alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Activity

Compare commits

base: alexlebens:tmp/secrets-3
Branches Tags
alexlebens:main alexlebens:renovate/unified-mail-server alexlebens:renovate/unified-stalwart alexlebens:auto/update-manifests alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:tmp/secrets-3 alexlebens:manifests
..
compare: alexlebens:37fa34268d16f11c7196207ed1ee4d2d0b7271af
Branches Tags
alexlebens:renovate/unified-mail-server alexlebens:renovate/unified-stalwart alexlebens:auto/update-manifests alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:main alexlebens:tmp/secrets-3 alexlebens:manifests

1 Commits
tmp/secret ... 37fa34268d

Author SHA1 Message Date
Renovate Bot
37fa34268d chore(deps): update medialyze to v0.6.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 31s
Details
lint-test-helm / argo-diff (pull_request) Successful in 38s
Details
render-manifests / render-manifests (pull_request) Successful in 1m48s
Details
2026-04-12 14:06:00 +00:00
190 changed files with 940 additions and 1903 deletions
Expand all files Collapse all files

397
.gitea/workflows/lint-test-helm.yaml
View File

@@ -378,232 +378,249 @@ jobs:
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
# argo-diff: argo-diff:
# needs: lint-helm needs: lint-helm
# runs-on: ubuntu-js runs-on: ubuntu-js
# if: | if: |
# needs.lint-helm.result == 'success' && needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' && needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request' github.event_name == 'pull_request'
# steps: steps:
# - name: Checkout - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with: with:
# fetch-depth: 0 fetch-depth: 0
# - name: Cache ArgoCD CLI - name: Cache ArgoCD CLI
# id: cache-argocd id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with: with:
# path: /usr/local/bin/argocd path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }} key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: | restore-keys: |
# ${{ runner.os }}-argocd- ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true' if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: | run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..." echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64 curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo "" echo ""
# echo ">> Installing ArgoCD CLI ..." echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo "" echo ""
# echo "----" echo "----"
# - name: Verify installation - name: Verify installation
# run: | run: |
# echo "" echo ""
# echo ">> Verifying installation ..." echo ">> Verifying installation ..."
# argocd version --client argocd version --client
# echo "" echo ""
# echo "----" echo "----"
# - name: Set Up Helm - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5 uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with: with:
# token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3 version: v4.1.3
# cache: true cache: true
# - name: Cache Helm Dependencies - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with: with:
# path: | path: |
# ~/.cache/helm ~/.cache/helm
# ~/.config/helm ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }} key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: | restore-keys: |
# helm-cache-${{ runner.os }}- helm-cache-${{ runner.os }}-
# - name: Add Repositories - name: Add Repositories
# env: env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
# echo "" echo ""
# for DIR in ${CHANGED_CHARTS}; do for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \ helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \ | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \ | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}" echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}" helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi fi
# done || true done || true
# done done
# if helm repo list > /dev/null 2>&1; then if helm repo list > /dev/null 2>&1; then
# echo "" echo ""
# echo ">> Update repository cache ..." echo ">> Update repository cache ..."
# helm repo update helm repo update
# fi fi
# echo "" echo ""
# echo "----" echo "----"
# - name: Render Templates - name: Render Templates
# id: render id: render
# env: env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# for APP_NAME in ${CHANGED_CHARTS}; do for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..." echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}" CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/" OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# helm dependency build "${CHART_PATH}" --skip-refresh helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}" NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in case "${APP_NAME}" in
# "stack") "stack")
# NAMESPACE="argocd" NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering into 'argocd' namespace ..."
# ;; ;;
# "cilium" | "coredns" | "metrics-server") "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system" NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;; ;;
# *) *)
# echo ">> Standard Rendering ..." echo ">> Standard Rendering ..."
# esac esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file yq -i '... comments=""' $file
# done done
# echo "" echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}" echo ">> Templates in outpute folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER} ls ${OUTPUT_FOLDER}
# done done
# echo "----" echo "----"
# - name: Run App Diff - name: Run App Diff
# id: diff id: diff
# env: env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }} ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }} ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }} CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: | run: |
# FAILED_CHARTS="" # argo diff outputs 1 on any diff, but this is expected, only error on output 2+
# DIFF_FOUND="false" set +e
OVERALL_EXIT_CODE=0
FAILED_CHARTS=""
DIFF_FOUND="false"
# for APP_NAME in ${CHANGED_CHARTS}; do for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..." echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
# if [ -s "diff_output_${APP_NAME}.txt" ]; then argocd app diff "${APP_NAME}" \
# echo ">> Argo diff:" --server "${ARGOCD_SERVER}" \
# echo "" --revision ${{ gitea.sha }} \
# cat diff_output_${APP_NAME}.txt --grpc-web > diff_output_${APP_NAME}.txt
# echo ""
# DIFF_FOUND="true" EXIT_CODE=$?
# else if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> No Argo diff found for ${APP_NAME}" echo ">> Argo diff:"
# rm "diff_output_${APP_NAME}.txt" echo ""
cat diff_output_${APP_NAME}.txt
echo ""
# fi DIFF_FOUND="true"
# done
# echo "----" else
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT" echo ">> No Argo diff found for ${APP_NAME}"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT" rm "diff_output_${APP_NAME}.txt"
# exit $OVERALL_EXIT_CODE fi
# - name: Post Diff if [ $EXIT_CODE -eq 2 ]; then
# if: | echo ">> ArgoCD diff failed for ${APP_NAME} due to a manifest error"
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do OVERALL_EXIT_CODE=1
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY} if [ -z "${FAILED_CHARTS}" ]; then
# #### App: ${APP_NAME} FAILED_CHARTS="${APP_NAME}"
# "
# if [ -z "$DIFF_CONTENT" ]; then else
# COMMENT_BODY="${COMMENT_BODY} No changes detected." FAILED_CHARTS="${FAILED_CHARTS}, ${APP_NAME}"
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \ fi
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \ fi
# -H "Authorization: token ${GITEA_TOKEN}" \ done
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed echo "----"
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# if: failure() echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# with:
# url: '${{ secrets.NTFY_URL }}' exit $OVERALL_EXIT_CODE
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure' - name: Post Diff
# priority: 3 if: |
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' always() &&
# tags: action,failed steps.diff.outputs.diff-detected == 'true' &&
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}" gitea.event.pull_request.number != null
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' env:
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# image: true run: |
COMMENT_BODY="### ArgoCD Diff Results
"
for f in diff_output_*.txt; do
APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
DIFF_CONTENT=$(cat "$f")
COMMENT_BODY="${COMMENT_BODY}
#### App: ${APP_NAME}
"
if [ -z "$DIFF_CONTENT" ]; then
COMMENT_BODY="${COMMENT_BODY} No changes detected."
else
COMMENT_BODY="${COMMENT_BODY}
\`\`\`diff
${DIFF_CONTENT}
\`\`\`"
fi
done
curl -X 'POST' \
"${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
- name: ntfy Failed
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'ArgoCD Diff Failure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa container: ghcr.io/renovatebot/renovate:43.110.14@sha256:f3ba59186f17171bf2eaacc35014192d4862bf1b2af3116fb694ba9c17f04f70
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d - name: volsync-target
generated: "2026-04-18T20:15:22.778699-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
generated: "2026-03-06T01:04:41.514235218Z"

8
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -18,10 +18,10 @@ dependencies:
alias: actual alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
# - name: volsync-target - name: volsync-target
# alias: volsync-target-data alias: volsync-target-data
# version: 0.8.0 version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual # renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0 appVersion: 26.4.0

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.2 version: 9.5.0
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
generated: "2026-04-19T19:53:40.43789-05:00" generated: "2026-04-08T22:05:49.003208408Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.5.2 version: 9.5.0
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.7 appVersion: v3.3.6

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "argocd.labels" -}}
{{ include "argocd.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argocd.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

52
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,40 +1,70 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-oidc-authentik name: argocd-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-oidc-authentik app.kubernetes.io/name: argocd-oidc-secret
{{- include "argocd.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/argocd key: /authentik/oidc/argocd
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tk/authentik/oidc/argocd key: /authentik/oidc/argocd
property: client property: client
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-notifications-ntfy name: argocd-notifications-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-notifications-ntfy app.kubernetes.io/name: argocd-notifications-secret
{{- include "argocd.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /ntfy/user/cl01tl
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

6
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.alexlebens.net/application/o/argocd/ issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-authentik:secret clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-ntfy name: argocd-notifications-secret
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.2 appVersion: 2.33.1

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
View File

@@ -1,27 +0,0 @@
{{/*
Common labels
*/}}
{{- define "audiobookshelf.labels" -}}
{{ include "audiobookshelf.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "audiobookshelf.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "audiobookshelf.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "audiobookshelf.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "audiobookshelf.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

21
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,23 +1,18 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-config-apprise app.kubernetes.io/name: audiobookshelf-apprise-config
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
data: data:
- secretKey: internal-endpoint-credential - secretKey: ntfy-url
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /cl01tl/audiobookshelf/apprise
property: internal-endpoint-credential property: ntfy-url

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.booksNfsName" . }} volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }} volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -37,13 +39,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }} volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,7 +12,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5 tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS - name: APPRISE_STATELESS_URLS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
service: service:
main: main:

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -10,6 +10,6 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d digest: sha256:6c697902b9c4e997c961b474b55aed3c254d2ef4565f921a1caf023347878718
generated: "2026-04-13T20:32:12.748342469Z" generated: "2026-04-10T01:33:14.668094273Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik # renovate: datasource=github-releases depName=goauthentik/authentik

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "authentik.labels" -}}
{{ include "authentik.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "authentik.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: authentik-key name: authentik-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-key app.kubernetes.io/name: authentik-key-secret
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

7
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ .Release.Name }}-tailscale name: authentik-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale app.kubernetes.io/name: authentik-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
{{- include "authentik.labels" . | nindent 4 }}
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec: spec:

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access app.kubernetes.io/name: allow-outpost-cross-namespace-access
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
from: from:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

2
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authentik-key name: authentik-key-secret
key: key key: key
- name: AUTHENTIK_POSTGRESQL__HOST - name: AUTHENTIK_POSTGRESQL__HOST
valueFrom: valueFrom:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "backrest.labels" -}}
{{ include "backrest.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "backrest.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "backrest.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "backrest.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "backrest.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "backrest.storageNfsName" . }} volumeName: backrest-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "backrest.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "backrest.shareNfsName" . }} volumeName: backrest-nfs-share
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "backrest.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "backrest.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "bazarr.labels" -}}
{{ include "bazarr.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "bazarr.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "bazarr.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: bazarr-key name: bazarr-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-key app.kubernetes.io/name: bazarr-key-secret
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "bazarr.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ .Template.Name }} volumeName: bazarr-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "bazarr.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -39,7 +39,7 @@ bazarr:
- name: APIKEY - name: APIKEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: bazarr-key name: bazarr-key-secret
key: key key: key
- name: ENABLE_ADDITIONAL_METRICS - name: ENABLE_ADDITIONAL_METRICS
value: false value: false

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae digest: sha256:58bcab9a78afad1037cb9d5047becb7a836fbfb3543883f24764a1bbb8db7290
generated: "2026-04-13T20:32:34.844998902Z" generated: "2026-04-10T01:33:35.406965206Z"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky # renovate: datasource=github-releases depName=0xerr0r/blocky

2
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -106,7 +106,6 @@ blocky:
audiobookshelf IN CNAME traefik-cl01tl audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bao IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
@@ -161,7 +160,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cert-manager - name: cert-manager
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: v1.20.2 version: v1.20.1
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
generated: "2026-04-13T23:02:59.380767677Z" generated: "2026-03-28T01:35:24.542754563Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.2 version: v1.20.1
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.2 appVersion: v1.20.1

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cert-manager.labels" -}}
{{ include "cert-manager.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cert-manager.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "cert-manager.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "cert-manager.cloudflareSecretKey" -}}
api-token
{{- end -}}

7
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: letsencrypt-issuer app.kubernetes.io/name: letsencrypt-issuer
{{- include "cert-manager.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
@@ -21,5 +22,5 @@ spec:
cloudflare: cloudflare:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
apiTokenSecretRef: apiTokenSecretRef:
name: {{- include "cert-manager.cloudflareSecretName" . }} name: cloudflare-api-token
key: {{- include "cert-manager.cloudflareSecretKey" . }} key: api-token

13
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,17 +1,18 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: {{- include "cert-manager.cloudflareSecretName" . }} name: cloudflare-api-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }} app.kubernetes.io/name: cloudflare-api-token
{{- include "cert-manager.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }} - secretKey: api-token
remoteRef: remoteRef:
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate key: /cloudflare/alexlebens.net/clusterissuer
property: token property: token

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cilium.labels" -}}
{{ include "cilium.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cilium.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: default-ip-pool app.kubernetes.io/name: default-ip-pool
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.1.21" - start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/name: bgp-ip-pool
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.2.100" - start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

3
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: hubble
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 0.28.0 version: 0.28.0
- name: plugin-barman-cloud - name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.6.0 version: 0.5.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3 digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
generated: "2026-04-14T09:03:10.332065288Z" generated: "2026-04-01T20:05:40.198140255Z"

2
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 0.28.0 version: 0.28.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.6.0 version: 0.5.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg

6
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -7,7 +7,7 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
@@ -17,5 +17,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587 digest: sha256:46a4d88528ac64e1f228a8516c0fd00e45c2403bdd713140b82e7ab28506ec74
generated: "2026-04-13T20:32:54.380897459Z" generated: "2026-04-10T01:34:00.034582668Z"

2
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-storage alias: volsync-target-storage

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "dawarich.labels" -}}
{{ include "dawarich.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dawarich.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-key name: dawarich-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-key app.kubernetes.io/name: dawarich-key-secret
{{- include "dawarich.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
@@ -20,21 +21,22 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-oidc-authentik app.kubernetes.io/name: dawarich-oidc-secret
{{- include "dawarich.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich key: /authentik/oidc/dawarich
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich key: /authentik/oidc/dawarich
property: secret property: secret

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -61,12 +61,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -81,7 +81,7 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key name: dawarich-key-secret
key: key key: key
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true

6
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329 digest: sha256:1ef062c01049dc3150f24b4bf1502a1026beda856ecca88df70b61701eaf659e
generated: "2026-04-13T20:33:13.909018545Z" generated: "2026-04-10T01:34:22.131775797Z"

4
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -25,8 +25,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.3 appVersion: 11.17.2

2
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -8,7 +8,7 @@ directus:
main: main:
image: image:
repository: ghcr.io/directus/directus repository: ghcr.io/directus/directus
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5 tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
value: https://directus.alexlebens.net value: https://directus.alexlebens.net

2
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -48,7 +48,7 @@ eraser-metrics:
main: main:
image: image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42 tag: 0.149.0@sha256:dd56aed607fd02f8ac01dddb27a859c0c2cc750539abce927803778fafc736ae
command: command:
- /otelcol - /otelcol
- --config=/conf/otel-collector-config.yaml - --config=/conf/otel-collector-config.yaml

2
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -18,4 +18,4 @@ dependencies:
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.3.0 appVersion: vv2.3.0

17
clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-secrets
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: external-secrets
namespace: {{ .Release.Namespace }}

26
clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
View File

@@ -17,29 +17,3 @@ spec:
namespace: vault namespace: vault
name: vault-token name: vault-token
key: token key: token
---
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: openbao
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: openbao
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
provider:
vault:
server: http://openbao-internal.openbao:8200
path: secret
version: v2
auth:
kubernetes:
mountPath: kubernetes
role: external-secrets
serviceAccountRef:
name: external-secrets
namespace: {{ .Release.Name }}
audiences:
- openbao

2
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -70,7 +70,7 @@ foldergram:
forceRename: foldergram-data forceRename: foldergram-data
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 250Gi size: 100Gi
advancedMounts: advancedMounts:
main: main:
main: main:

2
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
# renovate: datasource=docker depName=dxflrs/garage # renovate: datasource=docker depName=dxflrs/garage
appVersion: v2.3.0 appVersion: v2.2.0

6
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -21,7 +21,7 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
@@ -50,7 +50,7 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
@@ -79,7 +79,7 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret

10
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -155,8 +155,8 @@ gatus:
- name: searxng - name: searxng
url: https://searxng.alexlebens.net url: https://searxng.alexlebens.net
<<: *defaults <<: *defaults
- name: sparkyfitness - name: roundcube
url: https://sparkyfitness.alexlebens.net url: https://mail.alexlebens.net
<<: *defaults <<: *defaults
- name: paperless-ngx - name: paperless-ngx
url: https://paperless-ngx.alexlebens.net url: https://paperless-ngx.alexlebens.net
@@ -212,9 +212,6 @@ gatus:
- name: authentik - name: authentik
url: https://authentik.alexlebens.net url: https://authentik.alexlebens.net
<<: *defaults <<: *defaults
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: stalwart - name: stalwart
url: https://stalwart.alexlebens.net url: https://stalwart.alexlebens.net
<<: *defaults <<: *defaults
@@ -266,9 +263,6 @@ gatus:
- name: vault - name: vault
url: https://vault.alexlebens.net url: https://vault.alexlebens.net
<<: *defaults <<: *defaults
- name: openbao
url: https://bao.alexlebens.net
<<: *defaults
- name: backrest - name: backrest
url: https://backrest.alexlebens.net url: https://backrest.alexlebens.net
<<: *defaults <<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.31 version: 0.20.29
digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4 digest: sha256:927c4aaf7484f3522ecd92d456f184555f4c742adc1c63b32a149cbb847e9eee
generated: "2026-04-15T01:16:30.361061773Z" generated: "2026-04-10T17:19:10.852938614Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -14,6 +14,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.31 version: 0.20.29
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

14
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,13 +1,13 @@
dependencies: dependencies:
- name: gitea - name: gitea
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 12.5.3 version: 12.5.0
- name: actions - name: actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.1.0 version: 0.0.5
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.32.0 version: 0.30.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.5.0
@@ -16,12 +16,12 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925 digest: sha256:1834a2f731f3dfd1f2c1997ef827c941f63436e3d4766b7713771f6ab147a285
generated: "2026-04-16T20:09:26.031592859Z" generated: "2026-04-10T01:34:45.637993565Z"

12
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -26,14 +26,14 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: gitea - name: gitea
version: 12.5.3 version: 12.5.0
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
- name: actions - name: actions
alias: gitea-actions alias: gitea-actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.1.0 version: 0.0.5
- name: meilisearch - name: meilisearch
version: 0.32.0 version: 0.30.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
@@ -44,11 +44,11 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-gitea alias: valkey-gitea
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-renovate alias: valkey-renovate
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-storage alias: volsync-target-storage
@@ -56,4 +56,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.26.0 appVersion: 1.25.5

2
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -194,7 +194,7 @@ gitea-actions:
registry: docker.io registry: docker.io
repository: gitea/act_runner repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner # renovate: datasource=docker depName=gitea/act_runner
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56 tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts: extraVolumeMounts:
- name: workspace-vol - name: workspace-vol
mountPath: /workspace mountPath: /workspace

8
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa digest: sha256:92931c4ed7e060931fd1aa0e4c3021cc548c1375bdd8a150ed61c858496af72c
generated: "2026-04-13T20:33:58.123069628Z" generated: "2026-04-10T01:35:19.405893161Z"

4
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -24,11 +24,11 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-unified-alerting alias: valkey-unified-alerting
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-remote-cache alias: valkey-remote-cache
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator # renovate: datasource=github-releases depName=grafana/grafana-operator

19
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -567,25 +567,6 @@ spec:
resyncPeriod: 6h resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-openbao
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-openbao
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:fc508a58ea7dffe1b92049a89c3fe2f0034d05ecdad38807bb6e02c68a1cb957 digest: sha256:b153dff647b1657cca3e2efc2ad188214496374eed1137f9ecb887184f8a4470
generated: "2026-04-13T20:34:25.515547207Z" generated: "2026-04-10T01:35:42.967388076Z"

2
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor

2
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -12,6 +12,8 @@ headlamp:
enabled: true enabled: true
name: headlamp-oidc-secret name: headlamp-oidc-secret
watchPlugins: true watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
httpRoute: httpRoute:
enabled: true enabled: true
parentRefs: parentRefs:

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core # renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.4.3 appVersion: 2026.4.1

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -12,7 +12,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2026.4.3@sha256:ae0800c81fea16bc1241ce03bddb9c6260566e90f58b09d3e5a629e4f68bdc0b tag: 2026.4.1@sha256:8848691147f01a6eee7753de2ade21b04d6168fcd2e2a7089f6f84e3b7b86960
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -23,7 +23,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd tag: 4.115.0-ls331@sha256:308f49acac8734542560f797d79b15e4c872c4d3f97d1b22862633fcce2af62a
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

30
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -285,11 +285,11 @@ homepage:
href: https://searxng.alexlebens.net/ href: https://searxng.alexlebens.net/
siteMonitor: http://searxng-browser.searxng:80 siteMonitor: http://searxng-browser.searxng:80
statusStyle: dot statusStyle: dot
- Fitness Tracker: - Email:
icon: sh-sparkyfitness.webp icon: sh-roundcube.webp
description: Sparky Fitness description: Roundcube
href: https://sparkyfitness.alexlebens.net href: https://mail.alexlebens.net
siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80 siteMonitor: http://roundcube.roundcube:80
statusStyle: dot statusStyle: dot
- Documents: - Documents:
icon: sh-paperless-ngx.webp icon: sh-paperless-ngx.webp
@@ -487,13 +487,7 @@ homepage:
href: https://authentik.alexlebens.net href: https://authentik.alexlebens.net
siteMonitor: http://authentik-server.authentik:80 siteMonitor: http://authentik-server.authentik:80
statusStyle: dot statusStyle: dot
- Email Client: - Email:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Email Server:
icon: sh-stalwart.webp icon: sh-stalwart.webp
description: Stalwart description: Stalwart
href: https://stalwart.alexlebens.net href: https://stalwart.alexlebens.net
@@ -637,18 +631,6 @@ homepage:
app.kubernetes.io/instance in ( app.kubernetes.io/instance in (
vault vault
) )
- Secrets:
icon: sh-openbao.webp
description: OpenBao
href: https://bao.alexlebens.net
siteMonitor: http://openbao.openbao:8200
statusStyle: dot
namespace: openbao
app: openbao
podSelector: >-
app.kubernetes.io/instance in (
openbao
)
- Backups: - Backups:
icon: sh-backrest-light.webp icon: sh-backrest-light.webp
description: Backrest description: Backrest

2
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
# renovate: datasource=github-releases depName=av1155/houndarr # renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.9.0 appVersion: v1.7.0

2
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -8,7 +8,7 @@ houndarr:
main: main:
image: image:
repository: ghcr.io/av1155/houndarr repository: ghcr.io/av1155/houndarr
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0 tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:73ee46c366adf205ca50a7382a404ccd0e548a2ebeb39fa5f5afbadf6e0d539f digest: sha256:cc71770c9558038b988a2d7a893fffe6ba64a77e8b0d8c403b1183e48d168cd9
generated: "2026-04-13T20:34:57.11369553Z" generated: "2026-04-10T01:36:07.229979615Z"

4
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich
appVersion: v2.7.5 appVersion: v2.7.2

2
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -8,7 +8,7 @@ immich:
main: main:
image: image:
repository: ghcr.io/immich-app/immich-server repository: ghcr.io/immich-app/immich-server
tag: v2.7.5@sha256:c15bff75068effb03f4355997d03dc7e0fc58720c2b54ad6f7f10d1bc57efaa5 tag: v2.7.2@sha256:6a2952539e2a9c8adcf6fb74850bb1ba7e1db2804050acea21baafdc9154c430
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.32.0 version: 0.30.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:09e0de3cf33b4b463b07237d547172ad72fcc77c0fcb8e5ed7542f9ee3b1df3a digest: sha256:32b9a206e77eabcdf1bbbc4d7e93067c40d6a621e4a07c1827e4d23961e2d82b
generated: "2026-04-16T14:10:45.330521031Z" generated: "2026-03-30T16:13:40.879082765Z"

2
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.32.0 version: 0.30.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config

2
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
# renovate: datasource=github-releases depName=CyferShepard/Jellystat # renovate: datasource=github-releases depName=CyferShepard/Jellystat
appVersion: 1.1.10 appVersion: 1.1.9

2
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -8,7 +8,7 @@ jellystat:
main: main:
image: image:
repository: ghcr.io/cyfershepard/jellystat repository: ghcr.io/cyfershepard/jellystat
tag: 1.1.10@sha256:bb7ebe42424dedeff52d8da4130232d67e3fdd6dc2dd4a66091e32ddd835ea42 tag: 1.1.9@sha256:f7f56aabad139faa996b8bb21a36dd3e65f7c87e10408921815b95a28a4efbaf
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

6
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.32.0 version: 0.30.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.5.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:a5074b9aa3d0ad4e8e3f0d5d10e92e7112bf1fd263d6bade8ae47e36d544cb6d digest: sha256:9939407bba4f0ac9d5ed47250490d0a80dc48881cfeb7bc924ece655fa0b5b05
generated: "2026-04-16T14:11:10.620563905Z" generated: "2026-04-10T01:17:47.911315172Z"

2
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.32.0 version: 0.30.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo # renovate: datasource=github-releases depName=moghtech/komodo
appVersion: v2.1.2 appVersion: v2.1.1

2
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -8,7 +8,7 @@ komodo:
main: main:
image: image:
repository: ghcr.io/moghtech/komodo-core repository: ghcr.io/moghtech/komodo-core
tag: 2.1.2@sha256:8a7dbba232e4e49797bb412be5f78207c89fcf22cc2727b38631ae30f7518a4c tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba
env: env:
- name: COMPOSE_LOGGING_DRIVER - name: COMPOSE_LOGGING_DRIVER
value: local value: local

8
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 83.6.0 version: 83.4.0
- name: prometheus-operator-crds - name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1 version: 28.0.1
@@ -10,6 +10,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
digest: sha256:f80cb9a91bb13c3538ffdf4bc95b0750202a76167b05a3958f5aff2220484b0c digest: sha256:94ed4d62bfc30d84c74fab1eb3439be43243952686245de16bb5b0ba15b50965
generated: "2026-04-17T16:10:54.211656328Z" generated: "2026-04-10T17:23:18.478974013Z"

4
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 83.6.0 version: 83.4.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds - name: prometheus-operator-crds
version: 28.0.1 version: 28.0.1
@@ -31,7 +31,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator

2
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation # renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.4 appVersion: 13.3.3

4
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -12,7 +12,7 @@ libation:
main: main:
image: image:
repository: rmcrackan/libation repository: rmcrackan/libation
tag: 13.3.4@sha256:eb0357e8a880ed0049dffd2a99a9d2eda322ed33b3b9e16f4fb93eb15275f396 tag: 13.3.3@sha256:fbeb84916c81b654412801367b7e96796ffdba83d987a1ed5fed9896cf7cabee
env: env:
- name: SLEEP_TIME - name: SLEEP_TIME
value: "-1" value: "-1"
@@ -30,7 +30,7 @@ libation:
main: main:
image: image:
repository: ubuntu repository: ubuntu
tag: resolute-20260413@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4 tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
command: command:
- "sleep" - "sleep"
- "infinity" - "infinity"

2
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -14,7 +14,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:9ec74111343f3648f2ab9a80931e05f1695622ff5a2587f1f2006e0415322a65 tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

8
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -22,10 +22,10 @@ dependencies:
version: 7.11.2 version: 7.11.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.6.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:e3b47e528b086c6f1b2aefb3b429026e77a5e7b95ff3946ef0769b366542ba5a digest: sha256:a3ec2977db9a8d902c8691281e5305f2dfb4501d64591bc67dc2c86e59743133
generated: "2026-04-13T20:35:45.244907297Z" generated: "2026-04-10T01:36:45.779720254Z"

4
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -54,11 +54,11 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-matrix-synapse alias: valkey-matrix-synapse
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-hookshot alias: valkey-hookshot
version: 0.6.1 version: 0.6.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-synapse alias: volsync-target-synapse

4
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -133,7 +133,7 @@ matrix-synapse:
gid: 666 gid: 666
image: image:
repository: alpine repository: alpine
tag: 3.23.4@sha256:c7989ac7a27b473e1795973c98d714f62b4dd0b134594d36880505ce0bfd716b tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
ingress: ingress:
enabled: false enabled: false
gateway: gateway:
@@ -332,7 +332,7 @@ mautrix-whatsapp:
main: main:
image: image:
repository: dock.mau.dev/mautrix/whatsapp repository: dock.mau.dev/mautrix/whatsapp
tag: v0.2604.0@sha256:9f28c04c746af9fe8e93163489dae0f4191626e2ca02a9302df62afbeefc9eba tag: v0.2603.0@sha256:b49009312361d9ea0d7090716fd09f2323f477b32bd119648c6ca2d558a3e236
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

2
clusters/cl01tl/helm/medialyze/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze # renovate: datasource=github-releases depName=frederikemmer/MediaLyze
appVersion: 0.7.1 appVersion: 0.6.0

2
clusters/cl01tl/helm/medialyze/values.yaml
View File

@@ -12,7 +12,7 @@ medialyze:
main: main:
image: image:
repository: ghcr.io/frederikemmer/medialyze repository: ghcr.io/frederikemmer/medialyze
tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49 tag: 0.6.0@sha256:7bf772454c7baeaf5c86ad59eee7fe59ef47b5366248e253647cfc79642a72bf
env: env:
- name: HOST_PORT - name: HOST_PORT
value: 8080 value: 8080

Some files were not shown because too many files have changed in this diff Show More