1Gi
gpu.intel.com/i915: 1
web:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/open-webui/open-webui
tag: v0.8.12@sha256:8113fa5510020ef05a44afc0c42d33eabeeb2524a996e3e3fb8c437c00f0d792
tag: v0.8.12
pullPolicy: IfNotPresent
env:
- name: ENV
value: prod
@@ -157,7 +165,7 @@ ollama:
resources:
requests:
cpu: 10m
memory: 650Mi
memory: 1Gi
service:
server-1:
controller: server-1
@@ -165,24 +173,28 @@ ollama:
http:
port: 11434
targetPort: 11434
protocol: HTTP
server-2:
controller: server-2
ports:
http:
port: 11434
targetPort: 11434
protocol: HTTP
server-3:
controller: server-3
ports:
http:
port: 11434
targetPort: 11434
protocol: HTTP
web:
controller: web
ports:
http:
port: 80
targetPort: 8080
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -195,8 +207,11 @@ ollama:
- ollama.alexlebens.net
rules:
- backendRefs:
- name: ollama-web
- group: ''
kind: Service
name: ollama-web
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -206,6 +221,7 @@ ollama:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-1:
main:
@@ -215,6 +231,7 @@ ollama:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-2:
main:
@@ -224,6 +241,7 @@ ollama:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 40Gi
retain: true
advancedMounts:
server-3:
main:
@@ -234,6 +252,7 @@ ollama:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
web:
main:
@@ -253,12 +272,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: ollama-web-data
moverSecurityContext:

2
clusters/cl01tl/helm/omni-tools/Chart.yaml
View File

@@ -4,7 +4,7 @@ version: 1.0.0
description: OmniTools
keywords:
- omni-tools
home: https://docs.alexlebens.dev/applications/omni-tools/
home: https://wiki.alexlebens.dev/s/8820cd36-dcf6-4ddf-8b2f-584271628a54
sources:
- https://github.com/iib0011/omni-tools
- https://hub.docker.com/r/iib0011/omni-tools

14
clusters/cl01tl/helm/omni-tools/values.yaml
View File

@@ -4,15 +4,17 @@ omni-tools:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: iib0011/omni-tools
tag: 0.6.0@sha256:ceb5acc317daf387634f7f212cefe4722fd1243ad1cba74203f25254195b6c69
tag: 0.6.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 10Mi
cpu: 50m
memory: 512Mi
service:
main:
controller: main
@@ -20,6 +22,7 @@ omni-tools:
http:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -32,8 +35,11 @@ omni-tools:
- omni-tools.alexlebens.net
rules:
- backendRefs:
- name: omni-tools
- group: ''
kind: Service
name: omni-tools
port: 80
weight: 100
matches:
- path:
type: PathPrefix

8
clusters/cl01tl/helm/outline/Chart.lock
View File

@@ -7,12 +7,12 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
version: 0.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:9e8ec16e175ae5aa778a7bd2e785d56dea98d025b7a818fe76d9959680f117b1
generated: "2026-04-04T20:56:43.600438-05:00"
digest: sha256:02780454fad48c10e95851e73e45e8a98091596d9dce8ada9e361e7212e581df
generated: "2026-03-15T20:07:38.818063491Z"

13
clusters/cl01tl/helm/outline/Chart.yaml
View File

@@ -4,16 +4,17 @@ version: 1.0.0
description: Outline
keywords:
- outline
- knowledge-base
home: https://docs.alexlebens.dev/applications/outline/
- wiki
- documentation
home: https://wiki.alexlebens.dev/s/c530c2b9-82b7-44df-b7ef-870c8b29242f
sources:
- https://github.com/outline/outline
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/outlinewiki/outline
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,11 +27,11 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.5.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

12
clusters/cl01tl/helm/outline/templates/external-secret.yaml
View File

@@ -14,11 +14,17 @@ spec:
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/key
metadataPolicy: None
property: secret-key
- secretKey: utils-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/key
metadataPolicy: None
property: utils-key
---
@@ -38,9 +44,15 @@ spec:
data:
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/outline
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/outline
metadataPolicy: None
property: secret

Some files were not shown because too many files have changed in this diff Show More