increase postgres memory

.gitignore

@@ -17,4 +17,4 @@ kgnot/config.production.json
 *.pub
 
 .envrc
-.kubeconfig
+.config

helmfile.d/01-infrastructure.lock

@@ -1,22 +1,22 @@
-version: 0.170.1
+version: 1.2.3
 dependencies:
-- name: cert-manager
+  - name: cert-manager
     repository: https://charts.jetstack.io
     version: v1.19.2
-- name: cert-manager-webhook-hetzner
+  - name: cert-manager-webhook-hetzner
     repository: https://vadimkim.github.io/cert-manager-webhook-hetzner
-  version: 1.4.0
+    version: 1.4.2
-- name: rook-ceph
+  - name: rook-ceph
     repository: https://charts.rook.io/release
     version: v1.18.8
-- name: rook-ceph-cluster
+  - name: rook-ceph-cluster
     repository: https://charts.rook.io/release
     version: v1.18.8
-- name: tailscale-operator
+  - name: tailscale-operator
     repository: https://pkgs.tailscale.com/helmcharts
-  version: 1.90.9
+    version: 1.92.4
-- name: traefik
+  - name: traefik
     repository: https://traefik.github.io/charts
-  version: 37.4.0
+    version: 38.0.1
-digest: sha256:23d6b70fcb5e17bfa1e8fdc576a8057128b3bec68020fa8275a553b5caa23e99
+digest: sha256:3297bc0c10765abe170881882f7daf441a4dd735ed0ee7d1f4233692e8888c3c
-generated: "2025-12-14T14:13:45.546956484-07:00"
+generated: "2025-12-23T10:31:34.409765694-07:00"

helmfile.d/01-infrastructure.yaml

@@ -10,6 +10,7 @@ repositories:
   - name: cert-manager-webhook-hetzner
     url: https://vadimkim.github.io/cert-manager-webhook-hetzner
 
+lockFilePath: ./helmfile.d/01-infrastructure.lock
 releases:
   # networking
   - name: metallb

helmfile.d/02-datastore.lock

@@ -1,15 +1,15 @@
-version: 0.170.1
+version: 1.2.3
 dependencies:
-- name: k8up
+  - name: k8up
     repository: https://k8up-io.github.io/k8up
     version: 4.8.6
-- name: mariadb
+  - name: mariadb
     repository: https://charts.bitnami.com/bitnami
     version: 24.0.2
-- name: pgo
+  - name: pgo
     repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
     version: 5.8.1
-- name: postgrescluster
+  - name: postgrescluster
     repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
     version: 5.7.4
 digest: sha256:f8989df670b3574b6d87438486b66fdaf44bc1ed379d3a98e00963a27703003a

helmfile.d/02-datastore.yaml

@@ -6,6 +6,7 @@ repositories:
   - name: k8up-io
     url: https://k8up-io.github.io/k8up
 
+lockFilePath: ./helmfile.d/02-datastore.lock
 releases:
   # data storage
   - name: pgo

helmfile.d/03-apps.lock

@@ -1,34 +1,37 @@
-version: 0.170.1
+version: 1.2.3
 dependencies:
-- name: ghost
+  - name: ghost
     repository: https://charts.bitnami.com/bitnami
     version: 25.0.4
-- name: ghost
+  - name: ghost
     repository: https://charts.bitnami.com/bitnami
     version: 25.0.4
-- name: immich
+  - name: gitea
+    repository: https://dl.gitea.io/charts
+    version: 12.4.0
+  - name: immich
     repository: https://immich-app.github.io/immich-charts
     version: 0.10.3
-- name: k8up-backup
+  - name: k8up-backup
     repository: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
     version: 0.0.3
-- name: k8up-backup
+  - name: k8up-backup
     repository: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
     version: 0.0.3
-- name: k8up-backup
+  - name: k8up-backup
     repository: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
     version: 0.0.3
-- name: k8up-backup
+  - name: k8up-backup
     repository: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
     version: 0.0.3
-- name: matrix-registration
+  - name: matrix-registration
     repository: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
     version: 0.1.0
-- name: matrix-synapse
+  - name: matrix-synapse
     repository: https://ananace.gitlab.io/charts
     version: 3.12.17
-- name: static-site
+  - name: static-site
     repository: git+https://github.com/cfpb/static-site@charts?ref=main
     version: 0.1.1
-digest: sha256:e957d861b7351e1e89af29b29e8de19621c9069131669d32217276e8118e634b
+digest: sha256:b44d082b71203ca6bb4fd881d8c6ce71575db556f432bbcc46078a535c8cd9c3
-generated: "2025-12-14T14:14:24.483935436-07:00"
+generated: "2025-12-23T10:31:37.404126839-07:00"

helmfile.d/03-apps.yaml

@@ -12,6 +12,7 @@ repositories:
   - name: incngrnt
     url: git+https://git.incngrnt.ca/grant/charts@charts?ref=main
 
+lockFilePath: ./helmfile.d/03-apps.lock
 releases:
   # goatchat matrix
   - name: goatchat

immich/values.yaml.gotmpl

@@ -3,7 +3,7 @@ controllers:
     containers:
       main:
         image:
-          tag: v2.3.1
+          tag: v2.4.1
 
         env:
           DB_HOSTNAME: {{ exec "kubectl" (list "-n" "immich" "get" "secrets" "postgres-pguser-immich" "-ogo-template='{{.data.host | base64decode }}'") }}
@@ -44,7 +44,7 @@ server:
               memory: 256Mi
             limits:
               cpu: 1
-              memory: 512Mi
+              memory: 700Mi
   ingress:
     main:
       enabled: true
@@ -71,6 +71,6 @@ machine-learning:
               memory: 128Mi
             limits:
               cpu: 1
-              memory: 384Mi
+              memory: 1Gi
 
 

justfile

@@ -1,11 +1,11 @@
 update:
     bws run 'helmfile deps'
 
-deploy ARGS='--output simple -i':
+deploy ARGS='':
-    bws run 'helmfile apply {{ARGS}} --skip-deps'
+    bws run 'helmfile apply --output simple --skip-deps {{ARGS}}'
 
 diff ARGS='':
-    bws run 'helmfile diff --output dyff {{ARGS}} --skip-deps'
+    bws run 'helmfile diff --output dyff  --skip-deps {{ARGS}}'
 
 cleanuppods:
     #!/bin/bash
@@ -38,3 +38,17 @@ goatchat-register-review:
     bws run 'curl -v -H '\"'Authorization: SharedSecret $GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET'\"' \
         -H "Content-Type: application/json" \
         https://goatchat.ca/gate/api/token' | jq
+
+refresh-client-cert:
+    #!/bin/bash
+    yq -r .machine.ca.crt controlplane.yaml | base64 -d > ca.crt
+    yq -r .machine.ca.key controlplane.yaml | base64 -d > ca.key
+    talosctl gen key --name admin           
+    talosctl gen csr --key admin.key --ip 127.0.0.1
+    talosctl gen crt --ca ca --csr admin.csr --name admin
+    yq -i '.contexts.fog.ca = "'"$(base64 -w0 ca.crt)"\
+    '" | .contexts.fog.crt = "'"$(base64 -w0 admin.crt)"\
+    '" | .contexts.fog.key = "'"$(base64 -w0 admin.key)"'"' \
+    .config/talosconfig
+
+    talosctl kubeconfig .config/kubeconfig -n 192.168.1.43

postgres/values.yaml.gotmpl

@@ -9,7 +9,7 @@ instances:
         memory: 192Mi
       limits:
         cpu: 2
-        memory: 512Mi
+        memory: 1Gi
     dataVolumeClaimSpec:
       accessModes:
       - "ReadWriteOnce"