alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

feat: refactor apps #5180

Merged
alexlebens merged 2 commits from tmp/refactor-9 into main 2026-03-27 01:07:59 +00:00
Conversation 0 Commits 2 Files Changed 9 +28 -219
9 changed files with 28 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -9,6 +9,7 @@ keywords:
home: https://docs.alexlebens.dev/applications/eraser/ home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/external-secrets/external-secrets - https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/pkgs/container/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets

4
clusters/cl01tl/helm/foldergram/Chart.yaml
View File

@@ -5,10 +5,12 @@ description: Foldergram
keywords: keywords:
- foldergram - foldergram
- pictures - pictures
home: https://wiki.alexlebens.dev/ home: https://docs.alexlebens.dev/applications/foldergram/
sources: sources:
- https://github.com/foldergram/foldergram - https://github.com/foldergram/foldergram
- https://github.com/foldergram/foldergram/pkgs/container/foldergram
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

13
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,12 +4,11 @@ foldergram:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/foldergram/foldergram repository: ghcr.io/foldergram/foldergram
tag: 1.0.6 tag: 1.0.8@sha256:3546dc1da4ec12cb27aaecbf77896d708ac7601eb0225e0f6e181d7ef35273f9
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: IMAGE_DETAIL_SOURCE - name: IMAGE_DETAIL_SOURCE
@@ -24,8 +23,8 @@ foldergram:
value: https://foldergram.alexlebens.net value: https://foldergram.alexlebens.net
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 230Mi
service: service:
main: main:
controller: main controller: main
@@ -46,11 +45,8 @@ foldergram:
- foldergram.alexlebens.net - foldergram.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: foldergram
kind: Service
name: foldergram
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -61,7 +57,6 @@ foldergram:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
retain: false
advancedMounts: advancedMounts:
main: main:
main: main:

5
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -5,15 +5,14 @@ description: FreshRSS
keywords: keywords:
- freshrss - freshrss
- rss - rss
home: https://wiki.alexlebens.dev/s/251cb7cb-2797-4bbb-8597-32757aa96391 home: https://docs.alexlebens.dev/applications/freshrss/
sources: sources:
- https://github.com/FreshRSS/FreshRSS - https://github.com/FreshRSS/FreshRSS
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/freshrss/freshrss - https://hub.docker.com/r/freshrss/freshrss
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

18
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -14,24 +14,15 @@ spec:
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_EMAIL property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_PASSWORD property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
metadataPolicy: None
property: ADMIN_API_PASSWORD property: ADMIN_API_PASSWORD
--- ---
@@ -51,22 +42,13 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/freshrss key: /authentik/oidc/freshrss
metadataPolicy: None
property: crypto-key property: crypto-key

125
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -4,84 +4,11 @@ freshrss:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
initContainers:
init-download-extension-1:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
cd cntools_FreshRssExtensions;
git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-2:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
apk add --no-cache git;
cd /tmp;
git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
cd Extensions;
git sparse-checkout set --no-cone /xExtension-ImageProxy;
git checkout;
rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-ImageProxy
resources:
requests:
cpu: 10m
memory: 128Mi
init-download-extension-3:
securityContext:
runAsUser: 0
image:
repository: alpine
tag: 3.23.3
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
cd /tmp;
wget https://github.com/zimmra/xExtension-karakeep-button/archive/refs/tags/v1.1.tar.gz;
tar -xvzf *.tar.gz;
rm -rf /var/www/FreshRSS/extensions/xExtension-karakeep-button
mkdir /var/www/FreshRSS/extensions/xExtension-karakeep-button
cp -r /tmp/xExtension-karakeep-button-*/* /var/www/FreshRSS/extensions/xExtension-karakeep-button
chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-karakeep-button
resources:
requests:
cpu: 10m
memory: 128Mi
containers: containers:
main: main:
image: image:
repository: freshrss/freshrss repository: freshrss/freshrss
tag: 1.28.1 tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522
pullPolicy: IfNotPresent
env: env:
- name: PGID - name: PGID
value: "568" value: "568"
@@ -151,7 +78,7 @@ freshrss:
name: freshrss-install-secret name: freshrss-install-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 128Mi
service: service:
main: main:
@@ -167,31 +94,11 @@ freshrss:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /var/www/FreshRSS/data - path: /var/www/FreshRSS/data
readOnly: false readOnly: false
extensions:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
init-download-extension-1:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-2:
- path: /var/www/FreshRSS/extensions
readOnly: false
init-download-extension-3:
- path: /var/www/FreshRSS/extensions
readOnly: false
main:
- path: /var/www/FreshRSS/extensions
readOnly: false
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
@@ -205,35 +112,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 20 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: freshrss-data pvcTarget: freshrss-data
moverSecurityContext: moverSecurityContext:
@@ -241,11 +125,6 @@ volsync-target-data:
runAsGroup: 568 runAsGroup: 568
fsGroup: 568 fsGroup: 568
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
supplementalGroups:
- 44
- 100
- 109
- 65539
local: local:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *

9
clusters/cl01tl/helm/garage/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Garage description: Garage
keywords: keywords:
- garage - garage
- storage
- s3 - s3
home: https://wiki.alexlebens.dev/s/ home: https://docs.alexlebens.dev/applications/garage/
sources: sources:
- https://git.deuxfleurs.fr/Deuxfleurs/garage - https://git.deuxfleurs.fr/Deuxfleurs/garage
- https://github.com/khairul169/garage-webui
- https://hub.docker.com/r/dxflrs/garage - https://hub.docker.com/r/dxflrs/garage
- https://hub.docker.com/r/khairul169/garage-webui
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
@@ -18,6 +19,6 @@ dependencies:
alias: garage alias: garage
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
# renovate: datasource=github-releases depName=deuxfleurs-org/garage # renovate: datasource=docker depName=dxflrs/garage
appVersion: v2.1.0 appVersion: v2.1.0

9
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -14,22 +14,13 @@ spec:
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: rpc property: rpc
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: admin property: admin
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/garage/token key: /cl01tl/garage/token
metadataPolicy: None
property: metric property: metric

63
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -4,7 +4,6 @@ garage:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -22,32 +21,18 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 400Mi
debug:
image:
repository: ubuntu
tag: resolute-20260312
pullPolicy: IfNotPresent
command:
- "sleep"
- "infinity"
resources:
requests:
cpu: 10m
memory: 32Mi
server-2: server-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -65,20 +50,18 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 400Mi
server-3: server-3:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
pod: pod:
labels: labels:
garage-type: server garage-type: server
@@ -96,26 +79,23 @@ garage:
main: main:
image: image:
repository: dxflrs/garage repository: dxflrs/garage
tag: v2.2.0 tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
pullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token-secret name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 400Mi
webui: webui:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: khairul169/garage-webui repository: khairul169/garage-webui
tag: 1.1.0 tag: 1.1.0@sha256:17c793551873155065bf9a022dabcde874de808a1f26e648d4b82e168806439c
pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-main.garage:3903
@@ -128,8 +108,8 @@ garage:
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 10Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -320,11 +300,8 @@ garage:
- garage-webui.alexlebens.net - garage-webui.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: garage-webui
kind: Service
name: garage-webui
port: 3909 port: 3909
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -340,11 +317,8 @@ garage:
- garage-s3.alexlebens.net - garage-s3.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: garage-main
kind: Service
name: garage-main
port: 3900 port: 3900
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -361,11 +335,6 @@ garage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: garage-1.toml subPath: garage-1.toml
debug:
- path: /etc/garage.toml
readOnly: true
mountPropagation: None
subPath: garage-1.toml
server-2: server-2:
main: main:
- path: /etc/garage.toml - path: /etc/garage.toml
@@ -389,21 +358,16 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/meta - path: /var/lib/garage/meta
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/meta
readOnly: false
db-2: db-2:
forceRename: garage-db-2 forceRename: garage-db-2
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-2: server-2:
main: main:
@@ -414,7 +378,6 @@ garage:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 50Gi size: 50Gi
retain: true
advancedMounts: advancedMounts:
server-3: server-3:
main: main:
@@ -425,15 +388,11 @@ garage:
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 800Gi size: 800Gi
retain: true
advancedMounts: advancedMounts:
server-1: server-1:
main: main:
- path: /var/lib/garage/data - path: /var/lib/garage/data
readOnly: false readOnly: false
debug:
- path: /var/lib/garage/data
readOnly: false
data-2: data-2:
forceRename: garage-data-2 forceRename: garage-data-2
storageClass: synology-iscsi-delete storageClass: synology-iscsi-delete