reorder and clean repo

non_argo_values/actual_values.yaml

@@ -0,0 +1,30 @@
+---
+replicaCount: 1
+
+image:
+  repository: docker.io/actualbudget/actual-server
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "25.12.0"
+
+service:
+  type: ClusterIP
+  port: 5006
+
+ingress:
+  enabled: false
+
+volumes:
+  - name: "actual-data"
+    persistentVolumeClaim:
+      claimName: "actual-data"  # PersistentVolumeClaim created earlier
+
+volumeMounts:
+  - name: "actual-data"
+    mountPath: "/data"
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

non_argo_values/argocd_values.yaml

@@ -0,0 +1,66 @@
+# ArgoCD configuration for TuringPi K3s cluster
+# Simplified setup - no RBAC restrictions for single-user environment
+
+global:
+  # Set domain for your LAN access
+  domain: argocd.turing.lan
+
+# Server configuration
+server:
+  # Enable ingress for web UI access
+  ingress:
+    enabled: true
+    controller: generic
+    ingressClassName: nginx
+    hostname: argocd.turing.lan
+    annotations:
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+      # Restrict to LAN access (matching your existing pattern)
+      nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+
+  # Use LoadBalancer service for direct access via MetalLB  
+  service:
+    type: LoadBalancer
+    servicePortHttp: 80
+    servicePortHttps: 443
+
+  # Enable insecure mode since this is a homelab (simpler setup)
+  extraArgs:
+    - --insecure
+
+# ApplicationSet controller (for managing multiple apps)
+applicationSet:
+  enabled: true
+
+# Image updater will be installed separately
+# This is just the base ArgoCD installation
+
+# Disable HA components for single-node simplicity
+redis-ha:
+  enabled: false
+
+# Use single Redis instance
+redis:
+  enabled: true
+
+# Disable RBAC since you're the only user
+rbac:
+  create: true
+  # Allow admin access without restrictions
+  policy.default: role:admin
+
+# No authentication complexity needed for homelab
+configs:
+  secret:
+    createSecret: true
+
+# Storage for repo data (using your NFS setup)
+repoServer:
+  volumes:
+    - name: custom-tools
+      emptyDir: {}
+  
+# Monitoring (since you have Prometheus)
+prometheus:
+  enabled: false  # Set to true if you want ArgoCD metrics in Prometheus

non_argo_values/gitea_values.yaml

@@ -0,0 +1,127 @@
+# Gitea configuration for TuringPi K3s cluster
+# Self-hosted Git server for ArgoCD integration
+
+# Single replica for homelab
+replicaCount: 1
+
+# Service configuration - LoadBalancer for direct access
+service:
+  http:
+    type: LoadBalancer
+    port: 3000
+    # MetalLB will assign an IP
+  ssh:
+    type: LoadBalancer
+    port: 22
+    # For git SSH access
+
+# Ingress for web access  
+ingress:
+  enabled: true
+  className: traefik
+  pathType: Prefix
+  annotations:
+    # Restrict to LAN access (matching your existing pattern)
+    traefik.ingress.kubernetes.io/whitelist.sourcerange: "192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  hosts:
+    - host: gitea.gilgamezh.me
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: gitea-tls
+      hosts:
+        - gitea.gilgamezh.me
+
+# Storage using your NFS setup
+persistence:
+  enabled: true
+  create: true
+  storageClass: "nfs-client"  # Your existing NFS storage class
+  size: 20Gi
+  accessModes:
+    - ReadWriteOnce
+
+# Database - use PostgreSQL for production-ready setup
+postgresql:
+  enabled: true
+  auth:
+    username: gitea
+    database: gitea
+    # Password will be auto-generated
+  primary:
+    persistence:
+      enabled: true
+      storageClass: "nfs-client"
+      size: 10Gi
+
+# Disable PostgreSQL HA (since we're enabling regular postgresql)
+postgresql-ha:
+  enabled: false
+
+# Disable Valkey cluster (Redis alternative) - not needed for homelab
+valkey-cluster:
+  enabled: false
+
+# Gitea configuration
+gitea:
+  cache:
+    enabled: false
+  admin:
+    username: admin
+    password: "gitea-admin-pass"  # Change this!
+    email: "admin@gilgamezh.me"
+
+  config:
+    APP_NAME: "TuringPi Gitea"
+    RUN_MODE: prod
+    
+    server:
+      DOMAIN: gitea.gilgamezh.me
+      SSH_DOMAIN: gitea.gilgamezh.me
+      ROOT_URL: https://gitea.gilgamezh.me
+      PROTOCOL: http
+      DISABLE_SSH: false
+      SSH_PORT: 22
+      LFS_START_SERVER: true
+    
+    database:
+      DB_TYPE: postgres
+    
+    security:
+      INSTALL_LOCK: true
+    
+    service:
+      DISABLE_REGISTRATION: false  # Allow user registration
+      REQUIRE_SIGNIN_VIEW: false   # Allow anonymous viewing of public repos
+    
+    ui:
+      DEFAULT_THEME: gitea-dark
+    
+    repository:
+      DEFAULT_PRIVATE: false       # Public repos by default for easier ArgoCD access
+    
+    ssh.minimum_key_sizes:
+      RSA: 1024                    # Allow 2048-bit RSA keys
+      ECDSA: 256
+      ED25519: 256
+
+# Resource limits (adjust based on your node capacity)
+resources:
+  limits:
+    cpu: 1000m
+    memory: 1Gi
+  requests:
+    cpu: 100m
+    memory: 256Mi
+
+# Node affinity (prefer worker nodes, avoid control plane)
+affinity:
+  nodeAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - weight: 100
+      preference:
+        matchExpressions:
+        - key: node-role.kubernetes.io/control-plane
+          operator: DoesNotExist

non_argo_values/home-assistant-voice-llms_values.yaml

@@ -0,0 +1,61 @@
+defaults:
+  replicaCount: 1
+  fasterWhisper:
+    image:
+      repository: lscr.io/linuxserver/faster-whisper
+      tag: "2.5.0"
+      pullPolicy: Always
+    service:
+      type: LoadBalancer
+      port: 10300
+    resources:
+      limits:
+        cpu: "3"
+        memory: "4Gi"
+      requests:
+        cpu: "3"
+        memory: "2Gi"
+    env:
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Amsterdam
+      WHISPER_MODEL: Zoont/faster-whisper-large-v3-turbo-int8-ct2
+      WHISPER_BEAM: 1
+      WHISPER_LANG: en
+      WHISPER_THREADS value: 4
+    volume:
+      mountPath: /config
+      claimName: faster-whisper-pvc
+      storage: 1Gi
+  piper:
+    image:
+      repository: lscr.io/linuxserver/piper
+      tag: "1.5.3"
+      pullPolicy: Always
+    service:
+      type: LoadBalancer
+      port: 10200
+    resources:
+      limits:
+        cpu: "2"
+        memory: "4000Mi"
+      requests:
+        cpu: "1"
+        memory: "2000Mi"
+    env:
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/Amsterdam
+      PIPER_VOICE: en_US-lessac-medium
+      PIPER_LENGTH: 1.0
+      PIPER_NOISE: 0.667
+      PIPER_NOISEW: 0.333
+      PIPER_SPEAKER: 0
+      PIPER_PROCS: 2
+    volume:
+      mountPath: /config
+      claimName: piper-pvc
+      storage: 1Gi
+
+nodeSelector:
+  kubernetes.io/arch: amd64

non_argo_values/pgsql_values.yaml

@@ -0,0 +1,21 @@
+primary:
+  persistence:
+    existingClaim: "postgres"
+  nodeSelector:
+    kubernetes.io/hostname: "turing3"
+  resources:
+    requests:
+      memory: "2Gi"
+      cpu: "3"
+      ephemeral-storage: "50Mi"
+    limits:
+      memory: "6Gi"
+      cpu: "4"
+      ephemeral-storage: "1Gi"
+
+
+auth:
+  postgresPassword: "clavedatabase"
+
+volumePermissions:
+  enabled: true