alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions 2 Activity

Compare commits

base: alexlebens:tmp/secrets-3
Branches Tags
alexlebens:main alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:tmp/secrets-3 alexlebens:manifests
..
compare: alexlebens:6edfde54011ae492a0e3f73db3710fdd0688cf45
Branches Tags
alexlebens:renovate/unified-tdarr alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:main alexlebens:tmp/secrets-3 alexlebens:manifests

1 Commits
tmp/secret ... 6edfde5401

Author SHA1 Message Date
Renovate Bot
6edfde5401 chore(deps): update immich to v2.7.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 29s
Details
2026-04-07 17:15:27 +00:00
265 changed files with 1558 additions and 2713 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

248
.gitea/workflows/lint-test-helm.yaml
View File

@@ -16,8 +16,8 @@ on:
env:
CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7"
ARGOCD_VERSION: "v3.3.6"
jobs:
lint-helm:
@@ -102,7 +102,7 @@ jobs:
echo ""
echo "${CHANGED_CHARTS}"
CHANGED_CHARTS_CSV=$(echo "${CHANGED_CHARTS}" | paste -sd ',' -)
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo ""
echo "----"
@@ -236,17 +236,7 @@ jobs:
with:
fetch-depth: 0
- name: Cache Kubeconform
id: cache-kubeconform
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: /usr/local/bin/kubeconform
key: ${{ runner.os }}-kubeconform-${{ env.KUBECONFORM_VERSION }}
restore-keys: |
${{ runner.os }}-kubeconform-
- name: Install Kubeconform
if: steps.cache-kubeconform.outputs.cache-hit != 'true'
run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
@@ -259,8 +249,6 @@ jobs:
echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/
- name: Verify installation
run: |
echo ""
echo ">> Verifying installation ..."
kubeconform -v
@@ -336,7 +324,7 @@ jobs:
helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \
${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \
@@ -377,233 +365,3 @@ jobs:
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true
# argo-diff:
# needs: lint-helm
# runs-on: ubuntu-js
# if: |
# needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request'
# steps:
# - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with:
# fetch-depth: 0
# - name: Cache ArgoCD CLI
# id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: |
# ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo ""
# echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo ""
# echo "----"
# - name: Verify installation
# run: |
# echo ""
# echo ">> Verifying installation ..."
# argocd version --client
# echo ""
# echo "----"
# - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with:
# token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3
# cache: true
# - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: |
# ~/.cache/helm
# ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: |
# helm-cache-${{ runner.os }}-
# - name: Add Repositories
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# echo ">> Adding repositories for chart dependencies ..."
# echo ""
# for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi
# done || true
# done
# if helm repo list > /dev/null 2>&1; then
# echo ""
# echo ">> Update repository cache ..."
# helm repo update
# fi
# echo ""
# echo "----"
# - name: Render Templates
# id: render
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in
# "stack")
# NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..."
# ;;
# "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;;
# *)
# echo ">> Standard Rendering ..."
# esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file
# done
# echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER}
# done
# echo "----"
# - name: Run App Diff
# id: diff
# env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# FAILED_CHARTS=""
# DIFF_FOUND="false"
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..."
# argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --revision ${{ gitea.sha }} \
# --diff-exit-code 0 \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt"
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> Argo diff:"
# echo ""
# cat diff_output_${APP_NAME}.txt
# echo ""
# DIFF_FOUND="true"
# else
# echo ">> No Argo diff found for ${APP_NAME}"
# rm "diff_output_${APP_NAME}.txt"
# fi
# done
# echo "----"
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# exit $OVERALL_EXIT_CODE
# - name: Post Diff
# if: |
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# gitea.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY}
# #### App: ${APP_NAME}
# "
# if [ -z "$DIFF_CONTENT" ]; then
# COMMENT_BODY="${COMMENT_BODY} No changes detected."
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
# -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
# if: failure()
# with:
# url: '${{ secrets.NTFY_URL }}'
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure'
# priority: 3
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
# tags: action,failed
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
# image: true

6
.gitea/workflows/render-manifests.yaml
View File

@@ -50,7 +50,7 @@ jobs:
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5
uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs:
renovate:
runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa
container: ghcr.io/renovatebot/renovate:43.109.0@sha256:262d3c2d7e61da7a7eef61fdbdcf26d80cb0d13f65baaa99ace4163a4d56c0fa
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
generated: "2026-04-18T20:15:22.778699-05:00"
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
generated: "2026-03-06T01:04:41.514235218Z"

8
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -18,10 +18,10 @@ dependencies:
alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
# - name: volsync-target
# alias: volsync-target-data
# version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.5.2
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
generated: "2026-04-19T19:53:40.43789-05:00"
version: 9.4.17
digest: sha256:17752dbf03861cf70ee31c9a17373a5175656a2edd00ba5fcd3988a195147da8
generated: "2026-03-28T01:51:34.832601868Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.5.2
version: 9.4.17
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.7
appVersion: v3.3.6

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "argocd.labels" -}}
{{ include "argocd.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argocd.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

52
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,40 +1,70 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-oidc-authentik
name: argocd-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-oidc-authentik
{{- include "argocd.labels" . | nindent 4 }}
app.kubernetes.io/name: argocd-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/argocd
key: /authentik/oidc/argocd
property: secret
- secretKey: client
remoteRef:
key: /cl01tk/authentik/oidc/argocd
key: /authentik/oidc/argocd
property: client
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-notifications-ntfy
name: argocd-notifications-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-notifications-ntfy
{{- include "argocd.labels" . | nindent 4 }}
app.kubernetes.io/name: argocd-notifications-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: ntfy-token
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
key: /ntfy/user/cl01tl
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

56
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors:
- config:
issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client
clientSecret: $argocd-oidc-authentik:secret
clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true
scopes:
- openid
@@ -48,31 +48,31 @@ argo-cd:
enabled: true
rules:
enabled: true
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
spec:
- alert: ArgoAppMissing
expr: |
absent(argocd_app_info) == 1
for: 15m
labels:
severity: critical
annotations:
summary: "[Argo CD] No reported applications"
description: >
Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced
expr: |
argocd_app_info{sync_status!="Synced"} == 1
for: 12h
labels:
severity: warning
annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the
state inside Git.
dex:
enabled: true
resources:
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net
secret:
create: false
name: argocd-notifications-ntfy
name: argocd-notifications-secret
metrics:
enabled: true
serviceMonitor:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.2
appVersion: 2.33.1

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
View File

@@ -1,27 +0,0 @@
{{/*
Common labels
*/}}
{{- define "audiobookshelf.labels" -}}
{{ include "audiobookshelf.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "audiobookshelf.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "audiobookshelf.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "audiobookshelf.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "audiobookshelf.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

21
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,23 +1,18 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: audiobookshelf-config-apprise
name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-config-apprise
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-apprise-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
name: vault
data:
- secretKey: internal-endpoint-credential
- secretKey: ntfy-url
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
property: internal-endpoint-credential
key: /cl01tl/audiobookshelf/apprise
property: ntfy-url

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.booksNfsName" . }}
name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.booksNfsName" . }}
volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }}
volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -37,13 +39,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }}
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }}
volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.booksNfsName" . }}
name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }}
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }}
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }}
{{- include "audiobookshelf.labels" . | nindent 4 }}
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,7 +12,7 @@ audiobookshelf:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
env:
- name: TZ
value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS
valueFrom:
secretKeyRef:
name: audiobookshelf-config-apprise
name: audiobookshelf-apprise-config
key: ntfy-url
service:
main:

10
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies:
- name: authentik
repository: https://charts.goauthentik.io/
version: 2026.2.2
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
generated: "2026-04-13T20:32:12.748342469Z"
version: 0.5.0
digest: sha256:7302a85008aee7950aa345aa7d64563c1b0da8f07e348ec9709f9438503a41ff
generated: "2026-04-04T21:00:59.689114-05:00"

6
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,18 +18,18 @@ maintainers:
- name: alexlebens
dependencies:
- name: authentik
version: 2026.2.2
version: 2026.2.1
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "authentik.labels" -}}
{{ include "authentik.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "authentik.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authentik-key
name: authentik-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-key
{{- include "authentik.labels" . | nindent 4 }}
app.kubernetes.io/name: authentik-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: key
remoteRef:

7
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Name }}-tailscale
name: authentik-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
app.kubernetes.io/name: authentik-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics
{{- include "authentik.labels" . | nindent 4 }}
annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec:

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access
{{- include "authentik.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
from:
- group: gateway.networking.k8s.io

2
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-key
name: authentik-key-secret
key: key
- name: AUTHENTIK_POSTGRESQL__HOST
valueFrom:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "backrest.labels" -}}
{{ include "backrest.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "backrest.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "backrest.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "backrest.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "backrest.storageNfsName" . }}
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "backrest.storageNfsName" . }}
volumeName: backrest-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "backrest.shareNfsName" . }}
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{- include "backrest.shareNfsName" . }}
volumeName: backrest-nfs-share
storageClassName: nfs-client
accessModes:
- ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "backrest.storageNfsName" . }}
name: backrest-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "backrest.shareNfsName" . }}
name: backrest-nfs-share
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }}
{{- include "backrest.labels" . | nindent 4 }}
app.kubernetes.io/name: backrest-nfs-share
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -10,9 +10,7 @@ home: https://docs.alexlebens.dev/applications/bazarr/
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "bazarr.labels" -}}
{{ include "bazarr.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "bazarr.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "bazarr.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

17
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-key
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-key
{{- include "bazarr.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: key
remoteRef:
key: /cl01tl/bazarr/key
property: key

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{- include "bazarr.storageNfsName" . }}
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
{{- include "bazarr.labels" . | nindent 4 }}
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: {{ .Template.Name }}
volumeName: bazarr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{- include "bazarr.storageNfsName" . }}
name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }}
{{- include "bazarr.labels" . | nindent 4 }}
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client

38
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -23,28 +23,11 @@ bazarr:
- name: PGID
value: 1000
resources:
limits:
cpu: 100m
requests:
cpu: 10m
cpu: 1m
memory: 250Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["bazarr"]
env:
- name: URL
value: http://localhost:6767
- name: PORT
value: 9792
- name: APIKEY
valueFrom:
secretKeyRef:
name: bazarr-key
key: key
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
service:
main:
controller: main
@@ -52,21 +35,6 @@ bazarr:
http:
port: 80
targetPort: 6767
metrics:
port: 9792
targetPort: 9792
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics
route:
main:
kind: HTTPRoute

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
generated: "2026-04-13T20:32:34.844998902Z"
version: 0.5.0
digest: sha256:49b0e666059bad492ebaa4a20119ce5bbd1959a1ee6b22b271a9ca9529122697
generated: "2026-03-31T18:37:20.549898-05:00"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2
- name: valkey
alias: valkey
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

3
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -106,10 +106,10 @@ blocky:
audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl
bao IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl
dependency-track IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl
feishin IN CNAME traefik-cl01tl
@@ -161,7 +161,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.20.2
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
generated: "2026-04-13T23:02:59.380767677Z"
version: v1.20.1
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
generated: "2026-03-28T01:35:24.542754563Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.20.2
version: v1.20.1
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.2
appVersion: v1.20.1

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cert-manager.labels" -}}
{{ include "cert-manager.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cert-manager.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "cert-manager.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "cert-manager.cloudflareSecretKey" -}}
api-token
{{- end -}}

7
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
{{- include "cert-manager.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
acme:
email: alexanderlebens@gmail.com
@@ -21,5 +22,5 @@ spec:
cloudflare:
email: alexanderlebens@gmail.com
apiTokenSecretRef:
name: {{- include "cert-manager.cloudflareSecretName" . }}
key: {{- include "cert-manager.cloudflareSecretKey" . }}
name: cloudflare-api-token
key: api-token

13
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,17 +1,18 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: {{- include "cert-manager.cloudflareSecretName" . }}
name: cloudflare-api-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }}
{{- include "cert-manager.labels" . | nindent 4 }}
app.kubernetes.io/name: cloudflare-api-token
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }}
- secretKey: api-token
remoteRef:
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
key: /cloudflare/alexlebens.net/clusterissuer
property: token

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cilium.labels" -}}
{{ include "cilium.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cilium.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: default-ip-pool
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bgp-ip-pool
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
blocks:
- start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

3
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: hubble
{{- include "cilium.labels" . | nindent 4 }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io

6
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 0.28.0
- name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/
version: 0.6.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
generated: "2026-04-14T09:03:10.332065288Z"
version: 0.5.0
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
generated: "2026-04-01T20:05:40.198140255Z"

2
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 0.28.0
repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud
version: 0.6.0
version: 0.5.0
repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg

15
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -7,15 +7,6 @@ dependencies:
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
generated: "2026-04-13T20:32:54.380897459Z"
version: 0.5.0
digest: sha256:b070640b7006e3ad528193ca784cfbca602994c87afbef4ef4b40a05229cab10
generated: "2026-04-04T21:01:27.376484-05:00"

15
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -12,7 +12,6 @@ sources:
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
dependencies:
@@ -26,19 +25,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-public
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-watched
version: 0.8.0
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "dawarich.labels" -}}
{{ include "dawarich.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dawarich.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-key
name: dawarich-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-key
{{- include "dawarich.labels" . | nindent 4 }}
app.kubernetes.io/name: dawarich-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: key
remoteRef:
@@ -20,21 +21,22 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: dawarich-oidc-authentik
{{- include "dawarich.labels" . | nindent 4 }}
app.kubernetes.io/name: dawarich-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
name: vault
data:
- secretKey: client
remoteRef:
key: /cl01tl/authentik/oidc/dawarich
key: /authentik/oidc/dawarich
property: client
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/dawarich
key: /authentik/oidc/dawarich
property: secret

39
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -61,12 +61,12 @@ dawarich:
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
@@ -81,7 +81,7 @@ dawarich:
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true
@@ -313,36 +313,3 @@ postgres-18-cluster:
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local
volsync-target-storage:
pvcTarget: dawarich-storage
local:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
external:
enabled: true
schedule: 6 10 * * *
volsync-target-public:
pvcTarget: dawarich-public
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
volsync-target-watched:
pvcTarget: dawarich-watched
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *

9
clusters/cl01tl/helm/dependency-track/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: dependency-track
repository: https://dependencytrack.github.io/helm-charts
version: 0.44.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
digest: sha256:6ea7e8066cce675a02ce76393ee2b0e23300d2f5c72ae64946ae667fc12fde1f
generated: "2026-04-05T17:32:11.221935-05:00"

27
clusters/cl01tl/helm/dependency-track/Chart.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v2
name: dependency-track
version: 1.0.0
description: Dependency Track
keywords:
- dependency-track
- vulnerability-scanner
home: https://docs.alexlebens.dev/applications/dependency-track/
sources:
- https://github.com/DependencyTrack/dependency-track
- https://hub.docker.com/r/dependencytrack/apiserver
- https://hub.docker.com/r/dependencytrack/frontend
- https://github.com/DependencyTrack/helm-charts/tree/main/charts/dependency-track
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: dependency-track
version: 0.44.0
repository: https://dependencytrack.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://avatars.githubusercontent.com/u/40258585
# renovate: datasource=github-releases depName=DependencyTrack/dependency-track
appVersion: 4.14.1

26
clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml → clusters/cl01tl/helm/dependency-track/templates/external-secret.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: sparkyfitness-key-secret
name: dependency-track-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sparkyfitness-key-secret
app.kubernetes.io/name: dependency-track-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -12,23 +12,19 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: api_encryption_key
- secretKey: secret.key
remoteRef:
key: /cl01tl/sparkyfitness/key
property: api_encryption_key
- secretKey: better_auth_secret
remoteRef:
key: /cl01tl/sparkyfitness/key
property: better_auth_secret
key: /cl01tl/dependency-track/key
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: sparkyfitness-oidc-secret
name: dependency-track-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: sparkyfitness-oidc-secret
app.kubernetes.io/name: dependency-track-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -36,11 +32,11 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: client_id
- secretKey: client
remoteRef:
key: /authentik/oidc/sparkyfitness
key: /authentik/oidc/dependency-track
property: client
- secretKey: client_secret
- secretKey: secret
remoteRef:
key: /authentik/oidc/sparkyfitness
key: /authentik/oidc/dependency-track
property: secret

114
clusters/cl01tl/helm/dependency-track/values.yaml Normal file
View File

@@ -0,0 +1,114 @@
dependency-track:
common:
secretKey:
createSecret: false
existingSecretName: dependency-track-key-secret
apiServer:
image:
repository: dependencytrack/apiserver
tag: 4.14.1@sha256:2d8813e1ba4ada4aa23087d908c1b5a3ffce39261ead5555c397a1d67c7cbe9d
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
memory: null
persistentVolume:
enabled: true
className: ceph-block
size: 5Gi
extraEnv:
- name: ALPINE_DATABASE_MODE
value: external
- name: ALPINE_DATABASE_DRIVER
value: org.postgresql.Driver
- name: ALPINE_DATABASE_URL
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: jdbc-uri
- name: ALPINE_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: user
- name: ALPINE_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: dependency-track-postgresql-18-cluster-app
key: password
- name: ALPINE_OIDC_ENABLED
value: "true"
- name: ALPINE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: ALPINE_OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: ALPINE_OIDC_USERNAME_CLAIM
value: preferred_username
- name: ALPINE_OIDC_TEAMS_CLAIM
value: groups
- name: ALPINE_OIDC_USER_PROVISIONING
value: "true"
- name: ALPINE_OIDC_TEAM_SYNCHRONIZATION
value: "true"
- name: ALPINE_CORS_ENABLED
value: "false"
- name: ALPINE_CORS_ALLOW_ORIGIN
value: dependency-track.alexlebens.net dependency-track.dependency-track
serviceMonitor:
enabled: true
namespace: dependency-track
frontend:
image:
repository: dependencytrack/frontend
tag: 4.14.1@sha256:8217737050b26ea69a6ddd6fe2cb419531a0bae0b903a87a04077a2415fc9f35
resources:
requests:
cpu: 10m
memory: 60Mi
limits:
memory: null
extraEnv:
- name: OIDC_ISSUER
value: https://authentik.alexlebens.net/application/o/dependency-track/
- name: OIDC_FLOW
value: explicit
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dependency-track-oidc-secret
key: client
- name: OIDC_LOGIN_BUTTON_TEXT
value: Authentik
apiBaseUrl: dependency-track-api-server.dependency-track
httpRoute:
enabled: true
hostnames:
- dependency-track.alexlebens.net
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
postgres-18-cluster:
mode: standalone
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -7,6 +7,6 @@ dependencies:
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
generated: "2026-04-13T20:33:13.909018545Z"
version: 0.5.0
digest: sha256:5fa84b2d82a160c35e002690e4d299275b8136463da9da789be9ca7c6ff998c4
generated: "2026-04-04T21:01:37.322862-05:00"

4
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -25,8 +25,8 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.3
appVersion: 11.17.2

2
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -8,7 +8,7 @@ directus:
main:
image:
repository: ghcr.io/directus/directus
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
env:
- name: PUBLIC_URL
value: https://directus.alexlebens.net

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.34
version: 1.4.33
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
generated: "2026-04-10T01:17:19.932208699Z"
version: 2.4.0
digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-03-24T16:11:50.424321433Z"

6
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.34
version: 1.4.33
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15
appVersion: v1.12.13

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: ghcr.io/element-hq/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
tag: v1.12.13@sha256:5107e63026c13ed014f743e485821b7d4b56d275a41e76303859bb14f5f94eb6
defaultServer:
url: https://matrix.alexlebens.dev
name: alexlebens.dev

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser
repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"
digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
generated: "2025-12-03T22:53:20.200917773Z"

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -9,19 +9,13 @@ home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
- name: app-template
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

82
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -35,85 +35,3 @@ eraser:
requests:
cpu: 1m
memory: 20Mi
eraser-metrics:
global:
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.3.0
digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
generated: "2026-04-10T15:10:52.488487421Z"
version: 2.2.0
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -14,8 +14,8 @@ sources:
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.3.0
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.3.0
appVersion: v2.2.0

17
clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-secrets
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: external-secrets
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: external-secrets
namespace: {{ .Release.Namespace }}

26
clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
View File

@@ -17,29 +17,3 @@ spec:
namespace: vault
name: vault-token
key: token
---
apiVersion: external-secrets.io/v1
kind: ClusterSecretStore
metadata:
name: openbao
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: openbao
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
provider:
vault:
server: http://openbao-internal.openbao:8200
path: secret
version: v2
auth:
kubernetes:
mountPath: kubernetes
role: external-secrets
serviceAccountRef:
name: external-secrets
namespace: {{ .Release.Name }}
audiences:
- openbao

6
clusters/cl01tl/helm/external-secrets/values.yaml
View File

@@ -2,7 +2,7 @@ external-secrets:
replicaCount: 3
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
@@ -29,7 +29,7 @@ external-secrets:
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
@@ -37,7 +37,7 @@ external-secrets:
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m

7
clusters/cl01tl/helm/foldergram/Chart.lock
View File

@@ -2,11 +2,8 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
generated: "2026-04-11T15:26:16.743784-05:00"
digest: sha256:59100c6fbfb829f9d703b9ee1cf869c4fd77b6ff53c63b0c644a757223027e58
generated: "2026-03-22T12:42:43.150705-05:00"

6
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -10,7 +10,6 @@ sources:
- https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers:
- name: alexlebens
@@ -19,11 +18,8 @@ dependencies:
alias: foldergram
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
- name: volsync-target
alias: volsync-target-db
alias: volsync-target-data
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,14 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: foldergram-pictures-collections-nfs-storage
volumeName: foldergram-pictures-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

6
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: foldergram-pictures-collections-nfs-storage
name: foldergram-pictures-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
app.kubernetes.io/name: foldergram-pictures-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -15,7 +15,7 @@ spec:
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Pictures/Collections
path: /volume2/Storage/Pictures
server: synologybond.alexlebens.net
mountOptions:
- vers=4

30
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -23,13 +23,11 @@ foldergram:
- name: GALLERY_ROOT
value: /gallery
- name: CSRF_TRUSTED_ORIGINS
value: https://foldergram.alexlebens.net, https://art.alexlebens.dev
# - name: PUBLIC_DEMO_MODE
# value: 1
value: https://foldergram.alexlebens.net
resources:
requests:
cpu: 10m
memory: 1Gi
cpu: 1m
memory: 230Mi
service:
main:
controller: main
@@ -56,35 +54,25 @@ foldergram:
type: PathPrefix
value: /
persistence:
db:
forceRename: foldergram-db
cache:
forceRename: foldergram-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 10Gi
advancedMounts:
main:
main:
- path: /app/data/db
readOnly: false
data:
forceRename: foldergram-data
storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce
size: 250Gi
advancedMounts:
main:
main:
- path: /app/data
readOnly: false
pictures:
existingClaim: foldergram-pictures-collections-nfs-storage
existingClaim: foldergram-pictures-nfs-storage
advancedMounts:
main:
main:
- path: /gallery
- path: /gallery/pictures
readOnly: true
volsync-target-db:
pvcTarget: foldergram-db
volsync-target-data:
pvcTarget: foldergram-data
local:
enabled: true
schedule: 46 11 * * *

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
generated: "2026-04-10T01:17:32.585138713Z"
digest: sha256:f709ef2ce041d934faf75dfa31cc86e536aa62ab31ab82584c9751652561744c
generated: "2026-04-04T21:02:01.689182-05:00"

2
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2

2
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
# renovate: datasource=docker depName=dxflrs/garage
appVersion: v2.3.0
appVersion: v2.2.0

6
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -21,7 +21,7 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom:
- secretRef:
name: garage-token-secret
@@ -50,7 +50,7 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom:
- secretRef:
name: garage-token-secret
@@ -79,7 +79,7 @@ garage:
main:
image:
repository: dxflrs/garage
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
envFrom:
- secretRef:
name: garage-token-secret

21
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -155,8 +155,8 @@ gatus:
- name: searxng
url: https://searxng.alexlebens.net
<<: *defaults
- name: sparkyfitness
url: https://sparkyfitness.alexlebens.net
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: paperless-ngx
url: https://paperless-ngx.alexlebens.net
@@ -185,6 +185,9 @@ gatus:
- name: komodo
url: https://komodo.alexlebens.net
<<: *defaults
- name: dependency-track
url: https://dependency-track.alexlebens.net
<<: *defaults
- name: omni-tools
url: https://omni-tools.alexlebens.net
<<: *defaults
@@ -212,9 +215,6 @@ gatus:
- name: authentik
url: https://authentik.alexlebens.net
<<: *defaults
- name: roundcube
url: https://mail.alexlebens.net
<<: *defaults
- name: stalwart
url: https://stalwart.alexlebens.net
<<: *defaults
@@ -266,9 +266,6 @@ gatus:
- name: vault
url: https://vault.alexlebens.net
<<: *defaults
- name: openbao
url: https://bao.alexlebens.net
<<: *defaults
- name: backrest
url: https://backrest.alexlebens.net
<<: *defaults
@@ -348,14 +345,6 @@ gatus:
url: https://www.alexlebens.dev
<<: *defaults
group: external
- name: docs
url: https://docs.alexlebens.dev
<<: *defaults
group: external
- name: saralebens
url: https://www.saralebens.com
<<: *defaults
group: external
- name: rybbit
url: https://rybbit.alexlebens.dev
<<: *defaults

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.31
digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4
generated: "2026-04-15T01:16:30.361061773Z"
version: 0.20.28
digest: sha256:16e4470b394110a11721fe38a57ad1cfa7c994bca440bfbbc5b3b7a46a79f165
generated: "2026-04-05T02:12:22.980217268Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -14,6 +14,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.31
version: 0.20.28
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

16
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,27 +1,27 @@
dependencies:
- name: gitea
repository: https://dl.gitea.com/charts/
version: 12.5.3
version: 12.5.0
- name: actions
repository: https://dl.gitea.com/charts/
version: 0.1.0
version: 0.0.5
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.32.0
version: 0.30.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.5.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.5.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
generated: "2026-04-16T20:09:26.031592859Z"
digest: sha256:ae512dab12cc692921a8cf80f8459fa652ae20f393a34c14f25a851410724096
generated: "2026-04-07T16:50:50.725821375Z"

14
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -26,29 +26,29 @@ maintainers:
- name: alexlebens
dependencies:
- name: gitea
version: 12.5.3
version: 12.5.0
repository: https://dl.gitea.com/charts/
- name: actions
alias: gitea-actions
repository: https://dl.gitea.com/charts/
version: 0.1.0
version: 0.0.5
- name: meilisearch
version: 0.32.0
version: 0.30.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0
version: 2.4.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-renovate
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
@@ -56,4 +56,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.26.0
appVersion: 1.25.5

12
clusters/cl01tl/helm/gitea/templates/config-map.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-custom-templates
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-custom-templates
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data:
header.tmpl: |
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>

16
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -32,9 +32,6 @@ gitea:
- name: gitea-themes-storage
persistentVolumeClaim:
claimName: gitea-themes-storage
- name: gitea-custom-templates
configMap:
name: gitea-custom-templates
extraInitVolumeMounts:
- name: gitea-themes-storage
readOnly: false
@@ -43,10 +40,6 @@ gitea:
- name: gitea-themes-storage
readOnly: true
mountPath: /data/gitea/public/assets/css
- name: gitea-custom-templates
mountPath: /data/gitea/templates/custom/header.tmpl
subPath: header.tmpl
readOnly: true
initPreScript: |
wget https://github.com/catppuccin/gitea/releases/latest/download/catppuccin-gitea.tar.gz;
tar -xvzf catppuccin-gitea.tar.gz -C /data/gitea/public/assets/css;
@@ -194,7 +187,7 @@ gitea-actions:
registry: docker.io
repository: gitea/act_runner
# renovate: datasource=docker depName=gitea/act_runner
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
extraVolumeMounts:
- name: workspace-vol
mountPath: /workspace
@@ -213,7 +206,7 @@ gitea-actions:
registry: docker.io
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
@@ -246,11 +239,6 @@ meilisearch:
memory: 150Mi
serviceMonitor:
enabled: true
cloudflared:
resources:
requests:
cpu: 100m
memory: 30Mi
postgres-18-cluster:
mode: recovery
cluster:

8
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 7.11.2
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
version: 0.5.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa
generated: "2026-04-13T20:33:58.123069628Z"
version: 0.5.0
digest: sha256:6c096d1ce729469f12e66b2d0d0c677990d06643ff49401ee8fa69f5ed738e9c
generated: "2026-04-04T21:02:18.686653-05:00"

4
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -24,11 +24,11 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-remote-cache
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator

114
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -244,44 +244,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/descheduler.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-dns
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-dns
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-dns.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-external-secrets
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-external-secrets
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-service
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/external-secrets.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -567,25 +529,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-openbao
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-openbao
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -624,25 +567,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-unpackerr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-unpackerr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/unpackerr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -719,25 +643,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/jellyfin.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-navidrome
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-navidrome
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/navidrome.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -757,25 +662,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/radarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-servarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-servarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-application
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/application/servarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard

8
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.3
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.11.2
version: 7.11.1
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:fc508a58ea7dffe1b92049a89c3fe2f0034d05ecdad38807bb6e02c68a1cb957
generated: "2026-04-13T20:34:25.515547207Z"
version: 0.5.0
digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c
generated: "2026-03-31T18:38:15.510833-05:00"

4
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -20,11 +20,11 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.11.2
version: 7.11.1
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey
version: 0.6.1
version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor

2
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -12,6 +12,8 @@ headlamp:
enabled: true
name: headlamp-oidc-secret
watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
httpRoute:
enabled: true
parentRefs:

2
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.4.3
appVersion: 2026.4.1

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -12,7 +12,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.4.3@sha256:ae0800c81fea16bc1241ce03bddb9c6260566e90f58b09d3e5a629e4f68bdc0b
tag: 2026.4.1@sha256:8848691147f01a6eee7753de2ade21b04d6168fcd2e2a7089f6f84e3b7b86960
env:
- name: TZ
value: America/Chicago
@@ -23,7 +23,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.116.0-ls333@sha256:4620adace18935dd6ca79d77e3bc1c379e21875392192f970cf5d6b0fb4aefcd
tag: 4.114.1-ls330@sha256:4dabed7dc766d3034778aa648ff6b89f0b04755a069fc1071ac0f22484b7c587
env:
- name: TZ
value: America/Chicago

36
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -285,11 +285,11 @@ homepage:
href: https://searxng.alexlebens.net/
siteMonitor: http://searxng-browser.searxng:80
statusStyle: dot
- Fitness Tracker:
icon: sh-sparkyfitness.webp
description: Sparky Fitness
href: https://sparkyfitness.alexlebens.net
siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
- Email:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Documents:
icon: sh-paperless-ngx.webp
@@ -387,6 +387,12 @@ homepage:
secret: {{ "{{HOMEPAGE_VAR_KOMODO_API_SECRET}}" }}
showStacks: true
fields: ["running", "down", "unhealthy", "unknown"]
- Vulnerability Scanning:
icon: https://raw.githubusercontent.com/DependencyTrack/branding/f77a4ad3b469ff656856ea225f26b1610b89a584/dt-logo-symbol.svg
description: Dependency Track
href: https://dependency-track.alexlebens.net
siteMonitor: http://dependency-track-frontend.dependency-track:8080
statusStyle: dot
- Uptime:
icon: sh-gatus.webp
description: Gatus
@@ -487,13 +493,7 @@ homepage:
href: https://authentik.alexlebens.net
siteMonitor: http://authentik-server.authentik:80
statusStyle: dot
- Email Client:
icon: sh-roundcube.webp
description: Roundcube
href: https://mail.alexlebens.net
siteMonitor: http://roundcube.roundcube:80
statusStyle: dot
- Email Server:
- Email:
icon: sh-stalwart.webp
description: Stalwart
href: https://stalwart.alexlebens.net
@@ -637,18 +637,6 @@ homepage:
app.kubernetes.io/instance in (
vault
)
- Secrets:
icon: sh-openbao.webp
description: OpenBao
href: https://bao.alexlebens.net
siteMonitor: http://openbao.openbao:8200
statusStyle: dot
namespace: openbao
app: openbao
podSelector: >-
app.kubernetes.io/instance in (
openbao
)
- Backups:
icon: sh-backrest-light.webp
description: Backrest

2
clusters/cl01tl/helm/houndarr/Chart.yaml
View File

@@ -25,4 +25,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/houndarr.png
# renovate: datasource=github-releases depName=av1155/houndarr
appVersion: v1.9.0
appVersion: v1.7.0

2
clusters/cl01tl/helm/houndarr/values.yaml
View File

@@ -8,7 +8,7 @@ houndarr:
main:
image:
repository: ghcr.io/av1155/houndarr
tag: v1.9.0@sha256:2a9c9e0de43412f683f00cce6f5d0f3e059b27e50350434ae4029ade720e85a0
tag: v1.7.0@sha256:8ae2a8b86497cbc54d11591c12220f3be3319039c2bdd0c8b041b2b7c2fd7943
env:
- name: TZ
value: America/Chicago

Some files were not shown because too many files have changed in this diff Show More