From 1ab326ce2c9d737ad1753e3ba2e7f7e0d5f85b96 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 20:53:43 -0500 Subject: [PATCH 1/5] feat: refactor audiobookshelf --- .../cl01tl/helm/audiobookshelf/Chart.yaml | 3 ++- .../templates/external-secret.yaml | 3 --- .../cl01tl/helm/audiobookshelf/values.yaml | 26 +++++-------------- 3 files changed, 9 insertions(+), 23 deletions(-) diff --git a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml index 56fdbdefd..89ab61998 100644 --- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml @@ -7,11 +7,12 @@ keywords: - books - podcasts - audiobooks -home: https://wiki.alexlebens.dev/s/d4d6719f-cd1c-4b6e-b78e-2d2d7a5097d7 +home: https://docs.alexlebens.dev/applications/audiobookshelf/ sources: - https://github.com/advplyr/audiobookshelf - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml index d049b5b1d..f2e93853c 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: ntfy-url remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/audiobookshelf/apprise - metadataPolicy: None property: ntfy-url diff --git a/clusters/cl01tl/helm/audiobookshelf/values.yaml b/clusters/cl01tl/helm/audiobookshelf/values.yaml index 4af74a2c6..de2e313a1 100644 --- a/clusters/cl01tl/helm/audiobookshelf/values.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/values.yaml @@ -4,28 +4,25 @@ audiobookshelf: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/advplyr/audiobookshelf - tag: 2.33.1 - pullPolicy: IfNotPresent + tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708 env: - name: TZ - value: US/Central + value: America/Chicago resources: requests: cpu: 10m - memory: 128Mi + memory: 200Mi apprise-api: image: - repository: caronc/apprise - tag: v1.3.2 - pullPolicy: IfNotPresent + repository: ghcr.io/caronc/apprise + tag: v1.3.2@sha256:1aafc2118b6eae5d70d17831d9a8a52adee7104fd6f2bb018e6421664699c903 env: - name: TZ - value: US/Central + value: America/Chicago - name: PGID value: "1000" - name: PUID @@ -41,10 +38,6 @@ audiobookshelf: secretKeyRef: name: audiobookshelf-apprise-config key: ntfy-url - resources: - requests: - cpu: 10m - memory: 128Mi service: main: controller: main @@ -82,11 +75,8 @@ audiobookshelf: - audiobookshelf.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: audiobookshelf + - name: audiobookshelf port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -97,7 +87,6 @@ audiobookshelf: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi - retain: true advancedMounts: main: main: @@ -108,7 +97,6 @@ audiobookshelf: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: true advancedMounts: main: main: -- 2.49.1 From 6a0e05f54f065f03300ae7fed7292979bb60f87c Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:27:36 -0500 Subject: [PATCH 2/5] feat: add reference --- clusters/cl01tl/helm/audiobookshelf/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml index 89ab61998..d7e522a06 100644 --- a/clusters/cl01tl/helm/audiobookshelf/Chart.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/Chart.yaml @@ -10,7 +10,9 @@ keywords: home: https://docs.alexlebens.dev/applications/audiobookshelf/ sources: - https://github.com/advplyr/audiobookshelf + - https://github.com/caronc/apprise - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf + - https://github.com/caronc/apprise-api/pkgs/container/apprise - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: -- 2.49.1 From 7dbb6952df781a618faa6d3441d613a07ee0469f Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:27:52 -0500 Subject: [PATCH 3/5] feat: refactor authentik --- clusters/cl01tl/helm/authentik/Chart.yaml | 5 +- .../authentik/templates/external-secret.yaml | 3 - clusters/cl01tl/helm/authentik/values.yaml | 63 ++++++++----------- 3 files changed, 28 insertions(+), 43 deletions(-) diff --git a/clusters/cl01tl/helm/authentik/Chart.yaml b/clusters/cl01tl/helm/authentik/Chart.yaml index 835427327..313143d47 100644 --- a/clusters/cl01tl/helm/authentik/Chart.yaml +++ b/clusters/cl01tl/helm/authentik/Chart.yaml @@ -6,10 +6,8 @@ keywords: - authentik - sso - oidc - - ldap - - idp - authentication -home: https://wiki.alexlebens.dev/s/45ca5171-581f-41d2-b6fb-2b0915029a2d +home: https://docs.alexlebens.dev/applications/authentik/ sources: - https://github.com/goauthentik/authentik - https://github.com/cloudflare/cloudflared @@ -17,6 +15,7 @@ sources: - https://github.com/goauthentik/helm - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml index 244e4eb04..dfbf0456a 100644 --- a/clusters/cl01tl/helm/authentik/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/authentik/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/authentik/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/helm/authentik/values.yaml b/clusters/cl01tl/helm/authentik/values.yaml index f3eb618f9..a093e7e91 100644 --- a/clusters/cl01tl/helm/authentik/values.yaml +++ b/clusters/cl01tl/helm/authentik/values.yaml @@ -30,8 +30,23 @@ authentik: redis: host: authentik-valkey server: - name: server - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 700Mi + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 metrics: enabled: true serviceMonitor: @@ -39,8 +54,6 @@ authentik: route: main: enabled: true - apiVersion: gateway.networking.k8s.io/v1 - kind: HTTPRoute hostnames: - authentik.alexlebens.net parentRefs: @@ -48,21 +61,20 @@ authentik: kind: Gateway name: traefik-gateway namespace: traefik - httpsRedirect: false - matches: - - path: - type: PathPrefix - value: / worker: name: worker - replicas: 1 + replicas: 2 + resources: + requests: + cpu: 100m + memory: 512Mi + metrics: + enabled: true + serviceMonitor: + enabled: true prometheus: rules: enabled: true - postgresql: - enabled: false - redis: - enabled: false postgres-18-cluster: mode: recovery recovery: @@ -76,32 +88,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 5 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external -- 2.49.1 From d2f78c8637eab1aa0fe29a146ce9b18f040ba29b Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:28:08 -0500 Subject: [PATCH 4/5] feat: add template to detect authentik versioning --- renovate.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 772ddb0e1..0b2d7e359 100644 --- a/renovate.json +++ b/renovate.json @@ -22,7 +22,8 @@ ], "matchStrings": [ "#\\s*renovate:\\s*datasource=(?.*?) depName=(?.*?)\\s+appVersion:\\s*[\"']?(?[^\"'\\s]+)[\"']?" - ] + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}" }, { "description": "Update images in templates", -- 2.49.1 From 633f511179ac084bab747ad482945c20e11fcabe Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 21:43:09 -0500 Subject: [PATCH 5/5] feat: refactor backrest --- clusters/cl01tl/helm/backrest/Chart.yaml | 5 +++-- clusters/cl01tl/helm/backrest/values.yaml | 13 ++++--------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/clusters/cl01tl/helm/backrest/Chart.yaml b/clusters/cl01tl/helm/backrest/Chart.yaml index bb8e2e422..70d7aaeb0 100644 --- a/clusters/cl01tl/helm/backrest/Chart.yaml +++ b/clusters/cl01tl/helm/backrest/Chart.yaml @@ -5,11 +5,12 @@ description: backrest keywords: - backrest - backup -home: https://wiki.alexlebens.dev/ +home: https://docs.alexlebens.dev/applications/backrest/ sources: - https://github.com/garethgeorge/backrest - - https://hub.docker.com/r/garethgeorge/backrest + - https://github.com/garethgeorge/backrest/pkgs/container/backrest - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/backrest/values.yaml b/clusters/cl01tl/helm/backrest/values.yaml index 21a865abe..83470301e 100644 --- a/clusters/cl01tl/helm/backrest/values.yaml +++ b/clusters/cl01tl/helm/backrest/values.yaml @@ -7,8 +7,8 @@ backrest: containers: main: image: - repository: garethgeorge/backrest - tag: v1.12.1 + repository: ghcr.io/garethgeorge/backrest + tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0 pullPolicy: IfNotPresent env: - name: TZ @@ -24,7 +24,7 @@ backrest: resources: requests: cpu: 10m - memory: 256Mi + memory: 80Mi service: main: controller: main @@ -45,11 +45,8 @@ backrest: - backrest.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: backrest + - name: backrest port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -60,7 +57,6 @@ backrest: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi - retain: true advancedMounts: main: main: @@ -71,7 +67,6 @@ backrest: storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi - retain: true advancedMounts: main: main: -- 2.49.1