Compare commits
1 Commits
renovate/u
...
f7e772ac63
| Author | SHA1 | Date | |
|---|---|---|---|
f7e772ac63
|
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
|
||||
container: ghcr.io/renovatebot/renovate:43.120.1@sha256:6488fcff4416a3872e2bbb305bfff73e9aa65556e89c39778c2920a2a52832ed
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -2,5 +2,8 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
|
||||
generated: "2026-04-18T20:15:22.778699-05:00"
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
|
||||
generated: "2026-03-06T01:04:41.514235218Z"
|
||||
|
||||
@@ -18,10 +18,10 @@ dependencies:
|
||||
alias: actual
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
# - name: volsync-target
|
||||
# alias: volsync-target-data
|
||||
# version: 0.8.0
|
||||
# repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.4.0
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
version: 9.5.0
|
||||
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
|
||||
generated: "2026-04-08T22:05:49.003208408Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.5.2
|
||||
version: 9.5.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.3.7
|
||||
appVersion: v3.3.6
|
||||
|
||||
@@ -1,42 +1,70 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-oidc-authentik
|
||||
name: argocd-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: argocd-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: secret
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tk/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: argocd-notifications-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ntfy-token
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
key: /ntfy/user/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-gitea-repo-infrastructure-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: type
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: type
|
||||
- secretKey: url
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: url
|
||||
- secretKey: sshPrivateKey
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: sshPrivateKey
|
||||
|
||||
@@ -13,8 +13,8 @@ argo-cd:
|
||||
connectors:
|
||||
- config:
|
||||
issuer: https://authentik.alexlebens.net/application/o/argocd/
|
||||
clientID: $argocd-oidc-authentik:client
|
||||
clientSecret: $argocd-oidc-authentik:secret
|
||||
clientID: $argocd-oidc-secret:client
|
||||
clientSecret: $argocd-oidc-secret:secret
|
||||
insecureEnableGroups: true
|
||||
scopes:
|
||||
- openid
|
||||
@@ -205,7 +205,7 @@ argo-cd:
|
||||
argocdUrl: https://argocd.alexlebens.net
|
||||
secret:
|
||||
create: false
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
||||
@@ -32,4 +32,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.33.2
|
||||
appVersion: 2.33.1
|
||||
|
||||
@@ -1,24 +1,18 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-apprise-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: internal-endpoint-credential
|
||||
- secretKey: ntfy-url
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
key: /cl01tl/audiobookshelf/apprise
|
||||
property: ntfy-url
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-books-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -23,11 +23,11 @@ metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-audiobooks-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -42,11 +42,11 @@ metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: audiobookshelf-podcasts-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -29,7 +29,7 @@ metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -54,7 +54,7 @@ metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -40,7 +40,7 @@ audiobookshelf:
|
||||
- name: APPRISE_STATELESS_URLS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
key: ntfy-url
|
||||
service:
|
||||
main:
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: authentik-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: authentik-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: authentik-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: allow-outpost-cross-namespace-access
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ authentik:
|
||||
- name: AUTHENTIK_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
key: key
|
||||
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||
valueFrom:
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: backrest-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -23,11 +23,11 @@ metadata:
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: backrest-nfs-share
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -29,7 +29,7 @@ metadata:
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -4,11 +4,11 @@ metadata:
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ .Template.Name }}
|
||||
volumeName: bazarr-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -39,7 +39,7 @@ bazarr:
|
||||
- name: APIKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
key: key
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: false
|
||||
|
||||
@@ -106,7 +106,6 @@ blocky:
|
||||
audiobookshelf IN CNAME traefik-cl01tl
|
||||
authentik IN CNAME traefik-cl01tl
|
||||
backrest IN CNAME traefik-cl01tl
|
||||
bao IN CNAME traefik-cl01tl
|
||||
bazarr IN CNAME traefik-cl01tl
|
||||
ceph IN CNAME traefik-cl01tl
|
||||
dawarich IN CNAME traefik-cl01tl
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: letsencrypt-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: letsencrypt-issuer
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,15 +4,15 @@ metadata:
|
||||
name: cloudflare-api-token
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: cloudflare-api-token
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: api-token
|
||||
remoteRef:
|
||||
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
|
||||
key: /cloudflare/alexlebens.net/clusterissuer
|
||||
property: token
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-bgp-advertisements
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-bgp
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-bgp
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-peer
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-peer
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: default-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -19,7 +19,7 @@ metadata:
|
||||
name: bgp-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: {{ .Template.Name }}
|
||||
# app.kubernetes.io/name: cilium-tls-gateway
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
|
||||
@@ -4,7 +4,7 @@ metadata:
|
||||
name: hubble
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: hubble
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: dawarich-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
@@ -21,22 +21,22 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Template.Name }}
|
||||
app.kubernetes.io/name: dawarich-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: client
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: secret
|
||||
|
||||
@@ -61,12 +61,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -81,7 +81,7 @@ dawarich:
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
|
||||
@@ -29,4 +29,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.3
|
||||
appVersion: 11.17.2
|
||||
|
||||
@@ -8,7 +8,7 @@ directus:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/directus/directus
|
||||
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
|
||||
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://directus.alexlebens.net
|
||||
|
||||
@@ -18,4 +18,4 @@ dependencies:
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: v2.3.0
|
||||
appVersion: vv2.3.0
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-secrets
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -17,29 +17,3 @@ spec:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://openbao-internal.openbao:8200
|
||||
path: secret
|
||||
version: v2
|
||||
auth:
|
||||
kubernetes:
|
||||
mountPath: kubernetes
|
||||
role: external-secrets
|
||||
serviceAccountRef:
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Name }}
|
||||
audiences:
|
||||
- openbao
|
||||
|
||||
@@ -70,7 +70,7 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 250Gi
|
||||
size: 100Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
|
||||
@@ -21,4 +21,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
|
||||
# renovate: datasource=docker depName=dxflrs/garage
|
||||
appVersion: v2.3.0
|
||||
appVersion: v2.2.0
|
||||
|
||||
@@ -21,7 +21,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
@@ -50,7 +50,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
@@ -79,7 +79,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token-secret
|
||||
|
||||
@@ -266,9 +266,6 @@ gatus:
|
||||
- name: vault
|
||||
url: https://vault.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: openbao
|
||||
url: https://bao.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: backrest
|
||||
url: https://backrest.alexlebens.net
|
||||
<<: *defaults
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
dependencies:
|
||||
- name: gitea
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 12.5.3
|
||||
version: 12.5.1
|
||||
- name: actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -23,5 +23,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
|
||||
generated: "2026-04-16T20:09:26.031592859Z"
|
||||
digest: sha256:d654c705c599c73c4e7aa50c53791edafc7a63d4c9ed17856c76ad385406170b
|
||||
generated: "2026-04-14T17:48:02.925330851Z"
|
||||
|
||||
@@ -26,14 +26,14 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: gitea
|
||||
version: 12.5.3
|
||||
version: 12.5.1
|
||||
repository: https://dl.gitea.com/charts/
|
||||
- name: actions
|
||||
alias: gitea-actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
@@ -56,4 +56,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
|
||||
# renovate: datasource=github-releases depName=go-gitea/gitea
|
||||
appVersion: 1.26.0
|
||||
appVersion: 1.25.5
|
||||
|
||||
@@ -194,7 +194,7 @@ gitea-actions:
|
||||
registry: docker.io
|
||||
repository: gitea/act_runner
|
||||
# renovate: datasource=docker depName=gitea/act_runner
|
||||
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
|
||||
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
|
||||
extraVolumeMounts:
|
||||
- name: workspace-vol
|
||||
mountPath: /workspace
|
||||
|
||||
@@ -567,25 +567,6 @@ spec:
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
metadata:
|
||||
name: grafana-dashboard-openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
app: grafana-main
|
||||
contentCacheDuration: 6h
|
||||
folderUID: grafana-folder-platform
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
|
||||
# renovate: datasource=github-releases depName=home-assistant/core
|
||||
appVersion: 2026.4.3
|
||||
appVersion: 2026.4.2
|
||||
|
||||
@@ -12,7 +12,7 @@ home-assistant:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/home-assistant/home-assistant
|
||||
tag: 2026.4.3@sha256:ae0800c81fea16bc1241ce03bddb9c6260566e90f58b09d3e5a629e4f68bdc0b
|
||||
tag: 2026.4.2@sha256:4c940155cfd5b0187a6faee2db5d52b98bb573edc1aeee95d0818bb17b6534d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -23,7 +23,7 @@ home-assistant:
|
||||
code-server:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/code-server
|
||||
tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
|
||||
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -637,18 +637,6 @@ homepage:
|
||||
app.kubernetes.io/instance in (
|
||||
vault
|
||||
)
|
||||
- Secrets:
|
||||
icon: sh-openbao.webp
|
||||
description: OpenBao
|
||||
href: https://bao.alexlebens.net
|
||||
siteMonitor: http://openbao.openbao:8200
|
||||
statusStyle: dot
|
||||
namespace: openbao
|
||||
app: openbao
|
||||
podSelector: >-
|
||||
app.kubernetes.io/instance in (
|
||||
openbao
|
||||
)
|
||||
- Backups:
|
||||
icon: sh-backrest-light.webp
|
||||
description: Backrest
|
||||
|
||||
@@ -25,4 +25,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
|
||||
# renovate: datasource=github-releases depName=av1155/houndarr
|
||||
appVersion: v1.9.0
|
||||
appVersion: v1.7.0
|
||||
|
||||
@@ -8,7 +8,7 @@ houndarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/av1155/houndarr
|
||||
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
|
||||
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:09e0de3cf33b4b463b07237d547172ad72fcc77c0fcb8e5ed7542f9ee3b1df3a
|
||||
generated: "2026-04-16T14:10:45.330521031Z"
|
||||
digest: sha256:ea0f20c4c1b5566288185283141ece9938f8bbce246e27ec464cb1e6fd376fba
|
||||
generated: "2026-04-14T17:48:23.813297015Z"
|
||||
|
||||
@@ -22,7 +22,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
|
||||
@@ -29,4 +29,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
|
||||
# renovate: datasource=github-releases depName=CyferShepard/Jellystat
|
||||
appVersion: 1.1.10
|
||||
appVersion: 1.1.9
|
||||
|
||||
@@ -8,7 +8,7 @@ jellystat:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/cyfershepard/jellystat
|
||||
tag: 1.1.10@sha256:bb7ebe42424dedeff52d8da4130232d67e3fdd6dc2dd4a66091e32ddd835ea42
|
||||
tag: 1.1.9@sha256:f7f56aabad139faa996b8bb21a36dd3e65f7c87e10408921815b95a28a4efbaf
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:a5074b9aa3d0ad4e8e3f0d5d10e92e7112bf1fd263d6bade8ae47e36d544cb6d
|
||||
generated: "2026-04-16T14:11:10.620563905Z"
|
||||
digest: sha256:f0f26138eeca6430c2b9ad7dc6d6ad8467b0db2a5660015b2755efc802e8ac84
|
||||
generated: "2026-04-14T17:48:43.81459819Z"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 83.6.0
|
||||
version: 83.4.2
|
||||
- name: prometheus-operator-crds
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 28.0.1
|
||||
@@ -11,5 +11,5 @@ dependencies:
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:f80cb9a91bb13c3538ffdf4bc95b0750202a76167b05a3958f5aff2220484b0c
|
||||
generated: "2026-04-17T16:10:54.211656328Z"
|
||||
digest: sha256:3a24262eb071fe4a7af410fc32ffe5227456a3062cbd8f4978a15b2772159c29
|
||||
generated: "2026-04-15T01:19:32.458902629Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
version: 83.6.0
|
||||
version: 83.4.2
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
- name: prometheus-operator-crds
|
||||
version: 28.0.1
|
||||
|
||||
@@ -26,4 +26,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
|
||||
# renovate: datasource=github-releases depName=rmcrackan/Libation
|
||||
appVersion: 13.3.4
|
||||
appVersion: 13.3.3
|
||||
|
||||
@@ -12,7 +12,7 @@ libation:
|
||||
main:
|
||||
image:
|
||||
repository: rmcrackan/libation
|
||||
tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396
|
||||
tag: 13.3.3@sha256:fbeb84916c81b654412801367b7e96796ffdba83d987a1ed5fed9896cf7cabee
|
||||
env:
|
||||
- name: SLEEP_TIME
|
||||
value: "-1"
|
||||
@@ -30,7 +30,7 @@ libation:
|
||||
main:
|
||||
image:
|
||||
repository: ubuntu
|
||||
tag: resolute-20260413@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4
|
||||
tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
|
||||
command:
|
||||
- "sleep"
|
||||
- "infinity"
|
||||
|
||||
@@ -133,7 +133,7 @@ matrix-synapse:
|
||||
gid: 666
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.4@sha256:c7989ac7a27b473e1795973c98d714f62b4dd0b134594d36880505ce0bfd716b
|
||||
tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
||||
ingress:
|
||||
enabled: false
|
||||
gateway:
|
||||
@@ -332,7 +332,7 @@ mautrix-whatsapp:
|
||||
main:
|
||||
image:
|
||||
repository: dock.mau.dev/mautrix/whatsapp
|
||||
tag: v0.2604.0@sha256:9f28c04c746af9fe8e93163489dae0f4191626e2ca02a9302df62afbeefc9eba
|
||||
tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
|
||||
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
|
||||
appVersion: 0.8.0
|
||||
appVersion: 0.7.0
|
||||
|
||||
@@ -12,7 +12,7 @@ medialyze:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/frederikemmer/medialyze
|
||||
tag: 0.8.0@sha256:80aa5ce70d8644ce8321f97856a1c0ede5dfeaaba305c514ceefebf89c8985ef
|
||||
tag: 0.7.0@sha256:3fd78c7f09fb087e1941e57989bf182da9b53bde761565cd2f83d7465fa80442
|
||||
env:
|
||||
- name: HOST_PORT
|
||||
value: 8080
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
|
||||
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
|
||||
appVersion: 2.6.5
|
||||
appVersion: 2.6.2
|
||||
|
||||
@@ -12,7 +12,7 @@ music-grabber:
|
||||
main:
|
||||
image:
|
||||
repository: g33kphr33k/musicgrabber
|
||||
tag: 2.6.5@sha256:5d276415a764a56955207ae41fe2df3341a152812fdf8a87e7c0b7e4e1fb681d
|
||||
tag: 2.6.2@sha256:620441179d3ba9e82eb3ccedef45ee470e30da685891e0defa40ad16cf758d63
|
||||
env:
|
||||
- name: MUSIC_DIR
|
||||
value: /mnt/store/Music Grabber/
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
|
||||
# renovate: datasource=github-releases depName=ollama/ollama
|
||||
appVersion: 0.21.0
|
||||
appVersion: 0.20.7
|
||||
|
||||
@@ -21,7 +21,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -55,7 +55,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -89,7 +89,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.21.0@sha256:d3d553bdfbcc7f55dd5ddf42c4cbe3a927aa9bb1802710d35e94656ca5aea02b
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
dependencies:
|
||||
- name: openbao
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
version: 0.27.1
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:2a48dda8dad91d967fceeec4c50d3358f58b0255ba823e04bea726bf187f8f40
|
||||
generated: "2026-04-15T19:55:47.720376-05:00"
|
||||
@@ -1,30 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: openbao
|
||||
version: 1.0.0
|
||||
description: OpenBao
|
||||
keywords:
|
||||
- openbao
|
||||
- secrets
|
||||
home: https://docs.alexlebens.dev/applications/openbao/
|
||||
sources:
|
||||
- https://github.com/openbao/openbao
|
||||
- https://github.com/lrstanley/vault-unseal
|
||||
- https://quay.io/repository/openbao/openbao?tab=tags
|
||||
- https://quay.io/repository/openbao/openbao-csi-provider?tab=tags
|
||||
- https://github.com/openbao/openbao-snapshot-agent/pkgs/container/openbao-snapshot-agent
|
||||
- https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
|
||||
- https://github.com/openbao/openbao-helm/tree/main/charts/openbao
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: openbao
|
||||
version: 0.27.1
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
- name: app-template
|
||||
alias: unseal
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png
|
||||
# renovate: datasource=github-releases depName=openbao/openbao
|
||||
appVersion: v2.5.2
|
||||
@@ -1,166 +0,0 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-snapshot-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-snapshot-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: BUCKET
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-1
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-1
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_1
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-2
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-2
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_2
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-3
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-3
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_3
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
# ---
|
||||
# apiVersion: external-secrets.io/v1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: openbao-token
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: openbao-token
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# secretStoreRef:
|
||||
# kind: ClusterSecretStore
|
||||
# name: openbao
|
||||
# data:
|
||||
# - secretKey: token
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: token
|
||||
# - secretKey: unseal_key_1
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_1
|
||||
# - secretKey: unseal_key_2
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_2
|
||||
# - secretKey: unseal_key_3
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_3
|
||||
# - secretKey: unseal_key_4
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_4
|
||||
# - secretKey: unseal_key_5
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_5
|
||||
@@ -1,29 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: openbao-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
ingressClassName: tailscale
|
||||
tls:
|
||||
- hosts:
|
||||
- openbao-cl01tl
|
||||
secretName: openbao-cl01tl
|
||||
rules:
|
||||
- host: openbao-cl01tl
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: openbao-active
|
||||
port:
|
||||
number: 8200
|
||||
@@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: openbao
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
@@ -1,198 +0,0 @@
|
||||
openbao:
|
||||
global:
|
||||
serverTelemetry:
|
||||
prometheusOperator: true
|
||||
injector:
|
||||
enabled: false
|
||||
server:
|
||||
updateStrategyType: RollingUpdate
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 500Mi
|
||||
gateway:
|
||||
tlsRoute:
|
||||
enabled: true
|
||||
hosts:
|
||||
- bao.alexlebens.net
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
httpRoute:
|
||||
enabled: true
|
||||
hosts:
|
||||
- bao.alexlebens.net
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
authDelegator:
|
||||
enabled: true
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
dataStorage:
|
||||
size: 1Gi
|
||||
storageClass: ceph-block
|
||||
auditStorage:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: ceph-block
|
||||
standalone:
|
||||
enabled: false
|
||||
ha:
|
||||
enabled: true
|
||||
replicas: 3
|
||||
raft:
|
||||
enabled: true
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
telemetry {
|
||||
unauthenticated_metrics_access = "true"
|
||||
}
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/openbao/data"
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-0.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-1.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-2.openbao-internal:8200"
|
||||
}
|
||||
}
|
||||
|
||||
audit "file" "to-stdout" {
|
||||
options {
|
||||
file_path = "/openbao/audit/openbao_audit.log"
|
||||
log_raw = "true"
|
||||
}
|
||||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
|
||||
telemetry {
|
||||
prometheus_retention_time = "30s"
|
||||
disable_hostname = true
|
||||
}
|
||||
csi:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao-csi-provider
|
||||
tag: 2.0.2@sha256:3cb312e88c62c926caec03bf69497a16805a29daabb5ad2c7a236ab43bb241db
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 100Mi
|
||||
agent:
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
serverTelemetry:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
rules:
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 500ms on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 1s on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
snapshotAgent:
|
||||
enabled: true
|
||||
schedule: 0 4 * * *
|
||||
image:
|
||||
repository: ghcr.io/openbao/openbao-snapshot-agent
|
||||
tag: 0.3.0@sha256:d7a8ca9d26b12cf226ce093b9051f243c53aefbb8a419b3dc0b554e7575c931c
|
||||
s3CredentialsSecret: openbao-snapshot-secret
|
||||
config:
|
||||
s3Host: garage-main.garage:3900
|
||||
s3Bucket: openbao-backups
|
||||
s3Uri: s3://openbao-backups
|
||||
s3ExpireDays: "30"
|
||||
s3cmdExtraFlag: "-v --no-ssl"
|
||||
baoAuthPath: kubernetes
|
||||
baoRole: bao-snapshot
|
||||
unseal:
|
||||
global:
|
||||
fullnameOverride: openbao-unseal
|
||||
controllers:
|
||||
unseal-1:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-2:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-2
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-3:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-3
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
@@ -48,4 +48,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
|
||||
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
|
||||
appVersion: 2.20.14
|
||||
appVersion: 2.20.13
|
||||
|
||||
@@ -8,7 +8,7 @@ paperless-ngx:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/paperless-ngx/paperless-ngx
|
||||
tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
|
||||
tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
|
||||
env:
|
||||
- name: PAPERLESS_REDIS
|
||||
value: redis://paperless-ngx-valkey.paperless-ngx:6379
|
||||
@@ -86,7 +86,7 @@ paperless-ngx:
|
||||
gotenberg:
|
||||
image:
|
||||
repository: gotenberg/gotenberg
|
||||
tag: 8.31.0@sha256:f0d86e8a1dbc7b33a5a65cb251d02bb271a48ffa989da3feb5ed7d954fe4d4b3
|
||||
tag: 8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
|
||||
@@ -4,7 +4,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.1.1
|
||||
version: 1.1.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -20,5 +20,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:c2f97973de65b7ab76b42a5b9131e084de2333ba82c85b75d9e186ec88335ef4
|
||||
generated: "2026-04-15T18:59:31.36700149Z"
|
||||
digest: sha256:d1b13d32b16492565c0093890ac1d99726b15e5e2b096c28b6a0609eedf71586
|
||||
generated: "2026-04-14T17:54:17.434851432Z"
|
||||
|
||||
@@ -29,7 +29,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.1.1
|
||||
version: 1.1.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
|
||||
@@ -232,7 +232,7 @@ temporal:
|
||||
web:
|
||||
image:
|
||||
repository: temporalio/ui
|
||||
tag: 2.48.3@sha256:e5523746f54a8b908b0be69f6274ca1abf2aa0a51714a85b6a4641310ff60286
|
||||
tag: 2.48.2@sha256:8625626deb0b2447eff6fc81a1fba1d782c9e41e72d527016f1297a62e715241
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -28,4 +28,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-prowlarr
|
||||
appVersion: 2.3.5.5327-ls142
|
||||
appVersion: 2.3.5.5327-ls141
|
||||
|
||||
@@ -12,7 +12,7 @@ prowlarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/prowlarr
|
||||
tag: 2.3.5.5327-ls142@sha256:6df73ab9e99d0dbaad27c39d8a47c600333eebea80fcb56253a0bb8b630c8115
|
||||
tag: 2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -208,7 +208,7 @@ qbittorrent:
|
||||
qui:
|
||||
image:
|
||||
repository: ghcr.io/autobrr/qui
|
||||
tag: v1.17.0@sha256:fb3832e68f66b056e1b049d16c40732661e7b73999bc642d4b11469a3ebbabd3
|
||||
tag: v1.16.1@sha256:07b6ea9572e52e8b5f70f8fb15a7c688d8d754a7616242d3ad0b21dbd5c05836
|
||||
env:
|
||||
- name: QUI__METRICS_ENABLED
|
||||
value: true
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-anime:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-standup:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls300
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -20,4 +20,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
|
||||
# renovate: datasource=github-releases depName=rclone/rclone
|
||||
appVersion: v1.73.5
|
||||
appVersion: v1.73.4
|
||||
|
||||
@@ -14,23 +14,38 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
@@ -50,23 +65,38 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/karakeep-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/karakeep-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/karakeep-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
@@ -86,23 +116,38 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/talos-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/talos-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/talos-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
@@ -122,23 +167,38 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/web-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/web-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/web-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
@@ -158,23 +218,38 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
@@ -194,89 +269,36 @@ spec:
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/ntfy-attachments
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/ntfy-attachments
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/ntfy-attachments
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: SRC_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/local
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
- secretKey: DEST_ENDPOINT
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/config/remote
|
||||
property: ENDPOINT
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-openbao-backups-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-openbao-backups-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ENDPOINT_LOCAL
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ENDPOINT_LOCAL
|
||||
- secretKey: ENDPOINT_REMOTE
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ENDPOINT_REMOTE
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: external-openbao-backups-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-openbao-backups-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/openbao-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/openbao-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/openbao-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ENDPOINT
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/openbao-backups
|
||||
metadataPolicy: None
|
||||
property: ENDPOINT
|
||||
|
||||
@@ -12,7 +12,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:directus-assets
|
||||
@@ -90,7 +90,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:karakeep-assets
|
||||
@@ -168,7 +168,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:talos-backups
|
||||
@@ -239,7 +239,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- delete
|
||||
- dest:talos-backups
|
||||
@@ -287,7 +287,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:web-assets
|
||||
@@ -365,7 +365,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:postgres-backups
|
||||
@@ -440,7 +440,7 @@ rclone:
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- delete
|
||||
- dest:postgres-backups
|
||||
@@ -488,7 +488,7 @@ rclone:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
|
||||
args:
|
||||
- sync
|
||||
- src:ntfy-attachments
|
||||
@@ -554,241 +554,3 @@ rclone:
|
||||
key: DEST_ENDPOINT
|
||||
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
|
||||
value: true
|
||||
openbao-backups-remote:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
suspend: false
|
||||
timeZone: America/Chicago
|
||||
schedule: 0 1 * * *
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:openbao-backups
|
||||
- dest:openbao-backups
|
||||
- --s3-no-check-bucket
|
||||
- --max-age
|
||||
- 90d
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_S3_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_SRC_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_SRC_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_SRC_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ENDPOINT_LOCAL
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ENDPOINT_REMOTE
|
||||
- name: RCLONE_CONFIG_SRC_DEST_FORCE_PATH_STYLE
|
||||
value: true
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:openbao-backups
|
||||
- --min-age
|
||||
- 90d
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ENDPOINT_REMOTE
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
openbao-backups-external:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
suspend: false
|
||||
timeZone: America/Chicago
|
||||
schedule: 10 1 * * *
|
||||
backoffLimit: 3
|
||||
parallelism: 1
|
||||
containers:
|
||||
sync:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- sync
|
||||
- src:openbao-backups
|
||||
- dest:openbao-backups-6e088aad5fad110b
|
||||
- --s3-no-check-bucket
|
||||
- --max-age
|
||||
- 90d
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_S3_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_SRC_PROVIDER
|
||||
value: Other
|
||||
- name: RCLONE_CONFIG_SRC_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_SRC_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_SRC_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_SRC_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_SRC_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-openbao-backups-secret
|
||||
key: ENDPOINT_LOCAL
|
||||
- name: RCLONE_CONFIG_SRC_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: DigitalOcean
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ENDPOINT
|
||||
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
prune:
|
||||
image:
|
||||
repository: rclone/rclone
|
||||
tag: 1.73.5@sha256:1619a625f845e169c34b952cf40c483c0392965b821c5155cde8cbfd35254a96
|
||||
args:
|
||||
- delete
|
||||
- dest:openbao-backups-6e088aad5fad110b
|
||||
- --min-age
|
||||
- 90d
|
||||
- --verbose
|
||||
env:
|
||||
- name: RCLONE_CONFIG_DEST_TYPE
|
||||
value: s3
|
||||
- name: RCLONE_CONFIG_DEST_PROVIDER
|
||||
value: DigitalOcean
|
||||
- name: RCLONE_CONFIG_DEST_ENV_AUTH
|
||||
value: false
|
||||
- name: RCLONE_CONFIG_DEST_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_KEY_ID
|
||||
- name: RCLONE_CONFIG_DEST_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: RCLONE_CONFIG_DEST_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ACCESS_REGION
|
||||
- name: RCLONE_CONFIG_DEST_ENDPOINT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: external-openbao-backups-secret
|
||||
key: ENDPOINT
|
||||
- name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: reloader
|
||||
repository: https://stakater.github.io/stakater-charts
|
||||
version: 2.2.11
|
||||
digest: sha256:09bd15e46f5b5c09da317bda9dfe5dd4b74e5e2aecd8271e8e66eaabfd0df521
|
||||
generated: "2026-04-15T18:46:43.186024471Z"
|
||||
version: 2.2.10
|
||||
digest: sha256:87ae8d844f1b602a109e306e00b2f06060443fd9ef5d97689e89a84950b9fdd6
|
||||
generated: "2026-04-13T20:31:19.310944569Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: reloader
|
||||
version: 2.2.11
|
||||
version: 2.2.10
|
||||
repository: https://stakater.github.io/stakater-charts
|
||||
icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg
|
||||
# renovate: datasource=github-releases depName=stakater/Reloader
|
||||
appVersion: v1.4.16
|
||||
appVersion: v1.4.15
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: rook-ceph
|
||||
repository: https://charts.rook.io/release
|
||||
version: v1.19.4
|
||||
version: v1.19.3
|
||||
- name: rook-ceph-cluster
|
||||
repository: https://charts.rook.io/release
|
||||
version: v1.19.4
|
||||
digest: sha256:c7e8bd547272f7f8294f9237f997d5898882293cd10cb59efc59c7452d720ea3
|
||||
generated: "2026-04-15T18:07:10.535464016Z"
|
||||
version: v1.19.3
|
||||
digest: sha256:f485e0ac0fe7a70972491078f37b8be4aff2c6dfa7346bdb18d296f1dbd15b1e
|
||||
generated: "2026-03-24T22:57:30.323965591Z"
|
||||
|
||||
@@ -15,10 +15,10 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: rook-ceph
|
||||
version: v1.19.4
|
||||
version: v1.19.3
|
||||
repository: https://charts.rook.io/release
|
||||
- name: rook-ceph-cluster
|
||||
version: v1.19.4
|
||||
version: v1.19.3
|
||||
repository: https://charts.rook.io/release
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
|
||||
# renovate: datasource=github-releases depName=rook/rook
|
||||
|
||||
@@ -56,7 +56,7 @@ roundcube:
|
||||
nginx:
|
||||
image:
|
||||
repository: nginx
|
||||
tag: 1.30.0-alpine-slim@sha256:830b40ff1beb5e018e56aef2ed1f9fe87a7797e35a555b75fea5c9568e316b04
|
||||
tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
|
||||
env:
|
||||
- name: NGINX_HOST
|
||||
value: mail.alexlebens.net
|
||||
|
||||
@@ -8,7 +8,7 @@ searxng:
|
||||
main:
|
||||
image:
|
||||
repository: searxng/searxng
|
||||
tag: latest@sha256:0bbe85fb9bebe413a26c0e385c76309d15c91fdb9dc8a6bf01b35b714d0ece43
|
||||
tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
|
||||
env:
|
||||
- name: SEARXNG_BASE_URL
|
||||
value: http://searxng-api.searxng:8080
|
||||
@@ -36,7 +36,7 @@ searxng:
|
||||
main:
|
||||
image:
|
||||
repository: searxng/searxng
|
||||
tag: latest@sha256:0bbe85fb9bebe413a26c0e385c76309d15c91fdb9dc8a6bf01b35b714d0ece43
|
||||
tag: latest@sha256:4c6b4f3e1fc10a907a40b7eaaf5b92d50f5b4097d6fb5b02041c0f9926233b36
|
||||
env:
|
||||
- name: SEARXNG_BASE_URL
|
||||
value: https://searxng.alexlebens.net/
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
dependencies:
|
||||
- name: secrets-store-csi-driver
|
||||
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
|
||||
version: 1.5.6
|
||||
digest: sha256:8bebc25b54a231446dce2d67b9cd65024a1458fc106ee93dcfd539759edf2ca5
|
||||
generated: "2026-04-15T17:29:48.143994-05:00"
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user