Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

Compare commits

base: Lumpiasty:fresh-start
Branches Tags
Lumpiasty:fresh-start Lumpiasty:renovate/renovate-renovate-43.x Lumpiasty:renovate/alpine-k8s-1.x Lumpiasty:renovate/open-webui-13.x Lumpiasty:renovate/cloudnative-pg-0.x Lumpiasty:renovate/renovate-renovate-41.x
..
compare: Lumpiasty:6730ec8374d1bf02119ebfba3fe68e5309bf6fc5
Branches Tags
Lumpiasty:renovate/renovate-renovate-43.x Lumpiasty:fresh-start Lumpiasty:renovate/alpine-k8s-1.x Lumpiasty:renovate/open-webui-13.x Lumpiasty:renovate/cloudnative-pg-0.x Lumpiasty:renovate/renovate-renovate-41.x

489 Commits
fresh-star ... 6730ec8374

Author SHA1 Message Date
Lumpiasty
6730ec8374 Add nginx ingress annotation to increase proxy body size limit 2026-03-12 19:14:11 +01:00
Lumpiasty
1e5c0be846 Categorize and add missing entries to app list 2026-03-12 18:48:28 +01:00
Lumpiasty
2d1001f0f2 Remake Ansible playbook to target MikroTik router 
Basically, I've exported configuration from Mikrotik router using /export and vibe-coded playbook using the file.
 2026-03-12 18:03:17 +01:00
Lumpiasty
6cf71312f6 Merge pull request 'chore(deps): update helm release cert-manager to v1.20.0' (#152) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #152
 2026-03-12 16:56:05 +00:00
Lumpiasty
d581e5462d Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.64.6' (#153) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #153
 2026-03-12 16:55:09 +00:00
Renovate
48da9d8081 Merge pull request 'chore(deps): update helm release openbao to v0.25.7' (#156) from renovate/openbao-0.x into fresh-start 2026-03-12 16:47:00 +00:00
Renovate Bot
0c619a4005 chore(deps): update renovate/renovate docker tag to v43.64.6 2026-03-12 16:47:00 +00:00
Renovate Bot
a45dcee95d chore(deps): update helm release openbao to v0.25.7 2026-03-12 16:46:57 +00:00
Renovate
3e39b9d7a3 Merge pull request 'chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.2' (#155) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 2026-03-12 00:00:44 +00:00
Renovate
7b5f097b2d Merge pull request 'chore(deps): update helm release cert-manager-webhook-ovh to v0.9.4' (#154) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 2026-03-12 00:00:41 +00:00
Renovate Bot
91b7a69e31 chore(deps): update registry.k8s.io/coredns/coredns docker tag to v1.14.2 2026-03-12 00:00:40 +00:00
Renovate Bot
42dfa2850d chore(deps): update helm release cert-manager-webhook-ovh to v0.9.4 2026-03-12 00:00:37 +00:00
Lumpiasty
9cfb599c7d add 27b q3 variant of qwen3.5 2026-03-11 02:15:24 +01:00
Renovate Bot
8bcc3dd49c chore(deps): update helm release cert-manager to v1.20.0 2026-03-11 00:15:05 +00:00
Lumpiasty
311f0362a8 lower kv cache quant to q4_0 and increase ctx to 64k 2026-03-10 14:02:17 +01:00
Lumpiasty
46c752773f remove ttl of all models in llama-swap 2026-03-10 13:48:10 +01:00
Lumpiasty
5462718dfb Merge pull request 'chore(deps): update helm release cert-manager-webhook-ovh to v0.9.3' (#149) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #149
 2026-03-10 12:17:35 +00:00
Lumpiasty
c1b1fb7315 Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.60.6' (#150) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #150
 2026-03-10 12:16:28 +00:00
Renovate Bot
95012b1fc1 chore(deps): update renovate/renovate docker tag to v43.60.6 2026-03-10 12:14:14 +00:00
Renovate Bot
ec054e476d chore(deps): update helm release cert-manager-webhook-ovh to v0.9.3 2026-03-10 12:14:11 +00:00
Renovate
50d20b7aa2 Merge pull request 'chore(deps): update ghcr.io/mostlygeek/llama-swap docker tag to v197-vulkan-b8248' (#151) from renovate/ghcr.io-mostlygeek-llama-swap-197.x into fresh-start 2026-03-10 12:14:11 +00:00
Renovate Bot
77d1a4bb34 chore(deps): update ghcr.io/mostlygeek/llama-swap docker tag to v197-vulkan-b8248 2026-03-10 12:14:09 +00:00
Lumpiasty
eb33cad5c6 refactor: add move llama-swap package config to renovate.json 2026-03-10 13:13:38 +01:00
Lumpiasty
295d4fcde6 configure renovate to automatically merge patch updates 2026-03-10 13:07:37 +01:00
Lumpiasty
6b012e01a8 update renovate comment for llama-swap image tag management 2026-03-10 12:55:03 +01:00
Lumpiasty
77097bf81d Merge pull request 'Update renovate/renovate Docker tag to v43.60.4' (#145) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #145
 2026-03-10 11:54:05 +00:00
Lumpiasty
78fbe875c9 Merge pull request 'Update Helm release ingress-nginx to v4.15.0' (#148) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #148
 2026-03-10 11:53:58 +00:00
Lumpiasty
82029fa745 Merge pull request 'Update caddy Docker tag to v2.11.2' (#147) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #147
 2026-03-10 11:53:51 +00:00
Lumpiasty
d6204b49c8 Merge pull request 'Update Helm release open-webui to v12.10.0' (#146) from renovate/open-webui-12.x into fresh-start 
Reviewed-on: #146
 2026-03-10 11:53:42 +00:00
Renovate Bot
f394b06006 Update renovate/renovate Docker tag to v43.60.4 2026-03-10 00:00:44 +00:00
Renovate Bot
be8e6d8990 Update Helm release open-webui to v12.10.0 2026-03-10 00:00:42 +00:00
Renovate Bot
5dc9432cfa Update Helm release ingress-nginx to v4.15.0 2026-03-10 00:00:40 +00:00
Lumpiasty
2df8303905 add qwen3.5 4b heretic 2026-03-08 21:39:53 +01:00
Lumpiasty
65c11ab4ca add glm-5 from openrouter to llama-swap 2026-03-08 17:58:01 +01:00
Lumpiasty
55da75f06e clean up llama-swap config 2026-03-08 17:25:44 +01:00
Lumpiasty
ac0165cf01 adjust parameters of qwen3-coder-next 2026-03-07 22:52:49 +01:00
Lumpiasty
15989f4891 automatically fit context on qwen3.5 2b and 4b 2026-03-07 21:01:32 +01:00
Renovate Bot
1b11201ad0 Update caddy Docker tag to v2.11.2 2026-03-07 00:00:27 +00:00
Lumpiasty
a3ebc531fe Add Q3_K_M variand of Qwen3.5-9B 2026-03-06 23:21:58 +01:00
Lumpiasty
63f154293d fiix thinking versions of Qwen3.5 small 2026-03-06 23:17:48 +01:00
Lumpiasty
42aa0a7263 set strategy to recreate on llama-swap deployment 2026-03-06 23:08:03 +01:00
Lumpiasty
a9b8b45328 add 2B, 4B, 9B versions of Qwen3.5 in thinking + nonthinking variants 2026-03-06 23:07:02 +01:00
Lumpiasty
3dc481bc8b increase target margin of 2048MB of VRAM 2026-03-06 02:41:34 +01:00
Lumpiasty
711c437c0a add Qwen3.5 Small 0.8B model and replace Qwen3-VL-2B as task model 2026-03-05 23:17:30 +01:00
Lumpiasty
975f1db8f5 shorten context for qwen3-vl-2b and lower kv cache quant 2026-03-05 22:42:54 +01:00
Lumpiasty
ab9ddd0f3b add path to mmproj in qwen3.5 heretic 2026-03-05 19:31:03 +01:00
Lumpiasty
3e59786c83 manually update llama-swap image tag 2026-03-05 19:27:45 +01:00
Lumpiasty
d2a55e9c81 Add more README 2026-03-02 19:27:12 +01:00
Lumpiasty
2d743e0de0 Merge pull request 'Update Helm release immich to v1.1.1' (#139) from renovate/immich-1.x into fresh-start 
Reviewed-on: #139
 2026-03-02 17:26:36 +00:00
Lumpiasty
0a1c0a65e1 Merge pull request 'Update renovate/renovate Docker tag to v43.46.6' (#140) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #140
 2026-03-02 17:26:29 +00:00
Lumpiasty
96a09ae6f9 Merge pull request 'Update caddy Docker tag to v2.11.1' (#141) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #141
 2026-03-02 17:26:21 +00:00
Lumpiasty
62dc41f74f Merge pull request 'Update Helm release cert-manager to v1.19.4' (#142) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #142
 2026-03-02 17:26:15 +00:00
Lumpiasty
da76710add Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.9.2' (#143) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #143
 2026-03-02 17:26:09 +00:00
Lumpiasty
75b9a019de Merge pull request 'Update Helm release openbao to v0.25.6' (#144) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #144
 2026-03-02 17:26:02 +00:00
Lumpiasty
d466387d02 revamp readme 2026-03-02 18:05:01 +01:00
Lumpiasty
5c4535beb6 Add mmproj-url for Qwen3.5-35B-A3B-heretic model 2026-03-02 03:19:16 +01:00
Renovate Bot
cd513489a2 Update renovate/renovate Docker tag to v43.46.6 2026-03-02 00:00:28 +00:00
Lumpiasty
44aa0c8136 add gemma-3-270m-it-qat model 2026-02-28 23:20:13 +01:00
Lumpiasty
902004f2e7 Add Qwen3.5-35B-A3B-heretic models 2026-02-28 18:33:42 +01:00
Lumpiasty
bf1f1c0b41 Add always loaded Qwen3-VL-2B-Instruct 2026-02-28 17:48:20 +01:00
Lumpiasty
5915b8dd30 Add Qwen3.5-35-A3B model 2026-02-28 15:49:59 +01:00
Lumpiasty
1adabe92a3 update CoreDNS logging configuration to include all log classes 2026-02-26 02:44:40 +01:00
Lumpiasty
08473fdeae custom config of coredns to deny ipv6 huggingface 2026-02-26 02:32:26 +01:00
Lumpiasty
c14257842a automatically fit models by llama.cpp 2026-02-26 01:38:39 +01:00
Lumpiasty
d053342234 fix models mount 2026-02-26 01:25:21 +01:00
Lumpiasty
2dbd964c28 add schema reference to config.yaml 2026-02-26 00:43:16 +01:00
Lumpiasty
7712aac0f5 configure llama-swap to log llama.cpp output 2026-02-26 00:39:58 +01:00
Lumpiasty
c7bc79f574 add Qwen3-Coder-Next model 2026-02-26 00:10:53 +01:00
Lumpiasty
6cba277b9d update llama-swap image 2026-02-25 19:07:10 +01:00
Lumpiasty
1ca79d5262 disable built in open-webui ingress 2026-02-25 18:20:27 +01:00
Lumpiasty
95ca2aa54f increase openwebui storage to 10Gi 2026-02-25 17:41:23 +01:00
Lumpiasty
bfb089aeff migrate llama models to ssd 2026-02-25 16:03:12 +01:00
Lumpiasty
ed83a66a83 add ssd volume for llama models 2026-02-25 15:43:42 +01:00
Lumpiasty
0d6c67fc27 add lvmpv ssd storage class 2026-02-25 15:23:55 +01:00
Lumpiasty
fa7b35326c add openwebui 2026-02-25 15:21:04 +01:00
Renovate Bot
58a11356f4 Update Helm release openbao to v0.25.6 2026-02-25 00:01:01 +00:00
Renovate Bot
0bdef9f86e Update Helm release cert-manager-webhook-ovh to v0.9.2 2026-02-25 00:00:58 +00:00
Renovate Bot
61c0f8f0b7 Update Helm release cert-manager to v1.19.4 2026-02-25 00:00:56 +00:00
Renovate Bot
b4ba66dc18 Update caddy Docker tag to v2.11.1 2026-02-24 00:00:41 +00:00
Renovate Bot
74b2436694 Update Helm release immich to v1.1.1 2026-02-23 00:05:23 +00:00
Lumpiasty
719a87a6f5 add workaround for cert-manager-webhook-ovh 2026-02-22 20:07:24 +01:00
Lumpiasty
fe4e546d47 remove configVersion from cert-manager-webhook-ovh 2026-02-22 19:53:39 +01:00
Lumpiasty
85e83224dc Merge pull request 'Update Helm release cloudnative-pg to v0.27.1' (#130) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #130
 2026-02-22 18:50:44 +00:00
Lumpiasty
889ba49e6a Merge pull request 'Update renovate/renovate Docker tag to v43.31.1' (#131) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #131
 2026-02-22 18:50:37 +00:00
Lumpiasty
0590c97717 Merge pull request 'Update Helm release cilium to v1.19.1' (#132) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #132
 2026-02-22 18:50:30 +00:00
Lumpiasty
3c1b2da775 Merge pull request 'Update Helm release openbao to v0.25.5' (#135) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #135
 2026-02-22 18:49:25 +00:00
Lumpiasty
2675b2f8eb Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.9.1' (#138) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #138
 2026-02-22 18:49:13 +00:00
Lumpiasty
72d8d41e16 Merge pull request 'Update Helm release vault-secrets-operator to v1.3.0' (#137) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #137
 2026-02-22 18:47:40 +00:00
Lumpiasty
31c809f3dd Merge pull request 'Update Helm release immich to v1.1.0' (#133) from renovate/immich-1.x into fresh-start 
Reviewed-on: #133
 2026-02-22 18:47:32 +00:00
Lumpiasty
f0c549a39e change router's ip to ::1 2026-02-22 19:24:05 +01:00
Lumpiasty
b66b08f151 update talos to 1.12.4 2026-02-22 18:42:55 +01:00
Lumpiasty
98e3050afa remove mayastor related talos config 2026-02-22 17:04:57 +01:00
Lumpiasty
fef37fca68 clean up old mayastor config 2026-02-22 16:23:35 +01:00
Lumpiasty
6fa292629c disable loki and alloy 2026-02-22 16:21:27 +01:00
Lumpiasty
95b52f3bf3 disable mayastor 2026-02-22 14:29:26 +01:00
Lumpiasty
d9a646b7fd remove mayastor storageclass, snapshotclass 2026-02-22 14:27:43 +01:00
Lumpiasty
7ac0029ced switch searxng persistent data to lvm hdd 2026-02-22 14:22:07 +01:00
Renovate Bot
2c11e4cec0 Update renovate/renovate Docker tag to v43.31.1 2026-02-22 00:00:43 +00:00
Renovate Bot
40613ce587 Update Helm release cert-manager-webhook-ovh to v0.9.1 2026-02-22 00:00:36 +00:00
Lumpiasty
b95c9e7c69 switch llama models dir to lvm hdd 2026-02-21 16:51:04 +01:00
Lumpiasty
05c28d0d46 add lvm hdd llama models pvc 2026-02-21 16:28:06 +01:00
Lumpiasty
09aeee2bd9 move openbao's data volume to lvm 2026-02-21 16:03:03 +01:00
Lumpiasty
d709989558 add lvm hdd openbao volume 2026-02-21 15:55:53 +01:00
Lumpiasty
93d1e579d3 remove docker registry 2026-02-21 15:17:29 +01:00
Lumpiasty
92bcd0ac34 clean up old library volume, postgres and redis 2026-02-21 15:14:34 +01:00
Lumpiasty
c1d08326f3 switch immich to new valkey 2026-02-21 15:12:23 +01:00
Lumpiasty
f9015ad561 add redis authentication 2026-02-21 15:11:29 +01:00
Lumpiasty
14d79a2cd0 add immich valkey server 2026-02-21 15:03:30 +01:00
Lumpiasty
da13987ce8 reconfigure immich to use new db 2026-02-21 14:37:54 +01:00
Lumpiasty
36aab3d935 add new postgres cluster 2026-02-21 14:30:04 +01:00
Lumpiasty
f50e8c10f7 migrate immich to new library pvc 2026-02-21 14:17:28 +01:00
Lumpiasty
3b3642faeb add new immich library volume 2026-02-21 13:52:36 +01:00
Lumpiasty
8a009bc117 add explicit volume for gitea valkey 2026-02-21 13:39:54 +01:00
Lumpiasty
868f96e390 migrate gitea shared storage to new volume 2026-02-21 13:25:53 +01:00
Lumpiasty
638fc960af add explicit gitea shared storage volume 2026-02-21 13:20:30 +01:00
Lumpiasty
1f77bd5176 remove old postgres cluster 2026-02-21 13:07:42 +01:00
Lumpiasty
ffd350afd0 migrate gitea to lvmhdd backed postgres 2026-02-21 13:05:34 +01:00
Lumpiasty
093208c3e4 fix fsType on gitea postgres volume 2026-02-21 12:40:20 +01:00
Renovate Bot
db07a48639 Update Helm release vault-secrets-operator to v1.3.0 2026-02-21 00:00:51 +00:00
Renovate Bot
f061fd0c81 Update Helm release openbao to v0.25.5 2026-02-21 00:00:45 +00:00
Lumpiasty
68c54e44fa fix storage class name on gitea postgres vol 2026-02-20 22:49:50 +01:00
Lumpiasty
3120e9ba60 add btrfs extension 2026-02-20 22:12:46 +01:00
Renovate Bot
e676b6524d Update Helm release immich to v1.1.0 2026-02-18 00:00:39 +00:00
Renovate Bot
5748f69dac Update Helm release cilium to v1.19.1 2026-02-18 00:00:36 +00:00
Lumpiasty
31d0559c57 add browse-pvc krew plugin 2026-02-18 00:04:30 +01:00
Lumpiasty
4b2d3faf2e use separate kubeconfig 2026-02-18 00:03:37 +01:00
Renovate Bot
31083e52bc Update Helm release cloudnative-pg to v0.27.1 2026-02-07 00:09:29 +00:00
Lumpiasty
b1f3337c98 Merge pull request 'Update redis Docker tag to v24.1.3' (#120) from renovate/redis-24.x into fresh-start 
Reviewed-on: #120
 2026-02-06 00:16:26 +00:00
Lumpiasty
e610e96d80 Merge pull request 'Update Helm release gitea to v12.5.0' (#122) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #122
 2026-02-06 00:16:16 +00:00
Lumpiasty
c9997fb8a7 Merge pull request 'Update Helm release ingress-nginx to v4.14.3' (#123) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #123
 2026-02-06 00:16:06 +00:00
Lumpiasty
b9cc44d7e8 Merge pull request 'Update Helm release openbao to v0.25.0' (#124) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #124
 2026-02-06 00:15:58 +00:00
Lumpiasty
be884d07c6 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.14.1' (#125) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #125
 2026-02-06 00:15:28 +00:00
Lumpiasty
2875d84f33 Merge pull request 'Update alpine Docker tag to v3.23.3' (#126) from renovate/alpine-3.x into fresh-start 
Reviewed-on: #126
 2026-02-06 00:15:07 +00:00
Lumpiasty
573601a7ec Merge pull request 'Update Helm release immich to v1.0.12' (#127) from renovate/immich-1.x into fresh-start 
Reviewed-on: #127
 2026-02-06 00:14:59 +00:00
Lumpiasty
fb60744c5a Merge pull request 'Update renovate/renovate Docker tag to v43' (#128) from renovate/renovate-renovate-43.x into fresh-start 
Reviewed-on: #128
 2026-02-06 00:14:51 +00:00
Lumpiasty
52ca68c4ce Merge pull request 'Update Helm release cert-manager to v1.19.3' (#129) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #129
 2026-02-06 00:14:42 +00:00
Renovate Bot
0934a1130a Update renovate/renovate Docker tag to v43 2026-02-06 00:01:36 +00:00
Lumpiasty
3d28650c1b add pv for new postgres' gitea cluster 2026-02-06 00:58:44 +01:00
Lumpiasty
15063c9885 add backup volume snapshot class for girea postgress 2026-02-06 00:27:45 +01:00
Renovate Bot
ba3cb2571c Update Helm release openbao to v0.25.0 2026-02-05 00:00:54 +00:00
Renovate Bot
5edaeb123c Update Helm release immich to v1.0.12 2026-02-05 00:00:43 +00:00
Renovate Bot
0dc37f69cb Update redis Docker tag to v24.1.3 2026-02-04 00:00:42 +00:00
Renovate Bot
777239ccb5 Update Helm release ingress-nginx to v4.14.3 2026-02-03 00:00:54 +00:00
Renovate Bot
352af6f386 Update Helm release cert-manager to v1.19.3 2026-02-03 00:00:50 +00:00
Lumpiasty
230197e3c6 move frigate deployment to new pvcs 2026-02-01 23:07:20 +01:00
Lumpiasty
0c5e22f538 add temporary frigate volume to migrate data 2026-02-01 20:11:25 +01:00
Lumpiasty
e79386b4a5 migrate from raw flake to devenv 2026-02-01 02:00:14 +01:00
Renovate Bot
8f4932132a Update alpine Docker tag to v3.23.3 2026-01-29 00:00:45 +00:00
Renovate Bot
bb6272b16e Update registry.k8s.io/coredns/coredns Docker tag to v1.14.1 2026-01-28 00:00:43 +00:00
Lumpiasty
3a71410c19 enable ts3 after copying files 2026-01-25 01:39:14 +01:00
Lumpiasty
e5af5c3945 add utility to run temporary pod with pvc mounted 2026-01-25 01:38:32 +01:00
Lumpiasty
6de56bfd10 add ispeak3 ts3 server 2026-01-25 01:07:35 +01:00
Renovate Bot
d70a704f89 Update Helm release gitea to v12.5.0 2026-01-24 00:00:54 +00:00
Lumpiasty
5df94c4656 add pv-migrate to tools 2026-01-19 00:12:44 +01:00
Lumpiasty
a6772893d0 delete old nas pvc and use new 2026-01-18 19:05:52 +01:00
Lumpiasty
ba31945337 add secondary nas volume 2026-01-18 18:59:30 +01:00
Lumpiasty
fcaa28c95a add lvmpv-hdd storage class 2026-01-18 18:53:35 +01:00
Lumpiasty
a40f9a046a enable openebs lvm-localpv controller 2026-01-18 00:31:52 +01:00
Lumpiasty
80ed3358e8 Merge pull request 'Update Helm release cilium to v1.18.6' (#116) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #116
 2026-01-17 22:30:28 +00:00
Lumpiasty
eae4ff426c Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.2' (#118) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #118
 2026-01-17 22:30:21 +00:00
Lumpiasty
0fadd95386 Merge pull request 'Update renovate/renovate Docker tag to v42.84.1' (#119) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #119
 2026-01-17 22:30:11 +00:00
Lumpiasty
29e06c60eb Merge pull request 'Update Helm release immich to v1.0.9' (#117) from renovate/immich-1.x into fresh-start 
Reviewed-on: #117
 2026-01-17 22:29:59 +00:00
Renovate Bot
27ae162886 Update renovate/renovate Docker tag to v42.84.1 2026-01-17 22:29:20 +00:00
Renovate Bot
d96344b310 Update registry.k8s.io/coredns/coredns Docker tag to v1.13.2 2026-01-17 22:29:17 +00:00
Renovate Bot
e3483fcfe3 Update Helm release immich to v1.0.9 2026-01-17 22:29:14 +00:00
Renovate Bot
784b335f65 Update Helm release cilium to v1.18.6 2026-01-17 22:29:12 +00:00
Lumpiasty
9300e327df Merge pull request 'Update alpine Docker tag to v3.23.2' (#104) from renovate/alpine-3.x into fresh-start 
Reviewed-on: #104
 2026-01-17 22:21:11 +00:00
Lumpiasty
90fb555dc2 Merge pull request 'Update Helm release openebs to v4.4.0' (#109) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #109
 2026-01-17 22:20:06 +00:00
Lumpiasty
78b3b6b400 Merge pull request 'Update redis Docker tag to v24' (#110) from renovate/redis-24.x into fresh-start 
Reviewed-on: #110
 2026-01-17 22:01:54 +00:00
Lumpiasty
90897daa27 Merge pull request 'Update Helm release cert-manager to v1.19.2' (#113) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #113
 2026-01-17 22:00:51 +00:00
Lumpiasty
0368252850 Merge pull request 'Update Helm release openbao to v0.23.3' (#111) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #111
 2026-01-17 22:00:42 +00:00
Lumpiasty
1503c57fbe Merge pull request 'Update Helm release ingress-nginx to v4.14.1' (#112) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #112
 2026-01-17 21:59:35 +00:00
Lumpiasty
0f12840b35 Merge pull request 'Update Helm release cloudnative-pg to v0.27.0' (#114) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #114
 2026-01-17 21:59:24 +00:00
Lumpiasty
87a071925c Merge pull request 'Update Helm release vault-secrets-operator to v1.2.0' (#115) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #115
 2026-01-17 21:57:21 +00:00
Lumpiasty
b6efe42dc2 disable librechat release, it's using bitnami's mongodb 2026-01-17 22:55:28 +01:00
Lumpiasty
d2cfd7b73d Merge pull request 'Update renovate/renovate Docker tag to v42.84.0' (#107) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #107
 2026-01-17 21:35:55 +00:00
Renovate Bot
bf1cae3fc7 Update renovate/renovate Docker tag to v42.84.0 2026-01-17 21:34:32 +00:00
Renovate Bot
6712e94237 Update Helm release vault-secrets-operator to v1.2.0 2026-01-13 00:00:37 +00:00
Renovate Bot
6f8e10f3fc Update Helm release openbao to v0.23.3 2026-01-06 00:00:48 +00:00
Renovate Bot
3c04fd6b10 Update redis Docker tag to v24 2025-12-19 00:00:48 +00:00
Renovate Bot
ef353d635a Update alpine Docker tag to v3.23.2 2025-12-19 00:00:36 +00:00
Renovate Bot
0097d057d5 Update Helm release cloudnative-pg to v0.27.0 2025-12-10 00:00:36 +00:00
Renovate Bot
b454fc606f Update Helm release cert-manager to v1.19.2 2025-12-10 00:00:32 +00:00
Lumpiasty
7feb19b7fc update immich 2025-12-07 02:11:41 +01:00
Lumpiasty
b21f8e402b add abliterated versions of qwen3-vl 2025-12-06 23:33:56 +01:00
Renovate Bot
68f51b26b0 Update Helm release ingress-nginx to v4.14.1 2025-12-06 00:00:32 +00:00
Renovate Bot
1095d7ef4d Update Helm release openebs to v4.4.0 2025-11-22 00:00:29 +00:00
Lumpiasty
8d83c6dc83 increase free space limit on frigate to 24h and enable two-way sync 2025-11-17 01:43:17 +01:00
Lumpiasty
65e75a4d39 Add 8B and 2B variants of qwen3-vl 2025-11-15 22:21:10 +01:00
Lumpiasty
6c7457d095 fix Qwen3-VL-4B-Instruct-GGUF models looping issue 2025-11-15 20:40:27 +01:00
Lumpiasty
9b556e98a9 add qwen3-vl thinking variant 2025-11-15 19:31:53 +01:00
Lumpiasty
202ebc7b86 add qwen3-vl, fix librechat taking over settings and clean up llama config 2025-11-15 19:18:43 +01:00
Lumpiasty
ec61023f74 fix cache location after llama-swap update 2025-11-15 18:05:12 +01:00
Lumpiasty
05d3493bb7 update llama-swap 2025-11-15 17:57:46 +01:00
Lumpiasty
2a9f8c3092 Merge pull request 'Update Helm release cilium to v1.18.4' (#99) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #99
 2025-11-15 16:49:56 +00:00
Lumpiasty
226ee59fa6 Merge pull request 'Update Helm release cloudnative-pg to v0.26.1' (#100) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #100
 2025-11-15 16:49:50 +00:00
Lumpiasty
c8f34c45ac Merge pull request 'Update Helm release openbao to v0.19.2' (#101) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #101
 2025-11-15 16:49:41 +00:00
Lumpiasty
c0fa400159 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.1' (#102) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #102
 2025-11-15 16:49:31 +00:00
Lumpiasty
6ccb00e86e Merge pull request 'Update Helm release immich to v1.0.6' (#103) from renovate/immich-1.x into fresh-start 
Reviewed-on: #103
 2025-11-15 16:49:17 +00:00
Lumpiasty
7b8fb8d8bb Merge pull request 'Update Helm release ingress-nginx to v4.14.0' (#105) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #105
 2025-11-15 16:48:24 +00:00
Lumpiasty
0ae3181267 Merge pull request 'Update renovate/renovate Docker tag to v42' (#106) from renovate/renovate-renovate-42.x into fresh-start 
Reviewed-on: #106
 2025-11-15 16:47:38 +00:00
Renovate Bot
c0d83249b9 Update renovate/renovate Docker tag to v42 2025-11-15 00:00:31 +00:00
Renovate Bot
974d70a39e Update Helm release cilium to v1.18.4 2025-11-13 00:00:23 +00:00
Renovate Bot
4518fc674a Update Helm release openbao to v0.19.2 2025-11-07 00:00:23 +00:00
Renovate Bot
c3912af26b Update Helm release immich to v1.0.6 2025-11-06 00:00:36 +00:00
Renovate Bot
797b97496e Update Helm release ingress-nginx to v4.14.0 2025-11-04 00:00:49 +00:00
Lumpiasty
29457af188 add nas deployment 2025-11-03 02:31:02 +01:00
Renovate Bot
2a8e56824e Update registry.k8s.io/coredns/coredns Docker tag to v1.13.1 2025-10-28 00:00:30 +00:00
Renovate Bot
f71794de4d Update Helm release cloudnative-pg to v0.26.1 2025-10-24 00:00:24 +00:00
Lumpiasty
f4a865ce7a update llama-swap docker image 2025-10-19 20:38:39 +02:00
Lumpiasty
e7b3b220aa Merge pull request 'Update caddy Docker tag to v2.10.2' (#89) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #89
 2025-10-19 18:32:21 +00:00
Lumpiasty
0642d29ed5 Merge pull request 'Update Helm release cert-manager to v1.19.1' (#91) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #91
 2025-10-19 18:31:37 +00:00
Lumpiasty
3f044670e0 Merge pull request 'Update renovate/renovate Docker tag to v41.152.7' (#93) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #93
 2025-10-19 18:29:15 +00:00
Lumpiasty
122770b128 Merge pull request 'Update Helm release immich to v1' (#94) from renovate/immich-1.x into fresh-start 
Reviewed-on: #94
 2025-10-19 18:25:55 +00:00
Lumpiasty
d894d42129 Merge pull request 'Update Helm release openbao to v0.19.0' (#92) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #92
 2025-10-19 18:23:55 +00:00
Lumpiasty
3426b1215d Merge pull request 'Update Helm release vault-secrets-operator to v1' (#95) from renovate/vault-secrets-operator-1.x into fresh-start 
Reviewed-on: #95
 2025-10-19 18:21:53 +00:00
Lumpiasty
73a189f4e8 Merge pull request 'Update redis Docker tag to v23' (#96) from renovate/redis-23.x into fresh-start 
Reviewed-on: #96
 2025-10-19 18:19:55 +00:00
Renovate Bot
4518cdda22 Update redis Docker tag to v23 2025-10-19 18:18:51 +00:00
Renovate Bot
3682e4d5bf Update Helm release vault-secrets-operator to v1 2025-10-19 18:18:49 +00:00
Renovate Bot
3135514f6d Update Helm release immich to v1 2025-10-19 18:18:47 +00:00
Renovate Bot
5e39cc9082 Update renovate/renovate Docker tag to v41.152.7 2025-10-19 18:18:45 +00:00
Renovate Bot
6eed078d30 Update Helm release openbao to v0.19.0 2025-10-19 18:18:42 +00:00
Renovate Bot
0bb805eaaa Update Helm release cert-manager to v1.19.1 2025-10-19 18:18:40 +00:00
Renovate Bot
c0f9670837 Update caddy Docker tag to v2.10.2 2025-10-19 18:18:35 +00:00
Lumpiasty
69728501e1 Merge pull request 'Update Helm release immich to v0.9.7' (#77) from renovate/immich-0.x into fresh-start 
Reviewed-on: #77
 2025-10-19 18:13:37 +00:00
Lumpiasty
0a516b3798 Merge pull request 'Update Helm release librechat to v1.9.1' (#79) from renovate/librechat-1.x into fresh-start 
Reviewed-on: #79
 2025-10-19 18:09:08 +00:00
Lumpiasty
c9bb63b373 Merge pull request 'Update Helm release openebs to v4.3.3' (#82) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #82
 2025-10-19 18:04:21 +00:00
Lumpiasty
5b5043755d Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.13.0' (#83) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #83
 2025-10-19 18:03:59 +00:00
Lumpiasty
e0fcaeaad4 Merge pull request 'Update Helm release ingress-nginx to v4.13.3' (#84) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #84
 2025-10-19 18:00:46 +00:00
Lumpiasty
102efd1254 Merge pull request 'Update Helm release k8up to v4.8.6' (#85) from renovate/k8up-4.x into fresh-start 
Reviewed-on: #85
 2025-10-19 17:59:40 +00:00
Lumpiasty
5400c69771 Merge pull request 'Update Helm release cilium to v1.18.2' (#86) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #86
 2025-10-19 17:57:55 +00:00
Lumpiasty
b6c70c9931 fix cert-manager-webhook-ovh config after update 2025-10-19 19:56:13 +02:00
Lumpiasty
2710996a19 Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.8.0' (#87) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #87
 2025-10-19 17:52:55 +00:00
Lumpiasty
32f8ccfeb8 update values to current values schema 2025-10-19 19:49:54 +02:00
Lumpiasty
12aab2bf0e Merge pull request 'Update Helm release gitea to v12.4.0' (#88) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #88
 2025-10-19 17:42:42 +00:00
Renovate Bot
957b6dab43 Update registry.k8s.io/coredns/coredns Docker tag to v1.13.0 2025-10-17 00:00:35 +00:00
Renovate Bot
d1b30c7e61 Update Helm release librechat to v1.9.1 2025-10-07 00:02:23 +00:00
Renovate Bot
d880c342a5 Update Helm release gitea to v12.4.0 2025-10-07 00:01:47 +00:00
Renovate Bot
ae38951164 Update Helm release k8up to v4.8.6 2025-10-04 00:00:49 +00:00
Renovate Bot
1e363acfca Update Helm release immich to v0.9.7 2025-10-01 00:00:41 +00:00
Renovate Bot
c78ca0933c Update Helm release ingress-nginx to v4.13.3 2025-10-01 00:00:30 +00:00
Renovate Bot
9a31c6bf15 Update Helm release cert-manager-webhook-ovh to v0.8.0 2025-09-25 00:00:28 +00:00
Renovate Bot
45aa92fe10 Update Helm release cilium to v1.18.2 2025-09-25 00:00:22 +00:00
Lumpiasty
708ffe203c Add Qwen2.5-VL models 2025-09-13 02:42:21 +02:00
Renovate Bot
e2c75d2f22 Update Helm release openebs to v4.3.3 2025-08-29 00:00:57 +00:00
Lumpiasty
3ceec2f10c Merge pull request 'Update renovate/renovate Docker tag to v41.82.10' (#66) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #66
 2025-08-25 00:33:25 +00:00
Renovate Bot
95cfbfbe66 Update renovate/renovate Docker tag to v41.82.10 2025-08-25 00:32:46 +00:00
Lumpiasty
bf9aefb44a remove ollama 2025-08-25 02:30:47 +02:00
Lumpiasty
5ffb171821 Merge pull request 'Update Helm release gitea to v12.2.0' (#67) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #67
 2025-08-25 00:23:50 +00:00
Lumpiasty
a35116aa31 Merge pull request 'Update redis Docker tag to v22' (#70) from renovate/redis-22.x into fresh-start 
Reviewed-on: #70
 2025-08-25 00:23:19 +00:00
Lumpiasty
b32337a2ba Merge pull request 'Update Helm release ingress-nginx to v4.13.1' (#71) from renovate/ingress-nginx-4.x into fresh-start 
Reviewed-on: #71
 2025-08-25 00:22:58 +00:00
Lumpiasty
d27b43715c Merge pull request 'Update Helm release immich to v0.7.5' (#73) from renovate/immich-0.x into fresh-start 
Reviewed-on: #73
 2025-08-25 00:22:24 +00:00
Lumpiasty
4b0ce7a2e3 Merge pull request 'Update Helm release openbao to v0.16.3' (#75) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #75
 2025-08-25 00:22:18 +00:00
Lumpiasty
7f2ef7270c Merge pull request 'Update Helm release cloudnative-pg to v0.26.0' (#72) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #72
 2025-08-25 00:18:53 +00:00
Lumpiasty
73a9b275a7 Merge pull request 'Update Helm release cilium to v1.18.1' (#74) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #74
 2025-08-25 00:17:27 +00:00
Renovate Bot
8a61a936c6 Update redis Docker tag to v22 2025-08-24 00:00:34 +00:00
Renovate Bot
1c2f77927f Update Helm release immich to v0.7.5 2025-08-23 00:00:29 +00:00
Lumpiasty
4f5b25d910 increase frigate config volume to 5Gi 2025-08-22 16:59:46 +02:00
Renovate Bot
7c5fafd54e Update Helm release openbao to v0.16.3 2025-08-22 00:00:30 +00:00
Renovate Bot
de11ec0d1b Update Helm release gitea to v12.2.0 2025-08-20 00:00:40 +00:00
Lumpiasty
07c32643e7 add searxng 2025-08-18 03:26:54 +02:00
Lumpiasty
9c61d47fda add qwen3-4b-2507 model 2025-08-18 02:50:46 +02:00
Renovate Bot
0f24f1dd7b Update Helm release cilium to v1.18.1 2025-08-16 00:00:28 +00:00
Lumpiasty
83e5cada3f decreate mtu on anapistuala delrosalae to 1280, hack 2025-08-15 20:56:12 +02:00
Renovate Bot
ccf6302924 Update Helm release cloudnative-pg to v0.26.0 2025-08-14 00:00:36 +00:00
Renovate Bot
5eb0362788 Update Helm release ingress-nginx to v4.13.1 2025-08-13 00:00:40 +00:00
Lumpiasty
0985832c2d disable gpu accel in frigate 2025-08-11 20:24:32 +02:00
Lumpiasty
db86abff25 remove old nginx ingress controller 2025-08-03 19:14:11 +02:00
Lumpiasty
a1b40a6a21 Revert "add cameras vlan" 
This reverts commit 9269f21692.
 2025-08-03 18:42:17 +02:00
Lumpiasty
444c4faf96 move all ingresses to new nginx ingress 2025-08-03 18:17:37 +02:00
Lumpiasty
9f304af879 update gitea to new ingress 2025-08-03 17:59:54 +02:00
Lumpiasty
c0524510b8 add nginx-ingress 2025-08-03 17:40:25 +02:00
Lumpiasty
a26a351396 update llama-swap 2025-08-03 17:16:25 +02:00
Lumpiasty
9269f21692 add cameras vlan 2025-08-03 16:39:38 +02:00
Lumpiasty
9d6a9ff304 Merge pull request 'Update Helm release immich to v0.7.2' (#65) from renovate/immich-0.x into fresh-start 
Reviewed-on: #65
 2025-08-03 14:00:33 +00:00
Lumpiasty
3cd094007e Merge pull request 'Update renovate/renovate Docker tag to v41.51.0' (#61) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #61
 2025-08-03 14:00:19 +00:00
Lumpiasty
94a57daaf8 Merge pull request 'Update Helm release cilium to v1.18.0' (#62) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #62
 2025-08-03 14:00:00 +00:00
Renovate Bot
6fec8d29a6 Update renovate/renovate Docker tag to v41.51.0 2025-08-03 00:00:50 +00:00
Renovate Bot
3a94da6021 Update Helm release immich to v0.7.2 2025-08-03 00:00:45 +00:00
Lumpiasty
70511ff9bc Merge pull request 'Update Helm release ollama to v1.25.0' (#63) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #63
 2025-08-02 14:29:07 +00:00
Lumpiasty
e8b37d90d8 Merge pull request 'Update Helm release immich to v0.7.1' (#64) from renovate/immich-0.x into fresh-start 
Reviewed-on: #64
 2025-08-02 14:28:59 +00:00
Renovate Bot
30b7a78360 Update Helm release immich to v0.7.1 2025-08-02 00:01:07 +00:00
Renovate Bot
2561b354d1 Update Helm release ollama to v1.25.0 2025-07-30 00:00:32 +00:00
Renovate Bot
949d8b11db Update Helm release cilium to v1.18.0 2025-07-30 00:00:29 +00:00
Lumpiasty
6c46b20dba fix nginx disconnecting too fast 2025-07-29 19:49:15 +02:00
Lumpiasty
f0f9cb4d34 fix api endpoint in librechat 2025-07-29 18:54:07 +02:00
Lumpiasty
8386e21722 fix image upload in librechat 2025-07-29 18:50:13 +02:00
Lumpiasty
c871dae045 change chart source and update librechat 2025-07-29 18:36:19 +02:00
Lumpiasty
70e4967497 increase immich uploads volume 2025-07-29 04:16:28 +02:00
Lumpiasty
8e68c45573 allow websockets to immich 2025-07-29 03:25:43 +02:00
Lumpiasty
c4628523bc llama automatic unloading and longer start timeout 2025-07-29 02:31:39 +02:00
Lumpiasty
071e87ee44 disable warmups 2025-07-29 02:24:14 +02:00
Lumpiasty
9e17aadb56 add gemma3 model 2025-07-29 02:22:52 +02:00
Lumpiasty
3ca4ddc233 use immich chart provided ingress 2025-07-29 00:50:44 +02:00
Lumpiasty
215a2ac1fb Merge pull request 'Update Helm release cloudnative-pg to v0.25.0' (#59) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #59
 2025-07-28 22:46:07 +00:00
Lumpiasty
5b8a861daa Merge pull request 'Update renovate/renovate Docker tag to v41.43.5' (#58) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #58
 2025-07-28 22:45:53 +00:00
Lumpiasty
319e3bafbe Merge pull request 'Update Helm release immich to v0.7.0' (#60) from renovate/immich-0.x into fresh-start 
Reviewed-on: #60
 2025-07-28 22:45:29 +00:00
Renovate Bot
ad1c60a049 Update Helm release immich to v0.7.0 2025-07-28 00:00:34 +00:00
Lumpiasty
41020f8c79 install immich 2025-07-27 22:38:45 +02:00
Renovate Bot
60c7dd4bdc Update renovate/renovate Docker tag to v41.43.5 2025-07-27 00:00:38 +00:00
Lumpiasty
0fde3108d6 move llama models to ssd 2025-07-26 17:54:23 +02:00
Lumpiasty
a299c2cc2b add ssd 2025-07-26 17:52:34 +02:00
Renovate Bot
a4ea45a39c Update Helm release cloudnative-pg to v0.25.0 2025-07-26 00:03:30 +00:00
Lumpiasty
30bae60308 fix immich postgres cluster 2025-07-25 23:09:58 +02:00
Lumpiasty
2f3b7af0da redis for immich 2025-07-25 22:43:21 +02:00
Lumpiasty
30efd5ae6e Merge pull request 'Update renovate/renovate Docker tag to v41.43.2' (#57) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #57
 2025-07-25 20:15:37 +00:00
Renovate Bot
0e1279473f Update renovate/renovate Docker tag to v41.43.2 2025-07-25 00:00:45 +00:00
Lumpiasty
718a0d7e33 add immich 2025-07-24 02:50:34 +02:00
Lumpiasty
9765f1cf86 add gemma3n 2025-07-23 23:46:44 +02:00
Lumpiasty
5f3a00b382 add qwen3 no thinking 2025-07-23 22:56:52 +02:00
Lumpiasty
b379c181f2 increase context size 2025-07-23 22:06:45 +02:00
Lumpiasty
e1801347f2 add qwen3 2025-07-23 20:15:37 +02:00
Lumpiasty
d53db88fd2 gpu offload in llama.cpp 2025-07-23 19:55:48 +02:00
Lumpiasty
5fb2bcfc7e add llama.cpp to librechat 2025-07-23 19:19:43 +02:00
Lumpiasty
f5da3b52a2 Merge pull request 'Update Helm release ollama to v1.24.0' (#53) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #53
 2025-07-23 17:13:28 +00:00
Lumpiasty
c3dbb0a608 Merge pull request 'Update Helm release openbao to v0.16.2' (#52) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #52
 2025-07-23 17:13:09 +00:00
Lumpiasty
a520c62277 Merge pull request 'Update renovate/renovate Docker tag to v41.42.9' (#51) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #51
 2025-07-23 17:12:49 +00:00
Lumpiasty
6cf45eda17 Merge pull request 'Update Helm release cilium to v1.17.6' (#55) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #55
 2025-07-23 17:12:35 +00:00
Lumpiasty
753d43b643 Merge pull request 'Update Helm release nginx-ingress to v2.2.1' (#54) from renovate/nginx-ingress-2.x into fresh-start 
Reviewed-on: #54
 2025-07-23 17:12:11 +00:00
Lumpiasty
263b60018d Merge pull request 'Update Helm release gitea to v12.1.2' (#56) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #56
 2025-07-23 17:10:14 +00:00
Renovate Bot
0816b6e434 Update renovate/renovate Docker tag to v41.42.9 2025-07-23 00:01:56 +00:00
Lumpiasty
18eb912f03 llama-swap 2025-07-23 00:18:45 +02:00
Renovate Bot
a2c23c5f97 Update Helm release gitea to v12.1.2 2025-07-20 00:00:54 +00:00
Renovate Bot
15ce411c3e Update Helm release nginx-ingress to v2.2.1 2025-07-18 00:00:57 +00:00
Renovate Bot
04a8c98d63 Update Helm release cilium to v1.17.6 2025-07-17 00:00:45 +00:00
Renovate Bot
f46219f87e Update Helm release ollama to v1.24.0 2025-07-13 00:00:52 +00:00
Lumpiasty
53154eeed7 adjust motion masks 2025-07-10 22:06:58 +02:00
Renovate Bot
2ad310c550 Update Helm release openbao to v0.16.2 2025-07-10 00:00:37 +00:00
Lumpiasty
d32d94eb00 introduce person mask 2025-07-07 00:02:09 +02:00
Lumpiasty
5b62f7e386 Merge pull request 'Update renovate/renovate Docker tag to v41.23.1' (#48) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #48
 2025-07-06 18:40:21 +00:00
Lumpiasty
52124193e2 Merge pull request 'Update Helm release ollama to v1.23.0' (#49) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #49
 2025-07-06 18:40:12 +00:00
Lumpiasty
0f8ee9e53d Merge pull request 'Update Helm release cert-manager to v1.18.2' (#50) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #50
 2025-07-06 18:40:05 +00:00
Lumpiasty
122c70d0a8 fix config validation error 2025-07-06 20:06:30 +02:00
Lumpiasty
5463d76771 run renovate once daily 2025-07-06 20:03:42 +02:00
Lumpiasty
60f2056806 update nix flake 2025-07-06 19:48:03 +02:00
Renovate Bot
6119ac7271 Update renovate/renovate Docker tag to v41.23.1 2025-07-06 17:00:32 +00:00
Lumpiasty
1a01f82e30 tune detection objects and retention 2025-07-06 18:58:29 +02:00
Lumpiasty
74c9ddad62 add motion mask on cameras 2025-07-06 18:15:41 +02:00
Renovate Bot
caf62609d3 Update Helm release ollama to v1.23.0 2025-07-05 05:00:41 +00:00
Renovate Bot
d5622416de Update Helm release cert-manager to v1.18.2 2025-07-02 14:00:59 +00:00
Lumpiasty
4183831d2f fix expanding volumes 2025-06-30 18:40:14 +02:00
Lumpiasty
ae6ed770a9 increase storage for recordings 2025-06-30 18:34:57 +02:00
Lumpiasty
59d936d467 enable audio in recordings frigate 2025-06-30 00:02:09 +02:00
Lumpiasty
9b56ce5e4f switch to openvino cpu detector 2025-06-29 22:44:17 +02:00
Lumpiasty
2424ad440b enable hwaccel in frigate 2025-06-29 20:33:42 +02:00
Lumpiasty
dff138ba31 use go2rtc restream to remove need for two streams from camera 2025-06-29 17:25:18 +02:00
Lumpiasty
d95eb6f4ab Configure frigate webrtc 2025-06-29 02:10:41 +02:00
Lumpiasty
5252f209f5 enable ingress to frigate 2025-06-29 01:14:26 +02:00
Lumpiasty
e7348b2718 add cameras to frigate 2025-06-29 00:34:01 +02:00
Lumpiasty
c7cd2c5355 add frigate nvr 2025-06-28 02:41:52 +02:00
Lumpiasty
71e75afadb Merge pull request 'Update Helm release cert-manager-webhook-ovh to v0.7.5' (#39) from renovate/cert-manager-webhook-ovh-0.x into fresh-start 
Reviewed-on: #39
 2025-06-28 00:06:37 +00:00
Lumpiasty
23169aa2ca Merge pull request 'Update Helm release cloudnative-pg to v0.24.0' (#38) from renovate/cloudnative-pg-0.x into fresh-start 
Reviewed-on: #38
 2025-06-28 00:06:30 +00:00
Lumpiasty
d8aa0a6a32 Merge pull request 'Update Helm release ollama to v1.21.0' (#40) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #40
 2025-06-27 23:59:33 +00:00
Lumpiasty
a6630c0376 fix openbao injector not starting 2025-06-28 01:57:25 +02:00
Lumpiasty
9056839784 Merge pull request 'Update Helm release openbao to v0.16.1' (#41) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #41
 2025-06-27 23:47:11 +00:00
Lumpiasty
1f8afa2f8e Merge pull request 'Update Helm release cert-manager to v1.18.1' (#42) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #42
 2025-06-27 23:46:30 +00:00
Lumpiasty
e7b22509cd Merge pull request 'Update renovate/renovate Docker tag to v41' (#47) from renovate/renovate-renovate-41.x into fresh-start 
Reviewed-on: #47
 2025-06-27 23:42:09 +00:00
Renovate Bot
e39574b60e Update renovate/renovate Docker tag to v41 2025-06-27 23:41:30 +00:00
Lumpiasty
197ceb6688 fix openebs after update 2025-06-28 01:37:40 +02:00
Lumpiasty
3e95a5edd1 Merge pull request 'Update Helm release openebs to v4.3.2' (#43) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #43
 2025-06-27 21:38:27 +00:00
Lumpiasty
10fe51f52d Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.12.2' (#44) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #44
 2025-06-27 21:33:44 +00:00
Lumpiasty
e197cf5e5e Merge pull request 'Update Helm release gitea to v12.1.1' (#45) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #45
 2025-06-27 21:31:42 +00:00
Lumpiasty
c54109dbf3 Merge pull request 'Update Helm release cilium to v1.17.5' (#46) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #46
 2025-06-27 21:29:36 +00:00
Renovate Bot
5a97e4b1d8 Update Helm release openebs to v4.3.2 2025-06-27 20:28:16 +00:00
Renovate Bot
12cdfd96e2 Update Helm release openbao to v0.16.1 2025-06-27 20:28:13 +00:00
Renovate Bot
7d2056b3ee Update Helm release ollama to v1.21.0 2025-06-27 20:28:09 +00:00
Renovate Bot
35e579fc01 Update Helm release gitea to v12.1.1 2025-06-27 20:28:01 +00:00
Renovate Bot
302613b76a Update Helm release cert-manager to v1.18.1 2025-06-27 20:27:56 +00:00
Renovate Bot
89542df777 Update Helm release cilium to v1.17.5 2025-06-27 20:27:51 +00:00
Renovate Bot
233466e2cd Update Helm release cert-manager-webhook-ovh to v0.7.5 2025-06-27 20:27:48 +00:00
Renovate Bot
461f0589b3 Update registry.k8s.io/coredns/coredns Docker tag to v1.12.2 2025-06-16 09:00:47 +00:00
Renovate Bot
5c16cd3a4b Update Helm release cloudnative-pg to v0.24.0 2025-05-23 14:00:45 +00:00
Lumpiasty
5cd5263d19 Merge pull request 'Update Helm release cilium to v1.17.4' (#34) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #34
 2025-05-17 22:00:56 +00:00
Lumpiasty
a886e7c79c Merge pull request 'Update renovate/renovate Docker tag to v40.14.3' (#33) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #33
 2025-05-17 22:00:49 +00:00
Lumpiasty
dd676716f9 fix valkey persistence in gitea chart 2025-05-17 23:54:04 +02:00
Lumpiasty
110ffa9c22 Merge pull request 'Update Helm release gitea to v12' (#35) from renovate/gitea-12.x into fresh-start 
Reviewed-on: #35
 2025-05-17 21:46:57 +00:00
Lumpiasty
6ed7d61e21 rename mentions of redis to valkey in gitea 2025-05-17 23:46:35 +02:00
Lumpiasty
051083cd6e Merge pull request 'Update Helm release ollama to v1.17.0' (#36) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #36
 2025-05-17 21:40:40 +00:00
Lumpiasty
87f2446cd1 move ollama api key to valut 2025-05-17 23:32:33 +02:00
Lumpiasty
faa55fa069 move ovh cert-manager secret to vault 2025-05-17 23:12:42 +02:00
Lumpiasty
af29de91d6 move renovate gitea token to vault 2025-05-17 22:58:43 +02:00
Lumpiasty
5f3a775201 move some settings of renovate to configmap 2025-05-17 22:45:43 +02:00
Renovate Bot
81f750e5e5 Update renovate/renovate Docker tag to v40.14.3 2025-05-17 19:00:49 +00:00
Renovate Bot
641e50b5e9 Update Helm release ollama to v1.17.0 2025-05-17 03:00:44 +00:00
Renovate Bot
3fe8626391 Update Helm release gitea to v12 2025-05-16 14:00:56 +00:00
Renovate Bot
94f851c607 Update Helm release cilium to v1.17.4 2025-05-15 19:00:42 +00:00
Lumpiasty
d2134ad554 Merge pull request 'Update renovate/renovate Docker tag to v40.11.6' (#32) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #32
 2025-05-12 00:16:15 +00:00
Lumpiasty
22910085b7 add vault secret of gitea backups 2025-05-12 02:08:32 +02:00
Lumpiasty
6a4dee0852 add vault secrets operator 2025-05-12 02:05:36 +02:00
Lumpiasty
49d5803b4f add external-secrets 2025-05-12 00:42:56 +02:00
Renovate Bot
b5c51f6720 Update renovate/renovate Docker tag to v40.11.6 2025-05-11 11:00:42 +00:00
Lumpiasty
3a8dbc6e0c Merge pull request 'Update Helm release ollama to v1.16.0' (#30) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #30
 2025-05-10 00:13:08 +00:00
Lumpiasty
ead8be8bcb Merge pull request 'Update Helm release cert-manager to v1.17.2' (#28) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #28
 2025-05-10 00:13:02 +00:00
Lumpiasty
f027dad029 Merge pull request 'Update caddy Docker tag to v2.10.0' (#26) from renovate/caddy-2.x into fresh-start 
Reviewed-on: #26
 2025-05-10 00:12:41 +00:00
Lumpiasty
e35b8ccac8 Merge pull request 'Update Helm release librechat to v1.8.10' (#29) from renovate/librechat-1.x into fresh-start 
Reviewed-on: #29
 2025-05-10 00:12:32 +00:00
Lumpiasty
f69128b245 Merge pull request 'Update renovate/renovate Docker tag to v40' (#31) from renovate/renovate-renovate-40.x into fresh-start 
Reviewed-on: #31
 2025-05-10 00:12:02 +00:00
Lumpiasty
d14b62f384 pin cores to minimum frequency 2025-05-10 01:43:20 +02:00
Renovate Bot
ab7b8a6f26 Update renovate/renovate Docker tag to v40 2025-05-09 13:00:22 +00:00
Renovate Bot
8acc480b05 Update Helm release ollama to v1.16.0 2025-05-06 02:00:31 +00:00
Renovate Bot
65834037ee Update Helm release librechat to v1.8.10 2025-04-24 19:00:25 +00:00
Renovate Bot
1bf63168f2 Update Helm release cert-manager to v1.17.2 2025-04-24 12:00:33 +00:00
Renovate Bot
b3db332075 Update caddy Docker tag to v2.10.0 2025-04-22 01:00:33 +00:00
Lumpiasty
b84c792992 add basedpyright and make it happy 2025-04-22 02:42:16 +02:00
Lumpiasty
947f154a81 use nix provided python as default interpreter 2025-04-21 23:01:58 +02:00
Lumpiasty
1a88b1c602 synchronize kubernetes auth method in recoincile script 2025-04-21 22:09:13 +02:00
Lumpiasty
55fce1fc36 gitea switch to database from cloudnativepg 2025-04-21 21:16:02 +02:00
Lumpiasty
bb4afc0c07 increase ollama proxy-read-timeout on ingress 2025-04-21 19:59:03 +02:00
Lumpiasty
eb92a85cac fix apps kustomization 2025-04-21 17:54:30 +02:00
Lumpiasty
8f70ae5f2e Merge pull request 'Update renovate/renovate Docker tag to v39.253.2' (#22) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #22
 2025-04-21 15:52:55 +00:00
Lumpiasty
f89a2fd1cc Merge pull request 'Update Helm release cilium to v1.17.3' (#23) from renovate/cilium-1.x into fresh-start 
Reviewed-on: #23
 2025-04-21 15:52:34 +00:00
Lumpiasty
b493ee9d77 Merge pull request 'Update Helm release nginx-ingress to v2.1.0' (#25) from renovate/nginx-ingress-2.x into fresh-start 
Reviewed-on: #25
 2025-04-21 15:52:19 +00:00
Lumpiasty
8de0663571 Merge pull request 'Update Helm release openbao to v0.12.0' (#24) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #24
 2025-04-21 15:52:09 +00:00
Lumpiasty
3fc534f44b remove gpt-researcher 2025-04-21 17:48:08 +02:00
Renovate Bot
1c8ccd0fc4 Update renovate/renovate Docker tag to v39.253.2 2025-04-21 10:00:40 +00:00
Lumpiasty
847fd3557b use tavily and openrouter in gpt researcher 2025-04-20 03:06:46 +02:00
Lumpiasty
d2c2f5038f change models used by gpt-researcher 2025-04-20 00:19:34 +02:00
Lumpiasty
afb9dcec65 enable support for websockets for researcher 2025-04-19 05:21:29 +02:00
Lumpiasty
ba51980cec use our own image for gpt researcher 2025-04-19 04:49:55 +02:00
Lumpiasty
e0eb26b63d add docker registry 2025-04-19 04:43:27 +02:00
Lumpiasty
eda5ba08a0 add gpt-researcher 2025-04-19 04:07:21 +02:00
Lumpiasty
318aedf89d update network config 2025-04-17 22:35:53 +02:00
Renovate Bot
7b9090afc1 Update Helm release nginx-ingress to v2.1.0 2025-04-16 15:00:30 +00:00
Lumpiasty
a109290c18 increase ollama proxy timeout 2025-04-15 23:28:03 +02:00
Renovate Bot
f4b9742ab1 Update Helm release openbao to v0.12.0 2025-04-15 20:00:29 +00:00
Renovate Bot
b103358816 Update Helm release cilium to v1.17.3 2025-04-14 21:00:32 +00:00
Lumpiasty
46cacb339d Merge pull request 'Update renovate/renovate Docker tag to v39.240.1' (#18) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #18
 2025-04-13 00:13:01 +00:00
Lumpiasty
1e7dd52721 Merge pull request 'Update Helm release ollama to v1.14.0' (#19) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #19
 2025-04-13 00:12:53 +00:00
Lumpiasty
044cc37392 Merge pull request 'Update registry.k8s.io/coredns/coredns Docker tag to v1.12.1' (#20) from renovate/registry.k8s.io-coredns-coredns-1.x into fresh-start 
Reviewed-on: #20
 2025-04-13 00:07:17 +00:00
Lumpiasty
68ba891abc Merge pull request 'Update Helm release community-operator to v0.13.0' (#21) from renovate/community-operator-0.x into fresh-start 
Reviewed-on: #21
 2025-04-13 00:07:04 +00:00
Renovate Bot
81ed455ff8 Update renovate/renovate Docker tag to v39.240.1 2025-04-12 19:00:28 +00:00
Renovate Bot
b7c2da4419 Update Helm release community-operator to v0.13.0 2025-04-11 19:00:24 +00:00
Lumpiasty
4bc01e2e78 disable proxy bufferring in ollama ingress 2025-04-11 03:24:45 +02:00
Renovate Bot
94d51de471 Update registry.k8s.io/coredns/coredns Docker tag to v1.12.1 2025-04-08 20:00:30 +00:00
Renovate Bot
dc0104c55d Update Helm release ollama to v1.14.0 2025-04-08 13:00:44 +00:00
Lumpiasty
83be6619e8 deploy gitea postgres cluster 2025-04-05 22:34:57 +02:00
Lumpiasty
48ccacefdd Fix librechat kustomization typo 2025-04-05 22:12:40 +02:00
Lumpiasty
cfeef90515 Split renovate deployment to files 2025-04-05 22:11:37 +02:00
Lumpiasty
ce0bef4970 Split librechat deployment to files 2025-04-05 22:09:59 +02:00
Lumpiasty
bd5fd97ed0 split ollama deployment to files 2025-04-05 22:08:02 +02:00
Lumpiasty
52641779bc split gitea deployment to files 2025-04-05 22:01:53 +02:00
Lumpiasty
e98e02705d Move gitea kustomization to subdir 2025-04-05 20:22:29 +02:00
Lumpiasty
3c849f52f7 install cloudnativepg 2025-04-05 20:05:54 +02:00
Lumpiasty
36187fff41 Merge pull request 'Update renovate/renovate Docker tag to v39.233.3' (#15) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #15
 2025-04-05 13:37:14 +00:00
Lumpiasty
1ac7504585 Merge pull request 'Update Helm release community-operator to v0.12.1' (#16) from renovate/community-operator-0.x into fresh-start 
Reviewed-on: #16
 2025-04-05 13:36:59 +00:00
Lumpiasty
879c013e89 Merge pull request 'Update Helm release ollama to v1.13.0' (#17) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #17
 2025-04-05 13:36:35 +00:00
Lumpiasty
aa7fe8d3cf enable search in librechat 2025-04-05 03:56:02 +02:00
Lumpiasty
fd280f1fca add ingress to librechat 2025-04-05 03:54:11 +02:00
Lumpiasty
2ad381e35c Install librechat from different chart 2025-04-05 02:59:41 +02:00
Lumpiasty
e63a285dc3 Remove old librechat deployment 2025-04-04 23:01:49 +02:00
Renovate Bot
5336df3134 Update renovate/renovate Docker tag to v39.233.3 2025-04-04 12:00:48 +00:00
Renovate Bot
966639e3c8 Update Helm release ollama to v1.13.0 2025-04-04 04:00:32 +00:00
Renovate Bot
97924a8064 Update Helm release community-operator to v0.12.1 2025-04-01 09:00:25 +00:00
Lumpiasty
37b78f079e Add librechat 2025-04-01 02:55:59 +02:00
Lumpiasty
0d17825eab Add mongodb database for librechat 2025-04-01 00:35:50 +02:00
Lumpiasty
ffeecf65f6 Mongodb operator 2025-03-31 23:38:58 +02:00
Lumpiasty
fea49ae167 Merge pull request 'Update renovate/renovate Docker tag to v39.221.0' (#14) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #14
 2025-03-30 16:31:27 +00:00
Renovate Bot
6b6e7937c1 Update renovate/renovate Docker tag to v39.221.0 2025-03-30 13:00:33 +00:00
Lumpiasty
487baa2813 vulkan support in ollama 2025-03-30 03:05:51 +02:00
Lumpiasty
fe2f79d13c Disable flux network policy 2025-03-29 23:12:35 +01:00
Lumpiasty
c3a747c03c Merge pull request 'Update renovate/renovate Docker tag to v39.220.4' (#12) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #12
 2025-03-29 22:10:11 +00:00
Lumpiasty
f1f6ffb9a0 Merge pull request 'Update Helm release ollama to v1.12.0' (#13) from renovate/ollama-1.x into fresh-start 
Reviewed-on: #13
 2025-03-29 22:10:03 +00:00
Renovate Bot
e851f6ab8c Update Helm release ollama to v1.12.0 2025-03-29 17:00:29 +00:00
Renovate Bot
2ecd20c9d7 Update renovate/renovate Docker tag to v39.220.4 2025-03-29 14:00:39 +00:00
Lumpiasty
bdb3bd3234 Ollama proxy fix secret ref 2025-03-27 01:47:23 +01:00
Lumpiasty
47e957e444 add cert-manager annotation to ollama ingress 2025-03-27 01:34:23 +01:00
Lumpiasty
b2dfb2dc0b disable https for caddy 2025-03-27 01:32:37 +01:00
Lumpiasty
6ccc964c87 add ollama proxy and ingress 2025-03-27 01:30:12 +01:00
Lumpiasty
5c7b258ccf Merge pull request 'Update renovate/renovate Docker tag to v39.218.1' (#10) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #10
 2025-03-26 23:13:23 +00:00
Lumpiasty
351426f055 Merge pull request 'Update Helm release gitea to v11.0.1' (#11) from renovate/gitea-11.x into fresh-start 
Reviewed-on: #11
 2025-03-26 23:12:11 +00:00
Renovate Bot
ca598f9750 Update Helm release gitea to v11.0.1 2025-03-26 18:00:58 +00:00
Renovate Bot
0cb93ce8a1 Update renovate/renovate Docker tag to v39.218.1 2025-03-26 17:00:31 +00:00
Lumpiasty
6fde991ba9 add ollama deployment 2025-03-26 02:17:53 +01:00
Lumpiasty
5f3840cc02 Reapply "Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start" 
This reverts commit d9a22723ef.
 2025-03-26 01:48:36 +01:00
Lumpiasty
d9a22723ef Revert "Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start" 
This reverts commit f97a655ad5, reversing
changes made to f36ce88026.
 2025-03-26 01:16:23 +01:00
Lumpiasty
f97a655ad5 Merge pull request 'Update Helm release gitea to v11' (#9) from renovate/gitea-11.x into fresh-start 
Reviewed-on: #9
 2025-03-26 00:07:23 +00:00
Lumpiasty
c2aacd0ef4 Remove custom gitea tag from values 2025-03-26 01:06:24 +01:00
Lumpiasty
f36ce88026 Merge pull request 'Update Helm release openebs to v4.2.0' (#7) from renovate/openebs-4.x into fresh-start 
Reviewed-on: #7
 2025-03-26 00:01:50 +00:00
Lumpiasty
d19d332b59 Merge pull request 'Update renovate/renovate Docker tag to v39.216.1' (#8) from renovate/renovate-renovate-39.x into fresh-start 
Reviewed-on: #8
 2025-03-26 00:00:00 +00:00
Lumpiasty
5cf9de7997 renovate improve yaml matching 2025-03-26 00:58:03 +01:00
Lumpiasty
3c84632a2d Merge pull request 'Update Helm release openbao to v0.10.1' (#6) from renovate/openbao-0.x into fresh-start 
Reviewed-on: #6
 2025-03-25 23:54:58 +00:00
Lumpiasty
14bcc8546c Merge pull request 'Update Helm release k8up to v4.8.4' (#4) from renovate/k8up-4.x into fresh-start 
Reviewed-on: #4
 2025-03-25 23:53:54 +00:00
Lumpiasty
ca8a63fdbe Merge pull request 'Update Helm release cert-manager to v1.17.1' (#3) from renovate/cert-manager-1.x into fresh-start 
Reviewed-on: #3
 2025-03-25 23:44:47 +00:00
Renovate Bot
3a46d17f02 Update Helm release gitea to v11 2025-03-25 23:42:27 +00:00
Renovate Bot
add851ee9e Update renovate/renovate Docker tag to v39.216.1 2025-03-25 23:42:26 +00:00
Renovate Bot
edbfd26bde Update Helm release openebs to v4.2.0 2025-03-25 23:42:25 +00:00
Renovate Bot
dea0dfb7cc Update Helm release openbao to v0.10.1 2025-03-25 23:42:24 +00:00
Renovate Bot
874fc826cd Update Helm release k8up to v4.8.4 2025-03-25 23:42:21 +00:00
Renovate Bot
33cb5c72c7 Update Helm release cert-manager to v1.17.1 2025-03-25 23:42:20 +00:00
Lumpiasty
31df54fcf0 Merge pull request 'Configure Renovate' (#2) from renovate/configure into fresh-start 
Reviewed-on: #2
 2025-03-25 23:41:34 +00:00
68 changed files with 146 additions and 1035 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -10,4 +10,3 @@ devenv.local.yaml
# pre-commit
.pre-commit-config.yaml
.opencode

3
.vscode/extensions.json vendored
View File

@@ -2,7 +2,6 @@
"recommendations": [
"jnoortheen.nix-ide",
"detachhead.basedpyright",
"mkhl.direnv",
"mermaidchart.vscode-mermaid-chart"
"mkhl.direnv"
]
}

49
.woodpecker/flux-reconcile-source.yaml
View File

@@ -1,49 +0,0 @@
when:
- event: push
branch: fresh-start
skip_clone: true
steps:
- name: Get kubernetes access from OpenBao
image: quay.io/openbao/openbao:2.5.2
environment:
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
ROLE_ID:
from_secret: flux_reconcile_role_id
SECRET_ID:
from_secret: flux_reconcile_secret_id
commands:
- bao write -field token auth/approle/login
role_id=$ROLE_ID
secret_id=$SECRET_ID > /woodpecker/.vault_id
- export VAULT_TOKEN=$(cat /woodpecker/.vault_id)
- bao write -format json -f /kubernetes/creds/flux-reconcile > /woodpecker/kube_credentials
- name: Construct Kubeconfig
image: alpine/k8s:1.32.13
environment:
KUBECONFIG: /woodpecker/kubeconfig
commands:
- kubectl config set-cluster cluster
--server=https://$KUBERNETES_SERVICE_HOST
--certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- kubectl config set-credentials cluster
--token=$(jq -r .data.service_account_token /woodpecker/kube_credentials)
- kubectl config set-context cluster
--cluster cluster
--user cluster
--namespace flux-system
- kubectl config use-context cluster
- name: Reconcile git source
image: ghcr.io/fluxcd/flux-cli:v2.8.3
environment:
KUBECONFIG: /woodpecker/kubeconfig
commands:
- flux reconcile source git flux-system
- name: Invalidate OpenBao token
image: quay.io/openbao/openbao:2.5.2
environment:
VAULT_ADDR: https://openbao.lumpiasty.xyz:8200
commands:
- export VAULT_TOKEN=$(cat /woodpecker/.vault_id)
- bao write -f auth/token/revoke-self

4
Makefile
View File

@@ -1,7 +1,3 @@
SHELL := /usr/bin/env bash
.PHONY: install-router gen-talos-config apply-talos-config get-kubeconfig
install-router:
ansible-playbook ansible/playbook.yml -i ansible/hosts

16
README.md
View File

@@ -141,7 +141,7 @@ Currently the k8s cluster consists of single node (hostname anapistula-delrosala
## Software stack
The cluster itself is based on [Talos Linux](https://www.talos.dev/) (which is also a Kubernetes distribution) and uses [Cilium](https://cilium.io/) as CNI, IPAM, kube-proxy replacement, Load Balancer, and BGP control plane. Persistent volumes are managed by [OpenEBS LVM LocalPV](https://openebs.io/docs/user-guides/local-storage-user-guide/local-pv-lvm/lvm-overview). Applications are deployed using GitOps (this repo) and reconciled on cluster using [Flux](https://fluxcd.io/). Git repository is hosted on [Gitea](https://gitea.io/) running on a cluster itself. Secets are kept in [OpenBao](https://openbao.org/) (HashiCorp Vault fork) running on a cluster and synced to cluster objects using [Vault Secrets Operator](https://github.com/hashicorp/vault-secrets-operator). Deployments are kept up to date using self hosted [Renovate](https://www.mend.io/renovate/) bot updating manifests in the Git repository. There is a [Woodpecker](https://woodpecker-ci.org/) instance watching repositories on Gitea and scheduling jobs on cluster. Incoming HTTP traffic is routed to cluster using [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/) and certificates are issued by [cert-manager](https://cert-manager.io/) with [Let's Encrypt](https://letsencrypt.org/) ACME issuer with [cert-manager-webhook-ovh](https://github.com/aureq/cert-manager-webhook-ovh) resolving DNS-01 challanges. Cluster also runs [CloudNativePG](https://cloudnative-pg.io/) operator for managing PostgreSQL databases. Router is running [Mikrotik RouterOS](https://help.mikrotik.com/docs/spaces/ROS/pages/328059/RouterOS) and its configuration is managed via [Ansible](https://docs.ansible.com/) playbook in this repo. High level core cluster software architecture is shown on the diagram below.
The cluster itself is based on [Talos Linux](https://www.talos.dev/) (which is also a Kubernetes distribution) and uses [Cilium](https://cilium.io/) as CNI, IPAM, kube-proxy replacement, Load Balancer, and BGP control plane. Persistent volumes are managed by [OpenEBS LVM LocalPV](https://openebs.io/docs/user-guides/local-storage-user-guide/local-pv-lvm/lvm-overview). Applications are deployed using GitOps (this repo) and reconciled on cluster using [Flux](https://fluxcd.io/). Git repository is hosted on [Gitea](https://gitea.io/) running on a cluster itself. Secets are kept in [OpenBao](https://openbao.org/) (HashiCorp Vault fork) running on a cluster and synced to cluster objects using [Vault Secrets Operator](https://github.com/hashicorp/vault-secrets-operator). Deployments are kept up to date using self hosted [Renovate](https://www.mend.io/renovate/) bot updating manifests in the Git repository. Incoming HTTP traffic is routed to cluster using [Nginx Ingress Controller](https://kubernetes.github.io/ingress-nginx/) and certificates are issued by [cert-manager](https://cert-manager.io/) with [Let's Encrypt](https://letsencrypt.org/) ACME issuer with [cert-manager-webhook-ovh](https://github.com/aureq/cert-manager-webhook-ovh) resolving DNS-01 challanges. Cluster also runs [CloudNativePG](https://cloudnative-pg.io/) operator for managing PostgreSQL databases. Router is running [Mikrotik RouterOS](https://help.mikrotik.com/docs/spaces/ROS/pages/328059/RouterOS) and its configuration is managed via [Ansible](https://docs.ansible.com/) playbook in this repo. High level core cluster software architecture is shown on the diagram below.
> Talos Linux is an immutable Linux distribution purpose-built for running Kubernetes. The OS is distributed as an OCI (Docker) image and does not contain any package manager, shell, SSH, or any other tools for managing the system. Instead, all operations are performed using API, which can be accessed using `talosctl` CLI tool.
@@ -177,23 +177,14 @@ flowchart TD
vault_operator -- "Retrieves secrets" --> vault[OpenBao] -- "Secret storage" --> lv
vault -- "Auth method" --> kubeapi
gitea -- "Receives events" --> woodpecker[Woodpecker CI] -- "Schedules jobs" --> kubeapi
gitea -- "Stores repositories" --> lv
gitea--> renovate[Renovate Bot] -- "Updates manifests" --> gitea
gitea --> renovate[Renovate Bot] -- "Updates manifests" --> gitea
end
```
### Reconcilation paths of each component
- Kubernetes manifests are reconciled using Flux triggerred by Woodpecker CI on push
- RouterOS configs are applied by Ansible <!-- ran by Gitea Action on push -->
- Talos configs are applied using makefile <!-- switch to ansible and trigger on action push -->
- Vault policies are applied by running `synchronize-vault.py` <!-- triggerred by Gitea action on push -->
<!-- - Docker images are built and pushed to registry by Gitea Actions on push -->
<!-- TODO: Backups, monitoring, logging, deployment with ansible etc -->
## Software
@@ -237,7 +228,6 @@ flowchart TD
|------|------|-------------|
| <img src="docs/assets/devenv.svg" alt="devenv" height="50" width="50"> | devenv | Tool for declarative managment of development environment using Nix |
| <img src="docs/assets/renovate.svg" alt="Renovate" height="50" width="50"> | Renovate | Bot for keeping dependencies up to date |
| <img src="docs/assets/woodpecker.svg" alt="Woodpecker" height="50" width="50"> | Woodpecker CI | Continous Integration system |
### AI infrastructure

8
apps/authentik/kustomization.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- postgres-volume.yaml
- postgres-cluster.yaml
- secret.yaml
- release.yaml

4
apps/authentik/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: authentik

23
apps/authentik/postgres-cluster.yaml
View File

@@ -1,23 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: authentik-postgresql-cluster-lvmhdd
namespace: authentik
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
bootstrap:
initdb:
database: authentik
owner: authentik
storage:
pvcTemplate:
storageClassName: hdd-lvmpv
resources:
requests:
storage: 10Gi
volumeName: authentik-postgresql-cluster-lvmhdd-1

33
apps/authentik/postgres-volume.yaml
View File

@@ -1,33 +0,0 @@
apiVersion: local.openebs.io/v1alpha1
kind: LVMVolume
metadata:
labels:
kubernetes.io/nodename: anapistula-delrosalae
name: authentik-postgresql-cluster-lvmhdd-1
namespace: openebs
spec:
capacity: 10Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
vgPattern: ^openebs-hdd$
volGroup: openebs-hdd
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: authentik-postgresql-cluster-lvmhdd-1
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hdd-lvmpv
volumeMode: Filesystem
csi:
driver: local.csi.openebs.io
fsType: btrfs
volumeHandle: authentik-postgresql-cluster-lvmhdd-1
---
# PVCs are dynamically created by the Postgres operator

61
apps/authentik/release.yaml
View File

@@ -1,61 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: authentik
namespace: authentik
spec:
interval: 24h
url: https://charts.goauthentik.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: authentik
namespace: authentik
spec:
interval: 30m
chart:
spec:
chart: authentik
version: 2026.2.1
sourceRef:
kind: HelmRepository
name: authentik
namespace: authentik
interval: 12h
values:
authentik:
postgresql:
host: authentik-postgresql-cluster-lvmhdd-rw
name: authentik
user: authentik
global:
env:
- name: AUTHENTIK_SECRET_KEY
valueFrom:
secretKeyRef:
name: authentik-secret
key: secret_key
- name: AUTHENTIK_POSTGRESQL__PASSWORD
valueFrom:
secretKeyRef:
name: authentik-postgresql-cluster-lvmhdd-app
key: password
postgresql:
enabled: false
server:
ingress:
enabled: true
ingressClassName: nginx-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- authentik.lumpiasty.xyz
tls:
- secretName: authentik-ingress
hosts:
- authentik.lumpiasty.xyz

38
apps/authentik/secret.yaml
View File

@@ -1,38 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: authentik-secret
namespace: authentik
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: authentik
namespace: authentik
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: authentik
serviceAccount: authentik-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: authentik-secret
namespace: authentik
spec:
type: kv-v2
mount: secret
path: authentik
destination:
create: true
name: authentik-secret
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: authentik

48
apps/crawl4ai-proxy/deployment.yaml
View File

@@ -1,48 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: crawl4ai-proxy
namespace: crawl4ai
spec:
replicas: 1
selector:
matchLabels:
app: crawl4ai-proxy
template:
metadata:
labels:
app: crawl4ai-proxy
spec:
containers:
- name: crawl4ai-proxy
image: gitea.lumpiasty.xyz/lumpiasty/crawl4ai-proxy-fit:latest
imagePullPolicy: Always
env:
- name: LISTEN_PORT
value: "8000"
- name: CRAWL4AI_ENDPOINT
value: http://crawl4ai.crawl4ai.svc.cluster.local:11235/crawl
ports:
- name: http
containerPort: 8000
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 6
livenessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 2
failureThreshold: 6
resources:
requests:
cpu: 25m
memory: 32Mi
limits:
cpu: 200m
memory: 128Mi

5
apps/crawl4ai-proxy/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

14
apps/crawl4ai-proxy/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: crawl4ai-proxy
namespace: crawl4ai
spec:
type: ClusterIP
selector:
app: crawl4ai-proxy
ports:
- name: http
port: 8000
targetPort: 8000
protocol: TCP

62
apps/crawl4ai/deployment.yaml
View File

@@ -1,62 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
replicas: 1
selector:
matchLabels:
app: crawl4ai
template:
metadata:
labels:
app: crawl4ai
spec:
containers:
- name: crawl4ai
image: unclecode/crawl4ai:latest
imagePullPolicy: IfNotPresent
env:
- name: CRAWL4AI_API_TOKEN
valueFrom:
secretKeyRef:
name: crawl4ai-secret
key: api_token
optional: false
- name: MAX_CONCURRENT_TASKS
value: "5"
ports:
- name: http
containerPort: 11235
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 6
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 6
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: "2"
memory: 4Gi
volumeMounts:
- name: dshm
mountPath: /dev/shm
volumes:
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi

7
apps/crawl4ai/kustomization.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- secret.yaml
- deployment.yaml
- service.yaml

4
apps/crawl4ai/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: crawl4ai

38
apps/crawl4ai/secret.yaml
View File

@@ -1,38 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: crawl4ai-secret
namespace: crawl4ai
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: crawl4ai
serviceAccount: crawl4ai-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: crawl4ai-secret
namespace: crawl4ai
spec:
type: kv-v2
mount: secret
path: crawl4ai
destination:
create: true
name: crawl4ai-secret
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: crawl4ai

14
apps/crawl4ai/service.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: crawl4ai
namespace: crawl4ai
spec:
type: ClusterIP
selector:
app: crawl4ai
ports:
- name: http
port: 11235
targetPort: 11235
protocol: TCP

9
apps/gitea/release.yaml
View File

@@ -72,8 +72,6 @@ spec:
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
webhook:
ALLOWED_HOST_LIST: woodpecker.lumpiasty.xyz
admin:
username: GiteaAdmin
email: gi@tea.com
@@ -90,11 +88,6 @@ spec:
# Requirement for sharing ip with other service
externalTrafficPolicy: Cluster
ipFamilyPolicy: RequireDualStack
http:
type: ClusterIP
# We need the service to be at port 80 specifically
# to work around bug of Actions Runner
port: 80
ingress:
enabled: true
@@ -102,7 +95,7 @@ spec:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "1g"
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
hosts:
- host: gitea.lumpiasty.xyz
paths:

2
apps/immich/release.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: immich
version: 1.2.2
version: 1.1.1
sourceRef:
kind: HelmRepository
name: secustor

4
apps/kustomization.yaml
View File

@@ -1,9 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crawl4ai
- crawl4ai-proxy
- authentik
- gitea
- renovate
- librechat
@@ -14,4 +11,3 @@ resources:
- searxng
- ispeak3
- openwebui
- woodpecker

79
apps/llama/configs/config.yaml
View File

@@ -4,19 +4,22 @@ logToStdout: "both" # proxy and upstream
macros:
base_args: "--no-warmup --port ${PORT}"
common_args: "--fit-target 1536 --no-warmup --port ${PORT}"
ctx_128k: "--ctx-size 131072"
ctx_256k: "--ctx-size 262144"
common_args: "--fit-target 1536 --fit-ctx 65536 --no-warmup --port ${PORT}"
gemma_sampling: "--prio 2 --temp 1.0 --repeat-penalty 1.0 --min-p 0.00 --top-k 64 --top-p 0.95"
qwen35_sampling: "--temp 0.6 --top-p 0.95 --top-k 20 --min-p 0.00 -ctk q8_0 -ctv q8_0"
qwen35_35b_args: "--temp 1.0 --min-p 0.00 --top-p 0.95 --top-k 20 -ctk q8_0 -ctv q8_0"
qwen35_sampling: "--temp 0.6 --top-p 0.95 --top-k 20 --min-p 0.00 -ctk q4_0 -ctv q4_0"
qwen35_35b_args: "--temp 1.0 --min-p 0.00 --top-p 0.95 --top-k 20 -ctk q4_0 -ctv q4_0"
qwen35_35b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-35B-A3B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-35B-A3B-GGUF_mmproj-F16.gguf"
qwen35_4b_heretic_mmproj: "--mmproj-url https://huggingface.co/unsloth/Qwen3.5-4B-GGUF/resolve/main/mmproj-F16.gguf --mmproj /root/.cache/llama.cpp/unsloth_Qwen3.5-4B-GGUF_mmproj-F16.gguf"
glm47_flash_args: "--temp 0.7 --top-p 1.0 --min-p 0.01 --repeat-penalty 1.0"
gemma4_sampling: "--temp 1.0 --top-p 0.95 --top-k 64"
thinking_on: "--chat-template-kwargs '{\"enable_thinking\": true}'"
thinking_off: "--chat-template-kwargs '{\"enable_thinking\": false}'"
peers:
openrouter:
proxy: https://openrouter.ai/api
apiKey: ${env.OPENROUTER_API_KEY}
models:
- z-ai/glm-5
hooks:
on_startup:
preload:
@@ -35,7 +38,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-12b-it-GGUF:Q4_K_M
${ctx_128k}
${gemma_sampling}
${common_args}
@@ -43,7 +45,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-12b-it-GGUF:Q4_K_M
${ctx_128k}
${gemma_sampling}
--no-mmproj
${common_args}
@@ -52,7 +53,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-4b-it-GGUF:Q4_K_M
${ctx_128k}
${gemma_sampling}
${common_args}
@@ -60,7 +60,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/gemma-3-4b-it-GGUF:Q4_K_M
${ctx_128k}
${gemma_sampling}
--no-mmproj
${common_args}
@@ -76,14 +75,13 @@ models:
--top-p 0.95
--top-k 40
--repeat-penalty 1.0
-ctk q8_0 -ctv q8_0
-ctk q4_0 -ctv q4_0
${common_args}
"Qwen3.5-35B-A3B-GGUF:Q4_K_M":
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-35B-A3B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_35b_args}
${common_args}
@@ -91,7 +89,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-35B-A3B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_35b_args}
${common_args}
${thinking_off}
@@ -103,7 +100,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-35B-A3B-heretic-GGUF:Q4_K_M
${qwen35_35b_heretic_mmproj}
${ctx_256k}
${qwen35_35b_args}
${common_args}
@@ -112,7 +108,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-35B-A3B-heretic-GGUF:Q4_K_M
${qwen35_35b_heretic_mmproj}
${ctx_256k}
${qwen35_35b_args}
${common_args}
${thinking_off}
@@ -121,7 +116,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-0.8B-GGUF:Q4_K_XL
${ctx_256k}
${qwen35_sampling}
${base_args}
${thinking_on}
@@ -139,7 +133,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-2B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -148,7 +141,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-2B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -157,7 +149,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
${ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -166,7 +157,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-4B-GGUF:Q4_K_M
${ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -176,7 +166,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
${qwen35_4b_heretic_mmproj}
${ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -186,7 +175,6 @@ models:
/app/llama-server
-hf mradermacher/Qwen3.5-4B-heretic-GGUF:Q4_K_M
${qwen35_4b_heretic_mmproj}
${ctx_128k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -195,7 +183,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -204,7 +191,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q4_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -213,7 +199,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q3_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -222,7 +207,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-9B-GGUF:Q3_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
@@ -231,7 +215,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-27B-GGUF:Q3_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_on}
@@ -240,46 +223,6 @@ models:
cmd: |
/app/llama-server
-hf unsloth/Qwen3.5-27B-GGUF:Q3_K_M
${ctx_256k}
${qwen35_sampling}
${common_args}
${thinking_off}
"GLM-4.7-Flash-GGUF:Q4_K_M":
cmd: |
/app/llama-server
-hf unsloth/GLM-4.7-Flash-GGUF:Q4_K_M
${glm47_flash_args}
${common_args}
"gemma-4-26B-A4B-it:UD-Q4_K_XL":
cmd: |
/app/llama-server
-hf unsloth/gemma-4-26B-A4B-it-GGUF:UD-Q4_K_XL \
${ctx_256k}
${gemma4_sampling}
${common_args}
"gemma-4-26B-A4B-it:UD-Q2_K_XL":
cmd: |
/app/llama-server
-hf unsloth/gemma-4-26B-A4B-it-GGUF:UD-Q2_K_XL \
${ctx_256k}
${gemma4_sampling}
${common_args}
"unsloth/gemma-4-E4B-it-GGUF:UD-Q4_K_XL":
cmd: |
/app/llama-server
-hf unsloth/gemma-4-E4B-it-GGUF:UD-Q4_K_XL \
${ctx_128k}
${gemma4_sampling}
${common_args}
"unsloth/gemma-4-E2B-it-GGUF:UD-Q4_K_XL":
cmd: |
/app/llama-server
-hf unsloth/gemma-4-E2B-it-GGUF:UD-Q4_K_XL \
${ctx_128k}
${gemma4_sampling}
${common_args}

8
apps/llama/deployment.yaml
View File

@@ -18,7 +18,7 @@ spec:
spec:
containers:
- name: llama-swap
image: ghcr.io/mostlygeek/llama-swap:v199-vulkan-b8643
image: ghcr.io/mostlygeek/llama-swap:v197-vulkan-b8248
imagePullPolicy: IfNotPresent
command:
- /app/llama-swap
@@ -29,6 +29,12 @@ spec:
- containerPort: 8080
name: http
protocol: TCP
env:
- name: OPENROUTER_API_KEY
valueFrom:
secretKeyRef:
name: llama-openrouter
key: OPENROUTER_API_KEY
volumeMounts:
- name: models
mountPath: /root/.cache

6
apps/llama/pvc-ssd.yaml
View File

@@ -7,7 +7,7 @@ metadata:
name: llama-models-lvmssd
namespace: openebs
spec:
capacity: "322122547200"
capacity: 200Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
@@ -20,7 +20,7 @@ metadata:
name: llama-models-lvmssd
spec:
capacity:
storage: 300Gi
storage: 200Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
@@ -41,6 +41,6 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 300Gi
storage: 200Gi
storageClassName: ssd-lvmpv
volumeName: llama-models-lvmssd

23
apps/llama/secret.yaml
View File

@@ -36,3 +36,26 @@ spec:
excludeRaw: true
vaultAuthRef: llama
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: llama-openrouter
namespace: llama
spec:
type: kv-v2
mount: secret
path: openrouter
destination:
create: true
name: llama-openrouter
type: Opaque
transformation:
excludeRaw: true
templates:
OPENROUTER_API_KEY:
text: '{{ get .Secrets "API_KEY" }}'
vaultAuthRef: llama

1
apps/openwebui/kustomization.yaml
View File

@@ -4,6 +4,5 @@ resources:
- namespace.yaml
- pvc.yaml
- pvc-pipelines.yaml
- secret.yaml
- release.yaml
- ingress.yaml

29
apps/openwebui/release.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: open-webui
version: 12.13.0
version: 12.10.0
sourceRef:
kind: HelmRepository
name: open-webui
@@ -44,30 +44,3 @@ spec:
persistence:
enabled: true
existingClaim: openwebui-pipelines-lvmhdd
# SSO with Authentik
extraEnvVars:
- name: WEBUI_URL
value: "https://openwebui.lumpiasty.xyz"
- name: OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: openwebui-authentik
key: client_id
- name: OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: openwebui-authentik
key: client_secret
- name: OAUTH_PROVIDER_NAME
value: "authentik"
- name: OPENID_PROVIDER_URL
value: "https://authentik.lumpiasty.xyz/application/o/open-web-ui/.well-known/openid-configuration"
- name: OPENID_REDIRECT_URI
value: "https://openwebui.lumpiasty.xyz/oauth/oidc/callback"
- name: ENABLE_OAUTH_SIGNUP
value: "true"
- name: ENABLE_LOGIN_FORM
value: "false"
- name: OAUTH_MERGE_ACCOUNTS_BY_EMAIL
value: "true"

43
apps/openwebui/secret.yaml
View File

@@ -1,43 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: openwebui-secret
namespace: openwebui
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: openwebui
namespace: openwebui
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: openwebui
serviceAccount: openwebui-secret
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: openwebui-authentik
namespace: openwebui
spec:
type: kv-v2
mount: secret
path: authentik/openwebui
destination:
create: true
name: openwebui-authentik
type: Opaque
transformation:
excludeRaw: true
templates:
client_id:
text: '{{ get .Secrets "client_id" }}'
client_secret:
text: '{{ get .Secrets "client_secret" }}'
vaultAuthRef: openwebui

2
apps/renovate/cronjob.yaml
View File

@@ -15,7 +15,7 @@ spec:
- name: renovate
# Update this to the latest available and then enable Renovate on
# the manifest
image: renovate/renovate:43.95.0-full
image: renovate/renovate:43.64.6-full
envFrom:
- secretRef:
name: renovate-gitea-token

8
apps/woodpecker/kustomization.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- postgres-volume.yaml
- postgres-cluster.yaml
- release.yaml
- secret.yaml

5
apps/woodpecker/namespace.yaml
View File

@@ -1,5 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: woodpecker

23
apps/woodpecker/postgres-cluster.yaml
View File

@@ -1,23 +0,0 @@
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: woodpecker-postgresql-cluster
namespace: woodpecker
spec:
instances: 1
imageName: ghcr.io/cloudnative-pg/postgresql:17.4
bootstrap:
initdb:
database: woodpecker
owner: woodpecker
storage:
pvcTemplate:
storageClassName: ssd-lvmpv
resources:
requests:
storage: 10Gi
volumeName: woodpecker-postgresql-cluster-lvmssd

33
apps/woodpecker/postgres-volume.yaml
View File

@@ -1,33 +0,0 @@
apiVersion: local.openebs.io/v1alpha1
kind: LVMVolume
metadata:
labels:
kubernetes.io/nodename: anapistula-delrosalae
name: woodpecker-postgresql-cluster-lvmssd
namespace: openebs
spec:
capacity: 10Gi
ownerNodeID: anapistula-delrosalae
shared: "yes"
thinProvision: "no"
vgPattern: ^openebs-ssd$
volGroup: openebs-ssd
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: woodpecker-postgresql-cluster-lvmssd
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: ssd-lvmpv
volumeMode: Filesystem
csi:
driver: local.csi.openebs.io
fsType: btrfs
volumeHandle: woodpecker-postgresql-cluster-lvmssd
---
# PVC is dynamically created by the Postgres operator

115
apps/woodpecker/release.yaml
View File

@@ -1,115 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: woodpecker
namespace: woodpecker
spec:
interval: 24h
url: https://woodpecker-ci.org/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: woodpecker
namespace: woodpecker
spec:
interval: 30m
chart:
spec:
chart: woodpecker
version: 3.5.1
sourceRef:
kind: HelmRepository
name: woodpecker
namespace: woodpecker
interval: 12h
values:
server:
enabled: true
statefulSet:
replicaCount: 1
persistentVolume:
enabled: false # Using Postgresql database
env:
WOODPECKER_HOST: "https://woodpecker.lumpiasty.xyz"
# Gitea integration
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://gitea.lumpiasty.xyz"
# PostgreSQL database configuration
WOODPECKER_DATABASE_DRIVER: postgres
# Password is loaded from woodpecker-postgresql-cluster-app secret (created by CNPG)
WOODPECKER_DATABASE_DATASOURCE:
valueFrom:
secretKeyRef:
name: woodpecker-postgresql-cluster-app
key: fqdn-uri
# Allow logging in from all accounts on Gitea
WOODPECKER_OPEN: "true"
# Make lumpiasty admin
WOODPECKER_ADMIN: GiteaAdmin
createAgentSecret: true
extraSecretNamesForEnvFrom:
- woodpecker-secrets
ingress:
enabled: true
ingressClassName: nginx-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
hosts:
- host: woodpecker.lumpiasty.xyz
paths:
- path: /
backend:
serviceName: woodpecker-server
servicePort: 80
tls:
- hosts:
- woodpecker.lumpiasty.xyz
secretName: woodpecker-ingress
resources:
requests:
cpu: 100m
memory: 256Mi
service:
type: ClusterIP
port: 80
agent:
enabled: true
replicaCount: 2
env:
WOODPECKER_SERVER: "woodpecker-server:9000"
WOODPECKER_BACKEND: kubernetes
WOODPECKER_BACKEND_K8S_NAMESPACE: woodpecker
WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ssd-lvmpv
WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
WOODPECKER_CONNECT_RETRY_COUNT: "5"
mapAgentSecret: true
extraSecretNamesForEnvFrom:
- woodpecker-secrets
persistence:
enabled: false
serviceAccount:
create: true
rbac:
create: true
resources:
requests:
cpu: 100m
memory: 128Mi

62
apps/woodpecker/secret.yaml
View File

@@ -1,62 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: woodpecker-secret
namespace: woodpecker
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: woodpecker
namespace: woodpecker
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: woodpecker
serviceAccount: woodpecker-secret
---
# Main woodpecker secrets from Vault
# Requires vault kv put secret/woodpecker \
# WOODPECKER_AGENT_SECRET="$(openssl rand -hex 32)" \
# WOODPECKER_GITEA_CLIENT="<gitea-oauth-client>" \
# WOODPECKER_GITEA_SECRET="<gitea-oauth-secret>"
# Note: Database password comes from CNPG secret (woodpecker-postgresql-cluster-app)
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: woodpecker-secrets
namespace: woodpecker
spec:
type: kv-v2
mount: secret
path: woodpecker
destination:
create: true
name: woodpecker-secrets
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: woodpecker
---
# Container registry credentials for Kaniko
# Requires vault kv put secret/container-registry \
# REGISTRY_USERNAME="<username>" \
# REGISTRY_PASSWORD="<token>"
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: container-registry
namespace: woodpecker
spec:
type: kv-v2
mount: secret
path: container-registry
destination:
create: true
name: container-registry
type: Opaque
transformation:
excludeRaw: true
vaultAuthRef: woodpecker

87
devenv.lock
View File

@@ -3,11 +3,10 @@
"devenv": {
"locked": {
"dir": "src/modules",
"lastModified": 1775201809,
"narHash": "sha256-WmpoCegCQ6Q2ZyxqO05zlz/7XXjt/l2iut4Nk5Nt+W4=",
"lastModified": 1769881431,
"owner": "cachix",
"repo": "devenv",
"rev": "42a5505d4700e791732e48a38b4cca05a755f94b",
"rev": "72d5e66e2dd5112766ef4c9565872b51094b542d",
"type": "github"
},
"original": {
@@ -17,13 +16,27 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"owner": "NixOS",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
@@ -35,6 +48,47 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769069492,
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762808025,
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"krew2nix": {
"inputs": {
"flake-utils": "flake-utils",
@@ -45,11 +99,10 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1775175041,
"narHash": "sha256-lYCPSMIV26VazREzl/TIpbWhBXJ+vJ0EJ+308TrX/6w=",
"lastModified": 1769904483,
"owner": "a1994sc",
"repo": "krew2nix",
"rev": "15c594042f1ba80ce97ab190a9c684a44c613590",
"rev": "17d6ad3375899bd3f7d4d298481536155f3ec13c",
"type": "github"
},
"original": {
@@ -60,11 +113,10 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1775036866,
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
"lastModified": 1769461804,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -77,14 +129,17 @@
"root": {
"inputs": {
"devenv": "devenv",
"git-hooks": "git-hooks",
"krew2nix": "krew2nix",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"pre-commit-hooks": [
"git-hooks"
]
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
@@ -99,7 +154,6 @@
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
@@ -119,11 +173,10 @@
]
},
"locked": {
"lastModified": 1773297127,
"narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"lastModified": 1769691507,
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
"type": "github"
},
"original": {
@@ -135,4 +188,4 @@
},
"root": "root",
"version": 7
}
}

12
devenv.nix
View File

@@ -41,18 +41,6 @@ in
openbao
pv-migrate
mermaid-cli
(
# Wrapping opencode to set the OPENCODE_ENABLE_EXA environment variable
runCommand "opencode" {
buildInputs = [ makeWrapper ];
} ''
mkdir -p $out/bin
makeWrapper ${pkgs.opencode}/bin/opencode $out/bin/opencode \
--set OPENCODE_ENABLE_EXA "1"
''
)
tea
woodpecker-cli
];
# Scripts

10
docs/assets/woodpecker.svg
View File

@@ -1,10 +0,0 @@
<svg xmlns="http://www.w3.org/2000/svg" width="284.538" height="253.96">
<style>
@media (prefers-color-scheme: dark) {
path {
fill: white;
}
}
</style>
<path d="M162.51 33.188c-26.77.411-54.004 6.885-71.494 3.745-1.313-.232-2.124 1.338-1.171 2.265 14.749 14.003 20.335 28.16 36.718 30.065l.476.103c-7.567 7.799-14.028 18.018-18.571 31.171-4.89 14.106-6.268 29.421-7.89 47.105-2.445 26.332-5.173 56.152-20.038 93.54a246.489 246.489 0 0 0-13.27 45.946h22.652a221.202 221.202 0 0 1 11.249-37.786c16.049-40.374 19.073-73.257 21.505-99.693 1.493-16.255 2.806-30.309 6.796-41.853 11.647-33.527 39.408-40.889 61.056-36.693 21.004 4.067 41.673 20.502 40.592 44.016-.772 15.985-7.76 23.166-12.87 28.43-2.793 2.883-5.47 5.611-6.731 9.498-3.037 9.19.101 19.434 8.494 27.568 22.24 20.734 34.338 59.717 33.681 106.513h22.176c.592-52.935-13.951-97.839-40.503-122.626-2.097-2.021-2.69-3.604-3.191-3.347 1.222-1.544 3.217-3.346 4.633-4.813 29.382-21.79 77.813-1.892 107.054 9.653 7.58 2.985 11.274-4.338 4.067-8.623-25.097-14.84-76.54-54.016-105.368-79.718-4.029-3.54-6.796-7.8-11.455-11.738-15.547-27.439-41.84-33.127-68.597-32.728Zm35.238 60.27a15.161 15.161 0 0 0-2.008.232 15.161 15.161 0 0 0-1.506 29.434 15.154 15.154 0 0 0 9.473-28.79 15.161 15.161 0 0 0-5.959-.876zm-44.286 147.17a2.033 2.033 0 0 0-1.133.374c-1.08.772-1.93 3.05-.772 5.701 5.38 12.394 9.1 25.445 12.536 40.413h22.484c-5.676-16.629-16.307-34.055-27.851-43.978-2.008-1.737-3.913-2.574-5.251-2.51z" style="stroke-width:12.8704" transform="translate(-67.27 -33.169)"/>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.5 KiB

32
infra/configs/openbao-k8s-se-role.yaml
View File

@@ -1,32 +0,0 @@
# Roles with needed access for OpenBao's Kubernetes secret engine
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k8s-full-secrets-abilities
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts", "serviceaccounts/token"]
verbs: ["create", "update", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings", "clusterrolebindings"]
verbs: ["create", "update", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "clusterroles"]
verbs: ["bind", "escalate", "create", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: openbao-token-creator-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k8s-full-secrets-abilities
subjects:
- kind: ServiceAccount
name: openbao
namespace: openbao

2
infra/controllers/cert-manager-webhook-ovh.yaml
View File

@@ -18,7 +18,7 @@ spec:
chart:
spec:
chart: cert-manager-webhook-ovh
version: 0.9.6
version: 0.9.4
sourceRef:
kind: HelmRepository
name: cert-manager-webhook-ovh

2
infra/controllers/cert-manager.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: cert-manager
version: v1.20.1
version: v1.20.0
sourceRef:
kind: HelmRepository
name: cert-manager

2
infra/controllers/cilium.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: cilium
version: 1.19.2
version: 1.19.1
sourceRef:
kind: HelmRepository
name: cilium

2
infra/controllers/k8up.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: k8up
version: 4.9.0
version: 4.8.6
sourceRef:
kind: HelmRepository
name: k8up-io

2
infra/controllers/nginx-ingress.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: ingress-nginx
version: 4.15.1
version: 4.15.0
sourceRef:
kind: HelmRepository
name: ingress-nginx

2
infra/controllers/openbao.yaml
View File

@@ -23,7 +23,7 @@ spec:
chart:
spec:
chart: openbao
version: 0.26.2
version: 0.25.7
sourceRef:
kind: HelmRepository
name: openbao

1
infra/kustomization.yaml
View File

@@ -25,4 +25,3 @@ resources:
- configs/openbao-volume.yaml
- controllers/openbao.yaml
- configs/openbao-k8s-se-role.yaml

16
monke/gpt-researcher.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Secret
metadata:
name: tavily
namespace: gpt-researcher
stringData:
TAVILY_API_KEY: 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
---
apiVersion: v1
kind: Secret
metadata:
name: openrouter
namespace: gpt-researcher
stringData:
OPENROUTER_API_KEY: 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

74
utils/synchronize-vault.py
View File

@@ -2,7 +2,6 @@
import argparse
import os
import pathlib
from typing import Any, cast
import hvac
@@ -43,7 +42,7 @@ def synchronize_auth_kubernetes_config(client: hvac.Client):
def synchronize_kubernetes_roles(client: hvac.Client):
kubernetes = Kubernetes(client.adapter)
policy_dir = os.path.join(os.path.dirname(__file__), '../vault/kubernetes-auth-roles/')
policy_dir = os.path.join(os.path.dirname(__file__), '../vault/kubernetes-roles/')
roles: dict[str, Any] = {} # pyright:ignore[reportExplicitAny]
for filename in os.listdir(policy_dir):
@@ -68,69 +67,6 @@ def synchronize_kubernetes_roles(client: hvac.Client):
# Using write data instead of kubernetes.create_role, we can pass raw yaml
_ = client.write_data(f'/auth/kubernetes/role/{role_name}', data=role_content) # pyright:ignore[reportAny]
def synchronize_approle_auth(client: hvac.Client):
if client.sys.list_auth_methods().get('approle/') is None:
print('Enabling AppRole auth method')
client.sys.enable_auth_method('approle', 'AppRole authorization for CI')
roles_dir = pathlib.Path(__file__).parent.joinpath('../vault/approles/')
roles: dict[str, Any] = {}
for filename in roles_dir.iterdir():
with filename.open('r') as f:
role = yaml.safe_load(f.read())
assert type(role) is dict
roles[filename.stem] = role
roles_on_vault: list[str] = []
roles_response = client.list("auth/approle/roles")
if roles_response is not None:
roles_on_vault = roles_response['data']['keys']
for role in roles_on_vault:
if role not in roles:
print(f'Deleting role: {role}')
client.delete(f'auth/approle/role/{role}')
for role_name, role_content in roles.items():
print(f'Updating role: {role_name}')
client.write_data(f'auth/approle/role/{role_name}', data=role_content)
def synchronize_kubernetes_secretengine(client: hvac.Client):
# Ensure kubernetes secret engine is enabled
if client.sys.list_mounted_secrets_engines().get('kubernetes/') is None:
print('Enabling kubernetes secret engine')
client.sys.enable_secrets_engine('kubernetes', 'kubernetes', 'Cluster access')
# Write empty config (all defaults, working on the same cluster)
client.write('kubernetes/config', None)
policy_dir = pathlib.Path(__file__).parent.joinpath('../vault/kubernetes-se-roles/')
roles: dict[str, Any] = {}
for filename in policy_dir.iterdir():
with filename.open('r') as f:
role = yaml.safe_load(f.read())
assert type(role) is dict
# generated_role_rules must be json or yaml formatted string, convert it
if 'generated_role_rules' in role and type(role['generated_role_rules']) is not str:
role['generated_role_rules'] = yaml.safe_dump(role['generated_role_rules'])
roles[filename.stem] = role
roles_on_vault: list[str] = []
roles_response = client.list("kubernetes/roles")
if roles_response is not None:
roles_on_vault = roles_response['data']['keys']
for role in roles_on_vault:
if role not in roles:
print(f'Deleting role: {role}')
client.delete(f'kubernetes/roles/{role}')
for role_name, role_content in roles.items():
print(f'Updating role: {role_name}')
client.write_data(f'kubernetes/roles/{role_name}', data=role_content)
if __name__ == '__main__':
parser = argparse.ArgumentParser(
prog="synchronizeVault",
@@ -146,11 +82,5 @@ if __name__ == '__main__':
print('Synchronizing kubernetes config')
synchronize_auth_kubernetes_config(client)
print('Synchronizing kubernetes auth roles')
print('Synchronizing kubernetes roles')
synchronize_kubernetes_roles(client)
print('Synchronizing AppRole auth method')
synchronize_approle_auth(client)
print('Synchronizing kubernetes secret engine')
synchronize_kubernetes_secretengine(client)

4
vault/approles/ci-flux-reconcile.yaml
View File

@@ -1,4 +0,0 @@
token_ttl: 20m
token_max_ttl: 20m
policies:
- flux-reconcile

6
vault/kubernetes-auth-roles/authentik.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- authentik-secret
bound_service_account_namespaces:
- authentik
token_policies:
- authentik

6
vault/kubernetes-auth-roles/crawl4ai.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- crawl4ai-secret
bound_service_account_namespaces:
- crawl4ai
token_policies:
- crawl4ai

6
vault/kubernetes-auth-roles/openwebui.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- openwebui-secret
bound_service_account_namespaces:
- openwebui
token_policies:
- openwebui

6
vault/kubernetes-auth-roles/woodpecker.yaml
View File

@@ -1,6 +0,0 @@
bound_service_account_names:
- woodpecker-secret
bound_service_account_namespaces:
- woodpecker
token_policies:
- woodpecker

0
vault/kubernetes-auth-roles/backup.yaml → vault/kubernetes-roles/backup.yaml
View File

0
vault/kubernetes-auth-roles/cert-manager.yaml → vault/kubernetes-roles/cert-manager.yaml
View File

0
vault/kubernetes-auth-roles/frigate-camera.yaml → vault/kubernetes-roles/frigate-camera.yaml
View File

0
vault/kubernetes-auth-roles/immich.yaml → vault/kubernetes-roles/immich.yaml
View File

0
vault/kubernetes-auth-roles/llama-proxy.yaml → vault/kubernetes-roles/llama-proxy.yaml
View File

0
vault/kubernetes-auth-roles/ollama-proxy.yaml → vault/kubernetes-roles/ollama-proxy.yaml
View File

0
vault/kubernetes-auth-roles/renovate.yaml → vault/kubernetes-roles/renovate.yaml
View File

6
vault/kubernetes-se-roles/flux-reconcile.yaml
View File

@@ -1,6 +0,0 @@
allowed_kubernetes_namespaces: flux-system
generated_role_rules:
rules:
- apiGroups: ["source.toolkit.fluxcd.io"]
resources: ["gitrepositories"]
verbs: ["get", "patch", "watch"]

0
vault/kubernetes-secretengine-config.yaml
View File

3
vault/policy/authentik.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/authentik" {
capabilities = ["read"]
}

3
vault/policy/crawl4ai.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/crawl4ai" {
capabilities = ["read"]
}

3
vault/policy/flux-reconcile.hcl
View File

@@ -1,3 +0,0 @@
path "kubernetes/creds/flux-reconcile" {
capabilities = ["update"]
}

3
vault/policy/openwebui.hcl
View File

@@ -1,3 +0,0 @@
path "secret/data/authentik/openwebui" {
capabilities = ["read"]
}

7
vault/policy/woodpecker.hcl
View File

@@ -1,7 +0,0 @@
path "secret/data/woodpecker" {
capabilities = ["read"]
}
path "secret/data/container-registry" {
capabilities = ["read"]
}