alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

Compare commits

base: alexlebens:renovate/unified-synapse
Branches Tags
alexlebens:main alexlebens:renovate/unified-synapse alexlebens:renovate/unified-tdarr alexlebens:renovate/unified-tailscale alexlebens:renovate/major-unified-elasticsearch alexlebens:manifests alexlebens:renovate/unified-site-documentation alexlebens:renovate/unified-cilium alexlebens:renovate/unified-postgres-cluster
..
compare: alexlebens:765d69e6c46df37d5e40bd7a2d0d45c2310e8bce
Branches Tags
alexlebens:renovate/unified-synapse alexlebens:renovate/unified-tdarr alexlebens:renovate/unified-tailscale alexlebens:renovate/major-unified-elasticsearch alexlebens:manifests alexlebens:renovate/unified-site-documentation alexlebens:renovate/unified-cilium alexlebens:main alexlebens:renovate/unified-postgres-cluster

1 Commits
renovate/u ... 765d69e6c4

Author SHA1 Message Date
Renovate Bot
765d69e6c4 chore(deps): update valkey
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 34s
Details
2026-04-08 02:09:08 +00:00
22 changed files with 142 additions and 40 deletions
Expand all files Collapse all files

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687
generated: "2026-04-08T02:23:25.175388081Z"
digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
generated: "2026-04-04T21:00:59.689114-05:00"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -14,7 +14,7 @@ lidarr:
main:
image:
repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
tag: 3.1.2-nightly@sha256:0fc8d169a0740a77e03ec0e5eaee1ce2db0d882fc0bb8d0a26fd77a8beaad8e9
env:
- name: TZ
value: America/Chicago

2
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -1,7 +1,7 @@
matrix-synapse:
image:
repository: ghcr.io/element-hq/synapse
tag: v1.151.0@sha256:184dc8757daef019b511e7f96fc6e5edfb880fd074d8cf702c7e3aa899d188c8
tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true

5
clusters/cl01tl/helm/traefik/values.yaml
View File

@@ -2,9 +2,12 @@ traefik:
image:
registry: docker.io
repository: traefik
tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
tag: v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
deployment:
kind: DaemonSet
podDisruptionBudget:
enabled: true
minAvailable: 1
ingressClass:
enabled: false
gateway:

6
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -10,12 +10,10 @@ vault:
repository: hashicorp/vault
tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569
updateStrategyType: RollingUpdate
logLevel: debug
logFormat: standard
resources:
requests:
cpu: 50m
memory: 512Mi
memory: 90Mi
authDelegator:
enabled: false
livenessProbe:
@@ -32,7 +30,7 @@ vault:
size: 1Gi
storageClass: ceph-block
auditStorage:
enabled: false
enabled: true
size: 5Gi
storageClass: ceph-block
standalone:

2
clusters/cl01tl/helm/vaultwarden/Chart.yaml
View File

@@ -8,7 +8,7 @@ keywords:
home: https://docs.alexlebens.dev/applications/vault/
sources:
- https://github.com/dani-garcia/vaultwarden
- https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden
- https://hub.docker.com/r/vaultwarden/server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster

2
clusters/cl01tl/helm/vaultwarden/values.yaml
View File

@@ -7,7 +7,7 @@ vaultwarden:
containers:
main:
image:
repository: ghcr.io/dani-garcia/vaultwarden
repository: ghcr.io/vaultwarden/server
tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664
env:
- name: DOMAIN

2
clusters/cl01tl/helm/volsync/values.yaml
View File

@@ -2,7 +2,7 @@ volsync:
replicaCount: 2
image:
repository: quay.io/backube/volsync
tag: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
image: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4
manageCRDs: true
metrics:
disableAuth: true

5
clusters/cl01tl/helm/whodb/Chart.yaml
View File

@@ -4,8 +4,9 @@ version: 1.0.0
description: WhoDB
keywords:
- whodb
- database-dashboard
home: https://docs.alexlebens.dev/applications/whodb/
- postgresql
- database
home: https://wiki.alexlebens.dev/s/f329e026-7ade-4a3c-a5f1-1ac1492b9786
sources:
- https://github.com/clidey/whodb
- https://hub.docker.com/r/clidey/whodb

14
clusters/cl01tl/helm/whodb/values.yaml
View File

@@ -3,11 +3,13 @@ whodb:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: clidey/whodb
tag: 0.104.0@sha256:ab485c021b862aac50bb88658f3342ca01d3eba33e933353692bc9989b2912c4
tag: 0.104.0
pullPolicy: IfNotPresent
env:
- name: WHODB_OLLAMA_HOST
value: ollama-server-2.ollama
@@ -15,8 +17,8 @@ whodb:
value: 11434
resources:
requests:
cpu: 1m
memory: 20Mi
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -24,6 +26,7 @@ whodb:
http:
port: 80
targetPort: 8080
protocol: TCP
route:
main:
kind: HTTPRoute
@@ -36,8 +39,11 @@ whodb:
- whodb.alexlebens.net
rules:
- backendRefs:
- name: whodb
- group: ''
kind: Service
name: whodb
port: 80
weight: 100
matches:
- path:
type: PathPrefix

6
clusters/cl01tl/helm/yamtrack/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:473de03f0404ca8c53e85ea2a22797a8ba040102c6dca977face60f81f3130e4
generated: "2026-04-07T20:57:56.63402-05:00"
digest: sha256:3ca767f6530d29c36ae1dc5456e0ac5f889481c4b98955eb9b2d1b6c8fbf702a
generated: "2026-04-08T02:08:57.983462264Z"

9
clusters/cl01tl/helm/yamtrack/Chart.yaml
View File

@@ -4,14 +4,15 @@ version: 1.0.0
description: Yamtrack
keywords:
- yamtrack
- media-tracking
home: https://docs.alexlebens.dev/applications/yamtrack/
- media
- jellyfin
home: https://wiki.alexlebens.dev/s/74f31779-734e-42d0-852e-efd57ebdc797
sources:
- https://github.com/FuzzyGrim/Yamtrack
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/FuzzyGrim/Yamtrack/pkgs/container/yamtrack
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -21,7 +22,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

6
clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml
View File

@@ -14,7 +14,10 @@ spec:
data:
- secretKey: SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/yamtrack/config
metadataPolicy: None
property: SECRET
---
@@ -34,5 +37,8 @@ spec:
data:
- secretKey: SOCIALACCOUNT_PROVIDERS
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/yamtrack
metadataPolicy: None
property: SOCIALACCOUNT_PROVIDERS

37
clusters/cl01tl/helm/yamtrack/values.yaml
View File

@@ -4,14 +4,16 @@ yamtrack:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/fuzzygrim/yamtrack
tag: 0.25.0@sha256:df76008258452a6cda73d971dc4ffbcbca96c5220154a02c9b70bf0bb0e24931
tag: 0.25.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: URLS
value: https://yamtrack.alexlebens.net
- name: REGISTRATION
@@ -58,7 +60,7 @@ yamtrack:
resources:
requests:
cpu: 10m
memory: 380Mi
memory: 256Mi
service:
main:
controller: main
@@ -66,6 +68,7 @@ yamtrack:
http:
port: 80
targetPort: 8000
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -78,8 +81,11 @@ yamtrack:
- yamtrack.alexlebens.net
rules:
- backendRefs:
- name: yamtrack
- group: ''
kind: Service
name: yamtrack
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -97,9 +103,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 16 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/yubal/Chart.yaml
View File

@@ -5,11 +5,11 @@ description: yubal
keywords:
- yubal
- music
home: https://docs.alexlebens.dev/applications/yamtrack/
- youtube
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/guillevc/yubal
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -21,6 +21,5 @@ dependencies:
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/yubal.png
# renovate: datasource=github-releases depName=guillevc/yubal
appVersion: v0.7.2

42
clusters/cl01tl/helm/yubal/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: yubal-wireguard-conf
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: yubal-wireguard-conf
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

11
clusters/cl01tl/helm/yubal/templates/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: yubal
labels:
app.kubernetes.io/name: yubal
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

12
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -4,17 +4,18 @@ yubal:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/guillevc/yubal
tag: 0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be
pullPolicy: IfNotPresent
env:
- name: YUBAL_TZ
value: America/Chicago
@@ -27,7 +28,7 @@ yubal:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 128Mi
service:
main:
controller: main
@@ -35,6 +36,7 @@ yubal:
http:
port: 80
targetPort: 8000
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -47,8 +49,11 @@ yubal:
- yubal.alexlebens.net
rules:
- backendRefs:
- name: yubal
- group: ''
kind: Service
name: yubal
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -59,6 +64,7 @@ yubal:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

2
hosts/ps08rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
container_name: traefik
command:
- "--global.checkNewVersion=false"

2
hosts/ps09rp/traefik/compose.yaml
View File

@@ -1,7 +1,7 @@
---
services:
traefik:
image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
container_name: traefik
command:
- "--global.checkNewVersion=false"

2
hosts/ps10rp/traefik/compose.yaml
View File

@@ -20,7 +20,7 @@ services:
- /dev/net/tun:/dev/net/tun
traefik:
image: ghcr.io/traefik/traefik:v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
image: ghcr.io/traefik/traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
container_name: traefik
command:
- "--global.checkNewVersion=false"