alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

Compare commits

base: alexlebens:tmp/secrets-3
Branches Tags
alexlebens:main alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:tmp/secrets-3 alexlebens:manifests
..
compare: alexlebens:1a5a88206d2cae3387f77e902725c970b6609c4e
Branches Tags
alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:main alexlebens:tmp/secrets-3 alexlebens:manifests

2 Commits
tmp/secret ... 1a5a88206d

Author SHA1 Message Date
Alex Lebens
1a5a88206d feat: add toleration
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m4s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 24s
Details
render-manifests / render-manifests (pull_request) Successful in 1m23s
Details
2026-03-17 22:38:49 -05:00
Alex Lebens
e1363551c2 feat: disable sbom and infra scanner
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 38s
Details
render-manifests / render-manifests (pull_request) Successful in 2m10s
Details
2026-03-17 22:16:49 -05:00
431 changed files with 6286 additions and 5962 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

8
.gitea/workflows/lint-test-docker.yaml
View File

@@ -21,14 +21,14 @@ jobs:
runs-on: ubuntu-js
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: "${{ github.base_ref }}"
@@ -51,7 +51,7 @@ jobs:
- name: Set Up Node.js
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
uses: actions/setup-node@v6
with:
node-version: '24'
@@ -120,7 +120,7 @@ jobs:
echo "----"
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'

266
.gitea/workflows/lint-test-helm.yaml
View File

@@ -16,8 +16,8 @@ on:
env:
CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7"
ARGOCD_VERSION: "v3.3.6"
jobs:
lint-helm:
@@ -28,14 +28,14 @@ jobs:
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check Branch Exists
id: check-branch-exists
if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@650358876c774d6ccbd581b5553eb636dab79a97 # v1.2
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: ${{ github.base_ref }}
@@ -58,7 +58,7 @@ jobs:
- name: Set Up Helm
if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
@@ -67,7 +67,7 @@ jobs:
- name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -102,7 +102,7 @@ jobs:
echo ""
echo "${CHANGED_CHARTS}"
CHANGED_CHARTS_CSV=$(echo "${CHANGED_CHARTS}" | paste -sd ',' -)
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo ""
echo "----"
@@ -209,7 +209,7 @@ jobs:
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
@@ -232,21 +232,11 @@ jobs:
github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Cache Kubeconform
id: cache-kubeconform
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: /usr/local/bin/kubeconform
key: ${{ runner.os }}-kubeconform-${{ env.KUBECONFORM_VERSION }}
restore-keys: |
${{ runner.os }}-kubeconform-
- name: Install Kubeconform
if: steps.cache-kubeconform.outputs.cache-hit != 'true'
run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
@@ -259,8 +249,6 @@ jobs:
echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/
- name: Verify installation
run: |
echo ""
echo ">> Verifying installation ..."
kubeconform -v
@@ -269,7 +257,7 @@ jobs:
echo "----"
- name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
@@ -277,7 +265,7 @@ jobs:
cache: true
- name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -336,7 +324,7 @@ jobs:
helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \
${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \
@@ -364,7 +352,7 @@ jobs:
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
@@ -377,233 +365,3 @@ jobs:
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true
# argo-diff:
# needs: lint-helm
# runs-on: ubuntu-js
# if: |
# needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request'
# steps:
# - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with:
# fetch-depth: 0
# - name: Cache ArgoCD CLI
# id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: |
# ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo ""
# echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo ""
# echo "----"
# - name: Verify installation
# run: |
# echo ""
# echo ">> Verifying installation ..."
# argocd version --client
# echo ""
# echo "----"
# - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with:
# token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3
# cache: true
# - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: |
# ~/.cache/helm
# ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: |
# helm-cache-${{ runner.os }}-
# - name: Add Repositories
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# echo ">> Adding repositories for chart dependencies ..."
# echo ""
# for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi
# done || true
# done
# if helm repo list > /dev/null 2>&1; then
# echo ""
# echo ">> Update repository cache ..."
# helm repo update
# fi
# echo ""
# echo "----"
# - name: Render Templates
# id: render
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in
# "stack")
# NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..."
# ;;
# "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;;
# *)
# echo ">> Standard Rendering ..."
# esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file
# done
# echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER}
# done
# echo "----"
# - name: Run App Diff
# id: diff
# env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# FAILED_CHARTS=""
# DIFF_FOUND="false"
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> Argo diff:"
# echo ""
# cat diff_output_${APP_NAME}.txt
# echo ""
# DIFF_FOUND="true"
# else
# echo ">> No Argo diff found for ${APP_NAME}"
# rm "diff_output_${APP_NAME}.txt"
# fi
# done
# echo "----"
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# exit $OVERALL_EXIT_CODE
# - name: Post Diff
# if: |
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY}
# #### App: ${APP_NAME}
# "
# if [ -z "$DIFF_CONTENT" ]; then
# COMMENT_BODY="${COMMENT_BODY} No changes detected."
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
# -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
# if: failure()
# with:
# url: '${{ secrets.NTFY_URL }}'
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure'
# priority: 3
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
# tags: action,failed
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
# image: true

24
.gitea/workflows/render-manifests.yaml
View File

@@ -31,32 +31,32 @@ jobs:
(github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps:
- name: Checkout Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set Up Helm
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
uses: actions/cache@v5
with:
path: |
~/.cache/helm
@@ -273,7 +273,7 @@ jobs:
NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server")
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"
@@ -568,7 +568,7 @@ jobs:
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -582,7 +582,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Updated
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -596,7 +596,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Merged
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
@@ -610,7 +610,7 @@ jobs:
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"

6
.gitea/workflows/renovate.yaml
View File

@@ -13,10 +13,10 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
container: ghcr.io/renovatebot/renovate:43
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
uses: actions/checkout@v6
- name: Renovate
run: renovate
@@ -25,7 +25,7 @@ jobs:
RENOVATE_ENDPOINT: ${{ vars.INSTANCE_URL }}
RENOVATE_REPOSITORIES: alexlebens/infrastructure
RENOVATE_GIT_AUTHOR: Renovate Bot <renovate-bot@alexlebens.net>
LOG_LEVEL: debug
LOG_LEVEL: info
RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
RENOVATE_GIT_PRIVATE_KEY: ${{ secrets.RENOVATE_GIT_PRIVATE_KEY }}
RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
generated: "2026-04-18T20:15:22.778699-05:00"
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
generated: "2026-03-06T01:04:41.514235218Z"

13
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Actual
keywords:
- actual
- budget
home: https://docs.alexlebens.dev/applications/actual/
home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e
sources:
- https://github.com/actualbudget/actual
- https://github.com/actualbudget/actual/pkgs/container/actual
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -18,10 +17,10 @@ dependencies:
alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# - name: volsync-target
# alias: volsync-target-data
# version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0
appVersion: 26.3.0

17
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -4,18 +4,20 @@ actual:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e
tag: 26.3.0
pullPolicy: IfNotPresent
env:
- name: ACTUAL_PORT
value: 5006
- name: TZ
value: US/Central
resources:
requests:
cpu: 10m
memory: 50Mi
memory: 128Mi
probes:
liveness:
enabled: true
@@ -39,6 +41,7 @@ actual:
http:
port: 80
targetPort: 5006
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -51,8 +54,11 @@ actual:
- actual.alexlebens.net
rules:
- backendRefs:
- name: actual
- group: ''
kind: Service
name: actual
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -63,6 +69,7 @@ actual:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.2
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-15T20:04:18.080966008Z"

32
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/argoproj/argo-helm/tree/main/charts
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.2
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.20
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.2

28
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argo-workflows
metadataPolicy: None
property: client

28
clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: argo-workflows
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: argo-workflows-server
port: 2746
weight: 100

129
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,129 @@
argo-workflows:
crds:
install: true
keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.2
controller:
metricsConfig:
enabled: true
persistence:
connectionPool:
maxIdleConns: 100
maxOpenConns: 0
nodeStatusOffLoad: true
archive: true
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 1
podCleanupWorkers: 1
cronWorkflowWorkers: 1
resources:
requests:
cpu: 10m
memory: 128Mi
serviceMonitor:
enabled: true
name: workflow-controller
workflowNamespaces:
- argocd
- argo-workflows
server:
authModes:
- sso
ingress:
enabled: false
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
useStaticCredentials: true
artifactRepository:
archiveLogs: false
argo-events:
controller:
resources:
requests:
cpu: 10m
memory: 128Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 10m
memory: 128Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.5.2
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
generated: "2026-04-19T19:53:40.43789-05:00"
version: 9.4.11
digest: sha256:7726a0806d7ab4e0c2f5942aceee4ce363decf63d54a545a91b537559e5a9f0f
generated: "2026-03-17T13:05:43.394982076Z"

8
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -4,8 +4,10 @@ version: 1.0.0
description: Argo CD
keywords:
- argo-cd
- delivery
- deployment
home: https://docs.alexlebens.dev/applications/argo-cd/
- gitops
home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f
sources:
- https://github.com/argoproj/argo-cd
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
@@ -13,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.5.2
version: 9.4.11
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.7
appVersion: v3.3.4

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "argocd.labels" -}}
{{ include "argocd.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argocd.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

70
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,40 +1,88 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-oidc-authentik
name: argocd-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-oidc-authentik
{{- include "argocd.labels" . | nindent 4 }}
app.kubernetes.io/name: argocd-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/argocd
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: secret
- secretKey: client
remoteRef:
key: /cl01tk/authentik/oidc/argocd
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/argocd
metadataPolicy: None
property: client
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-notifications-ntfy
name: argocd-notifications-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-notifications-ntfy
{{- include "argocd.labels" . | nindent 4 }}
app.kubernetes.io/name: argocd-notifications-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: ntfy-token
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl
metadataPolicy: None
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: type
- secretKey: url
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: url
- secretKey: sshPrivateKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/argocd/credentials/repo/infrastructure
metadataPolicy: None
property: sshPrivateKey

154
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -1,11 +1,12 @@
argo-cd:
crds:
install: true
keep: true
configs:
cm:
admin.enabled: true
accounts.homepage: apiKey
timeout.reconciliation: 100s
timeout.reconciliation.jitter: 60s
url: https://argocd.alexlebens.net
statusbadge.url: https://argocd.alexlebens.net/
statusbadge.enabled: true
@@ -13,8 +14,8 @@ argo-cd:
connectors:
- config:
issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client
clientSecret: $argocd-oidc-authentik:secret
clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true
scopes:
- openid
@@ -32,53 +33,12 @@ argo-cd:
g, homepage, role:readonly
controller:
replicas: 1
resources:
requests:
cpu: 100m
memory: 1Gi
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics:
enabled: true
serviceMonitor:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:
requests:
cpu: 1m
memory: 64Mi
metrics:
enabled: true
serviceMonitor:
@@ -89,57 +49,20 @@ argo-cd:
enabled: true
redis-ha:
enabled: true
image:
repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
persistentVolume:
enabled: true
redis:
resources:
requests:
cpu: 1000m
memory: 50Mi
haproxy:
enabled: true
image:
repository: haproxy
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources:
requests:
cpu: 5m
memory: 90Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
exporter:
enabled: true
image: ghcr.io/oliver006/redis_exporter
tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
interval: 30s
rules:
- alert: RedisPodDown
expr: |
redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
for: 5m
labels:
severity: critical
annotations:
description: Redis pod {{ "{{ $labels.pod }}" }} is down
summary: Redis pod {{ "{{ $labels.pod }}" }} is down
auth: false
redisSecretInit:
enabled: false
server:
replicas: 2
resources:
requests:
cpu: 20m
memory: 80Mi
extensions:
enabled: true
extensionList:
- name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics:
enabled: true
serviceMonitor:
@@ -153,59 +76,34 @@ argo-cd:
namespace: traefik
hostnames:
- argocd.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
repoServer:
replicas: 2
resources:
requests:
cpu: 1m
memory: 50Mi
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
metrics:
enabled: true
serviceMonitor:
enabled: true
applicationSet:
replicas: 2
resources:
requests:
cpu: 10m
memory: 50Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
enabled: true
notifications:
argocdUrl: https://argocd.alexlebens.net
enabled: true
context:
argocdUrl: https://argocd.alexlebens.net
secret:
create: false
name: argocd-notifications-ntfy
name: argocd-notifications-secret
metrics:
enabled: true
serviceMonitor:
@@ -216,10 +114,6 @@ argo-cd:
headers:
- name: Authorization
value: Bearer $ntfy-token
resources:
requests:
cpu: 2m
memory: 50Mi
livenessProbe:
enabled: true
readinessProbe:

7
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -7,14 +7,11 @@ keywords:
- books
- podcasts
- audiobooks
home: https://docs.alexlebens.dev/applications/audiobookshelf/
home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7
sources:
- https://github.com/advplyr/audiobookshelf
- https://github.com/caronc/apprise
- https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
- https://github.com/caronc/apprise-api/pkgs/container/apprise
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -32,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.2
appVersion: 2.33.0

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
View File

@@ -1,27 +0,0 @@
{{/*
Common labels
*/}}
{{- define "audiobookshelf.labels" -}}
{{ include "audiobookshelf.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "audiobookshelf.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "audiobookshelf.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "audiobookshelf.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "audiobookshelf.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

24
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,23 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-config-apprise
name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-apprise
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-apprise-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
name: vault
data:
- secretKey: internal-endpoint-credential
- secretKey: ntfy-url
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
property: internal-endpoint-credential
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/audiobookshelf/apprise
metadataPolicy: None
property: ntfy-url

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.booksNfsName" . }}
name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.booksNfsName" . }}
volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -37,13 +39,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }}
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.booksNfsName" . }}
name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }}
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

36
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -4,29 +4,28 @@ audiobookshelf:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
tag: 2.33.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 1m
memory: 200Mi
cpu: 10m
memory: 128Mi
apprise-api:
image:
repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
repository: caronc/apprise
tag: v1.3.2
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PGID
value: "1000"
- name: PUID
@@ -40,8 +39,12 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS
valueFrom:
secretKeyRef:
name: audiobookshelf-config-apprise
name: audiobookshelf-apprise-config
key: ntfy-url
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -49,9 +52,11 @@ audiobookshelf:
http:
port: 80
targetPort: 80
protocol: HTTP
apprise:
port: 8000
targetPort: 8000
protocol: HTTP
serviceMonitor:
main:
selector:
@@ -77,8 +82,11 @@ audiobookshelf:
- audiobookshelf.alexlebens.net
rules:
- backendRefs:
- name: audiobookshelf
- group: ''
kind: Service
name: audiobookshelf
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -89,6 +97,7 @@ audiobookshelf:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
@@ -99,6 +108,7 @@ audiobookshelf:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
generated: "2026-04-13T20:32:12.748342469Z"
version: 0.4.0
digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-03-15T20:04:35.99407071Z"

15
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -6,30 +6,33 @@ keywords:
- authentik
- sso
- oidc
- ldap
- idp
- authentication
home: https://docs.alexlebens.dev/applications/authentik/
home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d
sources:
- https://github.com/goauthentik/authentik
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/goauthentik/helm
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "authentik.labels" -}}
{{ include "authentik.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "authentik.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

12
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,17 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-key
name: authentik-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-key
{{- include "authentik.labels" . | nindent 4 }}
app.kubernetes.io/name: authentik-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/authentik/key
metadataPolicy: None
property: key

7
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-tailscale
name: authentik-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
app.kubernetes.io/name: authentik-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics
{{- include "authentik.labels" . | nindent 4 }}
annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec:

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access
{{- include "authentik.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
from:
- group: gateway.networking.k8s.io

69
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-key
name: authentik-key-secret
key: key
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:
@@ -30,23 +30,8 @@ authentik:
redis:
host: authentik-valkey
server:
replicas: 2
resources:
requests:
cpu: 20m
memory: 700Mi
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: server
replicas: 1
metrics:
enabled: true
serviceMonitor:
@@ -54,6 +39,8 @@ authentik:
route:
main:
enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames:
- authentik.alexlebens.net
parentRefs:
@@ -61,26 +48,23 @@ authentik:
kind: Gateway
name: traefik-gateway
namespace: traefik
httpsRedirect: false
matches:
- path:
type: PathPrefix
value: /
worker:
name: worker
replicas: 2
resources:
requests:
cpu: 80m
memory: 650Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
replicas: 1
prometheus:
rules:
enabled: true
postgresql:
enabled: false
redis:
enabled: false
postgres-18-cluster:
mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery:
method: objectStore
objectStore:
@@ -92,9 +76,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 5 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

5
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: backrest
keywords:
- backrest
- backup
home: https://docs.alexlebens.dev/applications/backrest/
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/garethgeorge/backrest
- https://github.com/garethgeorge/backrest/pkgs/container/backrest
- https://hub.docker.com/r/garethgeorge/backrest
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "backrest.labels" -}}
{{ include "backrest.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "backrest.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "backrest.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "backrest.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "backrest.storageNfsName" . }}
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "backrest.storageNfsName" . }}
volumeName: backrest-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "backrest.shareNfsName" . }}
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "backrest.shareNfsName" . }}
volumeName: backrest-nfs-share
storageClassName: nfs-client
accessModes:
- ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "backrest.storageNfsName" . }}
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "backrest.shareNfsName" . }}
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

30
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -7,8 +7,9 @@ backrest:
containers:
main:
image:
repository: ghcr.io/garethgeorge/backrest
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0
repository: garethgeorge/backrest
tag: v1.12.1
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
@@ -22,8 +23,8 @@ backrest:
value: /tmp
resources:
requests:
cpu: 1m
memory: 30Mi
cpu: 10m
memory: 256Mi
service:
main:
controller: main
@@ -31,19 +32,7 @@ backrest:
http:
port: 80
targetPort: 9898
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: backrest
app.kubernetes.io/instance: backrest
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: http
scheme: http
path: /metrics
interval: 300s
scrapeTimeout: 15s
protocol: TCP
route:
main:
kind: HTTPRoute
@@ -56,8 +45,11 @@ backrest:
- backrest.alexlebens.net
rules:
- backendRefs:
- name: backrest
- group: ''
kind: Service
name: backrest
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -68,6 +60,7 @@ backrest:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
@@ -78,6 +71,7 @@ backrest:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:

11
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -4,17 +4,14 @@ version: 1.0.0
description: Bazarr
keywords:
- bazarr
- subtitles
- servarr
home: https://docs.alexlebens.dev/applications/bazarr/
- subtitles
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -27,5 +24,5 @@ dependencies:
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
appVersion: v1.5.6-ls342
# renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: 1.5.6

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "bazarr.labels" -}}
{{ include "bazarr.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "bazarr.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "bazarr.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

17
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-key
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-key
{{- include "bazarr.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: key
remoteRef:
key: /cl01tl/bazarr/key
property: key

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "bazarr.storageNfsName" . }}
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
{{- include "bazarr.labels" . | nindent 4 }}
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{ .Template.Name }}
volumeName: bazarr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "bazarr.storageNfsName" . }}
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
{{- include "bazarr.labels" . | nindent 4 }}
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

49
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -4,6 +4,7 @@ bazarr:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
pod:
securityContext:
runAsUser: 1000
@@ -14,10 +15,11 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
@@ -25,26 +27,7 @@ bazarr:
resources:
requests:
cpu: 10m
memory: 250Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["bazarr"]
env:
- name: URL
value: http://localhost:6767
- name: PORT
value: 9792
- name: APIKEY
valueFrom:
secretKeyRef:
name: bazarr-key
key: key
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
memory: 256Mi
service:
main:
controller: main
@@ -52,21 +35,7 @@ bazarr:
http:
port: 80
targetPort: 6767
metrics:
port: 9792
targetPort: 9792
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -79,8 +48,11 @@ bazarr:
- bazarr.alexlebens.net
rules:
- backendRefs:
- name: bazarr
- group: ''
kind: Service
name: bazarr
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -91,6 +63,7 @@ bazarr:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
generated: "2026-04-13T20:32:34.844998902Z"
version: 0.4.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-09T23:06:16.853255429Z"

7
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -5,12 +5,11 @@ description: Blocky
keywords:
- blocky
- dns
home: https://docs.alexlebens.dev/applications/blocky/
home: https://wiki.alexlebens.dev/s/cf70113d-20bc-48ad-afb8-1e22ed3fd62a
sources:
- https://github.com/0xERR0R/blocky
- https://github.com/0xERR0R/blocky/pkgs/container/blocky
- https://hub.docker.com/r/spx01/blocky
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -20,7 +19,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

23
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -4,18 +4,20 @@ blocky:
type: deployment
replicas: 3
strategy: RollingUpdate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/0xerr0r/blocky
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
resources:
requests:
cpu: 10m
memory: 100Mi
memory: 128Mi
configMaps:
config:
enabled: true
@@ -96,56 +98,54 @@ blocky:
traefik-cl01tl IN A 10.232.1.21
blocky IN A 10.232.1.22
plex-lb IN A 10.232.1.23
cilium-cl01tl IN A 10.232.1.23
;; Application Names
actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl
bao IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl
booklore IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
foldergram IN CNAME traefik-cl01tl
garage-s3 IN CNAME traefik-cl01tl
garage-webui IN CNAME traefik-cl01tl
gatus IN CNAME traefik-cl01tl
gitea IN CNAME traefik-cl01tl
grafana IN CNAME traefik-cl01tl
grimmory IN CNAME traefik-cl01tl
harbor IN CNAME traefik-cl01tl
headlamp IN CNAME traefik-cl01tl
home IN CNAME traefik-cl01tl
home-assistant IN CNAME traefik-cl01tl
home-assistant-code-server IN CNAME traefik-cl01tl
houndarr IN CNAME traefik-cl01tl
hubble IN CNAME traefik-cl01tl
immich IN CNAME traefik-cl01tl
jellyfin IN CNAME traefik-cl01tl
jellystat IN CNAME traefik-cl01tl
kiwix IN CNAME traefik-cl01tl
komodo IN CNAME traefik-cl01tl
languagetool IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl
photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
postiz IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl
@@ -161,7 +161,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

7
clusters/cl01tl/helm/grimmory/Chart.lock → clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -8,5 +8,8 @@ dependencies:
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ee403da03c1bcc0289a9abdef0508344072d51173da996eda69b8305d5feefa
generated: "2026-03-23T20:35:19.743257-05:00"
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"

33
clusters/cl01tl/helm/booklore/Chart.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v2
name: booklore
version: 1.0.0
description: booklore
keywords:
- booklore
- books
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/booklore-app/BookLore
- https://github.com/booklore-app/booklore/pkgs/container/booklore
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: booklore
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1

38
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml → clusters/cl01tl/helm/booklore/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-database-secret
name: booklore-database-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-database-secret
app.kubernetes.io/name: booklore-database-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -14,17 +14,20 @@ spec:
data:
- secretKey: password
remoteRef:
key: /cl01tl/grimmory/database
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/database
metadataPolicy: None
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-data-replication-secret
name: booklore-data-replication-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-data-replication-secret
app.kubernetes.io/name: booklore-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -34,17 +37,20 @@ spec:
data:
- secretKey: psk.txt
remoteRef:
key: /cl01tl/grimmory/replication
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/booklore/replication
metadataPolicy: None
property: psk.txt
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-mariadb-cluster-backup-secret-external
name: booklore-mariadb-cluster-backup-secret-external
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external
app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-external
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -54,21 +60,27 @@ spec:
data:
- secretKey: access
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: access
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/mariadb-backups
metadataPolicy: None
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-mariadb-cluster-backup-secret-garage
name: booklore-mariadb-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage
app.kubernetes.io/name: booklore-mariadb-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -78,9 +90,15 @@ spec:
data:
- secretKey: access
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: access
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/mariadb-backups
metadataPolicy: None
property: secret

4
clusters/cl01tl/helm/grimmory/templates/namespace.yaml → clusters/cl01tl/helm/booklore/templates/namespace.yaml
View File

@@ -1,11 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: grimmory
name: booklore
annotations:
volsync.backube/privileged-movers: "true"
labels:
app.kubernetes.io/name: grimmory
app.kubernetes.io/name: booklore
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged

12
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grimmory-books-nfs-storage
name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-books-nfs-storage
app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: grimmory-books-nfs-storage
volumeName: booklore-books-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -20,14 +20,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grimmory-books-import-nfs-storage
name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage
app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: grimmory-books-import-nfs-storage
volumeName: booklore-books-import-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

8
clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml → clusters/cl01tl/helm/booklore/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: grimmory-books-nfs-storage
name: booklore-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-books-nfs-storage
app.kubernetes.io/name: booklore-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -26,10 +26,10 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: grimmory-books-import-nfs-storage
name: booklore-books-import-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-books-import-nfs-storage
app.kubernetes.io/name: booklore-books-import-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:

112
clusters/cl01tl/helm/grimmory/values.yaml → clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -1,18 +1,16 @@
grimmory:
booklore:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/grimmory-tools/grimmory
tag: v2.3.0@sha256:9014247f591074529894f81115ca40f899db697e89f72c2fe91ec530e3f19597
repository: ghcr.io/booklore-app/booklore
tag: v2.2.1
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
@@ -21,22 +19,22 @@ grimmory:
- name: GROUP_ID
value: 1000
- name: DATABASE_URL
value: jdbc:mariadb://grimmory-mariadb-cluster-primary.grimmory:3306/booklore
value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME
value: grimmory
value: booklore
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: grimmory-database-secret
name: booklore-database-secret
key: password
- name: GRIMMORY_PORT
- name: BOOKLORE_PORT
value: 6060
- name: SWAGGER_ENABLED
value: false
resources:
requests:
cpu: 10m
memory: 1Gi
cpu: 50m
memory: 128Mi
service:
main:
controller: main
@@ -44,6 +42,7 @@ grimmory:
http:
port: 80
targetPort: 6060
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -53,26 +52,41 @@ grimmory:
name: traefik-gateway
namespace: traefik
hostnames:
- grimmory.alexlebens.net
- booklore.alexlebens.net
rules:
- backendRefs:
- name: grimmory
- group: ''
kind: Service
name: booklore
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: grimmory-config
forceRename: booklore-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
data:
forceRename: booklore-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
retain: true
advancedMounts:
main:
main:
- path: /data
readOnly: false
books-import:
type: emptyDir
advancedMounts:
@@ -80,15 +94,8 @@ grimmory:
main:
- path: /bookdrop
readOnly: false
data:
existingClaim: grimmory-books-nfs-storage
advancedMounts:
main:
main:
- path: /data
readOnly: false
ingest:
existingClaim: grimmory-books-import-nfs-storage
existingClaim: booklore-books-import-nfs-storage
advancedMounts:
main:
main:
@@ -98,7 +105,7 @@ mariadb-cluster:
mariadb:
rootPasswordSecretKeyRef:
generate: false
name: grimmory-database-secret
name: booklore-database-secret
key: password
storage:
size: 5Gi
@@ -108,14 +115,14 @@ mariadb-cluster:
bootstrapFrom:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory
prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com
region: us-east-1
accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external
name: booklore-mariadb-cluster-backup-secret-external
key: access
secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external
name: booklore-mariadb-cluster-backup-secret-external
key: secret
tls:
enabled: true
@@ -127,22 +134,21 @@ mariadb-cluster:
cleanupPolicy: Delete
requeueInterval: 10h
users:
- name: grimmory
- name: booklore
passwordSecretKeyRef:
name: grimmory-database-secret
name: booklore-database-secret
key: password
host: '%'
maxUserConnections: 100
cleanupPolicy: Delete
requeueInterval: 10h
retryInterval: 30s
grants:
- name: grimmory
- name: booklore
privileges:
- "ALL PRIVILEGES"
database: "booklore"
table: "*"
username: grimmory
username: booklore
grantOption: true
host: '%'
cleanupPolicy: Delete
@@ -160,14 +166,14 @@ mariadb-cluster:
storage:
s3:
bucket: mariadb-backups-b230a2f5aecf080a4b372c08
prefix: cl01tl/grimmory
prefix: cl01tl/booklore
endpoint: nyc3.digitaloceanspaces.com
region: us-east-1
accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external
name: booklore-mariadb-cluster-backup-secret-external
key: access
secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-external
name: booklore-mariadb-cluster-backup-secret-external
key: secret
tls:
enabled: true
@@ -182,14 +188,14 @@ mariadb-cluster:
storage:
s3:
bucket: mariadb-backups
prefix: cl01tl/grimmory
prefix: cl01tl/booklore
endpoint: garage-ps10rp.boreal-beaufort.ts.net:3900
region: us-east-1
accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage
name: booklore-mariadb-cluster-backup-secret-garage
key: access
secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
tls:
enabled: true
@@ -204,20 +210,17 @@ mariadb-cluster:
storage:
s3:
bucket: mariadb-backups
prefix: cl01tl/grimmory
prefix: cl01tl/booklore
endpoint: garage-main.garage:3900
region: us-east-1
accessKeyIdSecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage
name: booklore-mariadb-cluster-backup-secret-garage
key: access
secretAccessKeySecretKeyRef:
name: grimmory-mariadb-cluster-backup-secret-garage
name: booklore-mariadb-cluster-backup-secret-garage
key: secret
volsync-target-config:
pvcTarget: grimmory-config
moverSecurityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
pvcTarget: booklore-config
local:
enabled: true
schedule: 12 8 * * *
@@ -227,3 +230,20 @@ volsync-target-config:
external:
enabled: true
schedule: 12 10 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
enabled: true
schedule: 14 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.20.2
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
generated: "2026-04-13T23:02:59.380767677Z"
version: v1.20.0
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-03-10T16:06:49.332999536Z"

9
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords:
- cert-manager
- certificates
home: https://docs.alexlebens.dev/applications/cert-manager/
- kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources:
- https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -13,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.20.2
version: v1.20.0
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.2
appVersion: v1.20.0

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cert-manager.labels" -}}
{{ include "cert-manager.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cert-manager.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "cert-manager.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "cert-manager.cloudflareSecretKey" -}}
api-token
{{- end -}}

8
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,10 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
{{- include "cert-manager.labels" . | nindent 4 }}
spec:
acme:
email: alexanderlebens@gmail.com
@@ -21,5 +17,5 @@ spec:
cloudflare:
email: alexanderlebens@gmail.com
apiTokenSecretRef:
name: {{- include "cert-manager.cloudflareSecretName" . }}
key: {{- include "cert-manager.cloudflareSecretKey" . }}
name: cloudflare-api-token
key: api-token

16
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,17 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: {{- include "cert-manager.cloudflareSecretName" . }}
name: cloudflare-api-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
{{- include "cert-manager.labels" . | nindent 4 }}
app.kubernetes.io/name: cloudflare-api-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
- secretKey: api-token
remoteRef:
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true
keep: true
replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs:
- --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus:
enabled: true
servicemonitor:
enabled: true
honorLabels: true

9
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Cilium
keywords:
- cilium
- operator
- cni
- network
home: https://docs.alexlebens.dev/applications/cilium/
- kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources:
- https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium
- https://github.com/cilium/charts
maintainers:
- name: alexlebens
dependencies:
@@ -18,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.18.6
appVersion: 1.19.1

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cilium.labels" -}}
{{ include "cilium.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cilium.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: default-ip-pool
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bgp-ip-pool
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

3
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hubble
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane:
enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf:
hostLegacyRouting: true
devices: end0 enp6s0
ciliumEndpointSlice:
enabled: true
ingressController:
enabled: false
gatewayAPI:
enabled: true
enableAppProtocol: true
enableAlpn: true
secretsNamespace:
create: false
name: kube-system
enableAppProtocol: true
gatewayClass:
create: auto
externalIPs:
enabled: true
socketLB:
enabled: true
hostNamespaceOnly: true
hubble:
enabled: true
metrics:
serviceMonitor:
enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true
ui:
enabled: true
ingress:
enabled: false
ipam:
mode: "kubernetes"
ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6:
enabled: false
kubeProxyReplacement: true
l7Proxy: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
trustCRDsExist: true
enabled: true
envoy:
enabled: true
securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON
- BPF
prometheus:
enabled: true
serviceMonitor:
enabled: true
operator:
enabled: true
rollOutPods: true
prometheus:
enabled: true
serviceMonitor:
enabled: true
cgroup:

8
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/
version: 0.28.0
version: 0.27.1
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.6.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
generated: "2026-04-14T09:03:10.332065288Z"
version: 0.5.0
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-02-05T19:36:19.473447121Z"

13
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,22 +6,21 @@ keywords:
- cloudnative-pg
- operator
- postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/
- kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources:
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers:
- name: alexlebens
dependencies:
- name: cloudnative-pg
version: 0.28.0
version: 0.27.1
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.6.0
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0
appVersion: 1.28.1

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg:
replicaCount: 2
resources:
requests:
cpu: 10m
memory: 100Mi
monitoring:
podMonitorEnabled: true
plugin-barman-cloud:
replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds:
create: true
resources:
requests:
cpu: 1m
memory: 20Mi

6
clusters/cl01tl/helm/foldergram/Chart.lock → clusters/cl01tl/helm/code-server/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
generated: "2026-04-11T15:26:16.743784-05:00"
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
- ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources:
- https://github.com/coder/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.108.1

28
clusters/cl01tl/helm/code-server/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

56
clusters/cl01tl/helm/houndarr/values.yaml → clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -1,36 +1,40 @@
houndarr:
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: HOUNDARR_SECURE_COOKIES
value: true
- name: HOUNDARR_TRUSTED_PROXIES
value: 10.96.0.0/12
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 1m
memory: 60Mi
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 8877
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
@@ -40,28 +44,32 @@ houndarr:
name: traefik-gateway
namespace: traefik
hostnames:
- houndarr.alexlebens.net
- code-server.alexlebens.net
rules:
- backendRefs:
- name: houndarr
port: 80
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: houndarr-data
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /data
- path: /config
readOnly: false
volsync-target-data:
pvcTarget: houndarr-data
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
@@ -69,10 +77,10 @@ volsync-target-data:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 40 11 * * *
schedule: 16 8 * * *
remote:
enabled: true
schedule: 40 12 * * *
schedule: 16 9 * * *
external:
enabled: true
schedule: 40 14 * * *
schedule: 16 10 * * *

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords:
- coredns
- dns
home: https://docs.alexlebens.dev/applications/coredns/
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/coredns/coredns
- https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns
version: 1.45.2
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
tag: v1.14.2
replicaCount: 3
resources:
limits:
cpu: null
memory: null
requests:
cpu: 30m
memory: 30Mi
cpu: 50m
memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus:
service:
enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor:
enabled: true
namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount:
create: true
name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers:
- zones:
- zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.111.232.172
- zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors
- name: cache
parameters: 30
- name: prometheus
parameters: :9153
- name: forward
parameters: . 10.97.20.219
nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists
effect: NoSchedule
deployment:
skipConfig: false
enabled: true
name: coredns

17
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,18 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
generated: "2026-04-13T20:32:54.380897459Z"
version: 0.4.0
digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-03-15T20:04:49.68456485Z"

24
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,14 +5,10 @@ description: Dawarich
keywords:
- dawarich
- location
home: https://docs.alexlebens.dev/applications/dawarich/
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -22,24 +18,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-public
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-watched
version: 0.8.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1
appVersion: 1.3.4

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "dawarich.labels" -}}
{{ include "dawarich.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dawarich.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

31
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,40 +1,51 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-key
name: dawarich-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-key
{{- include "dawarich.labels" . | nindent 4 }}
app.kubernetes.io/name: dawarich-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-oidc-authentik
{{- include "dawarich.labels" . | nindent 4 }}
app.kubernetes.io/name: dawarich-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: client
remoteRef:
key: /cl01tl/authentik/oidc/dawarich
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/dawarich
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret

116
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command:
- "web-entrypoint.sh"
args:
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
tag: 1.3.4
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
env:
- name: RAILS_ENV
value: production
@@ -61,12 +56,12 @@ dawarich:
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
@@ -81,7 +76,7 @@ dawarich:
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
@@ -91,14 +86,14 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- /bin/sh
- -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10
resources:
requests:
cpu: 20m
memory: 750Mi
cpu: 10m
memory: 128Mi
sidekiq:
image:
repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command:
- "sidekiq-entrypoint.sh"
args:
- "sidekiq"
tag: 1.3.4
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
env:
- name: RAILS_ENV
value: production
@@ -191,19 +185,23 @@ dawarich:
value: true
probes:
liveness:
enabled: true
enabled: false
custom: true
spec:
exec:
command:
- pgrep
- -f
- sidekiq
- /bin/sh
- -c
- pgrep -f sidekiq
failureThreshold: 5
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
@@ -211,9 +209,11 @@ dawarich:
http:
port: 80
targetPort: 3000
protocol: TCP
metrics:
port: 9394
targetPort: 9394
protocol: TCP
serviceMonitor:
main:
selector:
@@ -238,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net
rules:
- backendRefs:
- name: dawarich
- group: ""
kind: Service
name: dawarich
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -250,6 +253,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -263,6 +267,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
retain: true
advancedMounts:
main:
main:
@@ -276,6 +281,7 @@ dawarich:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
@@ -307,42 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
volsync-target-storage:
pvcTarget: dawarich-storage
local:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
external:
enabled: true
schedule: 6 10 * * *
volsync-target-public:
pvcTarget: dawarich-public
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
volsync-target-watched:
pvcTarget: dawarich-watched
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external

6
clusters/cl01tl/helm/decluttarr/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
generated: "2026-02-23T22:08:42.516245-06:00"

20
clusters/cl01tl/helm/decluttarr/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v2
name: decluttarr
version: 1.0.0
description: decluttarr
keywords:
- decluttarr
- servarr
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/ManiMatter/decluttarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: decluttarr
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
appVersion: v2.0.0

13
clusters/cl01tl/helm/ntfy/templates/external-secret.yaml → clusters/cl01tl/helm/decluttarr/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ntfy-config-secret
name: decluttarr-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: ntfy-config-secret
app.kubernetes.io/name: decluttarr-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,7 +12,10 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: attachment-cache-dir
- secretKey: config.yaml
remoteRef:
key: /garage/home-infra/ntfy-attachments
property: attachment-cache-dir
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/decluttarr/config
metadataPolicy: None
property: config.yaml

32
clusters/cl01tl/helm/decluttarr/values.yaml Normal file
View File

@@ -0,0 +1,32 @@
decluttarr:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/manimatter/decluttarr
tag: v2.0.0
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
persistence:
config:
enabled: true
type: secret
name: decluttarr-config-secret
advancedMounts:
main:
main:
- path: /app/config/config.yaml
readOnly: true
mountPropagation: None
subPath: config.yaml

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords:
- democratic-csi-synology-iscsi
- iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/
- kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources:
- https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -14,5 +14,8 @@ spec:
data:
- secretKey: driver-config-file.yaml
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml

32
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,35 +1,15 @@
democratic-csi:
driver:
image:
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config-secret
config:
driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver:
name: "org.democratic-csi.iscsi-synology"
controller:
replicaCount: 3
externalAttacher:
image:
registry: registry.k8s.io/sig-storage/csi-attacher
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
enabled: true
rbac:
enabled: true
replicaCount: 2
storageClasses:
- name: synology-iscsi-delete
defaultClass: false
@@ -55,7 +35,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

4
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Descheduler
keywords:
- descheduler
- kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/
- kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources:
- https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers:
- name: alexlebens

44
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,25 +1,27 @@
descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment
resources:
limits:
cpu: null
memory: null
requests:
cpu: 10m
memory: 50Mi
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m
replicas: 3
replicas: 1
leaderElection:
enabled: true
leaseDuration: 15s
renewDeadline: 10s
retryPeriod: 2s
resourceLock: "leases"
resourceName: "descheduler"
resourceNamespace: "descheduler"
enabled: false
command:
- "/bin/descheduler"
cmdOptions:
v: 3
deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
deschedulerPolicy:
profiles:
- name: default
@@ -51,13 +53,13 @@ descheduler:
- name: LowNodeUtilization
args:
thresholds:
cpu: 20
memory: 20
pods: 20
cpu: 30
memory: 30
pods: 50
targetThresholds:
cpu: 50
memory: 50
pods: 60
cpu: 60
memory: 40
pods: 80
plugins:
balance:
enabled:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
version: 7.10.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
generated: "2026-04-13T20:33:13.909018545Z"
version: 0.4.0
digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-03-15T20:05:03.156596646Z"

16
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus
keywords:
- directus
- content-management-system
home: https://docs.alexlebens.dev/applications/descheduler/
- cms
home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources:
- https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers:
- name: alexlebens
dependencies:
@@ -21,12 +23,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.3
appVersion: 11.16.1

39
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -14,19 +14,31 @@ spec:
data:
- secretKey: admin-email
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email
- secretKey: admin-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: key
---
@@ -46,11 +58,17 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
---
@@ -70,7 +88,10 @@ spec:
data:
- secretKey: metric-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token
---
@@ -90,15 +111,24 @@ spec:
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
---
@@ -118,13 +148,22 @@ spec:
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password

39
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,13 @@ directus:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
repository: directus/directus
tag: 11.16.1
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net
@@ -142,7 +144,7 @@ directus:
resources:
requests:
cpu: 10m
memory: 300Mi
memory: 256Mi
service:
main:
controller: main
@@ -150,6 +152,7 @@ directus:
http:
port: 80
targetPort: 8055
protocol: TCP
serviceMonitor:
main:
selector:
@@ -177,8 +180,11 @@ directus:
- directus.alexlebens.net
rules:
- backendRefs:
- name: directus
- group: ''
kind: Service
name: directus
port: 80
weight: 100
matches:
- path:
type: PathPrefix
@@ -196,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey:
valkey:
auth:
@@ -210,7 +239,5 @@ valkey:
aclUsers:
default:
permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics:
enabled: false

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: eck-operator
repository: https://helm.elastic.co
version: 3.3.2
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177
generated: "2026-04-01T21:30:02.975920565Z"
version: 3.3.1
digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-02-25T18:48:55.77034549Z"

9
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator
- operator
- elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources:
- https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -14,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: eck-operator
version: 3.3.2
version: 3.3.1
repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2
appVersion: v3.3.1

9
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,16 +1,9 @@
eck-operator:
managedNamespaces:
- stalwart
- tubearchivist
- stalwart
installCRDs: true
replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry:
disabled: true
config:

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.34
version: 1.4.32
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
generated: "2026-04-10T01:17:19.932208699Z"
version: 2.4.0
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-11T16:04:17.556777286Z"

14
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,22 +4,24 @@ version: 1.0.0
description: Element Web
keywords:
- element-web
- matrix-chat
home: https://docs.alexlebens.dev/applications/element-web/
- chat
- matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources:
- https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.34
version: 1.4.32
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15
appVersion: v1.12.12

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
repository: vectorim/element-web
tag: v1.12.12
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true
default_theme: dark
default_country_code: US
ingress:
enabled: false
resources:
requests:
cpu: 1m
memory: 10Mi
cpu: 10m
memory: 128Mi

Some files were not shown because too many files have changed in this diff Show More