alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

Automated Manifest Update: 2025-12-01 #2167

Merged
alexlebens merged 1 commits from auto/update-manifests-1764626394 into manifests 2025-12-01 22:00:45 +00:00
Conversation 0 Commits 1 Files Changed 8 +1792
8 changed files with 1792 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

278
clusters/cl01tl/manifests/bazarr/bazarr.yaml Normal file
View File

@@ -0,0 +1,278 @@
---
# Source: bazarr/templates/persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: bazarr-nfs-storage
namespace: bazarr
labels:
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: bazarr
app.kubernetes.io/part-of: bazarr
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
# Source: bazarr/charts/bazarr/templates/common.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: bazarr-config
labels:
app.kubernetes.io/instance: bazarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: bazarr
helm.sh/chart: bazarr-4.4.0
annotations:
helm.sh/resource-policy: keep
namespace: bazarr
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
storageClassName: "ceph-block"
---
# Source: bazarr/templates/persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bazarr-nfs-storage
namespace: bazarr
labels:
app.kubernetes.io/name: bazarr-nfs-storage
app.kubernetes.io/instance: bazarr
app.kubernetes.io/part-of: bazarr
spec:
volumeName: bazarr-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# Source: bazarr/charts/bazarr/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: bazarr
labels:
app.kubernetes.io/instance: bazarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: bazarr
app.kubernetes.io/service: bazarr
helm.sh/chart: bazarr-4.4.0
namespace: bazarr
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 6767
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: bazarr
app.kubernetes.io/name: bazarr
---
# Source: bazarr/charts/bazarr/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: bazarr
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: bazarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: bazarr
helm.sh/chart: bazarr-4.4.0
namespace: bazarr
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: bazarr
app.kubernetes.io/name: bazarr
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsUser: 1000
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: TZ
value: US/Central
- name: PUID
value: "1000"
- name: PGID
value: "1000"
image: ghcr.io/linuxserver/bazarr:1.5.3@sha256:2be164c02c0bb311b6c32e57d3d0ddc2813d524e89ab51a3408c1bf6fafecda5
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 256Mi
volumeMounts:
- mountPath: /config
name: config
- mountPath: /mnt/store
name: media
volumes:
- name: config
persistentVolumeClaim:
claimName: bazarr-config
- name: media
persistentVolumeClaim:
claimName: bazarr-nfs-storage
---
# Source: bazarr/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-config-backup-secret
namespace: bazarr
labels:
app.kubernetes.io/name: bazarr-config-backup-secret
app.kubernetes.io/instance: bazarr
app.kubernetes.io/part-of: bazarr
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/bazarr/bazarr-config"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: S3_BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: secret_key
---
# Source: bazarr/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-bazarr
namespace: bazarr
labels:
app.kubernetes.io/name: http-route-bazarr
app.kubernetes.io/instance: bazarr
app.kubernetes.io/part-of: bazarr
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- bazarr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: bazarr
port: 80
weight: 100
---
# Source: bazarr/templates/replication-source.yaml
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: bazarr-config-backup-source
namespace: bazarr
labels:
app.kubernetes.io/name: bazarr-config-backup-source
app.kubernetes.io/instance: bazarr
app.kubernetes.io/part-of: bazarr
spec:
sourcePVC: bazarr-config
trigger:
schedule: 0 4 * * *
restic:
pruneIntervalDays: 7
repository: bazarr-config-backup-secret
retain:
hourly: 1
daily: 3
weekly: 2
monthly: 2
yearly: 4
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot

251
clusters/cl01tl/manifests/code-server/code-server.yaml Normal file
View File

@@ -0,0 +1,251 @@
---
# Source: code-server/templates/persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: code-server-nfs-storage
namespace: code-server
labels:
app.kubernetes.io/name: code-server-nfs-storage
app.kubernetes.io/instance: code-server
app.kubernetes.io/part-of: code-server
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
# Source: code-server/charts/code-server/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: code-server
labels:
app.kubernetes.io/instance: code-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: code-server
app.kubernetes.io/service: code-server
helm.sh/chart: code-server-4.4.0
namespace: code-server
spec:
type: ClusterIP
ports:
- port: 8443
targetPort: 8443
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: code-server
app.kubernetes.io/name: code-server
---
# Source: code-server/charts/cloudflared/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-server-cloudflared
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: code-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
app.kubernetes.io/version: 2025.10.0
helm.sh/chart: cloudflared-1.23.0
namespace: code-server
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: code-server
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: code-server
app.kubernetes.io/name: cloudflared
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- tunnel
- --protocol
- http2
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
key: cf-tunnel-token
name: code-server-cloudflared-secret
image: cloudflare/cloudflared:2025.11.1
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
---
# Source: code-server/charts/code-server/templates/common.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-server
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: code-server
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: code-server
helm.sh/chart: code-server-4.4.0
namespace: code-server
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: code-server
app.kubernetes.io/instance: code-server
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: code-server
app.kubernetes.io/name: code-server
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: TZ
value: US/Central
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
image: ghcr.io/linuxserver/code-server:4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /config
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: code-server-nfs-storage
---
# Source: code-server/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: code-server
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: code-server
app.kubernetes.io/part-of: code-server
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
# Source: code-server/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: code-server-cloudflared-secret
namespace: code-server
labels:
app.kubernetes.io/name: code-server-cloudflared-secret
app.kubernetes.io/instance: code-server
app.kubernetes.io/part-of: code-server
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/codeserver
metadataPolicy: None
property: token
---
# Source: code-server/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-code-server
namespace: code-server
labels:
app.kubernetes.io/name: http-route-code-server
app.kubernetes.io/instance: code-server
app.kubernetes.io/part-of: code-server
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100

258
clusters/cl01tl/manifests/element-web/element-web.yaml Normal file
View File

@@ -0,0 +1,258 @@
---
# Source: element-web/charts/element-web/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: element-web
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
---
# Source: element-web/charts/element-web/templates/configuration-nginx.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: element-web-nginx
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
data:
default.conf: |
server {
listen 8080;
listen [::]:8080;
server_name localhost;
root /usr/share/nginx/html;
index index.html;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
# Set no-cache for the index.html only so that browsers always check for a new copy of Element Web.
location = /index.html {
add_header Cache-Control "no-cache";
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
}
---
# Source: element-web/charts/element-web/templates/configuration.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: element-web
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
data:
config.json: |
{"brand":"Alex Lebens","branding":{"auth_header_logo_url":"https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png","welcome_background_url":"https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg"},"default_country_code":"US","default_server_config":{"m.homeserver":{"base_url":"https://matrix.alexlebens.dev","server_name":"alexlebens.dev"},"m.identity_server":{"base_url":"https://alexlebens.dev"}},"default_theme":"dark","disable_3pid_login":true,"sso_redirect_options":{"immediate":true}}
---
# Source: element-web/charts/element-web/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: element-web
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
---
# Source: element-web/charts/cloudflared/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: element-web-cloudflared
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: element-web
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
app.kubernetes.io/version: 2025.10.0
helm.sh/chart: cloudflared-1.23.0
namespace: element-web
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: element-web
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: element-web
app.kubernetes.io/name: cloudflared
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- tunnel
- --protocol
- http2
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
key: cf-tunnel-token
name: element-web-cloudflared-secret
image: cloudflare/cloudflared:2025.11.1
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
---
# Source: element-web/charts/element-web/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: element-web
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
template:
metadata:
annotations:
checksum/config: e4e49fadd0eaedd59d5adab594fb3e159fcaaecf883c31012f72a55c7785e1c4
checksum/config-nginx: 0d6dce57e41259f77d072cd0381296fb272ba1c62d8817d5fd742da9ccce5aa1
labels:
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
spec:
serviceAccountName: element-web
securityContext:
{}
containers:
- name: element-web
securityContext:
{}
image: "vectorim/element-web:v1.12.4"
imagePullPolicy: IfNotPresent
env:
- name: ELEMENT_WEB_PORT
value: '8080'
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /app/config.json
name: config
subPath: config.json
- mountPath: /etc/nginx/conf.d/config.json
name: config-nginx
subPath: config.json
volumes:
- name: config
configMap:
name: element-web
- name: config-nginx
configMap:
name: element-web-nginx
---
# Source: element-web/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: element-web-cloudflared-secret
namespace: element-web
labels:
app.kubernetes.io/name: element-web-cloudflared-secret
app.kubernetes.io/instance: element-web
app.kubernetes.io/part-of: element-web
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/element
metadataPolicy: None
property: token
---
# Source: element-web/charts/element-web/templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:
name: "element-web-test-connection"
labels:
helm.sh/chart: element-web-1.4.24
app.kubernetes.io/name: element-web
app.kubernetes.io/instance: element-web
app.kubernetes.io/version: "1.12.4"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test-success
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['element-web:80']
restartPolicy: Never

283
clusters/cl01tl/manifests/home-assistant/home-assistant.yaml Normal file
View File

@@ -0,0 +1,283 @@
---
# Source: home-assistant/charts/home-assistant/templates/common.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: home-assistant-config
labels:
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
helm.sh/chart: home-assistant-4.4.0
namespace: home-assistant
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
storageClassName: "ceph-block"
---
# Source: home-assistant/charts/home-assistant/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: home-assistant-code-server
labels:
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
app.kubernetes.io/service: home-assistant-code-server
helm.sh/chart: home-assistant-4.4.0
namespace: home-assistant
spec:
type: ClusterIP
ports:
- port: 8443
targetPort: 8443
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/name: home-assistant
---
# Source: home-assistant/charts/home-assistant/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: home-assistant-main
labels:
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
app.kubernetes.io/service: home-assistant-main
helm.sh/chart: home-assistant-4.4.0
namespace: home-assistant
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8123
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/name: home-assistant
---
# Source: home-assistant/charts/home-assistant/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: home-assistant
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: home-assistant
helm.sh/chart: home-assistant-4.4.0
namespace: home-assistant
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: home-assistant
app.kubernetes.io/instance: home-assistant
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/name: home-assistant
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: TZ
value: US/Central
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: home-assistant-code-server-password-secret
image: ghcr.io/linuxserver/code-server:4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
imagePullPolicy: IfNotPresent
name: code-server
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /config/home-assistant
name: config
- env:
- name: TZ
value: US/Central
image: ghcr.io/home-assistant/home-assistant:2025.11.3
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 50m
memory: 512Mi
volumeMounts:
- mountPath: /config
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: home-assistant-config
---
# Source: home-assistant/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: home-assistant-code-server-password-secret
namespace: home-assistant
labels:
app.kubernetes.io/name: home-assistant-code-server-password-secret
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/part-of: home-assistant
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD
---
# Source: home-assistant/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: home-assistant-token-secret
namespace: home-assistant
labels:
app.kubernetes.io/name: home-assistant-token-secret
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/part-of: home-assistant
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: bearer-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token
---
# Source: home-assistant/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-home-assistant
namespace: home-assistant
labels:
app.kubernetes.io/name: http-route-home-assistant
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/part-of: home-assistant
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- home-assistant.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: home-assistant-main
port: 80
weight: 100
---
# Source: home-assistant/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-home-assistant-code-server
namespace: home-assistant
labels:
app.kubernetes.io/name: http-route-home-assistant-code-server
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/part-of: home-assistant
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- home-assistant-code-server.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: home-assistant-code-server
port: 8443
weight: 100
---
# Source: home-assistant/templates/service-monitor.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: home-assistant
namespace: home-assistant
labels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/instance: home-assistant
app.kubernetes.io/part-of: home-assistant
spec:
selector:
matchLabels:
app.kubernetes.io/name: home-assistant
app.kubernetes.io/service: home-assistant-main
app.kubernetes.io/instance: home-assistant
endpoints:
- port: http
interval: 3m
scrapeTimeout: 1m
path: /api/prometheus
bearerTokenSecret:
name: home-assistant-token-secret
key: bearer-token

307
clusters/cl01tl/manifests/homepage-dev/homepage-dev.yaml Normal file
View File

@@ -0,0 +1,307 @@
---
# Source: homepage/charts/homepage/templates/common.yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: homepage-dev
labels:
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: homepage
helm.sh/chart: homepage-4.4.0
namespace: homepage-dev
data:
bookmarks.yaml: ""
docker.yaml: ""
kubernetes.yaml: ""
services.yaml: |
- Applications:
- Auth:
icon: sh-authentik.webp
description: Authentik
href: https://auth.alexlebens.dev
siteMonitor: https://auth.alexlebens.dev
statusStyle: dot
- Gitea:
icon: sh-gitea.webp
description: Gitea
href: https://gitea.alexlebens.dev
siteMonitor: https://gitea.alexlebens.dev
statusStyle: dot
- Code:
icon: sh-visual-studio-code.webp
description: VS Code
href: https://codeserver.alexlebens.dev
siteMonitor: https://codeserver.alexlebens.dev
statusStyle: dot
- Site:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
description: Profile Website
href: https://www.alexlebens.dev
siteMonitor: https://www.alexlebens.dev
statusStyle: dot
- Content Management:
icon: directus.png
description: Directus
href: https://directus.alexlebens.dev
siteMonitor: https://directus.alexlebens.dev
statusStyle: dot
- Social Media Management:
icon: sh-postiz.webp
description: Postiz
href: https://postiz.alexlebens.dev
siteMonitor: https://postiz.alexlebens.dev
statusStyle: dot
- Chat:
icon: sh-element.webp
description: Matrix
href: https://chat.alexlebens.dev
siteMonitor: https://chat.alexlebens.dev
statusStyle: dot
- Wiki:
icon: sh-outline.webp
description: Outline
href: https://wiki.alexlebens.dev
siteMonitor: https://wiki.alexlebens.dev
statusStyle: dot
- Passwords:
icon: sh-vaultwarden-light.webp
description: Vaultwarden
href: https://passwords.alexlebens.dev
siteMonitor: https://passwords.alexlebens.dev
statusStyle: dot
- Bookmarks:
icon: sh-karakeep-light.webp
description: Karakeep
href: https://karakeep.alexlebens.dev
siteMonitor: https://karakeep.alexlebens.dev
statusStyle: dot
- RSS:
icon: sh-freshrss.webp
description: FreshRSS
href: https://rss.alexlebens.dev
siteMonitor: https://rss.alexlebens.dev
statusStyle: dot
settings.yaml: |
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
headerStyle: clean
hideVersion: true
color: zinc
background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg
brightness: 50
theme: dark
disableCollapse: true
widgets.yaml: |
- logo:
icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.png
- datetime:
text_size: xl
format:
dateStyle: long
timeStyle: short
hour12: false
- openmeteo:
label: St. Paul
latitude: 44.954445
longitude: -93.091301
timezone: America/Chicago
units: metric
cache: 5
format:
maximumFractionDigits: 0
---
# Source: homepage/charts/homepage/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: homepage-dev
labels:
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: homepage
app.kubernetes.io/service: homepage-dev
helm.sh/chart: homepage-4.4.0
namespace: homepage-dev
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 3000
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/name: homepage
---
# Source: homepage/charts/cloudflared/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage-dev-cloudflared
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared
app.kubernetes.io/version: 2025.10.0
helm.sh/chart: cloudflared-1.23.0
namespace: homepage-dev
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: cloudflared
app.kubernetes.io/instance: homepage-dev
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/name: cloudflared
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- tunnel
- --protocol
- http2
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
key: cf-tunnel-token
name: homepage-dev-cloudflared-secret
image: cloudflare/cloudflared:2025.11.1
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
---
# Source: homepage/charts/homepage/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage-dev
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: homepage
helm.sh/chart: homepage-4.4.0
annotations:
reloader.stakater.com/auto: "true"
namespace: homepage-dev
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: homepage
app.kubernetes.io/instance: homepage-dev
template:
metadata:
annotations:
checksum/configMaps: d1306b9af923c5b3f02566a43c7a141c7168ebf8a74e5ff1a2d5d8082001c1a1
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/name: homepage
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: HOMEPAGE_ALLOWED_HOSTS
value: home.alexlebens.dev
image: ghcr.io/gethomepage/homepage:v1.7.0
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /app/config/bookmarks.yaml
mountPropagation: None
name: config
readOnly: true
subPath: bookmarks.yaml
- mountPath: /app/config/docker.yaml
mountPropagation: None
name: config
readOnly: true
subPath: docker.yaml
- mountPath: /app/config/kubernetes.yaml
mountPropagation: None
name: config
readOnly: true
subPath: kubernetes.yaml
- mountPath: /app/config/services.yaml
mountPropagation: None
name: config
readOnly: true
subPath: services.yaml
- mountPath: /app/config/settings.yaml
mountPropagation: None
name: config
readOnly: true
subPath: settings.yaml
- mountPath: /app/config/widgets.yaml
mountPropagation: None
name: config
readOnly: true
subPath: widgets.yaml
volumes:
- configMap:
name: homepage-dev
name: config
---
# Source: homepage/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: homepage-dev-cloudflared-secret
namespace: homepage-dev
labels:
app.kubernetes.io/name: homepage-dev-cloudflared-secret
app.kubernetes.io/instance: homepage-dev
app.kubernetes.io/part-of: homepage-dev
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/homepage-dev
metadataPolicy: None
property: token

129
clusters/cl01tl/manifests/huntarr/huntarr.yaml Normal file
View File

@@ -0,0 +1,129 @@
---
# Source: huntarr/charts/huntarr/templates/common.yaml
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: huntarr-config
labels:
app.kubernetes.io/instance: huntarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: huntarr
helm.sh/chart: huntarr-4.4.0
namespace: huntarr
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
storageClassName: "ceph-block"
---
# Source: huntarr/charts/huntarr/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: huntarr
labels:
app.kubernetes.io/instance: huntarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: huntarr
app.kubernetes.io/service: huntarr
helm.sh/chart: huntarr-4.4.0
namespace: huntarr
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9705
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: huntarr
app.kubernetes.io/name: huntarr
---
# Source: huntarr/charts/huntarr/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: huntarr
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: huntarr
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: huntarr
helm.sh/chart: huntarr-4.4.0
namespace: huntarr
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: huntarr
app.kubernetes.io/instance: huntarr
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: huntarr
app.kubernetes.io/name: huntarr
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- env:
- name: TZ
value: US/Central
image: ghcr.io/plexguide/huntarr:8.2.10
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- mountPath: /config
name: config
volumes:
- name: config
persistentVolumeClaim:
claimName: huntarr-config
---
# Source: huntarr/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-huntarr
namespace: huntarr
labels:
app.kubernetes.io/name: http-route-huntarr
app.kubernetes.io/instance: huntarr
app.kubernetes.io/part-of: huntarr
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- huntarr.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: huntarr
port: 80
weight: 100

157
clusters/cl01tl/manifests/kiwix/kiwix.yaml Normal file
View File

@@ -0,0 +1,157 @@
---
# Source: kiwix/templates/persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: kiwix-nfs-storage
namespace: kiwix
labels:
app.kubernetes.io/name: kiwix-nfs-storage
app.kubernetes.io/instance: kiwix
app.kubernetes.io/part-of: kiwix
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Kiwix
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
# Source: kiwix/templates/persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kiwix-nfs-storage
namespace: kiwix
labels:
app.kubernetes.io/name: kiwix-nfs-storage
app.kubernetes.io/instance: kiwix
app.kubernetes.io/part-of: kiwix
spec:
volumeName: kiwix-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# Source: kiwix/charts/kiwix/templates/common.yaml
apiVersion: v1
kind: Service
metadata:
name: kiwix
labels:
app.kubernetes.io/instance: kiwix
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kiwix
app.kubernetes.io/service: kiwix
helm.sh/chart: kiwix-4.4.0
namespace: kiwix
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kiwix
app.kubernetes.io/name: kiwix
---
# Source: kiwix/charts/kiwix/templates/common.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kiwix
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kiwix
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kiwix
helm.sh/chart: kiwix-4.4.0
namespace: kiwix
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: kiwix
app.kubernetes.io/instance: kiwix
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: kiwix
app.kubernetes.io/name: kiwix
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- '*.zim'
env:
- name: PORT
value: "8080"
image: ghcr.io/kiwix/kiwix-serve:3.8.0
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 50m
memory: 512Mi
volumeMounts:
- mountPath: /data
name: media
readOnly: true
volumes:
- name: media
persistentVolumeClaim:
claimName: kiwix-nfs-storage
---
# Source: kiwix/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-kiwix
namespace: kiwix
labels:
app.kubernetes.io/name: http-route-kiwix
app.kubernetes.io/instance: kiwix
app.kubernetes.io/part-of: kiwix
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- kiwix.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: kiwix
port: 80
weight: 100

129
clusters/cl01tl/manifests/libation/libation.yaml Normal file
View File

@@ -0,0 +1,129 @@
---
# Source: libation/templates/persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: libation-nfs-storage
namespace: libation
labels:
app.kubernetes.io/name: libation-nfs-storage
app.kubernetes.io/instance: libation
app.kubernetes.io/part-of: libation
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Audiobooks/
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
# Source: libation/templates/persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: libation-config
namespace: libation
labels:
app.kubernetes.io/name: libation-config
app.kubernetes.io/instance: libation
app.kubernetes.io/part-of: libation
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
---
# Source: libation/templates/persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: libation-nfs-storage
namespace: libation
labels:
app.kubernetes.io/name: libation-nfs-storage
app.kubernetes.io/instance: libation
app.kubernetes.io/part-of: libation
spec:
volumeName: libation-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# Source: libation/charts/libation/templates/common.yaml
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: libation
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: libation
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: libation
helm.sh/chart: libation-4.4.0
namespace: libation
spec:
suspend: false
concurrencyPolicy: Forbid
startingDeadlineSeconds: 90
timeZone: US/Central
schedule: "30 4 * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
parallelism: 1
backoffLimit: 3
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: libation
app.kubernetes.io/name: libation
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
restartPolicy: Never
containers:
- env:
- name: SLEEP_TIME
value: "-1"
- name: LIBATION_BOOKS_DIR
value: /data
image: rmcrackan/libation:12.7.4
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /config
name: config
- mountPath: /data
name: data
volumes:
- name: config
persistentVolumeClaim:
claimName: libation-config
- name: data
persistentVolumeClaim:
claimName: libation-nfs-storage