alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

feat: refactor apps #5183

Merged
alexlebens merged 2 commits from tmp/refactor-10 into main 2026-03-27 02:02:48 +00:00
Conversation 0 Commits 2 Files Changed 9 +48 -160
9 changed files with 48 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/helm/foldergram/values.yaml
View File

@@ -4,6 +4,10 @@ foldergram:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers: containers:
main: main:
image: image:

8
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -4,16 +4,14 @@ version: 1.0.0
description: Gatus description: Gatus
keywords: keywords:
- gatus - gatus
- healthcheck - uptime-monitor
- uptime home: https://docs.alexlebens.dev/applications/gatus/
- metrics
home: https://wiki.alexlebens.dev/s/2a2b0c83-81c7-49e3-aafc-daff4ff23ce2
sources: sources:
- https://github.com/TwiN/gatus - https://github.com/TwiN/gatus
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/TwiN/gatus/pkgs/container/gatus - https://github.com/TwiN/gatus/pkgs/container/gatus
- https://github.com/TwiN/helm-charts/tree/master/charts/gatus - https://github.com/TwiN/helm-charts/tree/master/charts/gatus
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:

9
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /ntfy/user/cl01tl key: /ntfy/user/cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -37,15 +34,9 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gatus key: /authentik/oidc/gatus
metadataPolicy: None
property: secret property: secret

55
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -1,27 +1,16 @@
gatus: gatus:
deployment: deployment:
strategy: Recreate strategy: RollingUpdate
readinessProbe: annotateConfigChecksum: true
enabled: true revisionHistoryLimit: 3
livenessProbe:
enabled: true
image: image:
repository: ghcr.io/twin/gatus repository: ghcr.io/twin/gatus
tag: v5.35.0 tag: v5.35.0@sha256:21609f31be8c4e680ce3004b24276305666239c99aff58391503f3fb6142f39d
annotations: annotations:
reloader.stakater.com/auto: "true" reloader.stakater.com/auto: "true"
service:
type: ClusterIP
port: 80
targetPort: 8080
portName: http
ingress:
enabled: false
gateway: gateway:
apiVersion: gateway.networking.k8s.io/v1
route: route:
enabled: true enabled: true
path: /
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
kind: Gateway kind: Gateway
@@ -73,24 +62,13 @@ gatus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 20Mi
persistence: persistence:
enabled: true enabled: true
size: 1Gi size: 1Gi
mountPath: /data
accessModes:
- ReadWriteOnce
finalizers:
- kubernetes.io/pvc-protection
storageClassName: ceph-block storageClassName: ceph-block
serviceMonitor: serviceMonitor:
enabled: true enabled: true
interval: 1m
path: /metrics
scheme: http
scrapeTimeout: 30s
networkPolicy:
enabled: false
config: config:
metrics: true metrics: true
connectivity: connectivity:
@@ -425,35 +403,12 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 25 14 * * *" schedule: "0 25 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-data: volsync-target-data:
pvcTarget: gatus pvcTarget: gatus
local: local:

3
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -5,8 +5,7 @@ description: Generic Device Plugin
keywords: keywords:
- generic-device-plugin - generic-device-plugin
- device - device
- plugin home: https://docs.alexlebens.dev/applications/generic-device-plugin/
home: https://wiki.alexlebens.dev/s/ee9ba1be-119c-4e83-aea9-b087481554f2
sources: sources:
- https://github.com/squat/generic-device-plugin - https://github.com/squat/generic-device-plugin
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/generic-device-plugin

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: gitea - name: gitea
repository: https://dl.gitea.io/charts/ repository: https://dl.gitea.com/charts/
version: 12.5.0 version: 12.5.0
- name: actions - name: actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:65910bce24fc36bd8e3e4ab0d79c2a18ae076b34aff28bfea8a60598707fe617 digest: sha256:49862b06fe4884f504d0a892cb899f577262b584053b64a3504bacaf96d70f39
generated: "2026-03-26T16:02:55.325421053Z" generated: "2026-03-26T20:59:30.690577-05:00"

13
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -5,29 +5,28 @@ description: Gitea
keywords: keywords:
- gitea - gitea
- git - git
- code home: https://docs.alexlebens.dev/applications/gitea/
home: https://wiki.alexlebens.dev/s/94060f71-fd05-4f78-9af2-053f8f221acd
sources: sources:
- https://github.com/go-gitea/gitea - https://github.com/go-gitea/gitea
- https://github.com/renovatebot/renovate - https://github.com/renovatebot/renovate
- https://github.com/Angatar/s3cmd - https://github.com/Angatar/s3cmd
- https://github.com/meilisearch/meilisearch - https://github.com/meilisearch/meilisearch
- https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/gitea/gitea - https://hub.docker.com/r/gitea/gitea
- https://hub.docker.com/r/renovate/renovate - https://hub.docker.com/r/renovate/renovate
- https://hub.docker.com/r/d3fk/s3cmd/ - https://hub.docker.com/r/d3fk/s3cmd/
- https://gitea.com/gitea/helm-chart - https://gitea.com/gitea/helm-chart
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.com/gitea/helm-actions
- https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: gitea - name: gitea
version: 12.5.0 version: 12.5.0
repository: https://dl.gitea.io/charts/ repository: https://dl.gitea.com/charts/
- name: actions - name: actions
alias: gitea-actions alias: gitea-actions
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
@@ -54,6 +53,6 @@ dependencies:
alias: volsync-target-storage alias: volsync-target-storage
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.25.5

42
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -14,17 +14,11 @@ spec:
data: data:
- secretKey: username - secretKey: username
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: username property: username
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/auth/admin key: /cl01tl/gitea/auth/admin
metadataPolicy: None
property: password property: password
--- ---
@@ -44,17 +38,11 @@ spec:
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/gitea key: /authentik/oidc/gitea
metadataPolicy: None
property: client property: client
--- ---
@@ -74,10 +62,7 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/runner key: /cl01tl/gitea/runner
metadataPolicy: None
property: token property: token
--- ---
@@ -97,38 +82,23 @@ spec:
data: data:
- secretKey: RENOVATE_ENDPOINT - secretKey: RENOVATE_ENDPOINT
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_ENDPOINT property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR - secretKey: RENOVATE_GIT_AUTHOR
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_GIT_AUTHOR property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN - secretKey: RENOVATE_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: RENOVATE_TOKEN property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY - secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN - secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /github/gitea-cl01tl key: /github/gitea-cl01tl
metadataPolicy: None
property: token property: token
--- ---
@@ -148,24 +118,15 @@ spec:
data: data:
- secretKey: config - secretKey: config
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: ssh_config property: ssh_config
- secretKey: id_rsa - secretKey: id_rsa
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa property: id_rsa
- secretKey: id_rsa.pub - secretKey: id_rsa.pub
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/renovate key: /cl01tl/gitea/renovate
metadataPolicy: None
property: id_rsa.pub property: id_rsa.pub
--- ---
@@ -191,8 +152,5 @@ spec:
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/gitea/meilisearch key: /cl01tl/gitea/meilisearch
metadataPolicy: None
property: MEILI_MASTER_KEY property: MEILI_MASTER_KEY

68
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -2,9 +2,14 @@ gitea:
global: global:
imageRegistry: registry.hub.docker.com imageRegistry: registry.hub.docker.com
replicaCount: 3 replicaCount: 3
strategy:
type: "RollingUpdate"
rollingUpdate:
maxSurge: "100%"
maxUnavailable: 1
image: image:
repository: gitea/gitea repository: gitea/gitea
tag: 1.25.5 tag: 1.25.5@sha256:f846d26a4fc389c5806a580a765e00bfdd1fd181e6f2060da98ea2669d914472
service: service:
http: http:
type: ClusterIP type: ClusterIP
@@ -14,8 +19,10 @@ gitea:
type: ClusterIP type: ClusterIP
port: 22 port: 22
clusterIP: 10.103.160.140 clusterIP: 10.103.160.140
ingress: resources:
enabled: false requests:
cpu: 1000m
memory: 600Mi
persistence: persistence:
storageClass: ceph-filesystem storageClass: ceph-filesystem
size: 40Gi size: 40Gi
@@ -41,7 +48,7 @@ gitea:
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: false enabled: true
oauth: oauth:
- name: Authentik - name: Authentik
provider: openidConnect provider: openidConnect
@@ -139,9 +146,10 @@ gitea-actions:
replicas: 6 replicas: 6
timezone: America/Chicago timezone: America/Chicago
actRunner: actRunner:
registry: "" registry: registry.hub.docker.com
repository: gitea/act_runner repository: gitea/act_runner
tag: 0.2.13 # renovate: datasource=docker depName=gitea/act_runner
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
config: | config: |
log: log:
level: debug level: debug
@@ -154,17 +162,19 @@ gitea-actions:
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04" - "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
dind: dind:
registry: "" registry: registry.hub.docker.com
repository: docker repository: docker
tag: 28.3.3-dind # renovate: datasource=docker depName=docker
tag: 29.3.1-dind@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
persistence: persistence:
storageClass: ceph-block storageClass: ceph-block
size: 5Gi size: 10Gi
init: init:
image: image:
registry: "" registry: registry.hub.docker.com
repository: busybox repository: busybox
tag: "1.37.0" # renovate: datasource=docker depName=busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
existingSecret: gitea-runner-secret existingSecret: gitea-runner-secret
existingSecretKey: token existingSecretKey: token
giteaRootURL: http://gitea-http.gitea:3000 giteaRootURL: http://gitea-http.gitea:3000
@@ -175,17 +185,14 @@ meilisearch:
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: gitea-meilisearch-master-key-secret existingMasterKeySecret: gitea-meilisearch-master-key-secret
service:
type: ClusterIP
port: 7700
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block
size: 5Gi size: 5Gi
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 160Mi
serviceMonitor: serviceMonitor:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:
@@ -193,8 +200,8 @@ postgres-18-cluster:
cluster: cluster:
resources: resources:
requests: requests:
memory: 1Gi cpu: 100m
cpu: 200m memory: 100Mi
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
@@ -206,41 +213,18 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 7 * * *" schedule: "0 0 7 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea: valkey-gitea:
valkey: valkey:
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
memory: 256Mi memory: 2Gi
dataStorage: dataStorage:
requestedSize: 10Gi requestedSize: 10Gi
replica: replica: