add ptero db

Reviewed-on: #922

.archive/default/plex/ks.yaml

@@ -0,0 +1,55 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app plex
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/default/plex/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  dependsOn:
+    - name: rook-ceph-cluster
+    - name: volsync
+    - name: external-secrets-stores
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      GATUS_PATH: /web/index.html
+      VOLSYNC_CAPACITY: 30Gi
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app kometa-image-maid
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  interval: 30m
+  timeout: 5m
+  path: "./kubernetes/apps/default/plex/kometa-image-maid"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  dependsOn:
+    - name: external-secrets-stores
+    - name: plex
+  postBuild:
+    substitute:
+      APP: *app

kubernetes/apps/ai/kustomization.yaml

@@ -6,5 +6,4 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./ollama/ks.yaml
   - ./open-webui/ks.yaml

kubernetes/apps/ai/open-webui/app/helmrelease.yaml

@@ -33,10 +33,10 @@ spec:
           app:
             image:
               repository: ghcr.io/open-webui/open-webui
-              tag: v0.4.0
+              tag: v0.4.5
             env:
               - name: OLLAMA_BASE_URL
-                value: http://ollama.ai.svc.cluster.local:11434
+                value: http://10.1.1.61:11434
               - name: ENABLE_RAG_WEB_SEARCH
                 value: true
               - name: RAG_WEB_SEARCH_ENGINE

kubernetes/apps/ai/open-webui/ks.yaml

@@ -12,7 +12,6 @@ spec:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: volsync
-    - name: ollama
   path: ./kubernetes/apps/ai/open-webui/app
   prune: true
   sourceRef:

kubernetes/apps/anime/kustomization.yaml

@@ -6,8 +6,6 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./jellyfin/ks.yaml    # sqlite
   - ./jellyseerr/ks.yaml  # sqlite
   - ./radarr/ks.yaml      # postgres
-  # - ./shoko/ks.yaml       # sqlite
   - ./sonarr/ks.yaml      # postgres

kubernetes/apps/anime/sonarr/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sonarr-develop
-              tag: 4.0.10.2656
+              tag: 4.0.11.2697
             env:
               SONARR__APP__INSTANCENAME: Sonarr-Anime
               SONARR__APP__THEME: dark

kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.16.1
+      version: v1.16.2
       sourceRef:
         kind: HelmRepository
         name: jetstack

kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml

@@ -30,7 +30,7 @@ spec:
           runner-register:
             image:
               repository: code.forgejo.org/forgejo/runner
-              tag: 5.0.0
+              tag: 5.0.2
             command:
               - "forgejo-runner"
               - "register"
@@ -72,7 +72,7 @@ spec:
           app:
             image:
               repository: code.forgejo.org/forgejo/runner
-              tag: 5.0.0
+              tag: 5.0.2
             command:
               - "sh"
               - "-c"

kubernetes/apps/database/crunchy-postgres-operator/cluster/postgrescluster.yaml

@@ -144,6 +144,11 @@ spec:
         - jellyseerr
       password:
         type: AlphaNumeric
+    - name: ptero
+      databases:
+        - ptero
+      password:
+        type: AlphaNumeric
 
 
   backups:

kubernetes/apps/database/crunchy-postgres-operator/operator/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: pgo
-      version: 5.7.0
+      version: 5.7.1
       sourceRef:
         kind: HelmRepository
         name: crunchydata

kubernetes/apps/database/dragonfly/cluster/dragonfly.yaml

@@ -5,7 +5,7 @@ kind: Dragonfly
 metadata:
   name: dragonfly
 spec:
-  image: ghcr.io/dragonflydb/dragonfly:v1.25.1
+  image: ghcr.io/dragonflydb/dragonfly:v1.25.4
   replicas: 3
   env:
     - name: MAX_MEMORY

kubernetes/apps/database/kustomization.yaml

@@ -10,3 +10,4 @@ resources:
   - ./dragonfly/ks.yaml
   - ./emqx/ks.yaml
   - ./influxdb/ks.yaml
+  - ./mariadb/ks.yaml

kubernetes/apps/database/mariadb/cluster/backup.yaml

@@ -0,0 +1,78 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-backup
+spec:
+  mariaDbRef:
+    name: mariadb
+  timeZone: "America/Chicago"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  stagingStorage:
+    persistentVolumeClaim:
+      storageClassName: openebs-hostpath
+      resources:
+        requests:
+          storage: 6Gi
+      accessModes:
+        - ReadWriteOnce
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch
+  storage:
+    s3:
+      endpoint: s3.hsn.dev
+      bucket: mariadb
+      prefix: full/
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-pterodactyl-backup
+  namespace: database
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  timeZone: "America/Chicago"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  stagingStorage:
+    persistentVolumeClaim:
+      storageClassName: openebs-hostpath
+      resources:
+        requests:
+          storage: 6Gi
+      accessModes:
+        - ReadWriteOnce
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch
+  databases:
+    - pterodactyl
+  storage:
+    s3:
+      endpoint: s3.hsn.dev
+      bucket: mariadb
+      prefix: pterodactyl/
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY

kubernetes/apps/database/mariadb/cluster/externalsecret.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name mariadb
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: mariadb-secret
+    template:
+      engineVersion: v2
+      data:
+        AWS_ACCESS_KEY_ID: "{{ .minio_mariadb_access_key }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .minio_mariadb_secret_key }}"
+  dataFrom:
+    - extract:
+        key: minio
+      rewrite:
+        - regexp:
+            source: "[-]"
+            target: "_"
+        - regexp:
+            source: "(.*)"
+            target: "minio_$1"

kubernetes/apps/database/mariadb/cluster/gatus.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-gatus-ep
+  labels:
+    gatus.io/enabled: "true"
+data:
+  config.yaml: |
+    endpoints:
+      - name: mariadb
+        group: infrastructure
+        url: tcp://mariadb.database.svc.cluster.local:3306
+        interval: 1m
+        ui:
+          hide-url: true
+          hide-hostname: true
+        conditions:
+          - "[CONNECTED] == true"
+        alerts:
+          - type: pushover

kubernetes/apps/database/mariadb/cluster/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./backup.yaml
+  - ./externalsecret.yaml
+  - ./gatus.yaml
+  - ./mariadb.yaml

kubernetes/apps/database/mariadb/cluster/mariadb.yaml

@@ -0,0 +1,38 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/mariadb_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: &name mariadb
+spec:
+  # renovate: datasource=docker depName=docker.io/library/mariadb
+  image: docker.io/library/mariadb:11.6.2
+  replicas: 3
+  storage:
+    size: 5Gi
+    storageClassName: openebs-hostpath
+  # bootstrapFrom:
+  #   backupRef:
+  #     name: mariadb-backup
+  maxScale:
+    enabled: true
+    kubernetesService:
+      type: LoadBalancer
+      metadata:
+        annotations:
+          io.cilium/lb-ipam-ips: 10.1.1.39
+    connection:
+      secretName: mxs-connection
+      port: 3306
+  galera:
+    enabled: true
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch
+  service:
+    type: LoadBalancer
+    metadata:
+      annotations:
+        io.cilium/lb-ipam-ips: 10.1.1.33

kubernetes/apps/database/mariadb/cluster/restore.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/restore_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Restore
+metadata:
+  name: restore
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  backupRef:
+    name: mariadb-backup
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch

kubernetes/apps/database/mariadb/crds/helmrelease.yaml

@@ -0,0 +1,17 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator-crds
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator-crds
+      version: 0.36.0
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+      interval: 5m

kubernetes/apps/database/mariadb/crds/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml

kubernetes/apps/database/mariadb/ks.yaml

@@ -0,0 +1,64 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-operator
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/database/mariadb/operator
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-operator-crds
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/database/mariadb/crds
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mariadb-cluster
+  namespace: flux-system
+spec:
+  targetNamespace: database
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/database/mariadb/cluster
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  timeout: 5m

kubernetes/apps/database/mariadb/operator/helmrelease.yaml

@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: mariadb-operator
+      version: 0.36.0
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+      interval: 5m
+  values:
+    logLevel: debug
+    image:
+      repository: ghcr.io/mariadb-operator/mariadb-operator
+      pullPolicy: IfNotPresent
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    webhook:
+      certificate:
+        certManager: true
+      serviceMonitor:
+        enabled: true

kubernetes/apps/database/mariadb/operator/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml

kubernetes/apps/default/autobrr/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/autobrr/autobrr
-              tag: v1.50.0@sha256:6a6f23570ab6b418318ab12bf2558712714e2f243cf18b139afa414f8417e97d
+              tag: v1.51.1@sha256:747c682d8d59e72a202ee4239bafbd7cfa10b0fc3a6220b61446de73dbd0c956
             env:
               AUTOBRR__CHECK_FOR_UPDATES: "false"
               AUTOBRR__HOST: 0.0.0.0

kubernetes/apps/default/excalidraw/app/helmrelease.yaml

@@ -30,7 +30,7 @@ spec:
           app:
             image:
               repository: docker.io/excalidraw/excalidraw
-              tag: latest@sha256:4d5423c1d80f353458307324b169500df334856eccc2e39fc6fa13808a64e1c2
+              tag: latest@sha256:c6b7fc35e9e9cfb2b85e76081530223407b00157896b00a01f272b4085ffe4c9
               pullPolicy: IfNotPresent
             probes:
               liveness:

kubernetes/apps/default/home-assistant/app/helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/home-assistant
-              tag: 2024.11.2@sha256:58df3d1169fb02ef2fb6f6cb2f2423abeb2142f89f3c0fd447cc983d63825c56
+              tag: 2024.11.3@sha256:f45f502b1738e46eb435fbc8947cdcc2574f3713b156c6738129ea2ea9b49018
             env:
               TZ: America/Chicago
             envFrom:

kubernetes/apps/default/kustomization.yaml

@@ -18,11 +18,11 @@ resources:
   - ./overseerr/ks.yaml
   - ./plex/ks.yaml
   - ./prowlarr/ks.yaml
+  - ./pterodactyl/ks.yaml
   - ./radarr/ks.yaml
   - ./recyclarr/ks.yaml
   - ./redlib/ks.yaml
   - ./sabnzbd/ks.yaml
-  - ./scrypted/ks.yaml
   - ./searxng/ks.yaml
   - ./sonarr/ks.yaml
   - ./stirling-pdf/ks.yaml

kubernetes/apps/default/plex/ks.yaml

@@ -2,35 +2,6 @@
 # yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
-metadata:
-  name: &app plex
-  namespace: flux-system
-spec:
-  targetNamespace: default
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  path: ./kubernetes/apps/default/plex/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: theshire
-  wait: true
-  dependsOn:
-    - name: rook-ceph-cluster
-    - name: volsync
-    - name: external-secrets-stores
-  interval: 30m
-  timeout: 5m
-  postBuild:
-    substitute:
-      APP: *app
-      GATUS_PATH: /web/index.html
-      VOLSYNC_CAPACITY: 30Gi
----
-# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
 metadata:
   name: &app plex-trakt-sync
   namespace: flux-system
@@ -51,34 +22,7 @@ spec:
     - name: rook-ceph-cluster
     - name: volsync
     - name: external-secrets-stores
-    - name: plex
   postBuild:
     substitute:
       APP: *app
       VOLSYNC_CAPACITY: 1Gi
----
-# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: &app kometa-image-maid
-  namespace: flux-system
-spec:
-  targetNamespace: default
-  commonMetadata:
-    labels:
-      app.kubernetes.io/name: *app
-  interval: 30m
-  timeout: 5m
-  path: "./kubernetes/apps/default/plex/kometa-image-maid"
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: theshire
-  wait: false
-  dependsOn:
-    - name: external-secrets-stores
-    - name: plex
-  postBuild:
-    substitute:
-      APP: *app

kubernetes/apps/default/plex/trakt-sync/helmrelease.yaml

@@ -37,8 +37,8 @@ spec:
             args:
               - sync
             env:
-              PLEX_BASEURL: http://plex.default.svc.cluster.local:32400
+              PLEX_BASEURL: http://10.1.1.61:32400
-              PLEX_LOCALURL: http://plex.default.svc.cluster.local:32400
+              PLEX_LOCALURL: http://10.1.1.61:32400
               PLEX_USERNAME: veriwind
               TRAKT_USERNAME: jahanson
             probes:

kubernetes/apps/default/prowlarr/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/prowlarr-develop
-              tag: 1.26.1.4844@sha256:dd6ab1a0c8f2d780b990f1034f2da6ffb0b4d3e3ca6042b656f691f06d4c9397
+              tag: 1.27.0.4852@sha256:6e1041a558cceee6356efe74cc9a9138909f4a8bac5eb714a420a37e4b478c77
             env:
               # Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
               # Ref: https://github.com/dotnet/runtime/issues/9336

kubernetes/apps/default/pterodactyl/app/externalsecret.yaml

@@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pterodactyl
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: pterodactyl-secret
+    template:
+      engineVersion: v2
+      data:
+        APP_SERVICE_AUTHOR: "{{ .PTERODACTYL_APP_EMAIL }}"
+        APP_URL: "https://pt.hsn.dev"
+        DB_DATABASE: "pterodactyl"
+        DB_HOST: "mariadb.database.svc.cluster.local"
+        DB_PASSWORD: "{{ .PTERODACTYL_MARIADB_PANEL_PASSWORD }}"
+        DB_USERNAME: "pterodactyl"
+        REDIS_HOST: "dragonfly.database.svc.cluster.local"
+
+  dataFrom:
+    - extract:
+        key: pterodactyl
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "PTERODACTYL_$1"

kubernetes/apps/default/pterodactyl/app/helmrelease.yaml

@@ -0,0 +1,101 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app pterodactyl
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      pterodactyl:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/pterodactyl/panel
+              tag: v1.11.10@sha256:6c9d060396c0a2c273aa5573460ed51f9176016dac59608b414a3cb02b0cc30c
+            env:
+              CACHE_DRIVER: "redis"
+              SESSION_DRIVER: "redis"
+              QUEUE_DRIVER: "redis"
+              APP_ENV: "production"
+              APP_ENVIRONMENT_ONLY: "false"
+              APP_TIMEZONE: America/Chicago
+              TRUSTED_PROXIES: "*"
+              TZ: America/Chicago
+            envFrom:
+              - secretRef:
+                  name: pterodactyl-secret
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 1Gi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: pterodactyl
+        ports:
+          http:
+            port: 80
+    ingress:
+      app:
+        enabled: true
+        className: external-nginx
+        annotations:
+          external-dns.alpha.kubernetes.io/target: external.hsn.dev
+          external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+        hosts:
+          - host: &host "pt.hsn.dev"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: *app
+        advancedMounts:
+          pterodactyl:
+            app:
+              - subPath: "config"
+                path: "/app/var"
+              - subPath: "nginx"
+                path: "/etc/nginx/http.d"
+              - subPath: "applogs"
+                path: "/app/storage/logs"
+              - subPath: "syslogs"
+                path: "/var/log"
+              - subPath: "letsencrypt"
+                path: "/etc/letsencrypt"

kubernetes/apps/default/pterodactyl/app/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../templates/volsync
+  - ../../../../templates/gatus/external
+  - ./externalsecret.yaml
+  # - ./helmrelease.yaml
+  - ./mariadb.yaml

kubernetes/apps/default/pterodactyl/app/mariadb.yaml

@@ -0,0 +1,46 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/database_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  characterSet: utf8
+  collate: utf8_general_ci
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/user_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  passwordSecretKeyRef:
+    name: pterodactyl-secret
+    key: DB_PASSWORD
+  maxUserConnections: 20
+  host: "%"
+  cleanupPolicy: Delete
+
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/grant_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: grant-pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  privileges:
+    - ALL PRIVILEGES
+  database: "pterodactyl"
+  table: "*"
+  username: pterodactyl
+  grantOption: true
+  host: "%"

kubernetes/apps/default/pterodactyl/ks.yaml

@@ -0,0 +1,31 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app pterodactyl
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets
+    - name: dragonfly-cluster
+    - name: mariadb-cluster
+    - name: rook-ceph-cluster
+    - name: volsync
+  path: ./kubernetes/apps/default/pterodactyl/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      GATUS_SUBDOMAIN: "pt"
+      VOLSYNC_CAPACITY: 10Gi

kubernetes/apps/default/redlib/app/helmrelease.yaml

@@ -38,7 +38,7 @@ spec:
           app:
             image:
               repository: quay.io/redlib/redlib
-              tag: latest@sha256:7ee73f84c5678eb2039ff73e458df46dd4ff307f7ba086b6e666af62ce771c29
+              tag: latest@sha256:1f120c85fc33bdac67c97d5d1a6c84a920be40742fbf311c970ab2749a435778
             env:
               REDLIB_DEFAULT_SHOW_NSFW: on
               REDLIB_DEFAULT_WIDE: on

kubernetes/apps/default/sabnzbd/app/helmrelease.yaml

@@ -75,12 +75,9 @@ spec:
               allowPrivilegeEscalation: false
               readOnlyRootFilesystem: true
               capabilities: { drop: ["ALL"] }
-            resources:
-              requests:
-                cpu: 100m
-              limits:
-                memory: 16Gi
     defaultPodOptions:
+      nodeSelector: # ~~testing~~
+        kubernetes.io/hostname: gandalf-01
       securityContext:
         runAsNonRoot: true
         runAsUser: 568

kubernetes/apps/default/sonarr/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/sonarr-develop
-              tag: 4.0.10.2656
+              tag: 4.0.11.2697
             env:
               SONARR__APP__INSTANCENAME: Sonarr
               SONARR__APP__THEME: dark

kubernetes/apps/default/stirling-pdf/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/stirling-tools/s-pdf
-              tag: 0.33.1@sha256:d30bf0b2826f0e71cf6fe1b806d918db6d90121ac70b3384569e3b49edf51b3f
+              tag: 0.34.0@sha256:42ceaa84712f9271ca4af1c4d892899996424cbc5378f7dd168828091657c0f0
               pullPolicy: IfNotPresent
             env:
               TZ: America/Chicago

kubernetes/apps/default/tautulli/app/helmrelease.yaml

@@ -31,7 +31,7 @@ spec:
           app:
             image:
               repository: ghcr.io/tautulli/tautulli
-              tag: v2.14.6@sha256:f54d2d3a78780c765cd7a10b882474909f50247b5d2d118badaa9c035421effd
+              tag: v2.15.0@sha256:f13daee2a403a95a51902b2625de5f6b944f034e9cd790e9d2a0c5e84c9842cb
             env:
               TZ: America/Chicago
             command: ["/usr/local/bin/python", "Tautulli.py"]

kubernetes/apps/default/zwave/app/helmrelease.yaml

@@ -36,7 +36,7 @@ spec:
           app:
             image:
               repository: ghcr.io/zwave-js/zwave-js-ui
-              tag: 9.27.2@sha256:ac7e66f98c39fe56b6ddb5d2e9cfced8246f74658278b82f6f60bee15206ae73
+              tag: 9.27.7@sha256:b7327c74e9cb228af9fc2817330319d4e57e041767dc40e550fd6577a436ad7d
             env:
               TZ: America/Chicago
               PORT: &port 80

kubernetes/apps/kube-system/cilium/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: cilium
-      version: 1.16.4
+      version: 1.16.3
       sourceRef:
         kind: HelmRepository
         name: cilium

kubernetes/apps/kube-system/fstrim.yaml

@@ -7,7 +7,7 @@ spec:
   #  nodeName: nenya
   containers:
     - name: fstrim
-      image: ghcr.io/onedr0p/kubanetics:2024.11.0
+      image: ghcr.io/onedr0p/kubanetics:2024.11.1
       securityContext:
         privileged: true
       command: ["/bin/bash", "-c", "while true; do sleep 10; done"]

kubernetes/apps/kube-system/fstrim/app/helmrelease.yaml

@@ -33,7 +33,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/kubanetics
-              tag: 2024.11.0@sha256:12ef95790aeaad654e50d3174fab7250fb4bc60513220c0e53bc71ea4aba99e4
+              tag: 2024.11.1@sha256:875b7c22fbb046958ae0116b4a7e9ea81062cf60f54d5b27e53ebf29078bdcc4
             env:
               SCRIPT_NAME: fstrim.sh
             probes:

kubernetes/apps/kube-system/kubelet-csr-approver/app/helm-values.yml

@@ -1,2 +1,2 @@
 ---
-providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^shadowfax-01|^gandalf-01$
+providerRegex: ^bilbo|^frodo|^sam|^merry|^pippin|^rosie|^gandalf-01$

kubernetes/apps/observability/alertmanager/silencer/helmrelease.yaml

@@ -35,7 +35,7 @@ spec:
           app:
             image:
               repository: ghcr.io/onedr0p/kubanetics
-              tag: 2024.11.0
+              tag: 2024.11.1
             env:
               SCRIPT_NAME: alertmanager-silencer.sh
               ALERTMANAGER_URL: http://alertmanager.observability.svc.cluster.local:9093

kubernetes/apps/observability/grafana/app/helmrelease.yaml

@@ -196,9 +196,6 @@ spec:
         cert-manager:
           url: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/raw/master/dashboards/cert-manager.json?ref_type=heads
           datasource: Prometheus
-        dcgm-exporter:
-          url: https://raw.githubusercontent.com/NVIDIA/dcgm-exporter/main/grafana/dcgm-exporter-dashboard.json
-          datasource: Prometheus
         external-secrets:
           url: https://raw.githubusercontent.com/external-secrets/external-secrets/main/docs/snippets/dashboard.json
           datasource: Prometheus

kubernetes/apps/observability/prometheus-operator-crds/app/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: prometheus-operator-crds
-      version: 16.0.0
+      version: 16.0.1
       sourceRef:
         kind: HelmRepository
         name: prometheus-community

kubernetes/apps/qbittorrent/cross-seed/app/externalsecret.yaml

@@ -21,7 +21,6 @@ spec:
             delay: 30,
             duplicateCategories: false,
             flatLinking: false,
-            includeEpisodes: true,
             includeNonVideos: true,
             includeSingleEpisodes: true,
             linkCategory: "cross-seed",
@@ -36,15 +35,6 @@ spec:
             sonarr: ["http://sonarr.default.svc.cluster.local/?apikey={{ .SONARR_API_KEY }}"],
             torrentDir: "/qbittorrent/qBittorrent/BT_backup",
             torznab: []
-            /* torznab: [
-                  6,  // ANT
-                  8,  // BLU
-                  9,  // TL
-                  10, // FL
-                  12, // FNP
-                  14, // TD
-            ].map(i => `http://prowlarr.default.svc.cluster.local/$${i}/api?apikey={{ .PROWLARR_API_KEY }}`),
-            */
           };
   dataFrom:
     - extract:

kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml

@@ -35,7 +35,7 @@ spec:
           app:
             image:
               repository: ghcr.io/cross-seed/cross-seed
-              tag: 6.0.0-44@sha256:881ce834570f3b369860e47a0801b89ab10469b3beccf5279f90e041d3725058
+              tag: 6.1.0@sha256:91fbb2a6a411b7d63cccabffb5f623e6931579d2fd652512b6a3df0a9ba97066
             env:
               TZ: America/Chicago
             args: ["daemon"]

kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml

@@ -43,7 +43,7 @@ spec:
           app:
             image:
               repository: jesec/flood
-              tag: master@sha256:7b0f2b863434946260621b037d293130acb9f5d9248071408c641b858ffacccf
+              tag: master@sha256:04196de98223a193e4913c00e0ab1b48a27a370ef159989e52c29864afc2b2e4
             envFrom:
               - secretRef:
                   name: flood-secret

kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml

@@ -66,15 +66,9 @@ spec:
               capabilities:
                 drop:
                   - ALL
-            resources:
-              requests:
-                cpu: 100m
-                memory: 1024Mi
-              limits:
-                memory: 8Gi
     defaultPodOptions:
       nodeSelector: # ~~testing~~
-        kubernetes.io/hostname: shadowfax-01
+        kubernetes.io/hostname: gandalf-01
       securityContext:
         runAsNonRoot: true
         runAsUser: 568

kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml

@@ -39,7 +39,7 @@ spec:
           tagging: &container
             image:
               repository: ghcr.io/buroa/qbtools
-              tag: v0.19.8@sha256:6d24270a3b4e31bfa8bcfc21ace625a27c9c71f789ef49d8454dacddbf87e123
+              tag: v0.19.9@sha256:f5405e3c00256d7911d2abb839084a5147c108586adb281e97587cf93729c89b
             env:
               TZ: *timeZone
               POD_NAMESPACE:

kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph
-      version: v1.15.5
+      version: v1.15.6
       sourceRef:
         kind: HelmRepository
         name: rook-ceph

kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: rook-ceph-cluster
-      version: v1.15.5
+      version: v1.15.6
       sourceRef:
         kind: HelmRepository
         name: rook-ceph

kubernetes/apps/security/external-secrets/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: external-secrets
-      version: 0.10.5
+      version: 0.10.7
       interval: 30m
       sourceRef:
         kind: HelmRepository

kubernetes/apps/volsync-system/volsync/app/helmrelease.yaml

@@ -22,8 +22,6 @@ spec:
       strategy: rollback
       retries: 3
   dependsOn:
-    - name: kyverno
-      namespace: kyverno
     - name: snapshot-controller
       namespace: volsync-system
   values:

kubernetes/apps/volsync-system/volsync/ks.yaml

@@ -10,8 +10,6 @@ spec:
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  dependsOn:
-    - name: cluster-policies
   path: ./kubernetes/apps/volsync-system/volsync/app
   prune: true
   sourceRef:

kubernetes/bootstrap/helmfile.yaml

@@ -19,11 +19,11 @@ releases:
   - name: prometheus-operator-crds
     namespace: observability
     chart: oci://ghcr.io/prometheus-community/charts/prometheus-operator-crds
-    version: 16.0.0
+    version: 16.0.1
   - name: cilium
     namespace: kube-system
     chart: cilium/cilium
-    version: 1.16.4
+    version: 1.16.3
     values:
       - ../apps/kube-system/cilium/app/helm-values.yml
     needs:

kubernetes/bootstrap/talos/talconfig.yaml

@@ -3,7 +3,7 @@
 clusterName: theshire
 
 # renovate: datasource=github-releases depName=siderolabs/talos
-talosVersion: v1.8.1
+talosVersion: v1.8.3
 # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet
 kubernetesVersion: 1.31.2
 endpoint: "https://10.1.1.57:6444"

kubernetes/flux/repositories/helm/kustomization.yaml

@@ -29,6 +29,7 @@ resources:
   - kubernetes-sigs-metrics-server.yaml
   - kubernetes-sigs-nfd.yaml
   - kyverno.yaml
+  - mariadb.yaml
   - nvidia.yaml
   - openebs.yaml
   - piraeus.yaml

kubernetes/flux/repositories/helm/mariadb.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1.json
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://mariadb-operator.github.io/mariadb-operator

kubernetes/flux/repositories/oci/grafana.yaml

@@ -12,4 +12,4 @@ spec:
     operation: copy
   url: oci://ghcr.io/grafana/helm-charts/grafana
   ref:
-    tag: 8.6.0
+    tag: 8.6.3

kubernetes/templates/volsync/kustomization.yaml

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./claim.yaml
-  - ./nfs.yaml
+  - ./minio.yaml
   - ./r2.yaml

shell.nix

@@ -15,8 +15,6 @@ pkgs.mkShell {
     gitleaks
     helmfile
     k9s
-    krew
-    kubectl
     kubevirt
     kubernetes-helm
     pre-commit
@@ -25,5 +23,6 @@ pkgs.mkShell {
     mqttui
     kustomize
     yq-go
+    go-task
   ];
 }