martyn/infra4talos
1
0
Fork 0
Code Issues Pull requests 10 Projects Releases Packages Wiki Activity

Compare commits

base: martyn:720663267fa556b69e64c8dba71cc8048d0078ec
Branches Tags
martyn:main
martyn:renovate/ghcr.io-haveagitgat-tdarr-2.x
martyn:renovate/ghcr.io-home-assistant-home-assistant-2024.x
martyn:renovate/fallenbagel-jellyseerr-1.x
martyn:renovate/codercom-code-server-4.x
martyn:renovate/cilium-1.x
martyn:renovate/docker.io-bitnami-postgresql-11.x
martyn:renovate/code.forgejo.org-forgejo-runner-3.x
martyn:renovate/chocobozzz-peertube-5.x
martyn:renovate/postgres-operator-1.x
martyn:renovate/longhorn-1.x
martyn:martyn-test-notifications
..
compare: martyn:d38a784ad887f0ccf98c8696727b69cd80c969cd
Branches Tags
martyn:renovate/ghcr.io-haveagitgat-tdarr-2.x
martyn:main
martyn:renovate/ghcr.io-home-assistant-home-assistant-2024.x
martyn:renovate/fallenbagel-jellyseerr-1.x
martyn:renovate/codercom-code-server-4.x
martyn:renovate/cilium-1.x
martyn:renovate/docker.io-bitnami-postgresql-11.x
martyn:renovate/code.forgejo.org-forgejo-runner-3.x
martyn:renovate/chocobozzz-peertube-5.x
martyn:renovate/postgres-operator-1.x
martyn:renovate/longhorn-1.x
martyn:martyn-test-notifications

21 commits
720663267f ... d38a784ad8

Author SHA1 Message Date
Renovate bot
d38a784ad8 Update codercom/code-server Docker tag to v4.97.2 2025-02-28 14:56:38 +00:00
Martyn
fe47d6faa2 Merge pull request 'Update Helm release cert-manager to v1.17.1' (#14) from renovate/cert-manager-1.x into main 
Reviewed-on: #14
 2025-02-28 14:43:48 +00:00
Renovate bot
65f6d756e4 Update Helm release cert-manager to v1.17.1 2025-02-28 14:41:35 +00:00
Martyn Ranyard
6b3f66c107 Json comma 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-28 14:40:48 +00:00
Martyn Ranyard
9ec0603e19 Renovate add argocd match 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-28 14:29:40 +00:00
Martyn Ranyard
9a3ef783bc Upgrade time then 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 18:53:51 +00:00
Martyn Ranyard
2b77dc4c6a crawlers go away 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 18:47:41 +00:00
Martyn Ranyard
6b611bf1dc use wildcard 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 18:04:33 +00:00
Martyn Ranyard
cf71027b98 use wildcard 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 17:59:05 +00:00
Martyn Ranyard
4d771b4de6 use wildcard 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 17:57:25 +00:00
Martyn Ranyard
441420c864 Use default secret for all ingresses 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 17:47:59 +00:00
Martyn Ranyard
8f8203a9f4 use wildcard 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 17:45:48 +00:00
Martyn Ranyard
2e59f86c84 Use the wildcard secret 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 14:04:19 +00:00
Martyn Ranyard
7e10310707 Pin release and bump 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 12:25:57 +00:00
Martyn Ranyard
3705e6c168 Pin bump 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 12:21:24 +00:00
Martyn Ranyard
3cb6b88714 bump and clean 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 12:16:57 +00:00
Martyn Ranyard
3238ae79f6 Remove old shares 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 12:07:48 +00:00
Martyn Ranyard
7a0750c79c Upgrade and colocate with the media 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 12:04:21 +00:00
Martyn Ranyard
6be6475c6e Try and get samba and the disks on the mostly disk node 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 09:29:20 +00:00
Martyn Ranyard
44c78e0687 Well, that didn't work 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 06:51:36 +00:00
Martyn Ranyard
f39e5bf24f Upgrade time 
Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
 2025-02-25 06:40:39 +00:00
22 changed files with 59 additions and 75 deletions
Show stats Expand all files Collapse all files

26
apps-kustomized/airsonic-advanced/ingress.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
name: airsonic-advanced
spec:
ingressClassName: nginx
rules:
- host: airsonic.martyn.berlin
http:
paths:
- backend:
service:
name: airsonic-advanced
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- airsonic.martyn.berlin

2
apps-kustomized/bucket/ingress.yaml
View file

@ -34,7 +34,5 @@ spec:
tls:
- hosts:
- files.martyn.berlin
secretName: files-tls
- hosts:
- files-a89a4194-3742-498e-8c6c-37128fdb9291.martyn.berlin
secretName: long-name-files-tls

2
apps-kustomized/cryptpad/ingress.yaml
View file

@ -28,7 +28,6 @@ spec:
tls:
- hosts:
- cryptpad.martyn.berlin
secretName: cryptpad-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -60,4 +59,3 @@ spec:
tls:
- hosts:
- cryptpad-safe.martyn.berlin
secretName: cryptpad-safe-tls

1
apps-kustomized/external-mqtt/ing.yaml
View file

@ -10,7 +10,6 @@ spec:
tls:
- hosts:
- iot.martyn.berlin
secretName: mosquitto-certs
rules:
- host: iot.martyn.berlin
http:

1
apps-kustomized/forgejo/ingress.yaml
View file

@ -26,4 +26,3 @@ spec:
tls:
- hosts:
- git.martyn.berlin
secretName: forgejo-tls

14
apps-kustomized/jellyfin/deployment.yaml
View file

@ -31,7 +31,7 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: docker.io/jellyfin/jellyfin:10.10.5
image: docker.io/jellyfin/jellyfin:10.10.6
imagePullPolicy: Always
name: jellyfin
ports:
@ -49,16 +49,12 @@ spec:
cpu: 163m
# memory: 3861631195
volumeMounts:
- mountPath: /data2/media
name: runningseries
- mountPath: /films
name: films
- mountPath: /config
name: jellyfin-config
- mountPath: /music
name: music
- mountPath: /oldbigseries
name: oldseries
- mountPath: /config/transcodes
name: transcodes
- mountPath: /dev/dri
@ -70,12 +66,9 @@ spec:
dnsPolicy: ClusterFirst
nodeSelector:
intel.feature.node.kubernetes.io/gpu: "true"
oldname: i9worker
kubernetes.io/hostname: talos-llu-kx3
terminationGracePeriodSeconds: 30
volumes:
- persistentVolumeClaim:
claimName: smb-series
name: runningseries
- name: jellyfin-config
persistentVolumeClaim:
claimName: jellyfin-config
@ -88,9 +81,6 @@ spec:
- persistentVolumeClaim:
claimName: smb-films
name: films
- persistentVolumeClaim:
claimName: smb-oldseries
name: oldseries
- hostPath:
path: /dev/dri
type: Directory

24
apps-kustomized/jellyfin/pvc-smb.yaml
View file

@ -1,29 +1,5 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: smb-series
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: smb-series
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: smb-oldseries
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: smb-oldseries
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: smb-music
spec:

1
apps-kustomized/jellyseerr/ingress.yaml
View file

@ -23,4 +23,3 @@ spec:
tls:
- hosts:
- requests.martyn.berlin
secretName: requests-tls

1
apps-kustomized/nextcloud/ingress.yaml
View file

@ -25,4 +25,3 @@ spec:
tls:
- hosts:
- nextcloud.martyn.berlin
secretName: nextcloud-tls

2
apps-kustomized/radarr/deploy.yaml
View file

@ -18,7 +18,7 @@ spec:
app: radarr
spec:
containers:
- image: hotio/radarr:release
- image: hotio/radarr:release-5.18.4.9674
imagePullPolicy: IfNotPresent
name: radarr
ports:

2
apps-kustomized/sabnzbd/deploy.yaml
View file

@ -16,7 +16,7 @@ spec:
app: sabnzbd
spec:
containers:
- image: lscr.io/linuxserver/sabnzbd:latest
- image: lscr.io/linuxserver/sabnzbd:4.4.1
imagePullPolicy: Always
name: sabnzbd
terminationMessagePath: /dev/termination-log

7
apps-kustomized/sonarr/deploy.yaml
View file

@ -16,7 +16,7 @@ spec:
app: sonarr
spec:
containers:
- image: hotio/sonarr:release-4.0.1.929
- image: hotio/sonarr:release-4.0.13.2932
imagePullPolicy: Always
name: sonarr
ports:
@ -32,8 +32,6 @@ spec:
name: config
- mountPath: /data
name: data
- mountPath: /series
name: series
- mountPath: /combinedseries
name: combinedseries
dnsPolicy: ClusterFirst
@ -44,9 +42,6 @@ spec:
- name: config
persistentVolumeClaim:
claimName: sonarr-config-data
- name: series
persistentVolumeClaim:
claimName: smb-series
- name: combinedseries
persistentVolumeClaim:
claimName: smb-combinedseries

12
apps-kustomized/sonarr/pvc-smb.yaml
View file

@ -1,17 +1,5 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: smb-series
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: smb-series
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: smb-combinedseries
spec:

1
apps-kustomized/writefreely/ingress.yaml
View file

@ -23,4 +23,3 @@ spec:
tls:
- hosts:
- musings.martyn.berlin
secretName: musings-tls

11
everything-app/app-ingress-nginx.yaml
View file

@ -11,7 +11,7 @@ spec:
source:
chart: ingress-nginx
repoURL: https://kubernetes.github.io/ingress-nginx
targetRevision: 4.8.3
targetRevision: 4.12.0
helm:
parameters:
- name: controller.service.type
@ -24,6 +24,15 @@ spec:
value: "351198544"
- name: controller.extraArgs.default-ssl-certificate
value: "cluster-ingress/cluster-ingress-wildcard"
- name: controller.config.http-snippet
value: |-
more_set_headers -a "X-Robots-Tag: noai";
more_set_headers -a "X-Robots-Tag: Google-Extended: none";
more_set_headers -a "X-Robots-Tag: GPTBot: none";
more_set_headers -a "X-Robots-Tag: ChatGPT-User: none";
more_set_headers -a "X-Robots-Tag: anthropic-ai: none";
more_set_headers -a "X-Robots-Tag: CCBot: none";
more_set_headers -a "X-Robots-Tag: semrushbot: none";
syncPolicy:
automated:
selfHeal: true

2
everything-app/app-letsencrypt.yaml
View file

@ -11,7 +11,7 @@ spec:
source:
chart: cert-manager
repoURL: https://charts.jetstack.io
targetRevision: v1.13.1
targetRevision: v1.17.1
helm:
parameters:
- name: installCRDs

3
everything-app/bikerwitch.yaml
View file

@ -36,8 +36,7 @@ spec:
paths:
- /
tls:
- secretName: bikerwitch-tls
hosts:
- hosts:
- bikerwitch.martyn.berlin
- www.bikerwitch.org.uk
path: apps-helm/drupal

2
everything-app/garage.yaml
View file

@ -41,7 +41,6 @@ spec:
tls:
- hosts:
- "s3.files.martyn.berlin"
secretName: s3-le-secret
hosts:
- host: s3.files.martyn.berlin
paths:
@ -56,7 +55,6 @@ spec:
tls:
- hosts:
- "files.martyn.berlin"
secretName: files-le-secret
hosts:
- host: files.martyn.berlin
paths:

2
everything-app/longhorn.yaml
View file

@ -25,7 +25,7 @@ spec:
value: "false"
chart: longhorn
repoURL: https://charts.longhorn.io
targetRevision: 1.6.0
targetRevision: 1.6.4
syncPolicy:
automated:
selfHeal: true

3
everything-app/ntfy.yaml
View file

@ -46,8 +46,7 @@ spec:
- path: /
pathType: Prefix
tls:
- secretName: ntfy-tls
hosts:
- hosts:
- ntfy.martyn.berlin
ntfy:

10
everything-app/samba-slow-big.yaml
View file

@ -24,6 +24,16 @@ spec:
users:
- username: martyn
password: "564628"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- talos-llu-kx3
persistence:
combineShares: true
sharesToCombine:

5
renovate.json
View file

@ -1,3 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"argocd": {
"fileMatch": ["everything-app/.+\\.yaml$"]
}
}