kube-prometheus-stack:
  crds:
    enabled: false
  defaultRules:
    create: true
    rules:
      kubeControllerManager: false
      kubeSchedulerAlerting: false
      kubeSchedulerRecording: false
  global:
    rbac:
      create: true
      createAggregateClusterRoles: true
  alertmanager:
    enabled: true
    config:
      route:
        group_by: ["namespace","alertname"]
        group_wait: 30s
        group_interval: 5m
        repeat_interval: 24h
        receiver: discord
        routes:
          - receiver: "null"
            matchers:
              - alertname = "Watchdog"
          - receiver: 'pushover'
            group_wait: 10s
            group_interval: 5m
            repeat_interval: 24h
            matchers:
              - severity = "critical"
      receivers:
        - name: "null"
        - name: discord
          discord_configs:
            - send_resolved: true
              webhook_url: https://discord.com/api/webhooks/1215465356315983922/CSaWG3SygslTNQo0uw07FB-0eKGl9nw2kDAqbAfH7JMe1ExVin8UvjlP4qkJoEyjDawz
        - name: pushover
          pushover_configs:
            - send_resolved: true
              user_key_file: /etc/alertmanager/secrets/alertmanager-config-secret/user_key
              token_file: /etc/alertmanager/secrets/alertmanager-config-secret/pushover_token
    ingress:
      enabled: true
      ingressClassName: tailscale
      hosts:
        - alertmanager-cl01tl
      tls:
        - secretName: alertmanager-cl01tl
          hosts:
            - alertmanager-cl01tl
    alertmanagerSpec:
      secrets:
        - alertmanager-config-secret
      replicas: 1
    externalUrl: https://alertmanager-cl01tl.boreal-beaufort.ts.net
  grafana:
    enabled: false
  kubeApiServer:
    tlsConfig:
      insecureSkipVerify: true
  kubeControllerManager:
    enabled: false
  kubeScheduler:
    enabled: false
  kubeProxy:
    enabled: false
  kube-state-metrics:
    selfMonitor:
      enabled: true
  nodeExporter:
    operatingSystems:
      darwin:
        enabled: false
  prometheusOperator:
    admissionWebhooks:
      enabled: true
    namespaces:
      releaseNamespace: true
      additional:
        - kube-system
        - argo-workflows
        - argocd
        - authentik
        - blocky
        - cert-manager
        - cloudnative-pg
        - descheduler
        - directus
        - external-dns
        - freshrss
        - generic-device-plugin
        - ghost
        - gitea
        - grafana
        - hoarder
        - home-assistant
        - immich
        - jellystat
        - koel
        - kyoo
        - lidarr2
        - linkwarden
        - local-static-provisioner
        - loki
        - matrix-synapse
        - ollama
        - outline
        - penpot
        - plane
        - qbittorrent
        - radarr5
        - radarr5-4k
        - readarr-audiobooks
        - readarr-books
        - reloader
        - rook-ceph
        - roundcube
        - ryot
        - sonarr4
        - sonarr4-4k
        - speedtest-exporter
        - spegel
        - stalwart
        - taiga
        - tdarr
        - traefik
        - trivy
        - unpoller
        - vault
        - vaultwarden
        - vikunja
        - volsync
  prometheus:
    ingress:
      enabled: true
      ingressClassName: tailscale
      hosts:
        - prometheus-cl01tl
      tls:
        - secretName: prometheus-cl01tl
          hosts:
            - prometheus-cl01tl
    prometheusSpec:
      scrapeInterval: 30s
      retention: 30d
      externalUrl: https://prometheus-cl01tl.boreal-beaufort.ts.net
      serviceMonitorSelectorNilUsesHelmValues: false
      podMonitorSelectorNilUsesHelmValues: false
      storageSpec:
        volumeClaimTemplate:
          spec:
            storageClassName: ceph-block
            accessModes: ["ReadWriteOnce"]
            resources:
              requests:
                storage: 100Gi