alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:tmp/eraser
Branches Tags
alexlebens:main alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:tmp/eraser
..
compare: alexlebens:01d3c34b0fc137a22533ed63ed2cb8da3b75d96e
Branches Tags
alexlebens:renovate/unified-cilium alexlebens:manifests alexlebens:main alexlebens:tmp/eraser

1 Commits
tmp/eraser ... 01d3c34b0f

Author SHA1 Message Date
Renovate Bot
01d3c34b0f chore(deps): update temporalio/server docker tag to v1.30.3
All checks were successful
renovate/stability-days Updates have met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 1m5s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 53s
Details
2026-04-06 01:57:24 +00:00
204 changed files with 2231 additions and 1790 deletions
Expand all files Collapse all files

6
.gitea/workflows/render-manifests.yaml
View File

@@ -50,7 +50,7 @@ jobs:
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1,monitoring.coreos.com/v1")
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.110.4@sha256:7ad99abc53b30d3f6e34df88b3e2b2b75436bba9b290e90d367356526034496f
container: ghcr.io/renovatebot/renovate:43.104.4@sha256:54369958207b06c85398d8c4dffc70997c89f07546fa0a4703b3774f48f48dab
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.5.0
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
generated: "2026-04-08T22:05:49.003208408Z"
version: 9.4.17
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-03-28T01:51:34.832601868Z"

2
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,7 +13,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.5.0
version: 9.4.17
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd

50
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -48,31 +48,31 @@ argo-cd:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:86950b83ac8a4da2a89bb826616857fd5eca017c813d8def0eb905025a6e7687
generated: "2026-04-08T02:23:25.175388081Z"
digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
generated: "2026-04-04T21:00:59.689114-05:00"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,7 +18,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
appVersion: v1.5.6-ls342
appVersion: 1.5.6

5
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -109,6 +109,7 @@ blocky:
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
@@ -131,7 +132,6 @@ blocky:
jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl
kyoo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
@@ -144,8 +144,7 @@ blocky:
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl

9
clusters/cl01tl/helm/dependency-track/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: dependency-track
repository: https://dependencytrack.github.io/helm-charts
version: 0.44.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
generated: "2026-04-05T17:32:11.221935-05:00"

26
clusters/cl01tl/helm/dependency-track/Chart.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: v2
name: dependency-track
version: 1.0.0
description: Dependency Track
keywords:
- dependency-track
- vulnerability-scanner
home: https://docs.alexlebens.dev/applications/dependency-track/
sources:
- https://github.com/DependencyTrack/dependency-track
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
maintainers:
- name: alexlebens
dependencies:
- name: dependency-track
version: 0.44.0
repository: https://dependencytrack.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://avatars.githubusercontent.com/u/40258585
# renovate: datasource=github-releases depName=DependencyTrack/dependency-track
appVersion: 4.14.1

30
clusters/cl01tl/helm/kyoo/templates/external-secret.yaml → clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kyoo-key-secret
name: dependency-track-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-key-secret
app.kubernetes.io/name: dependency-track-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,31 +12,19 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: rsa-private
- secretKey: secret.key
remoteRef:
key: /cl01tl/kyoo/key
property: rsa-private
- secretKey: scanner-apikey
remoteRef:
key: /cl01tl/kyoo/key
property: scanner
- secretKey: tmdb-apikey
remoteRef:
key: /tmdb/alexlebens
property: api-key
- secretKey: tvdb-apikey
remoteRef:
key: /tvdb/alexlebens
property: api-key
key: /cl01tl/dependency-track/key
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kyoo-oidc-secret
name: dependency-track-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-oidc-secret
app.kubernetes.io/name: dependency-track-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -46,9 +34,9 @@ spec:
data:
- secretKey: client
remoteRef:
key: /authentik/oidc/kyoo
key: /authentik/oidc/dependency-track
property: client
- secretKey: secret
remoteRef:
key: /authentik/oidc/kyoo
key: /authentik/oidc/dependency-track
property: secret

112
clusters/cl01tl/helm/dependency-track/values.yaml Normal file
View File

@@ -0,0 +1,112 @@
dependency-track:
common:
secretKey:
createSecret: false
existingSecretName: dependency-track-key-secret
apiServer:
image:
repository: dependencytrack/apiserver
tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: null
persistentVolume:
enabled: true
className: ceph-block
size: 5Gi
extraEnv:
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_DRIVER
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: jdbc-uri
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: user
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: password
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "true"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
enabled: true
namespace: dependency-track
frontend:
image:
repository: dependencytrack/frontend
tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
memory: null
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track.alexlebens.net
httpRoute:
enabled: true
hostnames:
- dependency-track.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local

2
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.2
appVersion: 11.17.1

2
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -8,7 +8,7 @@ directus:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
tag: 11.17.1@sha256:1dd2080a50a9f6df2b6f49df15a7734424bbd1a5902983c4b6e447f22027b80b
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net

2
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,7 +1,7 @@
eck-operator:
managedNamespaces:
- stalwart
- tubearchivist
- stalwart
installCRDs: true
replicaCount: 2
resources:

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.34
version: 1.4.33
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
digest: sha256:376f1201085c5c93972d2286755dd8b530a4a88ad9fdaf4bfb50ec1f11c64df0
generated: "2026-04-08T17:57:31.040649797Z"
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-03-24T16:11:50.424321433Z"

4
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.34
version: 1.4.33
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15
appVersion: v1.12.13

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser
repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"
digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
generated: "2025-12-03T22:53:20.200917773Z"

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -9,19 +9,13 @@ home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
- name: app-template
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

85
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -35,88 +35,3 @@ eraser:
requests:
cpu: 1m
memory: 20Mi
eraser-metrics:
global:
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.149.0@sha256:dd56aed607fd02f8ac01dddb27a859c0c2cc750539abce927803778fafc736ae
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
logging:
loglevel: debug
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- logging
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
repository: https://kubernetes-sigs.github.io/external-dns/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
appVersion: v0.21.0
appVersion: v0.20.0

2
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,7 +1,7 @@
external-dns-unifi:
image:
repository: registry.k8s.io/external-dns/external-dns
tag: v0.21.0@sha256:f53faaf71cb270d1ca9dce6ea0c94bfebf1a18696263487f0fbc74b9bf2bd7ff
tag: v0.20.0@sha256:ddc7f4212ed09a21024deb1f470a05240837712e74e4b9f6d1f2632ff10672e7
fullnameOverride: external-dns-unifi
resources:
requests:

12
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -116,9 +116,6 @@ gatus:
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
- name: kyoo
url: https://kyoo.alexlebens.net
<<: *defaults
- name: tubearchivist
url: https://tubearchivist.alexlebens.net
<<: *defaults
@@ -176,18 +173,15 @@ gatus:
- name: home-assistant-code-server
url: https://home-assistant-code-server.alexlebens.net
<<: *defaults
- name: postiz-spotlight
url: https://postiz-spotlight.alexlebens.net
<<: *defaults
- name: postiz-temporal
url: https://postiz-temporal.alexlebens.net
<<: *defaults
- name: argocd
url: https://argocd.alexlebens.net
<<: *defaults
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: dependency-track
url: https://dependency-track.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.4
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.30.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ae512dab12cc692921a8cf80f8459fa652ae20f393a34c14f25a851410724096
generated: "2026-04-07T16:50:50.725821375Z"
digest: sha256:4dc7ea441a81261a431f917521e528819ab708f6ddb4b3a77412464aecec3598
generated: "2026-04-04T21:14:18.193631-05:00"

3
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -14,7 +14,6 @@ sources:
- https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/
- https://hub.docker.com/_/busybox
- https://gitea.com/gitea/helm-chart
- https://gitea.com/gitea/helm-actions
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
@@ -31,7 +30,7 @@ dependencies:
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.0.5
version: 0.0.4
- name: meilisearch
version: 0.30.0
repository: https://meilisearch.github.io/meilisearch-kubernetes

2
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -206,7 +206,7 @@ gitea-actions:
registry: docker.io
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5
generated: "2026-04-07T20:36:47.509644-05:00"
digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
generated: "2026-03-31T18:38:15.510833-05:00"

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey

2
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -23,7 +23,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
tag: 4.114.0-ls328@sha256:928e63f0b775d76cda606f181bae9d81c6d3fbd2d1daeef9438e3ba5579f391d
env:
- name: TZ
value: America/Chicago

24
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -151,12 +151,6 @@ homepage:
href: https://jellyfin.alexlebens.net
siteMonitor: http://jellyfin.jellyfin:80
statusStyle: dot
- Movies and TV:
icon: sh-kyoo.webp
description: Kyoo
href: https://kyoo.alexlebens.net
siteMonitor: http://front.kyoo:8901
statusStyle: dot
- Youtube Archive:
icon: sh-tube-archivist-light.webp
description: TubeArchivist
@@ -350,18 +344,6 @@ homepage:
href: https://home-assistant-code-server.alexlebens.net
siteMonitor: http://home-assistant-code-server.home-assistant:8443
statusStyle: dot
- Spotlight (Postiz):
icon: https://raw.githubusercontent.com/getsentry/spotlight/c528fc752edde40f008282dc7c8ff1568e58c40b/packages/website/public/favicon.svg
description: Sentry monitoring for Postiz
href: https://postiz-spotlight.alexlebens.net
siteMonitor: http://postiz-spotlight.postiz:8969
statusStyle: dot
- Temporal (Postiz):
icon: https://raw.githubusercontent.com/temporalio/documentation/47b489b69d7c7ee4c3a0880cc0faf11b5f4cdb2a/static/img/favicon.svg
description: Temporal monitoring for Postiz
href: https://postiz-temporal.alexlebens.net
siteMonitor: http://postiz-temporal-web.postiz:8080
statusStyle: dot
- Automation:
- Continuous Deployment:
icon: sh-argo-cd.webp
@@ -393,6 +375,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Vulnerability Scanning:
icon: https://raw.githubusercontent.com/DependencyTrack/branding/f77a4ad3b469ff656856ea225f26b1610b89a584/dt-logo-symbol.svg
description: Dependency Track
href: https://dependency-track.alexlebens.net
siteMonitor: http://dependency-track.dependency-track:8080
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.2
appVersion: v2.6.3

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -8,7 +8,7 @@ immich:
main:
image:
repository: ghcr.io/immich-app/immich-server
tag: v2.7.2@sha256:6a2952539e2a9c8adcf6fb74850bb1ba7e1db2804050acea21baafdc9154c430
tag: v2.6.3@sha256:0cc1f82953d9598eb9e9dd11cbde1f50fe54f9c46c4506b089e8ad7bfc9d1f0c
env:
- name: TZ
value: America/Chicago

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -32,6 +32,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/karakeep.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
# renovate: datasource=github-releases depName=karakeep-app/karakeep
appVersion: 0.31.0

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 83.2.0
version: 82.18.0
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
digest: sha256:d0942cff6346335abc91f9ceb919c5a819543b9b8baed11f83de89486f4e874d
generated: "2026-04-08T19:03:59.676069331Z"
digest: sha256:e4632c1c2f0b9d0b37edc7ecf1a008cdf3683737133f2d0b119eab9f968ebf88
generated: "2026-04-05T19:45:07.805154-05:00"

3
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Kube Prometheus Stack
keywords:
- kube-prometheus-stack
- prometheus
- metrics
home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
sources:
- https://github.com/prometheus/prometheus
@@ -20,7 +19,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 83.2.0
version: 82.18.0
repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds
version: 28.0.1

1
clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Kubernetes Cloudflare DDNS
keywords:
- kubernetes-cloudflare-ddns
- ddns
- job
home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/
sources:
- https://github.com/kubitodev/kubernetes-cloudflare-ddns

12
clusters/cl01tl/helm/kyoo/Chart.lock
View File

@@ -1,12 +0,0 @@
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:0a5ba08e137471d788da07502db63f5be535c2843f5bfda74fb873a997846ded
generated: "2026-04-08T21:04:05.245024-05:00"

35
clusters/cl01tl/helm/kyoo/Chart.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v2
name: kyoo
version: 1.0.0
description: Kyoo
keywords:
- kyoo
- media
home: https://docs.alexlebens.dev/applications/kyoo/
sources:
- https://github.com/zoriya/Kyoo
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_api
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_auth
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_front
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_scanner
- https://github.com/zoriya/Kyoo/pkgs/container/kyoo_transcoder
- https://github.com/zoriya/Kyoo/tree/master/chart
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
- name: kyoo
repository: oci://ghcr.io/zoriya/helm-charts
version: 5.0.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-metadata
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kyoo.png
# renovate: datasource=github-releases depName=zoriya/Kyoo
appVersion: v5.0.0

88
clusters/cl01tl/helm/kyoo/templates/http-route.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: kyoo
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- kyoo.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: kyoo-front
port: 8901
weight: 100
- matches:
- path:
type: PathPrefix
value: /video
backendRefs:
- group: ''
kind: Service
name: kyoo-transcoder
port: 7666
weight: 100
- matches:
- path:
type: PathPrefix
value: /auth/
backendRefs:
- group: ''
kind: Service
name: kyoo-auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /.well-known/
backendRefs:
- group: ''
kind: Service
name: kyoo-auth
port: 4568
weight: 100
- matches:
- path:
type: PathPrefix
value: /api/
backendRefs:
- group: ''
kind: Service
name: kyoo-api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /swagger
backendRefs:
- group: ''
kind: Service
name: kyoo-api
port: 3567
weight: 100
- matches:
- path:
type: PathPrefix
value: /scanner/
backendRefs:
- group: ''
kind: Service
name: kyoo-scanner
port: 4389
weight: 100

131
clusters/cl01tl/helm/kyoo/templates/persistent-volume-claim.yaml
View File

@@ -1,131 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-anime-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-movies-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-standup-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: kyoo-media-tvshows-4k-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

173
clusters/cl01tl/helm/kyoo/templates/persistent-volume.yaml
View File

@@ -1,173 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-anime-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-anime-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Anime Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-movies-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-movies-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Movies 4K
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-standup-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-standup-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Stand Up
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: kyoo-media-tvshows-4k-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kyoo-media-tvshows-4k-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/TV Shows
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac

223
clusters/cl01tl/helm/kyoo/values.yaml
View File

@@ -1,223 +0,0 @@
kyoo:
global:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
postgres:
shared:
host: kyoo-postgresql-18-cluster-rw
port: 5432
existingSecret: kyoo-postgresql-18-cluster-app
userKey: user
passwordKey: password
kyoo_api:
database: kyoo_api
sslmode: disable
kyoo_api:
userKey: user
passwordKey: password
existingSecret: kyoo-postgresql-18-cluster-superuser
kyoo_auth:
database: kyoo_auth
sslmode: disable
kyoo_scanner:
database: kyoo_scanner
sslmode: disable
kyoo_transcoder:
database: kyoo_transcoder
sslmode: disable
kyoo:
address: https://kyoo.alexlebens.net
auth:
privatekey:
existingSecret: kyoo-key-secret
privatekeyKey: rsa-private
apikeys:
scanner:
existingSecret: kyoo-key-secret
apikeyKey: scanner-apikey
transcoderAcceleration: qsv
transcoderPreset: fast
oidc_providers:
- name: Authentik
existingSecret: kyoo-oidc-secret
clientIdKey: client
clientSecretKey: secret
logo: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp
authorizationAddress: https://authentik.alexlebens.net/application/o/authorize/
tokenAddress: https://authentik.alexlebens.net/application/o/token/
profileAddress: https://authentik.alexlebens.net/application/o/userinfo/
scope: "email openid profile"
authMethod: ClientSecretBasic
media:
volumes:
- name: kyoo-media-anime-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-nfs-storage
- name: kyoo-media-anime-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-anime-movies-nfs-storage
- name: kyoo-media-movies-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-nfs-storage
- name: kyoo-media-movies-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-movies-4k-nfs-storage
- name: kyoo-media-standup-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-standup-nfs-storage
- name: kyoo-media-tvshows-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-nfs-storage
- name: kyoo-media-tvshows-4k-nfs-storage
persistentVolumeClaim:
claimName: kyoo-media-tvshows-4k-nfs-storage
volumeMounts:
- mountPath: /media/anime
name: kyoo-media-anime-nfs-storage
readOnly: true
- mountPath: /media/anime-movies
name: kyoo-media-anime-movies-nfs-storage
readOnly: true
- mountPath: /media/movies
name: kyoo-media-movies-nfs-storage
readOnly: true
- mountPath: /media/movies-4k
name: kyoo-media-movies-4k-nfs-storage
readOnly: true
- mountPath: /media/standup
name: kyoo-media-standup-nfs-storage
readOnly: true
- mountPath: /media/tvshows
name: kyoo-media-tvshows-nfs-storage
readOnly: true
- mountPath: /media/tvshows-4k
name: kyoo-media-tvshows-4k-nfs-storage
readOnly: true
baseMountPath: /media
contentdatabase:
tmdb:
apikeyKey: tmdb-apikey
existingSecret: kyoo-key-secret
tvdb:
apikeyKey: tvdb-apikey
pinKey: tvdb-apikey
existingSecret: kyoo-key-secret
api:
kyoo_api:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_api
tag: 5.0.0@sha256:dc0210f235e23ae616b0f5952af7867dcbc52e0354c2683ec3c4190fdcd17744
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
auth:
kyoo_auth:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_auth
tag: 5.0.0
persistence:
enabled: true
size: 500Mi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
front:
kyoo_front:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_front
tag: 5.0.0@sha256:985f892470b304f13ef1950fb5f7e9ef33ee39b71705c627cb045773e6dfb7b4
scanner:
kyoo_scanner:
resources:
requests:
cpu: 10m
memory: 100Mi
image:
repository: ghcr.io/zoriya/kyoo_scanner
tag: 5.0.0@sha256:fa972f3f1e534264f4de153e30fe9481839754a3e724cc2663524a2b30e82b46
transcoder:
kyoo_transcoder:
resources:
limits:
gpu.intel.com/i915: 1
requests:
gpu.intel.com/i915: 1
cpu: 1
memory: 1Gi
image:
repository: ghcr.io/zoriya/kyoo_transcoder
tag: 5.0.0@sha256:59974794f8a638175408fa20f023ba9598108b54ad8ed9a22ec87a1a211dfc43
replicaCount: 1
persistence:
enabled: true
size: 1Gi
storageClass: ceph-block
accessModes:
- ReadWriteOnce
ingress:
enabled: false
traefikproxy:
enabled: false
postgres:
enabled: false
postgres-18-cluster:
mode: recovery
cluster:
enableSuperuserAccess: true
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
databases:
- name: kyoo_api
ensure: present
owner: app
- name: kyoo_auth
ensure: present
owner: app
- name: kyoo_scanner
ensure: present
owner: app
- name: kyoo_transcoder
ensure: present
owner: app
volsync-target-metadata:
pvcTarget: kyoo-apimetadata
local:
enabled: true
schedule: 26 8 * * *
remote:
enabled: true
schedule: 26 9 * * *
external:
enabled: true
schedule: 26 10 * * *

2
clusters/cl01tl/helm/languagetool/Chart.yaml
View File

@@ -23,6 +23,6 @@ dependencies:
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/languagetool.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/languagetool.webp
# renovate: datasource=github-releases depName=Erikvl87/docker-languagetool
appVersion: "6.7"

3
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -5,7 +5,6 @@ description: Libation
keywords:
- libation
- audible
- job
home: https://docs.alexlebens.dev/applications/languagetool/
sources:
- https://github.com/rmcrackan/Libation
@@ -26,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.3
appVersion: 13.3.2

4
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -12,7 +12,7 @@ libation:
main:
image:
repository: rmcrackan/libation
tag: 13.3.3@sha256:fbeb84916c81b654412801367b7e96796ffdba83d987a1ed5fed9896cf7cabee
tag: 13.3.2@sha256:d1c45260f3ba34b0fb1432c2b51763e00c5174864961856c1c31e7f2b0c3a39e
env:
- name: SLEEP_TIME
value: "-1"
@@ -30,7 +30,7 @@ libation:
main:
image:
repository: ubuntu
tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
tag: resolute-20260401@sha256:a072b64036a738e55bff8f9a9682cbb893bf20c213772effc1de8dee8df1cea9
command:
- "sleep"
- "infinity"

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -14,7 +14,7 @@ lidarr:
main:
image:
repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
tag: 3.1.2-nightly@sha256:034055feee43b11eb2f7a8438a9af1c99ab564dd2b43e5df2fe5b3c9b3b8b1ac
env:
- name: TZ
value: America/Chicago

6
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: matrix-synapse
repository: https://ananace.gitlab.io/charts
version: 3.12.25
version: 3.12.24
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:937fe4fd8cd564a5f55a0f251a9b412eeeebe797f52d6769b18f6f6a28f6dd64
generated: "2026-04-08T19:02:45.651984056Z"
digest: sha256:0e8b1b79a98952ed49c87c6da83dcc2eed2aabbd755d9ebf1bdd3090f3ccc44c
generated: "2026-04-04T21:03:48.737144-05:00"

4
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -26,7 +26,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: matrix-synapse
version: 3.12.25
version: 3.12.24
repository: https://ananace.gitlab.io/charts
- name: app-template
alias: matrix-hookshot
@@ -78,4 +78,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
# renovate: datasource=github-releases depName=element-hq/synapse
appVersion: v1.151.0
appVersion: v1.150.0

5
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -1,7 +1,7 @@
matrix-synapse:
image:
repository: ghcr.io/element-hq/synapse
tag: v1.151.0@sha256:184dc8757daef019b511e7f96fc6e5edfb880fd074d8cf702c7e3aa899d188c8
tag: v1.150.0@sha256:cba0969087ca70a3ec72ebcd1491a6c8391a7da2c0b92738231dd9c7ad55df4d
serverName: alexlebens.dev
publicServerName: matrix.alexlebens.dev
argoCD: true
@@ -463,9 +463,6 @@ volsync-target-discord:
schedule: 40 10 * * *
volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp
moverSecurityContext:
runAsUser: 1337
runAsGroup: 1337
local:
enabled: true
schedule: 42 8 * * *

2
clusters/cl01tl/helm/music-grabber/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
appVersion: 2.6.1
appVersion: 2.5.6

2
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -12,7 +12,7 @@ music-grabber:
main:
image:
repository: g33kphr33k/musicgrabber
tag: 2.6.1@sha256:52b81df8e69062b4023a416fa4168d4bc0e6d8fba48901a5a5a3080bdd748696
tag: 2.5.6@sha256:457b149917fa0f525c83c08d2cf3a39b4e42c64513b272ecc2d41edcd4cb6c7c
env:
- name: MUSIC_DIR
value: /mnt/store/Music Grabber/

2
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -43,7 +43,7 @@ navidrome:
main:
image:
repository: ghcr.io/jeffvli/feishin
tag: 1.11.0@sha256:1eed97d6272d29d0a7de4c3c1357d4bc9c08cf8e304aa1014089f9111d22619c
tag: 1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
env:
- name: SERVER_NAME
value: talos

2
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.20.4
appVersion: 0.20.2

6
clusters/cl01tl/helm/ollama/values.yaml
View File

@@ -21,7 +21,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
@@ -55,7 +55,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h
@@ -89,7 +89,7 @@ ollama:
main:
image:
repository: ollama/ollama
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
tag: 0.20.2@sha256:0455f166da85b1d07f694c33ba09278ca649603c0611ba8e46272b16eed7fccd
env:
- name: OLLAMA_KEEP_ALIVE
value: 24h

6
clusters/cl01tl/helm/paperless-ngx/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.11.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.5.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ae3aa7bd167e216d79bfbb60770c9bc209a8a689685f6dff6be41d8952ac0f25
generated: "2026-04-08T17:24:02.420482074Z"
digest: sha256:08acc0818deaede4bb7515be7cbb1253f30036b70af6038caa69e4bd3cc02412
generated: "2026-03-30T20:25:47.995874-05:00"

2
clusters/cl01tl/helm/paperless-ngx/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey

2
clusters/cl01tl/helm/paperless-ngx/values.yaml
View File

@@ -86,7 +86,7 @@ paperless-ngx:
gotenberg:
image:
repository: gotenberg/gotenberg
tag: 8.30.1@sha256:206a6c708fc6d05257367d9ac902d6c56c50d2e3284d0596ea000814ef97f22c
tag: 8.29.1@sha256:36c925776fa0db0fd1030408d131fde7ac3453027a559883555155b72adb16a7
service:
main:
controller: main

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.1.10576-06378bdcd-ls300
appVersion: 1.43.0.10492-121068a07-ls298

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -22,7 +22,7 @@ plex:
main:
image:
repository: ghcr.io/linuxserver/plex
tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6
tag: 1.43.0.10492-121068a07-ls298@sha256:cbd631f9a972a1c453953a9192c1781dd7d2084db075a1bee78a3cc6387fb103
env:
- name: TZ
value: America/Chicago

6
clusters/cl01tl/helm/postiz/Chart.lock
View File

@@ -4,7 +4,7 @@ dependencies:
version: 4.6.2
- name: temporal
repository: https://go.temporal.io/helm-charts
version: 1.0.0
version: 1.0.0-rc.3
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
@@ -20,5 +20,5 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dbb86231dcf341e73570b57a10aad6278989e0c50c6f5959a43439a8a9146bb9
generated: "2026-04-08T19:03:28.347782848Z"
digest: sha256:a5d285d997702cefaac9808ac6556a566d7974773c7fb2c7a0defb8f64226443
generated: "2026-04-05T20:33:43.946895-05:00"

2
clusters/cl01tl/helm/postiz/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
version: 4.6.2
- name: temporal
repository: https://go.temporal.io/helm-charts
version: 1.0.0
version: 1.0.0-rc.3
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0

30
clusters/cl01tl/helm/postiz/templates/elasticsearch.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: elasticsearch-postiz
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch-postiz
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}``
spec:
# renovate: datasource=docker depName=elasticsearch
version: 8.19.8@sha256:e6ef2af8db3269ffd075ebf5e605d62324345d646c4fa201654f648d1cad44a4
auth:
fileRealm:
- secretName: postiz-elasticsearch-secret
nodeSets:
- name: default
count: 2
config:
node.store.allow_mmap: false
volumeClaimTemplates:
- metadata:
name: elasticsearch-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ceph-block

76
clusters/cl01tl/helm/postiz/templates/external-secret.yaml
View File

@@ -17,58 +17,6 @@ spec:
key: /cl01tl/postiz/config
property: JWT_SECRET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
key: /authentik/oidc/postiz
property: client
- secretKey: secret
remoteRef:
key: /authentik/oidc/postiz
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-elasticsearch-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-elasticsearch-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: username
remoteRef:
key: /cl01tl/postiz/elasticsearch
property: username
- secretKey: password
remoteRef:
key: /cl01tl/postiz/elasticsearch
property: password
- secretKey: roles
remoteRef:
key: /cl01tl/postiz/elasticsearch
property: roles
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
@@ -100,3 +48,27 @@ spec:
remoteRef:
key: /cl01tl/postiz/valkey
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postiz-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client
remoteRef:
key: /authentik/oidc/postiz
property: client
- secretKey: secret
remoteRef:
key: /authentik/oidc/postiz
property: secret

38
clusters/cl01tl/helm/postiz/templates/http-route.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: postiz-temporal-web
name: temporal-ui
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: postiz-temporal-web
app.kubernetes.io/name: temporal-ui
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -14,7 +14,7 @@ spec:
name: traefik-gateway
namespace: traefik
hostnames:
- postiz-temporal.alexlebens.net
- temporal-ui.alexlebens.net
rules:
- matches:
- path:
@@ -23,6 +23,36 @@ spec:
backendRefs:
- group: ''
kind: Service
name: postiz-temporal-web
name: temporal-ui
port: 8080
weight: 100
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: temporal-frontend
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: temporal-frontend
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- temporal-frontend.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: temporal-frontend
port: 80
weight: 100

80
clusters/cl01tl/helm/postiz/values.yaml
View File

@@ -22,9 +22,9 @@ postiz:
- name: NEXT_PUBLIC_BACKEND_URL
value: https://postiz.alexlebens.dev/api
- name: BACKEND_INTERNAL_URL
value: http://localhost:3000
value: http://temporal:3000
- name: TEMPORAL_ADDRESS
value: postiz-temporal-frontend:7233
value: http://temporal:3000
- name: DATABASE_URL
valueFrom:
secretKeyRef:
@@ -74,9 +74,9 @@ postiz:
- name: POSTIZ_OAUTH_SCOPE
value: openid profile email
- name: NEXT_PUBLIC_SENTRY_DSN
value: http://key@postiz-spotlight.postiz:8969/1
value: http://spotlight:8969/stream
- name: SENTRY_SPOTLIGHT
value: http://postiz-spotlight.postiz:8969/stream
value: "1"
resources:
requests:
cpu: 10m
@@ -92,8 +92,8 @@ postiz:
tag: 4.11.3@sha256:be6eb5b5d0df882025dcef138c217d493e6dcb684aebc235bc1b2832eb347c7f
resources:
requests:
cpu: 1m
memory: 100Mi
cpu: 10m
memory: 40Mi
service:
main:
controller: main
@@ -107,24 +107,6 @@ postiz:
http:
port: 8969
targetPort: 8969
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- postiz-spotlight.alexlebens.net
rules:
- backendRefs:
- name: postiz-spotlight
port: 8969
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: postiz-config
@@ -154,6 +136,10 @@ temporal:
metrics:
serviceMonitor:
enabled: true
resources:
requests:
cpu: 10m
memory: 60Mi
config:
logLevel: "debug,info"
persistence:
@@ -162,31 +148,24 @@ temporal:
sql:
pluginName: postgres12
driverName: postgres12
databaseName: temporal
databaseName: app
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
connectProtocol: "tcp"
user: postgres
existingSecret: postiz-postgresql-18-cluster-superuser
user: app
existingSecret: postiz-postgresql-18-cluster-app
secretKey: password
tls:
enabled: false
visibility:
sql:
pluginName: postgres12
driverName: postgres12
databaseName: temporal_visibility
connectAddr: postiz-postgresql-18-cluster-rw.postiz:5432
connectProtocol: "tcp"
user: postgres
existingSecret: postiz-postgresql-18-cluster-superuser
secretKey: password
elasticsearch:
version: v8
url:
scheme: http
host: elasticsearch-postiz-es-http.postiz:9200
logLevel: error
indices:
visibility: temporal_visibility_v1
tls:
enabled: false
namespaces:
create: true
namespace:
- name: default
retention: 30d
frontend:
ingress:
enabled: false
@@ -196,7 +175,7 @@ temporal:
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 60Mi
history:
metrics:
serviceMonitor:
@@ -204,7 +183,7 @@ temporal:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 60Mi
matching:
metrics:
serviceMonitor:
@@ -220,15 +199,15 @@ temporal:
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 60Mi
admintools:
image:
repository: temporalio/admin-tools
tag: 1.30.3@sha256:2c2272b008f1af295b3719963e6feeef64f838d1105d895cf6acfcf96dd31741
tag: 1.30.2@sha256:024c6473df113e4b220b3caf6056d30964582ffcae6f6e46a1074aa6c67968d3
resources:
requests:
cpu: 10m
memory: 10Mi
memory: 60Mi
web:
image:
repository: temporalio/ui
@@ -236,11 +215,9 @@ temporal:
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 60Mi
postgres-18-cluster:
mode: recovery
cluster:
enableSuperuserAccess: true
recovery:
method: objectStore
objectStore:
@@ -262,9 +239,6 @@ postgres-18-cluster:
- name: temporal
ensure: present
owner: app
- name: temporal_visibility
ensure: present
owner: app
valkey:
valkey:
auth:

9
clusters/cl01tl/helm/prowlarr/Chart.yaml
View File

@@ -4,15 +4,14 @@ version: 1.0.0
description: Prowlarr
keywords:
- prowlarr
- trackers
- servarr
home: https://docs.alexlebens.dev/applications/prowlarr/
- trackers
home: https://wiki.alexlebens.dev/s/7f963158-15fd-4eb5-b3ac-8a3aeb79613a
sources:
- https://github.com/Prowlarr/Prowlarr
- https://github.com/linuxserver/docker-prowlarr
- https://github.com/linuxserver/docker-prowlarr/pkgs/container/prowlarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,5 +24,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-prowlarr
appVersion: 2.3.5.5327-ls141
# renovate: datasource=github-releases depName=Prowlarr/Prowlarr
appVersion: 2.3.0

29
clusters/cl01tl/helm/prowlarr/values.yaml
View File

@@ -4,22 +4,31 @@ prowlarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
containers:
main:
image:
repository: ghcr.io/linuxserver/prowlarr
tag: 2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf
tag: 2.3.0@sha256:9ef5d8bf832edcacb6082f9262cb36087854e78eb7b1c3e1d4375056055b2d82
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 256Mi
service:
main:
controller: main
@@ -27,6 +36,7 @@ prowlarr:
http:
port: 80
targetPort: 9696
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -39,8 +49,11 @@ prowlarr:
- prowlarr.alexlebens.net
rules:
- backendRefs:
- name: prowlarr
- group: ''
kind: Service
name: prowlarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -51,6 +64,7 @@ prowlarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -61,6 +75,13 @@ volsync-target-config:
moverSecurityContext:
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local:
enabled: true
schedule: 56 8 * * *

15
clusters/cl01tl/helm/qbittorrent/Chart.yaml
View File

@@ -4,24 +4,21 @@ version: 1.0.0
description: qBittorrent
keywords:
- qbittorrent
- downloads
- torrent
home: https://docs.alexlebens.dev/applications/prowlarr/
- vpn
- metrics
home: https://wiki.alexlebens.dev/s/832cd960-0ae1-4637-873a-d83c4c24b911
sources:
- https://github.com/qbittorrent/qBittorrent
- https://github.com/qdm12/gluetun
- https://github.com/esanchezm/prometheus-qbittorrent-exporter
- https://github.com/StuffAnThings/qbit_manage
- https://github.com/caronc/apprise
- https://github.com/autobrr/qui
- https://github.com/linuxserver/docker-qbittorrent/pkgs/container/qbittorrent
- https://docs.linuxserver.io/images/docker-qbittorrent/
- https://github.com/qdm12/gluetun/pkgs/container/gluetun
- https://hub.docker.com/r/esanchezm/prometheus-qbittorrent-exporter
- https://github.com/stuffanthings/qbit_manage/pkgs/container/qbit_manage
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/autobrr/qui/pkgs/container/qui
- https://hub.docker.com/_/busybox
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -43,4 +40,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png
# renovate: datasource=github-releases depName=qbittorrent/qBittorrent
appVersion: 5.1.4-r2-ls448
appVersion: 5.1.4

26
clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml
View File

@@ -287,16 +287,16 @@ data:
- '**/*_unpackerred'
max_orphaned_files_to_delete: 50
apprise:
api_url: http://localhost:8000
notify_url: http://apprise:8000
webhooks:
error: apprise
run_start: apprise
run_end: apprise
function:
rem_orphaned: apprise
cleanup_dirs: apprise
tag_tracker_error: apprise
share_limits: apprise
# apprise:
# api_url: http://localhost:8000/notify
# notify_url: ""
#
# webhooks:
# error: apprise
# run_start: apprise
# run_end: apprise
# function:
# rem_orphaned: apprise
# cleanup_dirs: apprise
# tag_tracker_error:
# share_limits:

25
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
---
@@ -46,12 +58,11 @@ spec:
data:
- secretKey: ntfy-url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/qbittorrent/qbit-manage
metadataPolicy: None
property: ntfy-url
- secretKey: config.yml
remoteRef:
key: /cl01tl/qbittorrent/qbit-manage
property: config.yml
---
apiVersion: external-secrets.io/v1
@@ -70,9 +81,15 @@ spec:
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/qui
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/qui
metadataPolicy: None
property: client

92
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -4,10 +4,8 @@ qbittorrent:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
@@ -22,9 +20,14 @@ qbittorrent:
init-sysctl:
image:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: 1.37.0
pullPolicy: IfNotPresent
securityContext:
privileged: True
resources:
requests:
cpu: 10m
memory: 128Mi
command:
- /bin/sh
args:
@@ -36,14 +39,15 @@ qbittorrent:
qbittorrent:
image:
repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4-r2-ls448@sha256:a89108b1bf43de072a35a59a3ee41b97b564538faae5cbb3f6c803aa7f5fd9f7
tag: 5.1.4@sha256:855e5f4805ac218f406a5ae989a62a77e03f7e5f70128335b7970550a58c96e1
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
value: "1000"
- name: PGID
value: 1000
value: "1000"
- name: UMASK_SET
value: "002"
- name: WEBUI_PORT
@@ -56,6 +60,7 @@ qbittorrent:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
@@ -122,10 +127,13 @@ qbittorrent:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 64Mi
exporter:
image:
repository: esanchezm/prometheus-qbittorrent-exporter
tag: v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211
tag: v1.6.0
pullPolicy: IfNotPresent
env:
- name: QBITTORRENT_HOST
value: localhost
@@ -135,17 +143,27 @@ qbittorrent:
value: "9022"
- name: EXPORTER_LOG_LEVEL
value: INFO
resources:
requests:
cpu: 10m
memory: 64Mi
qbit-manage:
type: deployment
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-copy-config:
image:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
tag: 1.37.0
pullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 128Mi
command:
- /bin/sh
- -ec
@@ -155,11 +173,11 @@ qbittorrent:
qbit-manage:
image:
repository: ghcr.io/stuffanthings/qbit_manage
tag: v4.7.0@sha256:8786f2efc6fb8e26281f09bf6c5d0004e2d2420fd4781af0aed123ae01558e21
tag: v4.7.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: QBT_SCHEDULE
value: 0 * * * *
- name: QBT_STARTUP_DELAY
@@ -173,18 +191,19 @@ qbittorrent:
resources:
requests:
cpu: 10m
memory: 280Mi
memory: 64Mi
apprise-api:
image:
repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
repository: caronc/apprise
tag: v1.3.3
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PGID
value: 1000
value: "1000"
- name: PUID
value: 1000
value: "1000"
- name: APPRISE_STORAGE_MODE
value: memory
- name: APPRISE_STATEFUL_MODE
@@ -196,19 +215,21 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-qbit-manage-config
key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
qui:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.16.1@sha256:07b6ea9572e52e8b5f70f8fb15a7c688d8d754a7616242d3ad0b21dbd5c05836
tag: v1.15.0
pullPolicy: IfNotPresent
env:
- name: QUI__METRICS_ENABLED
value: true
@@ -237,7 +258,7 @@ qbittorrent:
resources:
requests:
cpu: 10m
memory: 70Mi
memory: 128Mi
service:
main:
controller: main
@@ -246,27 +267,33 @@ qbittorrent:
http:
port: 8080
targetPort: 8080
protocol: HTTP
health:
port: 9999
targetPort: 9999
protocol: HTTP
metrics:
port: 9022
targetPort: 9022
protocol: HTTP
qbit-manage:
controller: qbit-manage
ports:
apprise:
port: 80
targetPort: 8181
protocol: HTTP
qui:
controller: qui
ports:
http:
port: 80
targetPort: 7476
protocol: HTTP
metrics:
port: 9074
targetPort: 9074
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -313,8 +340,11 @@ qbittorrent:
- qbittorrent.alexlebens.net
rules:
- backendRefs:
- name: qbittorrent
- group: ''
kind: Service
name: qbittorrent
port: 8080
weight: 100
matches:
- path:
type: PathPrefix
@@ -330,8 +360,11 @@ qbittorrent:
- qui.alexlebens.net
rules:
- backendRefs:
- name: qbittorrent-qui
- group: ''
kind: Service
name: qbittorrent-qui
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -349,8 +382,8 @@ qbittorrent:
subPath: update.sh
qbit-manage-config:
enabled: true
type: secret
name: qbittorrent-qbit-manage-config
type: configMap
name: qbit-manage-config
advancedMounts:
qbit-manage:
init-copy-config:
@@ -368,6 +401,7 @@ qbittorrent:
storageClass: ceph-filesystem
accessMode: ReadWriteMany
size: 1Gi
retain: true
advancedMounts:
main:
qbittorrent:
@@ -382,6 +416,7 @@ qbittorrent:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
qbit-manage:
init-copy-config:
@@ -395,6 +430,7 @@ qbittorrent:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
qui:
qui:

6
clusters/cl01tl/helm/radarr-4k/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:f644b5d539a1aa786eae75f7e397ca12383320bcb52618eaf611c45c08e6f205
generated: "2026-04-06T15:33:33.355903-05:00"
digest: sha256:d76563fe1a7a9f8ceaf6937831bd0c5511eb7369abb8eb54110dfb69e6dce224
generated: "2026-03-15T20:08:21.236792423Z"

14
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -4,18 +4,20 @@ version: 1.0.0
description: Radarr 4K
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- 4k
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +27,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -4,6 +4,7 @@ radarr-4k:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -14,22 +15,24 @@ radarr-4k:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
resources:
requests:
cpu: 10m
memory: 220Mi
cpu: 100m
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +45,10 @@ radarr-4k:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +56,11 @@ radarr-4k:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +95,11 @@ radarr-4k:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-4k
- group: ''
kind: Service
name: radarr-4k
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +116,7 @@ radarr-4k:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +150,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-4k-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-anime/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff7a0dc34eba6f1958b56a90fd4b47d5baac88eb5c40349b5b9aa8223fa6ffd6
generated: "2026-04-06T15:33:41.628584-05:00"
digest: sha256:21bde3a8778fb94e40f2177383ca418123e69f3f3f463b31d35e9f9bf83dfa9d
generated: "2026-03-15T20:08:35.497440433Z"

14
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -4,18 +4,20 @@ version: 1.0.0
description: Radarr Anime
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- anime
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +27,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-anime:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +25,12 @@ radarr-anime:
resources:
requests:
cpu: 10m
memory: 220Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +43,10 @@ radarr-anime:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +54,11 @@ radarr-anime:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +93,11 @@ radarr-anime:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-anime
- group: ''
kind: Service
name: radarr-anime
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +114,7 @@ radarr-anime:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-anime-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr-standup/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:c032454ad1ce0729f69b7d79571880d4d27af6dc6f638b3a32e0a1633c1ee996
generated: "2026-04-06T15:33:54.620306-05:00"
digest: sha256:ebd25d2a12ca1924b66c62d6dd2c69476ae4526825020796198b65c2ebd2c6eb
generated: "2026-03-15T20:08:49.811429784Z"

13
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Radarr Stand Up
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- standup
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

48
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -4,20 +4,20 @@ radarr-standup:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +25,12 @@ radarr-standup:
resources:
requests:
cpu: 10m
memory: 220Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +43,10 @@ radarr-standup:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +54,11 @@ radarr-standup:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +93,11 @@ radarr-standup:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr-standup
- group: ''
kind: Service
name: radarr-standup
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +114,7 @@ radarr-standup:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +148,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-standup-config
moverSecurityContext:

6
clusters/cl01tl/helm/radarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:26dca3bc43e9b3613d3fe817bf6254ffe8ca31152596fa6a141458734aab6950
generated: "2026-04-06T15:33:25.009896-05:00"
digest: sha256:05ce0d746d9c42a00338df5e6673fde8baeefa6f598ef8c85a32e6bc393b94ca
generated: "2026-03-15T20:09:03.538226001Z"

13
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -4,18 +4,19 @@ version: 1.0.0
description: Radarr
keywords:
- radarr
- movies
- servarr
home: https://docs.alexlebens.dev/applications/radarr/
- movies
- metrics
home: https://wiki.alexlebens.dev/s/b5687ceb-11db-49b3-9c77-bf27bc322c99
sources:
- https://github.com/Radarr/Radarr
- https://github.com/linuxserver/docker-radarr
- https://github.com/onedr0p/exportarr
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/linuxserver/docker-radarr/pkgs/container/radarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -25,12 +26,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls298
# renovate: datasource=github-releases depName=Radarr/Radarr
appVersion: 6.0.4

46
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -4,6 +4,7 @@ radarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -14,10 +15,11 @@ radarr:
main:
image:
repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
tag: 6.0.4@sha256:ca43905eaf2dd11425efdcfe184892e43806b1ae0a830440c825cecbc2629cfb
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,11 +27,12 @@ radarr:
resources:
requests:
cpu: 100m
memory: 600Mi
memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
tag: v2.3.0
pullPolicy: IfNotPresent
args: ["radarr"]
env:
- name: URL
@@ -42,6 +45,10 @@ radarr:
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +56,11 @@ radarr:
http:
port: 80
targetPort: 7878
protocol: HTTP
metrics:
port: 9793
targetPort: 9793
protocol: TCP
serviceMonitor:
main:
selector:
@@ -86,8 +95,11 @@ radarr:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs:
- name: radarr
- group: ''
kind: Service
name: radarr
port: 80
weight: 100
filters:
- type: ExtensionRef
extensionRef:
@@ -104,6 +116,7 @@ radarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
retain: true
advancedMounts:
main:
main:
@@ -137,12 +150,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-config:
pvcTarget: radarr-config
moverSecurityContext:

8
clusters/cl01tl/helm/rclone/Chart.yaml
View File

@@ -4,9 +4,9 @@ version: 1.0.0
description: Rclone
keywords:
- rclone
- s3-sync
- job
home: https://docs.alexlebens.dev/applications/rclone/
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/rclone/rclone
- https://hub.docker.com/r/rclone/rclone
@@ -18,6 +18,6 @@ dependencies:
alias: rclone
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/rclone.png
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/rclone.webp
# renovate: datasource=github-releases depName=rclone/rclone
appVersion: v1.73.4
appVersion: v1.73.3

72
clusters/cl01tl/helm/rclone/values.yaml
View File

@@ -4,15 +4,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "0 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:directus-assets
@@ -82,15 +87,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 10 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:karakeep-assets
@@ -160,15 +170,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 20 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "20 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:talos-backups
@@ -239,7 +254,8 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- delete
- dest:talos-backups
@@ -279,15 +295,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 30 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "30 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:web-assets
@@ -357,15 +378,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 40 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "40 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:postgres-backups
@@ -440,7 +466,8 @@ rclone:
prune:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- delete
- dest:postgres-backups
@@ -480,15 +507,20 @@ rclone:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 50 0 * * *
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: "10 0 * * *"
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
sync:
image:
repository: rclone/rclone
tag: 1.73.4@sha256:654f6517c7aaec7e377690b2caf7c272dbe5f3b8200afbc14a00df6b4a9aa6ef
tag: 1.73.3
pullPolicy: IfNotPresent
args:
- sync
- src:ntfy-attachments

3
clusters/cl01tl/helm/reloader/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Reloader
keywords:
- reloader
- config-map
home: https://docs.alexlebens.dev/applications/rclone/
- kubernetes
home: https://wiki.alexlebens.dev/s/e3a68f74-6d9a-484c-a446-4ba32f41d4c8
sources:
- https://github.com/stakater/Reloader
- https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader

7
clusters/cl01tl/helm/rook-ceph/Chart.yaml
View File

@@ -4,13 +4,14 @@ version: 1.0.0
description: Rook Ceph
keywords:
- rook-ceph
- ceph
- storage
home: https://docs.alexlebens.dev/applications/rook-ceph/
- kubernetes
home: https://wiki.alexlebens.dev/s/8592da1d-8168-4c6c-a3e4-106902fe878c
sources:
- https://github.com/rook/rook
- https://quay.io/repository/ceph/ceph?tab=tags
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph
- https://github.com/rook/rook/tree/master/deploy/charts/rook-ceph-cluster
- https://github.com/rook/rook/tree/master/deploy/charts
maintainers:
- name: alexlebens
dependencies:

78
clusters/cl01tl/helm/rook-ceph/values.yaml
View File

@@ -1,30 +1,20 @@
rook-ceph:
crds:
enabled: true
resources:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
csi:
rookUseCsiOperator: true
cephFSKernelMountOptions: "ms_mode=secure"
enableMetadata: true
provisionerReplicas: 3
serviceMonitor:
enabled: true
enableDiscoveryDaemon: true
monitoring:
enabled: true
rook-ceph-cluster:
toolbox:
enabled: true
image: quay.io/ceph/ceph:v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
resources:
limits:
memory: 1Gi
requests:
cpu: 1m
memory: 10Mi
monitoring:
enabled: true
createPrometheusRules: true
@@ -32,17 +22,17 @@ rook-ceph-cluster:
CephNodeDiskspaceWarning:
disabled: true
cephImage:
# https://quay.io/repository/ceph/ceph?tab=tags
repository: quay.io/ceph/ceph
tag: v20.2.1@sha256:0bae386bc859cd9a05b804d1ca16cca8853a64f90809044e2bf43095419dc337
tag: v19.2.3-20250717
imagePullPolicy: IfNotPresent
cephClusterSpec:
cephConfig:
osd:
bluestore_slow_ops_warn_lifetime: "60"
bluestore_slow_ops_warn_threshold: "10"
csi:
readAffinity:
enabled: true
mgr:
count: 2
modules:
- name: pg_autoscaler
enabled: true
@@ -51,6 +41,7 @@ rook-ceph-cluster:
- name: volumes
enabled: true
dashboard:
enabled: true
ssl: false
network:
connections:
@@ -83,62 +74,29 @@ rook-ceph-cluster:
operator: Exists
resources:
mgr:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 500Mi
memory: 512Mi
mon:
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 750Mi
cpu: 200m
memory: 256Mi
osd:
limits:
memory: 8Gi
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 200Mi
mgr-sidecar:
limits:
memory: 2Gi
requests:
cpu: 100m
memory: 40Mi
crashcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
logcollector:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
cleanup:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 100Mi
exporter:
limits:
memory: 2Gi
requests:
cpu: 10m
memory: 20Mi
memory: 128Mi
storage:
useAllDevices: false
devicePathFilter: "/dev/disk/by-partlabel/r-csi-disk"
config:
osdsPerDevice: "1"
csi:
readAffinity:
enabled: true
route:
dashboard:
host:
@@ -189,11 +147,9 @@ rook-ceph-cluster:
activeCount: 1
activeStandby: true
resources:
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 400Mi
cpu: "1000m"
memory: "4Gi"
priorityClassName: system-cluster-critical
storageClass:
enabled: true

6
clusters/cl01tl/helm/roundcube/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:3385cf67283187e62972293322a24c0bd3cf979cd870a3f157728e50b601e4f6
generated: "2026-04-06T17:40:21.003745-05:00"
digest: sha256:755aa4db5c7142d46af4a80c9fce49c3c558cc81042c9a00a0bdcd607276e856
generated: "2026-03-15T20:09:18.053504671Z"

8
clusters/cl01tl/helm/roundcube/Chart.yaml
View File

@@ -4,12 +4,12 @@ version: 1.0.0
description: Roundcube
keywords:
- roundcube
- email-client
home: https://docs.alexlebens.dev/applications/rclone/
- email
home: https://wiki.alexlebens.dev/s/68896660-74d8-4166-82bd-f7c282cdb08e
sources:
- https://github.com/roundcube/roundcubemail
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/roundcube/roundcubemail
- https://hub.docker.com/_/nginx
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data

3
clusters/cl01tl/helm/roundcube/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: DES_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/roundcube/key
metadataPolicy: None
property: DES_KEY

63
clusters/cl01tl/helm/roundcube/values.yaml
View File

@@ -4,11 +4,13 @@ roundcube:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -51,32 +53,40 @@ roundcube:
value: archive,zipdownload,newmail_notifier
resources:
requests:
cpu: 1m
memory: 40Mi
cpu: 10m
memory: 256Mi
nginx:
image:
repository: nginx
tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
tag: 1.29.7-alpine-slim
pullPolicy: IfNotPresent
env:
- name: NGINX_HOST
value: mail.alexlebens.net
- name: NGINX_PHP_CGI
value: roundcube.roundcube:9000
resources:
requests:
cpu: 10m
memory: 128Mi
cleandb:
type: cronjob
cronjob:
suspend: false
timeZone: America/Chicago
concurrencyPolicy: Forbid
timeZone: US/Central
schedule: 30 4 * * *
startingDeadlineSeconds: 90
successfulJobsHistory: 1
failedJobsHistory: 1
backoffLimit: 3
parallelism: 1
containers:
backup:
image:
repository: roundcube/roundcubemail
tag: 1.6.15-fpm-alpine@sha256:0e07c1c66d5a1392f0c47cc79e85e0c60095108f715037d7d0aa3fd8cbe2e780
args:
- bin/cleandb.sh
tag: 1.6.15-fpm-alpine
pullPolicy: IfNotPresent
env:
- name: ROUNDCUBEMAIL_DB_TYPE
value: pgsql
@@ -113,6 +123,12 @@ roundcube:
value: elastic
- name: ROUNDCUBEMAIL_PLUGINS
value: archive,zipdownload,newmail_notifier
args:
- bin/cleandb.sh
resources:
requests:
cpu: 100m
memory: 128Mi
configMaps:
config:
enabled: true
@@ -151,9 +167,11 @@ roundcube:
mail:
port: 9000
targetPort: 9000
protocol: HTTP
web:
port: 80
targetPort: 80
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -166,8 +184,11 @@ roundcube:
- mail.alexlebens.net
rules:
- backendRefs:
- name: roundcube
- group: ''
kind: Service
name: roundcube
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -189,6 +210,7 @@ roundcube:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -217,12 +239,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data:
pvcTarget: roundcube-data
local:

6
clusters/cl01tl/helm/rybbit/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:95bab760e3dc94ba3affe42d2f91bc274ed520865a461cdaac61ba47eab6f39f
generated: "2026-04-06T17:43:01.938961-05:00"
digest: sha256:9342eb966ec3e8020aa6b1d6d2ac72d2c4a46c4ed70c5cf52c16ff25d2f2b0fa
generated: "2026-03-15T20:09:33.800790437Z"

8
clusters/cl01tl/helm/rybbit/Chart.yaml
View File

@@ -5,16 +5,12 @@ description: Rybbit
keywords:
- rybbit
- analytics
home: https://docs.alexlebens.dev/applications/rybbit/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/rybbit-io/rybbit
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-backend
- https://github.com/rybbit-io/rybbit/pkgs/container/rybbit-client
- https://hub.docker.com/r/clickhouse/clickhouse-server/
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,7 +23,7 @@ dependencies:
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-clickhouse-data

12
clusters/cl01tl/helm/rybbit/templates/external-secret.yaml
View File

@@ -14,17 +14,29 @@ spec:
data:
- secretKey: clickhouse-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: user
- secretKey: clickhouse-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/clickhouse
metadataPolicy: None
property: password
- secretKey: better-auth-secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: better-auth-secret
- secretKey: mapbox-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/rybbit/auth
metadataPolicy: None
property: mapbox-token

75
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -4,11 +4,13 @@ rybbit:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-backend
tag: v2.5.0@sha256:fd00f61abe592f872a0e4ac13f8c7b190ab2810e72f898faea4809d7ced46eef
tag: v2.5.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -69,12 +71,17 @@ rybbit:
key: mapbox-token
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
httpGet:
path: /api/health
port: 3001
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://127.0.0.1:3001/api/health
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -83,16 +90,18 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 200Mi
memory: 256Mi
client:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/rybbit-io/rybbit-client
tag: v2.5.0@sha256:741908be311a23ee4e58c5f82c6740bf75bbe4f7430ff2aec420f6189b1378b8
repository: harbor.alexlebens.net/images/rybbit-client
tag: v2.4.0
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -103,16 +112,18 @@ rybbit:
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 256Mi
clickhouse:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: clickhouse/clickhouse-server
tag: 26.3.4@sha256:e9de4678349386db2bd6282aa71e93ef465912ae9fa419ead2e83eb1cbce7a4a
tag: 26.3.3
pullPolicy: IfNotPresent
env:
- name: CLICKHOUSE_DB
value: analytics
@@ -128,12 +139,17 @@ rybbit:
key: clickhouse-password
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
httpGet:
path: /ping
port: 8123
exec:
command:
- CMD
- wget
- --no-verbose
- --tries=1
- --spider
- http://localhost:8123/ping
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 30
@@ -141,8 +157,8 @@ rybbit:
timeoutSeconds: 5
resources:
requests:
cpu: 40m
memory: 300Mi
cpu: 10m
memory: 256Mi
configMaps:
config:
enabled: true
@@ -192,24 +208,28 @@ rybbit:
http:
port: 3001
targetPort: 3001
protocol: HTTP
client:
controller: client
ports:
http:
port: 3002
targetPort: 3002
protocol: TCP
clickhouse:
controller: clickhouse
ports:
http:
port: 8123
targetPort: 8123
protocol: TCP
persistence:
clickhouse:
forceRename: clickhouse-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
clickhouse:
main:
@@ -251,12 +271,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 15 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-clickhouse-data:
pvcTarget: clickhouse-data
moverSecurityContext:

4
clusters/cl01tl/helm/s3-exporter/Chart.yaml
View File

@@ -5,8 +5,9 @@ description: S3 Exporter
keywords:
- s3-exporter
- storage
- monitoring
- metrics
home: https://docs.alexlebens.dev/applications/s3-exporter/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/molu8bits/s3bucket_exporter
- https://hub.docker.com/r/molu8bits/s3bucket_exporter
@@ -18,6 +19,5 @@ dependencies:
alias: s3-exporter
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/amazon-s3.png
# renovate: datasource=github-releases depName=molu8bits/s3bucket_exporter
appVersion: 1.0.2

15
clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml
View File

@@ -14,15 +14,24 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/all-access
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
- secretKey: AWS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/prometheus-exporter
metadataPolicy: None
property: AWS_REGION
---
@@ -42,9 +51,15 @@ spec:
data:
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/s3-exporter
metadataPolicy: None
property: ACCESS_SECRET_KEY

Some files were not shown because too many files have changed in this diff Show More