diff --git a/assets/2025-09-06-12-29-07.png b/assets/2025-09-06-12-29-07.png new file mode 100644 index 0000000..98de0bb Binary files /dev/null and b/assets/2025-09-06-12-29-07.png differ diff --git a/assets/2025-09-06-12-29-15.png b/assets/2025-09-06-12-29-15.png new file mode 100644 index 0000000..98de0bb Binary files /dev/null and b/assets/2025-09-06-12-29-15.png differ diff --git a/assets/2025-09-06-12-29-26.png b/assets/2025-09-06-12-29-26.png new file mode 100644 index 0000000..98de0bb Binary files /dev/null and b/assets/2025-09-06-12-29-26.png differ diff --git a/charts/apps/gitea/templates/deployment.yaml b/charts/apps/gitea/templates/deployment.yaml index 5225374..7c6de86 100644 --- a/charts/apps/gitea/templates/deployment.yaml +++ b/charts/apps/gitea/templates/deployment.yaml @@ -1,23 +1,23 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: '{{ .Release.Name }}' + name: "{{ .Release.Name }}" spec: strategy: type: Recreate replicas: 1 selector: matchLabels: - app: '{{ .Release.Name }}' + app: "{{ .Release.Name }}" template: metadata: labels: - app: '{{ .Release.Name }}' + app: "{{ .Release.Name }}" spec: containers: - - name: '{{ .Release.Name }}' - image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' - imagePullPolicy: '{{ .Values.image.pullPolicy }}' + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" ports: - name: http containerPort: 3000 @@ -36,64 +36,66 @@ spec: name: data env: - name: TZ - value: '{{ .Values.globals.timezone }}' + value: "{{ .Values.globals.timezone }}" - name: USER_UID - value: '1000' + value: "1000" - name: USER_GID - value: '1000' + value: "1000" + - name: GITEA__server__SSH_DOMAIN + value: gitea-ssh.olsen.cloud - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD - value: 'true' + value: "true" #- name: GITEA__service__ENABLE_BASIC_AUTHENTICATION # value: 'true' - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM - value: 'false' + value: "false" - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE - value: 'true' + value: "true" - name: GITEA__service__DEFAULT_USER_IS_RESTRICTED - value: 'true' + value: "true" - name: GITEA__service__DEFAULT_USER_VISIBILITY - value: 'private' + value: "private" - name: GITEA__service__DEFAULT_ORG_VISIBILITY - value: 'private' + value: "private" - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION - value: 'true' + value: "true" - name: GITEA__other__SHOW_FOOTER_POWERED_BY - value: 'false' + value: "false" - name: GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME - value: 'false' + value: "false" - name: GITEA__other__SHOW_FOOTER_VERSION - value: 'false' + value: "false" - name: GITEA__repository__ENABLE_PUSH_CREATE_USER - value: 'true' + value: "true" - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG - value: 'true' + value: "true" - name: GITEA__openid__ENABLE_OPENID_SIGNIN - value: 'false' + value: "false" - name: GITEA__openid__ENABLE_OPENID_SIGNUP - value: 'false' + value: "false" - name: GITEA__database__DB_TYPE value: postgres - name: GITEA__database__NAME valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: database - name: GITEA__database__HOST valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: host - name: GITEA__database__USER valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: user - name: GITEA__database__PASSWD valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: password volumes: - name: data persistentVolumeClaim: - claimName: '{{ .Release.Name }}-data' + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/home-assistant/Chart.yaml b/charts/apps/home-assistant/Chart.yaml new file mode 100644 index 0000000..a245983 --- /dev/null +++ b/charts/apps/home-assistant/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: home-assistant diff --git a/charts/apps/home-assistant/templates/deployment.yaml b/charts/apps/home-assistant/templates/deployment.yaml new file mode 100644 index 0000000..b0933c2 --- /dev/null +++ b/charts/apps/home-assistant/templates/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + hostNetwork: true + + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + env: + - name: TZ + value: "{{ .Values.globals.timezone }}" + ports: + - name: http + containerPort: 8123 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /config + name: config + securityContext: + privileged: true + volumes: + - name: config + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-config" diff --git a/charts/apps/home-assistant/templates/http-service.yaml b/charts/apps/home-assistant/templates/http-service.yaml new file mode 100644 index 0000000..89df8bf --- /dev/null +++ b/charts/apps/home-assistant/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local" + port: + number: 80 diff --git a/charts/apps/home-assistant/templates/pvc.yaml b/charts/apps/home-assistant/templates/pvc.yaml new file mode 100644 index 0000000..8cbd0b4 --- /dev/null +++ b/charts/apps/home-assistant/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-config" +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "{{ .Values.globals.environment }}" diff --git a/charts/apps/home-assistant/templates/service.yaml b/charts/apps/home-assistant/templates/service.yaml new file mode 100644 index 0000000..2e04e50 --- /dev/null +++ b/charts/apps/home-assistant/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8123 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/home-assistant/values.yaml b/charts/apps/home-assistant/values.yaml new file mode 100644 index 0000000..e7fcbbf --- /dev/null +++ b/charts/apps/home-assistant/values.yaml @@ -0,0 +1,8 @@ +globals: + environment: prod + timezone: Europe/Amsterdam +image: + repository: ghcr.io/home-assistant/home-assistant + tag: stable + pullPolicy: IfNotPresent +subdomain: home-assistant diff --git a/charts/apps/music-assistant/Chart.yaml b/charts/apps/music-assistant/Chart.yaml new file mode 100644 index 0000000..274c312 --- /dev/null +++ b/charts/apps/music-assistant/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: music-assistant diff --git a/charts/apps/music-assistant/templates/deployment.yaml b/charts/apps/music-assistant/templates/deployment.yaml new file mode 100644 index 0000000..2014210 --- /dev/null +++ b/charts/apps/music-assistant/templates/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + hostNetwork: true + + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + ports: + - name: http + containerPort: 8095 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /data + name: data + securityContext: + capabilities: + add: + - SYS_ADMIN + - DAC_READ_SEARCH + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/music-assistant/templates/http-service.yaml b/charts/apps/music-assistant/templates/http-service.yaml new file mode 100644 index 0000000..89df8bf --- /dev/null +++ b/charts/apps/music-assistant/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local" + port: + number: 80 diff --git a/charts/apps/music-assistant/templates/pvc.yaml b/charts/apps/music-assistant/templates/pvc.yaml new file mode 100644 index 0000000..aeca898 --- /dev/null +++ b/charts/apps/music-assistant/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-data" +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "{{ .Values.globals.environment }}" diff --git a/charts/apps/music-assistant/templates/service.yaml b/charts/apps/music-assistant/templates/service.yaml new file mode 100644 index 0000000..aa43db4 --- /dev/null +++ b/charts/apps/music-assistant/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8095 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/music-assistant/values.yaml b/charts/apps/music-assistant/values.yaml new file mode 100644 index 0000000..daca896 --- /dev/null +++ b/charts/apps/music-assistant/values.yaml @@ -0,0 +1,7 @@ +globals: + environment: prod +image: + repository: ghcr.io/music-assistant/server + tag: latest + pullPolicy: IfNotPresent +subdomain: music-assistant diff --git a/charts/apps/photoprism/Chart.yaml b/charts/apps/photoprism/Chart.yaml new file mode 100644 index 0000000..00f15a7 --- /dev/null +++ b/charts/apps/photoprism/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: photoprism diff --git a/charts/apps/photoprism/templates/client.yaml b/charts/apps/photoprism/templates/client.yaml new file mode 100644 index 0000000..3aa633c --- /dev/null +++ b/charts/apps/photoprism/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + redirectUris: + - path: /api/v1/oidc/redirect + subdomain: "{{ .Values.subdomain }}" + matchingMode: strict diff --git a/charts/apps/photoprism/templates/deployment.yaml b/charts/apps/photoprism/templates/deployment.yaml new file mode 100644 index 0000000..1bf7618 --- /dev/null +++ b/charts/apps/photoprism/templates/deployment.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + env: + - name: PHOTOPRISM_UPLOAD_NSFW + value: "true" + - name: PHOTOPRISM_SITE_URL + value: "https://{{ .Values.subdomain }}.olsen.cloud" #TODO + # - name: PHOTOPRISM_UID + # value: "1000" + # - name: PHOTOPRISM_GID + # value: "1000" + # - name: PHOTOPRISM_DISABLE_CHOWN + # value: "true" + - name: PHOTOPRISM_AUTH_MODE + value: password + - name: PHOTOPRISM_DISABLE_TLS + value: "false" + - name: PHOTOPRISM_READONLY + value: "false" + - name: PHOTOPRISM_HTTP_COMPRESSION + value: "gzip" + + - name: PHOTOPRISM_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-secrets" + key: password + - name: PHOTOPRISM_OIDC_SCOPES + value: "openid email profile offline_access" + - name: PHOTOPRISM_OIDC_PROVIDER + value: Authentik + - name: PHOTOPRISM_OIDC_ICON + value: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png + - name: PHOTOPRISM_OIDC_REGISTER + value: "true" + - name: PHOTOPRISM_OIDC_REDIRECT + value: "false" + - name: PHOTOPRISM_OIDC_CLIENT + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientId + - name: PHOTOPRISM_OIDC_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientSecret + - name: PHOTOPRISM_OIDC_URI + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: configurationIssuer + ports: + - name: http + containerPort: 2342 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /photoprism/storage + name: data + - mountPath: /photoprism/originals + name: originals + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-data" + - name: originals + persistentVolumeClaim: + claimName: pictures diff --git a/charts/apps/photoprism/templates/external-http-service.yaml b/charts/apps/photoprism/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/photoprism/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/photoprism/templates/http-service.yaml b/charts/apps/photoprism/templates/http-service.yaml new file mode 100644 index 0000000..89df8bf --- /dev/null +++ b/charts/apps/photoprism/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local" + port: + number: 80 diff --git a/charts/apps/photoprism/templates/pvc.yaml b/charts/apps/photoprism/templates/pvc.yaml new file mode 100644 index 0000000..aeca898 --- /dev/null +++ b/charts/apps/photoprism/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "{{ .Release.Name }}-data" +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "{{ .Values.globals.environment }}" diff --git a/charts/apps/photoprism/templates/secret.yaml b/charts/apps/photoprism/templates/secret.yaml new file mode 100644 index 0000000..6e8ed5b --- /dev/null +++ b/charts/apps/photoprism/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: GenerateSecret +metadata: + name: "{{ .Release.Name }}-secrets" +spec: + fields: + - name: password + encoding: base64 + length: 64 diff --git a/charts/apps/photoprism/templates/service.yaml b/charts/apps/photoprism/templates/service.yaml new file mode 100644 index 0000000..2162563 --- /dev/null +++ b/charts/apps/photoprism/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 2342 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/photoprism/values.yaml b/charts/apps/photoprism/values.yaml new file mode 100644 index 0000000..a22558f --- /dev/null +++ b/charts/apps/photoprism/values.yaml @@ -0,0 +1,7 @@ +globals: + environment: prod +image: + repository: photoprism/photoprism + tag: latest + pullPolicy: IfNotPresent +subdomain: photoprism diff --git a/charts/backup/templates/cron-job-backup.yaml b/charts/backup/templates/cron-job-backup.yaml index 7125acf..5b249fc 100644 --- a/charts/backup/templates/cron-job-backup.yaml +++ b/charts/backup/templates/cron-job-backup.yaml @@ -15,6 +15,9 @@ spec: jobTemplate: spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: "{{ $release.Name }}-{{ $key }}-backup" diff --git a/charts/backup/templates/cron-job-cleanup.yaml b/charts/backup/templates/cron-job-cleanup.yaml index 3582ad0..b671a9a 100644 --- a/charts/backup/templates/cron-job-cleanup.yaml +++ b/charts/backup/templates/cron-job-cleanup.yaml @@ -15,6 +15,9 @@ spec: jobTemplate: spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: "{{ $release.Name }}-{{ $key }}-cleanup"