remove top level files

2025-01-07 04:45:49 -06:00
parent 99006a8900
commit 33c5d25271
145 changed files with 0 additions and 8432 deletions
--- a/argocd/Chart.yaml
+++ b/argocd/Chart.yaml
@@ -1,14 +0,0 @@
-apiVersion: v2
-name: argocd
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
- name: argo-cd
-  repository: https://argoproj.github.io/argo-helm
-  version: 6.11.1
-
-
--- a/argocd/templates/InternalProxy.yaml
+++ b/argocd/templates/InternalProxy.yaml
@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: internalproxy
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/internalproxy
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: internalproxy
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true   
-
--- a/argocd/templates/argocd.yaml
+++ b/argocd/templates/argocd.yaml
@@ -1,59 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: argocd
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/argocd
-  destination:
-    namespace: argocd
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
---
-
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: argocd-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`argocd.internal.durp.info`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: argocd-server
-          port: 443
-          scheme: https
-  tls:
-    secretName: argocd-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: argocd-tls
-spec:
-  secretName: argocd-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "argocd.internal.durp.info"
-  dnsNames:
-    - "argocd.internal.durp.info"
--- a/argocd/templates/authentik.yaml
+++ b/argocd/templates/authentik.yaml
@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: authentik
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/authentik
-  destination:
-    namespace: authentik
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
--- a/argocd/templates/bitwarden.yaml
+++ b/argocd/templates/bitwarden.yaml
@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: bitwarden
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/bitwarden
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: bitwarden
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
-    syncOptions:
-      - CreateNamespace=true   
-
--- a/argocd/templates/cert-manager.yaml
+++ b/argocd/templates/cert-manager.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cert-manager
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/cert-manager
-  destination:
-    namespace: cert-manager
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/crossplane.yml
+++ b/argocd/templates/crossplane.yml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: crossplane
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/crossplane
-  destination:
-    namespace: crossplane
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/durpapi.yaml
+++ b/argocd/templates/durpapi.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpapi
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpapi
-  destination:
-    namespace: durpapi
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/durpot.yaml
+++ b/argocd/templates/durpot.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpot
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpot
-  destination:
-    namespace: durpot
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/external-dns.yaml
+++ b/argocd/templates/external-dns.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: external-dns
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-dns
-  destination:
-    namespace: external-dns
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/external-secrets.yaml
+++ b/argocd/templates/external-secrets.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: external-secrets
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-secrets
-  destination:
-    namespace: external-secrets
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/gatekeeper.yaml
+++ b/argocd/templates/gatekeeper.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gatekeeper
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/gatekeeper
-  destination:
-    namespace: gatekeeper
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/gitlab-runner.yaml
+++ b/argocd/templates/gitlab-runner.yaml
@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gitlab-runner
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/gitlab-runner
-  destination:
-    namespace: gitlab-runner
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true    
-
--- a/argocd/templates/heimdall.yaml
+++ b/argocd/templates/heimdall.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: heimdall
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/heimdall
-  destination:
-    namespace: heimdall
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/krakend.yaml
+++ b/argocd/templates/krakend.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: krakend
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/krakend
-  destination:
-    namespace: krakend
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/kube-prometheus-stack.yaml
+++ b/argocd/templates/kube-prometheus-stack.yaml
@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-prometheus-stack
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/kube-prometheus-stack
-  destination:
-    namespace: kube-prometheus-stack
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
--- a/argocd/templates/kubeclarity.yaml
+++ b/argocd/templates/kubeclarity.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kubeclarity
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/kubeclarity
-  destination:
-    namespace: kubeclarity
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/littlelink.yaml
+++ b/argocd/templates/littlelink.yaml
@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: littlelink
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/littlelink
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: littlelink
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true        
--- a/argocd/templates/longhorn.yaml
+++ b/argocd/templates/longhorn.yaml
@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: longhorn-system
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/longhorn
-  destination:
-    namespace: longhorn-system
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
--- a/argocd/templates/metallb-system.yaml
+++ b/argocd/templates/metallb-system.yaml
@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: metallb-system
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/metallb-system
-  destination:
-    namespace: metallb-system
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
-
--- a/argocd/templates/nfs-client.yaml
+++ b/argocd/templates/nfs-client.yaml
@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: nfs-client
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/nfs-client
-    directory:
-      recurse: true
-  destination:
-    namespace: nfs-client
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
--- a/argocd/templates/open-webui.yaml
+++ b/argocd/templates/open-webui.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: open-webui
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/open-webui
-  destination:
-    namespace: open-webui
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/secrets.yaml
+++ b/argocd/templates/secrets.yaml
@@ -1,17 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: vault-argocd
-  labels:
-    app.kubernetes.io/part-of: argocd
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: client-secret
-  data:
-  - secretKey: clientSecret
-    remoteRef:
-      key: secrets/argocd/authentik
-      property: clientsecret
--- a/argocd/templates/traefik.yaml
+++ b/argocd/templates/traefik.yaml
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: traefik
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/traefik
-  destination:
-    namespace: traefik
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
--- a/argocd/templates/uptimekuma.yaml
+++ b/argocd/templates/uptimekuma.yaml
@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: uptimekuma
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/uptimekuma
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: uptimekuma
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true   
-
--- a/argocd/templates/vault.yaml
+++ b/argocd/templates/vault.yaml
@@ -1,25 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: vault
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/vault
-  destination:
-    namespace: vault
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-  ignoreDifferences:
-  - group: admissionregistration.k8s.io
-    kind: MutatingWebhookConfiguration
-    jqPathExpressions:
-    - .webhooks[]?.clientConfig.caBundle
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -1,62 +0,0 @@
-argo-cd:
-
-  global:
-    revisionHistoryLimit: 1
-    image:
-      repository: registry.internal.durp.info/argoproj/argocd
-      imagePullPolicy: Always
-
-  server:
-    #extraArgs:
-    #  - --dex-server-plaintext
-    #  - --dex-server=argocd-dex-server:5556
-    # oidc.config: |
-    #   name: AzureAD
-    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
-    #   clientID: CLIENT_ID
-    #   clientSecret: $oidc.azuread.clientSecret
-    #   requestedIDTokenClaims:
-    #     groups:
-    #       essential: true
-    #   requestedScopes:
-    #     - openid
-    #     - profile
-    #     - email
-
-  dex:
-    enabled: true
-    image:
-      repository: registry.internal.durp.info/dexidp/dex
-      imagePullPolicy: Always
-
-  configs:
-    cm:
-      create: true
-      annotations: {}
-      url: https://argocd.internal.durp.info
-      oidc.tls.insecure.skip.verify: "true"
-      dex.config: |
-        connectors:
-          - config:
-              issuer: https://authentik.durp.info/application/o/argocd/
-              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
-              clientSecret: $client-secret:clientSecret
-              insecureEnableGroups: true
-              scopes:
-                - openid
-                - profile
-                - email
-                - groups
-            name: authentik
-            type: oidc
-            id: authentik
-
-    rbac:
-      create: true
-      policy.csv: |
-        g, ArgoCD Admins, role:admin 
-      scopes: "[groups]"
-
-  server:
-    route: 
-      enabled: false
--- a/authentik/Chart.yaml
+++ b/authentik/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: authentik
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
- name: authentik
-  repository: https://charts.goauthentik.io
-  version: 2024.8.3
--- a/authentik/templates/authentik-pv.yaml
+++ b/authentik/templates/authentik-pv.yaml
@@ -1,24 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolume
-#metadata:
-#  annotations:
-#    pv.kubernetes.io/provisioned-by: durp.info/nfs
-#  finalizers:
-#  - kubernetes.io/pv-protection
-#  name: authentik-pv
-#spec:
-#  accessModes:
-#  - ReadWriteMany
-#  capacity:
-#    storage: 10Gi
-#  claimRef:
-#    apiVersion: v1
-#    kind: PersistentVolumeClaim
-#    name: authentik-pvc
-#    namespace: authentik
-#  nfs:
-#    path: /mnt/user/k3s/authentik
-#    server: 192.168.20.253
-#  persistentVolumeReclaimPolicy: Retain
-#  storageClassName: nfs-storage
-#  volumeMode: Filesystem
--- a/authentik/templates/authentik-pvc.yaml
+++ b/authentik/templates/authentik-pvc.yaml
@@ -1,18 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolumeClaim
-#metadata:
-#  labels:
-#    app.kubernetes.io/component: app
-#    app.kubernetes.io/instance: authentik
-#    app.kubernetes.io/managed-by: Helm
-#    app.kubernetes.io/name: authentik
-#    helm.sh/chart: authentik-2.14.4
-#  name: authentik-pvc
-#  namespace: authentik
-#spec:
-#  accessModes:
-#    - ReadWriteMany
-#  resources:
-#    requests:
-#      storage: 10Gi
-#  storageClassName: nfs-storage
--- a/authentik/templates/ingress.yaml
+++ b/authentik/templates/ingress.yaml
@@ -1,42 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
-    kind: Rule
-    services:
-    - name: authentik-server
-      port: 80
-  tls:
-    secretName: authentik-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-tls
-spec:
-  secretName: authentik-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "authentik.durp.info"
-  dnsNames:
-  - "authentik.durp.info" 
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: authentik-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/authentik/templates/secrets.yaml
+++ b/authentik/templates/secrets.yaml
@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: authentik-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: db-pass
-  data:
-  - secretKey: dbpass
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-  - secretKey: secretkey
-    remoteRef:
-      key: secrets/authentik/database
-      property: secretkey     
-  - secretKey: postgresql-postgres-password 
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-  - secretKey: postgresql-password 
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-        
--- a/authentik/values.yaml
+++ b/authentik/values.yaml
@@ -1,56 +0,0 @@
-authentik:
-  global:
-    env: 
-      - name: AUTHENTIK_POSTGRESQL__PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: dbpass
-      - name: AUTHENTIK_SECRET_KEY
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: secretkey
-    revisionHistoryLimit: 1
-    image:
-      repository: registry.internal.durp.info/goauthentik/server
-      pullPolicy: Always
-  authentik:
-    outposts:
-      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
-    postgresql:
-      host: '{{ .Release.Name }}-postgresql-hl'
-      name: "authentik"
-      user: "authentik"
-      port: 5432
-  server:
-    name: server
-    replicas: 3
-  worker:
-    replicas: 3
-  postgresql:
-    enabled: true
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/postgresql
-      pullPolicy: Always
-    postgresqlUsername: "authentik"
-    postgresqlDatabase: "authentik"
-    existingSecret: db-pass 
-    persistence:
-      enabled: true
-      storageClass: longhorn
-      accessModes:
-        - ReadWriteMany
-  redis:
-    enabled: true
-    master:
-      persistence:
-        enabled: false    
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/redis
-      pullPolicy: Always
-    architecture: standalone
-    auth:
-      enabled: false
--- a/bitwarden/Chart.yaml
+++ b/bitwarden/Chart.yaml
@@ -1,7 +0,0 @@
-apiVersion: v2
-name: bitwarden
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
--- a/bitwarden/templates/bitwarden-pv.yaml
+++ b/bitwarden/templates/bitwarden-pv.yaml
@@ -1,25 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolume
-#metadata:
-#  annotations:
-#    pv.kubernetes.io/provisioned-by: durp.info/nfs
-#  finalizers:
-#  - kubernetes.io/pv-protection
-#  name: bitwarden-pv
-#spec:
-#  accessModes:
-#  - ReadWriteMany
-#  capacity:
-#    storage: 10Gi
-#  claimRef:
-#    apiVersion: v1
-#    kind: PersistentVolumeClaim
-#    name: bitwarden-pvc
-#    namespace: bitwarden
-#  nfs:
-#    path: /mnt/user/k3s/bitwarden
-#    server: 192.168.20.253
-#  persistentVolumeReclaimPolicy: Retain
-#  storageClassName: nfs-storage
-#  volumeMode: Filesystem
-#
--- a/bitwarden/templates/bitwarden-pvc.yaml
+++ b/bitwarden/templates/bitwarden-pvc.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: bitwarden-pvc
-spec:
-  storageClassName: longhorn
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
--- a/bitwarden/templates/deployment.yaml
+++ b/bitwarden/templates/deployment.yaml
@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: bitwarden
-  name: bitwarden
-  labels:
-    app: bitwarden
-spec:
-  selector:
-    matchLabels:
-      app: bitwarden
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: bitwarden
-    spec:
-      containers:
-      - name: bitwarden
-        image: registry.internal.durp.info/vaultwarden/server:1.32.0
-        imagePullPolicy: Always
-        volumeMounts:
-        - name: bitwarden-pvc
-          mountPath: /data
-          subPath: bitwaren-data              
-        ports:
-        - name: http
-          containerPort: 80
-        env:
-          - name: SIGNUPS_ALLOWED
-            value: "FALSE"
-          - name: INVITATIONS_ALLOWED
-            value: "FALSE"                      
-          - name: WEBSOCKET_ENABLED
-            value: "TRUE"          
-          - name: ROCKET_ENV
-            value: "staging"              
-          - name: ROCKET_PORT
-            value: "80"            
-          - name: ROCKET_WORKERS
-            value: "10"
-          - name: SECRET_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: bitwarden-secret
-                key: ADMIN_TOKEN
-      volumes:
-      - name: bitwarden-pvc
-        persistentVolumeClaim:
-          claimName: bitwarden-pvc             
--- a/bitwarden/templates/ingress.yaml
+++ b/bitwarden/templates/ingress.yaml
@@ -1,42 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: bitwarden-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: bitwarden
-      port: 80
-  tls:
-    secretName: bitwarden-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: bitwarden-tls
-spec:
-  secretName: bitwarden-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "bitwarden.durp.info"
-  dnsNames:
-  - "bitwarden.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: bitwarden-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/bitwarden/templates/secrets.yaml
+++ b/bitwarden/templates/secrets.yaml
@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: bitwarden-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: bitwarden-secret
-  data:
-  - secretKey: ADMIN_TOKEN
-    remoteRef:
-      key: secrets/bitwarden/admin
-      property: ADMIN_TOKEN
-
--- a/bitwarden/templates/service.yaml
+++ b/bitwarden/templates/service.yaml
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: bitwarden
-spec:
-  ports:
-  - name: http
-    port: 80
-    targetPort: 80
-    protocol: TCP
-  selector:
-    app: bitwarden
--- a/cert-manager/Chart.yaml
+++ b/cert-manager/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: cert-manager
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: cert-manager
-  repository: https://charts.jetstack.io
-  version: v1.15.3
--- a/cert-manager/templates/letsencrypt-prroduction.yaml
+++ b/cert-manager/templates/letsencrypt-prroduction.yaml
@@ -1,16 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-production
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-production
-    solvers:
-    - dns01:
-        cloudflare:
-          email: developerdurp@durp.info
-          apiTokenSecretRef:
-            name: cloudflare-api-token-secret
-            key: cloudflare-api-token-secret
--- a/cert-manager/templates/letsencrypt-staging.yaml
+++ b/cert-manager/templates/letsencrypt-staging.yaml
@@ -1,16 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: letsencrypt-staging
-    solvers:
-    - dns01:
-        cloudflare:
-          email: developerdurp@durp.info
-          apiTokenSecretRef:
-            name: cloudflare-api-token-secret
-            key: cloudflare-api-token-secret
--- a/cert-manager/templates/sealedsecret.yaml
+++ b/cert-manager/templates/sealedsecret.yaml
@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: cloudflare-api-token-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: cloudflare-api-token-secret
-  data:
-  - secretKey: cloudflare-api-token-secret
-    remoteRef:
-      key: secrets/cert-manager
-      property: cloudflare-api-token-secret
-
--- a/cert-manager/values.yaml
+++ b/cert-manager/values.yaml
@@ -1,25 +0,0 @@
-cert-manager:
-  image:
-    registry: registry.internal.durp.info
-    repository: jetstack/cert-manager-controller
-    pullPolicy: Always
-  installCRDs: true
-  replicaCount: 3
-  extraArgs:
-    - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
-    - --dns01-recursive-nameservers-only
-  podDnsPolicy: None
-  podDnsConfig:
-    nameservers:
-      - "1.1.1.1"
-      - "1.0.0.1"
-  webhook:
-    image:
-      registry: registry.internal.durp.info
-      repository: jetstack/cert-manager-webhook
-      pullPolicy: Always  
-  cainjector:
-    image:
-      registry: registry.internal.durp.info
-      repository: jetstack/cert-manager-cainjector
-      pullPolicy: Always
--- a/crossplane/Chart.yaml
+++ b/crossplane/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: crossplane
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
- name: crossplane
-  repository: https://charts.crossplane.io/stable
-  version: 1.17.1
--- a/crossplane/templates/gitlab.yml
+++ b/crossplane/templates/gitlab.yml
@@ -1,55 +0,0 @@
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: provider-gitlab
-spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
---
-
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitlab-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: gitlab-secret
-  data:
-  - secretKey: accesstoken
-    remoteRef:
-      key: secrets/gitlab/token
-      property: accesstoken
-
---
-
-#apiVersion: gitlab.crossplane.io/v1beta1
-#kind: ProviderConfig
-#metadata:
-#  name: gitlab-provider
-#spec:
-#  baseURL: https://gitlab.com/
-#  credentials:
-#    source: Secret
-#    secretRef:
-#      namespace: crossplane
-#      name: gitlab-secret
-#      key: accesstoken
-#
-#---
-#
-#apiVersion: projects.gitlab.crossplane.io/v1alpha1
-#kind: Project
-#metadata:
-#  name: example-project
-#spec:
-#  deletionPolicy: Orphan
-#  forProvider:
-#    name: "Example Project"
-#    description: "example project description"
-#  providerConfigRef:
-#    name: gitlab-provider
-#    policy:
-#      resolution: Optional
-#      resolve: Always
--- a/dashboards/nginx-dashboard.yaml
+++ b/dashboards/nginx-dashboard.yaml
--- a/durpapi/Chart.yaml
+++ b/durpapi/Chart.yaml
@@ -1,13 +0,0 @@
-apiVersion: v2
-name: durpapi
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0-dev0184
-appVersion: 0.1.0
-
-dependencies:
- condition: postgresql.enabled
-  version: 12.5.*
-  repository: https://charts.bitnami.com/bitnami
-  name: postgresql
--- a/durpapi/templates/deployment.yaml
+++ b/durpapi/templates/deployment.yaml
@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Chart.Name }}
-  labels:
-    app: {{ .Chart.Name }}
-spec:
-  revisionHistoryLimit: 1
-  selector:
-    matchLabels:
-      app: {{ .Chart.Name }}
-  replicas: {{ .Values.deployment.hpa.minReplicas }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Chart.Name }}
-    spec:
-      containers:
-      - name: api
-        image: "{{ .Values.deployment.image }}:{{ default .Chart.Version .Values.deployment.tag }}"
-        imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}   
-        readinessProbe:
-          {{- toYaml .Values.deployment.probe.readiness | nindent 12 }}
-        livenessProbe:
-          {{- toYaml .Values.deployment.probe.liveness | nindent 12 }}
-        startupProbe:
-          {{- toYaml .Values.deployment.probe.startup | nindent 12 }}
-        ports:
-        - name: http
-          containerPort: {{ .Values.service.targetport }}
-        env:
-          - name: host
-            value: {{ .Values.swagger.host }}
-          - name: version
-            value: {{ default .Chart.Version .Values.deployment.tag }}
-        envFrom:
-        - secretRef:
-            name: {{ .Values.deployment.secretfile }} 
--- a/durpapi/templates/hpa.yaml
+++ b/durpapi/templates/hpa.yaml
@@ -1,24 +0,0 @@
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: "{{ .Chart.Name }}-hpa"
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ .Chart.Name }}
-  minReplicas: {{ .Values.deployment.hpa.minReplicas  }}
-  maxReplicas: {{ .Values.deployment.hpa.maxReplicas  }}
-  metrics:
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: 80
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: 40
--- a/durpapi/templates/ingress.yaml
+++ b/durpapi/templates/ingress.yaml
@@ -1,44 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Chart.Name }}-ingress"
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host("api.durp.info") && PathPrefix(`/api`)
-    kind: Rule
-    middlewares:
-      - name: jwt
-    services:
-    - name: "durpapi-service"
-      port: 80
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Chart.Name }}-swagger"
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host("api.durp.info") && PathPrefix(`/swagger`)
-    kind: Rule
-    services:
-    - name: "durpapi-service"
-      port: 80
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: jwt
-spec:
-  plugin:
-    jwt:
-      Required: true
-      Keys:
-        - https://authentik.durp.info/application/o/api/jwks
--- a/durpapi/templates/secrets.yaml
+++ b/durpapi/templates/secrets.yaml
@@ -1,39 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: durpapi-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: durpapi-secret
-  data:
-  - secretKey: db_host
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_host
-  - secretKey: db_port
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_port
-  - secretKey: db_pass
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_pass
-  - secretKey: db_user
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_user                                                        
-  - secretKey: db_sslmode
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_sslmode
-  - secretKey: db_name
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_name
-  - secretKey: llamaurl
-    remoteRef:
-      key: secrets/durpapi/llamaurl
-      property: llamaurl
--- a/durpapi/templates/service.yaml
+++ b/durpapi/templates/service.yaml
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Chart.Name }}-service"
-spec:
-  ports:
-  - name: http
-    port: {{ .Values.service.port }}
-    targetPort: {{ .Values.service.targetport }}
-    protocol: TCP
-  selector:
-    app: {{ .Chart.Name }}
--- a/durpapi/values.yaml
+++ b/durpapi/values.yaml
@@ -1,39 +0,0 @@
-ingress:
-  enabled: false
-deployment: 
-  image: registry.internal.durp.info/developerdurp/durpapi
-  secretfile: durpapi-secret
-  imagePullPolicy: Always
-  hpa:
-    minReplicas: 3
-    maxReplicas: 10
-  probe:
-    readiness:  
-      httpGet:
-        path: /health/gethealth
-        port: 8080
-    liveness: 
-      httpGet:
-        path: /health/gethealth
-        port: 8080
-    startup: 
-      httpGet:
-        path: /health/gethealth
-        port: 8080
-service:
-  type: ClusterIP
-  port: 80
-  targetport: 8080
-
-swagger:
-  host: api.durp.info
-postgresql:
-  enabled: true
-  auth:
-    existingSecret: durpapi-secret
-    secretKeys:
-      adminPasswordKey: db_pass
-      userPasswordKey: db_pass
-      replicationPasswordKey: db_pass
-    database: postgres
-    username: postgres
--- a/durpot/Chart.yaml
+++ b/durpot/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: durpapi
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: durpot
-  repository: https://gitlab.com/api/v4/projects/45025485/packages/helm/stable
-  version: 0.1.0-dev0038
--- a/durpot/templates/secrets.yaml
+++ b/durpot/templates/secrets.yaml
@@ -1,43 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: durpot-secert
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: durpot-secret
-  data:
-  - secretKey: OPENAI_API_KEY
-    remoteRef:
-      key: secrets/durpot/openai
-      property: OPENAI_API_KEY
-  - secretKey: BOTPREFIX
-    remoteRef:
-      key: secrets/durpot/discord
-      property: BOTPREFIX
-  - secretKey: ChannelID
-    remoteRef:
-      key: secrets/durpot/discord
-      property: ChannelID
-  - secretKey: TOKEN
-    remoteRef:
-      key: secrets/durpot/discord
-      property: TOKEN
-  - secretKey: ClientID
-    remoteRef:
-      key: secrets/durpot/auth
-      property: ClientID
-  - secretKey: Password
-    remoteRef:
-      key: secrets/durpot/auth
-      property: Password
-  - secretKey: TokenURL
-    remoteRef:
-      key: secrets/durpot/auth
-      property: TokenURL
-  - secretKey: Username
-    remoteRef:
-      key: secrets/durpot/auth
-      property: Username
--- a/external-dns/Chart.yaml
+++ b/external-dns/Chart.yaml
@@ -1,12 +0,0 @@
-
-apiVersion: v2
-name: external-dns
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: external-dns
-  repository: https://charts.bitnami.com/bitnami
-  version: 8.3.8
--- a/external-dns/templates/secrets.yaml
+++ b/external-dns/templates/secrets.yaml
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: external-dns-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: external-dns
-  data:
-  - secretKey: cloudflare_api_email
-    remoteRef:
-      key: secrets/external-dns/cloudflare
-      property: cloudflare_api_email
-  - secretKey: cloudflare_api_key
-    remoteRef:
-      key: secrets/external-dns/cloudflare
-      property: cloudflare_api_key
-  - secretKey: cloudflare_api_token
-    remoteRef:
-      key: secrets/external-dns/cloudflare
-      property: cloudflare_api_token
--- a/external-dns/values.yaml
+++ b/external-dns/values.yaml
@@ -1,16 +0,0 @@
-external-dns:
-  global:
-    imageRegistry: "registry.internal.durp.info"
-
-  image:
-    pullPolicy: Always
-
-  sources:
-    - service
-    
-  provider: cloudflare
-  cloudflare:
-    secretName : "external-dns"
-    proxied: false
-
-  policy: sync
--- a/external-secrets/Chart.yaml
+++ b/external-secrets/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: external-secrets
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: external-secrets
-  repository: https://charts.external-secrets.io
-  version: 0.10.4
-
--- a/external-secrets/values.yaml
+++ b/external-secrets/values.yaml
@@ -1,463 +0,0 @@
-external-secrets:
-  replicaCount: 3
-
-  # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
-  revisionHistoryLimit: 10
-
-  image:
-    repository: ghcr.io/external-secrets/external-secrets
-    pullPolicy: Always
-    # -- The image tag to use. The default is the chart appVersion.
-    # There are different image flavours available, like distroless and ubi.
-    # Please see GitHub release notes for image tags for these flavors.
-    # By default the distroless image is used.
-    tag: ""
-
-  # -- If set, install and upgrade CRDs through helm chart.
-  installCRDs: true
-
-  crds:
-    # -- If true, create CRDs for Cluster External Secret.
-    createClusterExternalSecret: true
-    # -- If true, create CRDs for Cluster Secret Store.
-    createClusterSecretStore: true
-    # -- If true, create CRDs for Push Secret.
-    createPushSecret: true
-    annotations: {}
-    conversion:
-      enabled: true
-
-  imagePullSecrets: []
-  nameOverride: ""
-  fullnameOverride: ""
-
-  # -- If true, external-secrets will perform leader election between instances to ensure no more
-  # than one instance of external-secrets operates at a time.
-  leaderElect: true
-
-  # -- If set external secrets will filter matching
-  # Secret Stores with the appropriate controller values.
-  controllerClass: ""
-
-  # -- If true external secrets will use recommended kubernetes
-  # annotations as prometheus metric labels.
-  extendedMetricLabels: false
-
-  # -- If set external secrets are only reconciled in the
-  # provided namespace
-  scopedNamespace: ""
-
-  # -- Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace
-  # and implicitly disable cluster stores and cluster external secrets
-  scopedRBAC: false
-
-  # -- if true, the operator will process cluster external secret. Else, it will ignore them.
-  processClusterExternalSecret: true
-
-  # -- if true, the operator will process cluster store. Else, it will ignore them.
-  processClusterStore: true
-
-  # -- Specifies whether an external secret operator deployment be created.
-  createOperator: true
-
-  # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at
-  # a time.
-  concurrent: 1
-
-  serviceAccount:
-    # -- Specifies whether a service account should be created.
-    create: true
-    # -- Automounts the service account token in all containers of the pod
-    automount: true
-    # -- Annotations to add to the service account.
-    annotations: {}
-    # -- Extra Labels to add to the service account.
-    extraLabels: {}
-    # -- The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template.
-    name: ""
-
-  rbac:
-    # -- Specifies whether role and rolebinding resources should be created.
-    create: true
-
-  ## -- Extra environment variables to add to container.
-  extraEnv: []
-
-  ## -- Map of extra arguments to pass to container.
-  extraArgs: {}
-
-  ## -- Extra volumes to pass to pod.
-  extraVolumes: []
-
-  ## -- Extra volumes to mount to the container.
-  extraVolumeMounts: []
-
-  ## -- Extra containers to add to the pod.
-  extraContainers: []
-
-  # -- Annotations to add to Deployment
-  deploymentAnnotations: {}
-
-  # -- Annotations to add to Pod
-  podAnnotations: {}
-
-  podLabels: {}
-
-  podSecurityContext: {}
-    # fsGroup: 2000
-
-  securityContext:
-    allowPrivilegeEscalation: false
-    capabilities:
-      drop:
-        - ALL
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    runAsUser: 1000
-    seccompProfile:
-      type: RuntimeDefault
-
-  resources: {}
-    # requests:
-    #   cpu: 10m
-    #   memory: 32Mi
-
-  prometheus:
-    # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
-    enabled: false
-    service:
-      # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead.
-      port: 8080
-
-  serviceMonitor:
-    # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
-    enabled: false
-
-    # -- namespace where you want to install ServiceMonitors
-    namespace: ""
-
-    # -- Additional labels
-    additionalLabels: {}
-
-    # --  Interval to scrape metrics
-    interval: 30s
-
-    # -- Timeout if metrics can't be retrieved in given time interval
-    scrapeTimeout: 25s
-
-    # -- Let prometheus add an exported_ prefix to conflicting labels
-    honorLabels: false
-
-    # -- Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
-    metricRelabelings: []
-    # - action: replace
-    #   regex: (.*)
-    #   replacement: $1
-    #   sourceLabels:
-    #   - exported_namespace
-    #   targetLabel: namespace
-
-    # -- Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
-    relabelings: []
-    # - sourceLabels: [__meta_kubernetes_pod_node_name]
-    #   separator: ;
-    #   regex: ^(.*)$
-    #   targetLabel: nodename
-    #   replacement: $1
-    #   action: replace
-
-  metrics:
-    service:
-      # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
-      enabled: false
-
-      # -- Metrics service port to scrape
-      port: 8080
-
-      # -- Additional service annotations
-      annotations: {}
-
-  nodeSelector: {}
-
-  tolerations: []
-
-  topologySpreadConstraints: []
-
-  affinity: {}
-
-  # -- Pod priority class name.
-  priorityClassName: ""
-
-  # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
-  podDisruptionBudget:
-    enabled: false
-    minAvailable: 1
-    # maxUnavailable: 1
-
-  # -- Run the controller on the host network
-  hostNetwork: false
-
-  webhook:
-    # -- Specifies whether a webhook deployment be created.
-    create: true
-    # -- Specifices the time to check if the cert is valid
-    certCheckInterval: "5m"
-    # -- Specifices the lookaheadInterval for certificate validity
-    lookaheadInterval: ""
-    replicaCount: 1
-
-    # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
-    revisionHistoryLimit: 10
-
-    certDir: /tmp/certs
-    # -- Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
-    failurePolicy: Fail
-    # -- Specifies if webhook pod should use hostNetwork or not.
-    hostNetwork: false
-    image:
-      repository: ghcr.io/external-secrets/external-secrets
-      pullPolicy: IfNotPresent
-    # -- The image tag to use. The default is the chart appVersion.
-      tag: ""
-    imagePullSecrets: []
-    nameOverride: ""
-    fullnameOverride: ""
-    # -- The port the webhook will listen to
-    port: 10250
-    rbac:
-    # -- Specifies whether role and rolebinding resources should be created.
-      create: true
-    serviceAccount:
-      # -- Specifies whether a service account should be created.
-      create: true
-      # -- Automounts the service account token in all containers of the pod
-      automount: true
-      # -- Annotations to add to the service account.
-      annotations: {}
-      # -- Extra Labels to add to the service account.
-      extraLabels: {}
-      # -- The name of the service account to use.
-      # If not set and create is true, a name is generated using the fullname template.
-      name: ""
-    nodeSelector: {}
-
-    tolerations: []
-
-    topologySpreadConstraints: []
-
-    affinity: {}
-
-      # -- Pod priority class name.
-    priorityClassName: ""
-
-    # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
-    podDisruptionBudget:
-      enabled: false
-      minAvailable: 1
-      # maxUnavailable: 1
-    prometheus:
-      # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
-      enabled: false
-      service:
-        # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
-        port: 8080
-
-    serviceMonitor:
-      # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
-      enabled: false
-
-      # -- Additional labels
-      additionalLabels: {}
-
-      # --  Interval to scrape metrics
-      interval: 30s
-
-      # -- Timeout if metrics can't be retrieved in given time interval
-      scrapeTimeout: 25s
-
-    metrics:
-      service:
-        # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
-        enabled: false
-
-        # -- Metrics service port to scrape
-        port: 8080
-
-        # -- Additional service annotations
-        annotations: {}
-
-
-    readinessProbe:
-      # -- Address for readiness probe
-      address: ""
-      # -- ReadinessProbe port for kubelet
-      port: 8081
-
-
-      ## -- Extra environment variables to add to container.
-    extraEnv: []
-
-      ## -- Map of extra arguments to pass to container.
-    extraArgs: {}
-
-      ## -- Extra volumes to pass to pod.
-    extraVolumes: []
-
-      ## -- Extra volumes to mount to the container.
-    extraVolumeMounts: []
-
-      # -- Annotations to add to Secret
-    secretAnnotations: {}
-
-      # -- Annotations to add to Deployment
-    deploymentAnnotations: {}
-
-      # -- Annotations to add to Pod
-    podAnnotations: {}
-
-    podLabels: {}
-
-    podSecurityContext: {}
-        # fsGroup: 2000
-
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-          - ALL
-      readOnlyRootFilesystem: true
-      runAsNonRoot: true
-      runAsUser: 1000
-      seccompProfile:
-        type: RuntimeDefault
-
-    resources: {}
-        # requests:
-        #   cpu: 10m
-        #   memory: 32Mi
-
-  certController:
-    # -- Specifies whether a certificate controller deployment be created.
-    create: true
-    requeueInterval: "5m"
-    replicaCount: 1
-
-    # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
-    revisionHistoryLimit: 10
-
-    image:
-      repository: ghcr.io/external-secrets/external-secrets
-      pullPolicy: Always
-      tag: ""
-    imagePullSecrets: []
-    nameOverride: ""
-    fullnameOverride: ""
-    rbac:
-    # -- Specifies whether role and rolebinding resources should be created.
-      create: true
-    serviceAccount:
-      # -- Specifies whether a service account should be created.
-      create: true
-      # -- Automounts the service account token in all containers of the pod
-      automount: true
-      # -- Annotations to add to the service account.
-      annotations: {}
-      # -- Extra Labels to add to the service account.
-      extraLabels: {}
-      # -- The name of the service account to use.
-      # If not set and create is true, a name is generated using the fullname template.
-      name: ""
-    nodeSelector: {}
-
-    tolerations: []
-
-    topologySpreadConstraints: []
-
-    affinity: {}
-
-    # -- Run the certController on the host network
-    hostNetwork: false
-
-      # -- Pod priority class name.
-    priorityClassName: ""
-
-    # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
-    podDisruptionBudget:
-      enabled: false
-      minAvailable: 1
-      # maxUnavailable: 1
-
-    prometheus:
-      # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
-      enabled: false
-      service:
-        # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead
-        port: 8080
-
-    serviceMonitor:
-      # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
-      enabled: false
-
-      # -- Additional labels
-      additionalLabels: {}
-
-      # --  Interval to scrape metrics
-      interval: 30s
-
-      # -- Timeout if metrics can't be retrieved in given time interval
-      scrapeTimeout: 25s
-
-    metrics:
-      service:
-        # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
-        enabled: false
-
-        # -- Metrics service port to scrape
-        port: 8080
-
-        # -- Additional service annotations
-        annotations: {}
-
-      ## -- Extra environment variables to add to container.
-    extraEnv: []
-
-      ## -- Map of extra arguments to pass to container.
-    extraArgs: {}
-
-
-      ## -- Extra volumes to pass to pod.
-    extraVolumes: []
-
-      ## -- Extra volumes to mount to the container.
-    extraVolumeMounts: []
-
-      # -- Annotations to add to Deployment
-    deploymentAnnotations: {}
-
-      # -- Annotations to add to Pod
-    podAnnotations: {}
-
-    podLabels: {}
-
-    podSecurityContext: {}
-        # fsGroup: 2000
-
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-          - ALL
-      readOnlyRootFilesystem: true
-      runAsNonRoot: true
-      runAsUser: 1000
-      seccompProfile:
-        type: RuntimeDefault
-
-    resources: {}
-        # requests:
-        #   cpu: 10m
-        #   memory: 32Mi
-
-  # -- Specifies `dnsOptions` to deployment
-  dnsConfig: {}
--- a/gatekeeper/Chart.yaml
+++ b/gatekeeper/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: gatekeeper
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: gatekeeper
-  repository: https://open-policy-agent.github.io/gatekeeper/charts
-  version: 3.17.1
--- a/gatekeeper/values.yaml
+++ b/gatekeeper/values.yaml
@@ -1,278 +0,0 @@
-#gatekeeper:
-#  replicas: 3
-#  revisionHistoryLimit: 10
-#  auditInterval: 60
-#  metricsBackends: ["prometheus"]
-#  auditMatchKindOnly: false
-#  constraintViolationsLimit: 20
-#  auditFromCache: false
-#  disableMutation: false
-#  disableValidatingWebhook: false
-#  validatingWebhookName: gatekeeper-validating-webhook-configuration
-#  validatingWebhookTimeoutSeconds: 3
-#  validatingWebhookFailurePolicy: Ignore
-#  validatingWebhookAnnotations: {}
-#  validatingWebhookExemptNamespacesLabels: {}
-#  validatingWebhookObjectSelector: {}
-#  validatingWebhookCheckIgnoreFailurePolicy: Fail
-#  validatingWebhookCustomRules: {}
-#  validatingWebhookURL: null
-#  enableDeleteOperations: false
-#  enableExternalData: true
-#  enableGeneratorResourceExpansion: true
-#  enableTLSHealthcheck: false
-#  maxServingThreads: -1
-#  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
-#  mutatingWebhookFailurePolicy: Ignore
-#  mutatingWebhookReinvocationPolicy: Never
-#  mutatingWebhookAnnotations: {}
-#  mutatingWebhookExemptNamespacesLabels: {}
-#  mutatingWebhookObjectSelector: {}
-#  mutatingWebhookTimeoutSeconds: 1
-#  mutatingWebhookCustomRules: {}
-#  mutatingWebhookURL: null
-#  mutationAnnotations: false
-#  auditChunkSize: 500
-#  logLevel: INFO
-#  logDenies: false
-#  logMutations: false
-#  emitAdmissionEvents: false
-#  emitAuditEvents: false
-#  admissionEventsInvolvedNamespace: false
-#  auditEventsInvolvedNamespace: false
-#  resourceQuota: true
-#  externaldataProviderResponseCacheTTL: 3m
-#  image:
-#    repository: openpolicyagent/gatekeeper
-#    crdRepository: openpolicyagent/gatekeeper-crds
-#    release: v3.15.0-beta.0
-#    pullPolicy: Always
-#    pullSecrets: []
-#  preInstall:
-#    crdRepository:
-#      image:
-#        repository: null
-#        tag: v3.15.0-beta.0
-#  postUpgrade:
-#    labelNamespace:
-#      enabled: false
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      extraNamespaces: []
-#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-#        "pod-security.kubernetes.io/audit-version=latest",
-#        "pod-security.kubernetes.io/warn=restricted",
-#        "pod-security.kubernetes.io/warn-version=latest",
-#        "pod-security.kubernetes.io/enforce=restricted",
-#        "pod-security.kubernetes.io/enforce-version=v1.24"]
-#      extraAnnotations: {}
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  postInstall:
-#    labelNamespace:
-#      enabled: true
-#      extraRules: []
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      extraNamespaces: []
-#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-#        "pod-security.kubernetes.io/audit-version=latest",
-#        "pod-security.kubernetes.io/warn=restricted",
-#        "pod-security.kubernetes.io/warn-version=latest",
-#        "pod-security.kubernetes.io/enforce=restricted",
-#        "pod-security.kubernetes.io/enforce-version=v1.24"]
-#      extraAnnotations: {}
-#      priorityClassName: ""
-#    probeWebhook:
-#      enabled: true
-#      image:
-#        repository: curlimages/curl
-#        tag: 7.83.1
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      waitTimeout: 60
-#      httpTimeout: 2
-#      insecureHTTPS: false
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  preUninstall:
-#    deleteWebhookConfigurations:
-#      extraRules: []
-#      enabled: false
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  podAnnotations: {}
-#  auditPodAnnotations: {}
-#  podLabels: {}
-#  podCountLimit: "100"
-#  secretAnnotations: {}
-#  enableRuntimeDefaultSeccompProfile: true
-#  controllerManager:
-#    exemptNamespaces: []
-#    exemptNamespacePrefixes: []
-#    hostNetwork: false
-#    dnsPolicy: ClusterFirst
-#    port: 8443
-#    metricsPort: 8888
-#    healthPort: 9090
-#    readinessTimeout: 1
-#    livenessTimeout: 1
-#    priorityClassName: system-cluster-critical
-#    disableCertRotation: false
-#    tlsMinVersion: 1.3
-#    clientCertName: ""
-#    strategyType: RollingUpdate
-#    affinity:
-#      podAntiAffinity:
-#        preferredDuringSchedulingIgnoredDuringExecution:
-#          - podAffinityTerm:
-#              labelSelector:
-#                matchExpressions:
-#                  - key: gatekeeper.sh/operation
-#                    operator: In
-#                    values:
-#                      - webhook
-#              topologyKey: kubernetes.io/hostname
-#            weight: 100
-#    topologySpreadConstraints: []
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources:
-#      limits:
-#        memory: 512Mi
-#      requests:
-#        cpu: 100m
-#        memory: 512Mi
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#    podSecurityContext:
-#      fsGroup: 999
-#      supplementalGroups:
-#        - 999
-#    extraRules: []
-#    networkPolicy:
-#      enabled: false
-#      ingress: { }
-#        # - from:
-#        #   - ipBlock:
-#        #       cidr: 0.0.0.0/0
-#  audit:
-#    enablePubsub: false
-#    connection: audit-connection
-#    channel: audit-channel
-#    hostNetwork: false
-#    dnsPolicy: ClusterFirst
-#    metricsPort: 8888
-#    healthPort: 9090
-#    readinessTimeout: 1
-#    livenessTimeout: 1
-#    priorityClassName: system-cluster-critical
-#    disableCertRotation: false
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources:
-#      limits:
-#        memory: 512Mi
-#      requests:
-#        cpu: 100m
-#        memory: 512Mi
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#    podSecurityContext:
-#      fsGroup: 999
-#      supplementalGroups:
-#        - 999
-#    writeToRAMDisk: false
-#    extraRules: []
-#  crds:
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 65532
-#      runAsNonRoot: true
-#      runAsUser: 65532
-#  pdb:
-#    controllerManager:
-#      minAvailable: 1
-#  service: {}
-#  disabledBuiltins: ["{http.send}"]
-#  psp:
-#    enabled: true
-#  upgradeCRDs:
-#    enabled: true
-#    extraRules: []
-#    priorityClassName: ""
-#  rbac:
-#    create: true
-#  externalCertInjection:
-#    enabled: false
-#    secretName: gatekeeper-webhook-server-cert
-#
--- a/gitlab-runner/Chart.yaml
+++ b/gitlab-runner/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: gitlab-runner
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: gitlab-runner
-  repository: https://charts.gitlab.io/
-  version: 0.69.0
--- a/gitlab-runner/templates/secrets.yaml
+++ b/gitlab-runner/templates/secrets.yaml
@@ -1,19 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitlab-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: gitlab-secret
-  data:
-  - secretKey: runner-registration-token
-    remoteRef:
-      key: secrets/gitlab/runner
-      property: runner-registration-token
-  - secretKey: runner-token
-    remoteRef:
-      key: secrets/gitlab/runner
-      property: runner-token     
--- a/gitlab-runner/values.yaml
+++ b/gitlab-runner/values.yaml
@@ -1,71 +0,0 @@
-gitlab-runner:
-
-  image:
-    registry: registry.internal.durp.info
-    image: gitlab-org/gitlab-runner
-
-  imagePullPolicy: Always
-  gitlabUrl: https://gitlab.com/
-  unregisterRunner: true
-  terminationGracePeriodSeconds: 3600
-  concurrent: 10
-  checkInterval: 30
-
-  rbac:
-    create: true
-    rules: []
-    clusterWideAccess: false
-    podSecurityPolicy:
-      enabled: false
-      resourceNames:
-      - gitlab-runner
-
-  metrics:
-    enabled: true
-    serviceMonitor:
-      enabled: true      
-  service:
-    enabled: true
-    annotations: {}  
-
-  runners:
-    config: |
-      [[runners]]
-        [runners.kubernetes]
-          namespace = "{{.Release.Namespace}}"
-          image = "ubuntu:22.04"
-          privileged = true
-
-    executor: kubernetes
-    name: "k3s"
-    runUntagged: true
-    privileged: true
-    secret: gitlab-secret
-    #builds: 
-      #cpuLimit: 200m
-      #cpuLimitOverwriteMaxAllowed: 400m
-      #memoryLimit: 256Mi
-      #memoryLimitOverwriteMaxAllowed: 512Mi
-      #cpuRequests: 100m
-      #cpuRequestsOverwriteMaxAllowed: 200m
-      #memoryRequests: 128Mi
-      #memoryRequestsOverwriteMaxAllowed: 256Mi
-
-  securityContext:
-    allowPrivilegeEscalation: false
-    readOnlyRootFilesystem: false
-    runAsNonRoot: true
-    privileged: false
-    capabilities:
-      drop: ["ALL"]
-
-  podSecurityContext:
-    runAsUser: 100
-    fsGroup: 65533
-
-  resources: 
-    limits:
-      memory: 2Gi
-    requests:
-      memory: 128Mi
-      cpu: 500m
--- a/heimdall/Chart.yaml
+++ b/heimdall/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: heimdall
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: heimdall
-  repository: https://djjudas21.github.io/charts/
-  version: 8.5.4
--- a/heimdall/templates/ingress.yaml
+++ b/heimdall/templates/ingress.yaml
@@ -1,52 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  annotations:
-  name: heimdall-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: heimdall
-      port: 80
-  - match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: heimdall-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: heimdall-tls
-spec:
-  secretName: heimdall-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "heimdall.durp.info"
-  dnsNames:
-  - "heimdall.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: heimdall-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/heimdall/values.yaml
+++ b/heimdall/values.yaml
@@ -1,28 +0,0 @@
-heimdall:
-
-  image:
-    registry: 
-    repository: registry.internal.durp.info/linuxserver/heimdall
-    pullPolicy: Always    
-
-  env:
-    TZ: UTC
-    PUID: "1000"
-    PGID: "1000"
-
-  service:
-    main:
-      annotations:
-          external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
-          external-dns.alpha.kubernetes.io/target: home.durp.info
-      ports:
-        http:
-          port: 80
-
-  ingress:
-    main:
-      enabled: false
-
-  persistence:
-    config:
-      enabled: true
--- a/internalproxy/Chart.yaml
+++ b/internalproxy/Chart.yaml
@@ -1,7 +0,0 @@
-apiVersion: v2
-name: internalproxy
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "0.1.0"
--- a/internalproxy/templates/argocd.yaml
+++ b/internalproxy/templates/argocd.yaml
@@ -1,46 +0,0 @@
-#apiVersion: traefik.io/v1alpha1
-#kind: IngressRoute
-#metadata:
-#  name: argocd-ingress
-#  annotations:
-#    cert-manager.io/cluster-issuer: letsencrypt-production
-#spec:
-#  entryPoints:
-#    - websecure
-#  routes:
-#  - match: Host(`argocd.internal.durp.info`)
-#    middlewares:
-#    - name: whitelist
-#      namespace: traefik
-#    kind: Rule
-#    services:
-#    - name: argocd-server
-#      port: 443
-#      scheme: https
-#  tls:
-#    secretName: argocd-tls
-#
-#---
-#
-#kind: Service
-#apiVersion: v1
-#metadata:
-#  name: argocd-server
-#spec:
-#  type: ExternalName
-#  externalName: argocd-server.argocd.svc.cluster.local
-#
-#---
-#
-#apiVersion: cert-manager.io/v1
-#kind: Certificate
-#metadata:
-#  name: argocd-tls
-#spec:
-#  secretName: argocd-tls
-#  issuerRef:
-#    name: letsencrypt-production
-#    kind: ClusterIssuer
-#  commonName: "argocd.internal.durp.info"
-#  dnsNames:
-#  - "argocd.internal.durp.info"
--- a/internalproxy/templates/blueiris.yaml
+++ b/internalproxy/templates/blueiris.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: blueiris
-spec:
-  ports:
-    - name: app
-      port: 81
-      protocol: TCP
-      targetPort: 81
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: blueiris
-subsets:
-  - addresses:
-      - ip: 192.168.99.2
-    ports:
-      - name: app
-        port: 81
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: blueiris-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: blueiris
-          port: 81
-          scheme: http
-  tls:
-    secretName: blueiris-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: blueiris-tls
-spec:
-  secretName: blueiris-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "blueiris.internal.durp.info"
-  dnsNames:
-    - "blueiris.internal.durp.info"
--- a/internalproxy/templates/duplicati-ingress.yaml
+++ b/internalproxy/templates/duplicati-ingress.yaml
@@ -1,70 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: duplicati
-spec:
-  ports:
-  - name: app
-    port: 8200
-    protocol: TCP
-    targetPort: 8200
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: duplicati
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8200
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: duplicati-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: duplicati
-      port: 8200
-  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: duplicati-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: duplicati-tls
-spec:
-  secretName: duplicati-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "duplicati.internal.durp.info"
-  dnsNames:
-  - "duplicati.internal.durp.info"  
--- a/internalproxy/templates/gitea.yaml
+++ b/internalproxy/templates/gitea.yaml
@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea
-spec:
-  ports:
-    - name: app
-      port: 3000
-      protocol: TCP
-      targetPort: 3000
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: gitea
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 3000
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`gitea.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: gitea
-          port: 3000
-          scheme: http
-  tls:
-    secretName: gitea-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: gitea-tls
-spec:
-  secretName: gitea-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "gitea.durp.info"
-  dnsNames:
-    - "gitea.durp.info"
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: gitea-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/jellyfin.yaml
+++ b/internalproxy/templates/jellyfin.yaml
@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: jellyfin
-spec:
-  ports:
-    - name: app
-      port: 8096
-      protocol: TCP
-      targetPort: 8096
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: jellyfin
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 8096
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: jellyfin-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: jellyfin
-          port: 8096
-          scheme: http
-  tls:
-    secretName: jellyfin-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: jellyfin-tls
-spec:
-  secretName: jellyfin-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "jellyfin.durp.info"
-  dnsNames:
-    - "jellyfin.durp.info"
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: jellyfin-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  
--- a/internalproxy/templates/kasm.yaml
+++ b/internalproxy/templates/kasm.yaml
@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kasm
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: kasm
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: kasm-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`kasm.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: kasm
-          port: 443
-          scheme: https
-  tls:
-    secretName: kasm-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: kasm-tls
-spec:
-  secretName: kasm-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "kasm.durp.info"
-  dnsNames:
-    - "kasm.durp.info"
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: kasm-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/minio.yaml
+++ b/internalproxy/templates/minio.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: minio
-spec:
-  ports:
-    - name: app
-      port: 9769
-      protocol: TCP
-      targetPort: 9769
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: minio
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 9769
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: minio-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: minio
-          port: 9769
-          scheme: http
-  tls:
-    secretName: minio-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: minio-tls
-spec:
-  secretName: minio-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "minio.internal.durp.info"
-  dnsNames:
-    - "minio.internal.durp.info"
--- a/internalproxy/templates/nexus.yaml
+++ b/internalproxy/templates/nexus.yaml
@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nexus
-spec:
-  ports:
-  - name: app
-    port: 8081
-    protocol: TCP
-    targetPort: 8081
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: nexus
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8081
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nexus-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`nexus.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: nexus
-      port: 8081
-  tls:
-    secretName: nexus-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: nexus-tls
-spec:
-  secretName: nexus-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "nexus.durp.info"
-  dnsNames:
-  - "nexus.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: nexus-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/octopus.yaml
+++ b/internalproxy/templates/octopus.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: octopus
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: octopus
-subsets:
-  - addresses:
-      - ip: 192.168.20.105
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: octopus-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: octopus
-          port: 443
-          scheme: https
-  tls:
-    secretName: octopus-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: octopus-tls
-spec:
-  secretName: octopus-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "octopus.internal.durp.info"
-  dnsNames:
-    - "octopus.internal.durp.info"
--- a/internalproxy/templates/ollama.yaml
+++ b/internalproxy/templates/ollama.yaml
@@ -1,102 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: ollama-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: ollama-secret
-  data:
-    - secretKey: users
-      remoteRef:
-        key: secrets/internalproxy/ollama
-        property: users
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: ollama-basic-auth
-spec:
-  basicAuth:
-    headerField: x-api-key
-    secret: ollama-secret
-
---
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: ollama
-spec:
-  ports:
-    - name: app
-      port: 11435
-      protocol: TCP
-      targetPort: 11435
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: ollama
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 11435
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ollama-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: ollama-basic-auth
-      kind: Rule
-      services:
-        - name: ollama
-          port: 11435
-  tls:
-    secretName: ollama-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ollama-tls
-spec:
-  secretName: ollama-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "ollama.durp.info"
-  dnsNames:
-    - "ollama.durp.info"
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: ollama-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/pfsense.yaml
+++ b/internalproxy/templates/pfsense.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: pfsense
-spec:
-  ports:
-    - name: app
-      port: 10443
-      protocol: TCP
-      targetPort: 10443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: pfsense
-subsets:
-  - addresses:
-      - ip: 192.168.20.1
-    ports:
-      - name: app
-        port: 10443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: pfsense-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: pfsense
-          port: 10443
-          scheme: https
-  tls:
-    secretName: pfsense-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: pfsense-tls
-spec:
-  secretName: pfsense-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "pfsense.internal.durp.info"
-  dnsNames:
-    - "pfsense.internal.durp.info"
--- a/internalproxy/templates/plex.yaml
+++ b/internalproxy/templates/plex.yaml
@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: plex
-spec:
-  ports:
-    - name: app
-      port: 32400
-      protocol: TCP
-      targetPort: 32400
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: plex
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 32400
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: plex-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`plex.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: plex
-          port: 32400
-          scheme: https
-  tls:
-    secretName: plex-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: plex-tls
-spec:
-  secretName: plex-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "plex.durp.info"
-  dnsNames:
-    - "plex.durp.info"
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: plex-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: plex.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  
--- a/internalproxy/templates/portainer.yaml
+++ b/internalproxy/templates/portainer.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: portainer
-spec:
-  ports:
-    - name: app
-      port: 9443
-      protocol: TCP
-      targetPort: 9443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: portainer
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 9443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: portainer-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: portainer
-          port: 9443
-          scheme: https
-  tls:
-    secretName: portainer-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: portainer-tls
-spec:
-  secretName: portainer-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "portainer.internal.durp.info"
-  dnsNames:
-    - "portainer.internal.durp.info"
--- a/internalproxy/templates/proxmox.yaml
+++ b/internalproxy/templates/proxmox.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: proxmox
-spec:
-  ports:
-    - name: app
-      port: 8006
-      protocol: TCP
-      targetPort: 8006
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: proxmox
-subsets:
-  - addresses:
-      - ip: 192.168.21.252
-    ports:
-      - name: app
-        port: 8006
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: proxmox-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: proxmox
-          port: 8006
-          scheme: https
-  tls:
-    secretName: proxmox-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: proxmox-tls
-spec:
-  secretName: proxmox-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "proxmox.internal.durp.info"
-  dnsNames:
-    - "proxmox.internal.durp.info"
--- a/internalproxy/templates/registry-internal.yaml
+++ b/internalproxy/templates/registry-internal.yaml
@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry-internal
-spec:
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: registry-internal
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: registry-internal-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: registry-internal
-      port: 5000
-  tls:
-    secretName: registry-internal-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: registry-internal-tls
-spec:
-  secretName: registry-internal-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "registry.internal.durp.info"
-  dnsNames:
-  - "registry.internal.durp.info"
--- a/internalproxy/templates/registry.yaml
+++ b/internalproxy/templates/registry.yaml
@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry
-spec:
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: registry
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: registry-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`registry.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: registry
-      port: 5000
-  tls:
-    secretName: registry-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: registry-tls
-spec:
-  secretName: registry-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "registry.durp.info"
-  dnsNames:
-  - "registry.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: registry-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/s3.yaml
+++ b/internalproxy/templates/s3.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: s3
-spec:
-  ports:
-    - name: app
-      port: 9768
-      protocol: TCP
-      targetPort: 9768
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: s3
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 9768
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: s3-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: s3
-          port: 9768
-          scheme: http
-  tls:
-    secretName: s3-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: s3-tls
-spec:
-  secretName: s3-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "s3.internal.durp.info"
-  dnsNames:
-    - "s3.internal.durp.info"
--- a/internalproxy/templates/semaphore.yaml
+++ b/internalproxy/templates/semaphore.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: semaphore
-spec:
-  ports:
-    - name: app
-      port: 3001
-      protocol: TCP
-      targetPort: 3001
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: semaphore
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 3001
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: semaphore-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: semaphore
-          port: 3001
-          scheme: http
-  tls:
-    secretName: semaphore-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: semaphore-tls
-spec:
-  secretName: semaphore-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "semaphore.internal.durp.info"
-  dnsNames:
-    - "semaphore.internal.durp.info"
--- a/internalproxy/templates/smokeping.yaml
+++ b/internalproxy/templates/smokeping.yaml
@@ -1,82 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: smokeping
-spec:
-  ports:
-  - name: app
-    port: 81
-    protocol: TCP
-    targetPort: 81
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: smokeping
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 81
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: smokeping-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: smokeping
-      port: 81
-  - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: smokeping-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: smokeping-tls
-spec:
-  secretName: smokeping-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "smokeping.durp.info"
-  dnsNames:
-  - "smokeping.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: smokeping-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  
--- a/internalproxy/templates/speedtest.yaml
+++ b/internalproxy/templates/speedtest.yaml
@@ -1,74 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: speedtest
-spec:
-  ports:
-  - name: app
-    port: 6580
-    protocol: TCP
-    targetPort: 6580
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: speedtest
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 6580
-    protocol: TCP
-
---    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: speedtest-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    middlewares:
-    - name: authentik-proxy-provider
-      namespace: traefik 
-    services:
-    - name: speedtest
-      port: 6580
-  tls:
-    secretName: speedtest-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: speedtest-tls
-spec:
-  secretName: speedtest-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "speedtest.durp.info"
-  dnsNames:
-  - "speedtest.durp.info"  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: speedtest-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
--- a/internalproxy/templates/tdarr.yaml
+++ b/internalproxy/templates/tdarr.yaml
@@ -1,67 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: tdarr
-spec:
-  ports:
-  - name: app
-    port: 8267
-    protocol: TCP
-    targetPort: 8267
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: tdarr
-subsets:
- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8267
-    protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: tdarr-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`tdarr.internal.durp.info`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik  
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: tdarr
-      port: 8267
-      scheme: http
-  tls:
-    secretName: tdarr-tls  
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: tdarr-tls
-spec:
-  secretName: tdarr-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "tdarr.internal.durp.info"
-  dnsNames:
-  - "tdarr.internal.durp.info"  
--- a/internalproxy/templates/unraid.yaml
+++ b/internalproxy/templates/unraid.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: unraid
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: unraid
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: unraid-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: unraid
-          port: 443
-          scheme: https
-  tls:
-    secretName: unraid-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: unraid-tls
-spec:
-  secretName: unraid-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "unraid.internal.durp.info"
-  dnsNames:
-    - "unraid.internal.durp.info"
--- a/internalproxy/templates/wazuh.yaml
+++ b/internalproxy/templates/wazuh.yaml
@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
---
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: wazuh
-subsets:
-  - addresses:
-      - ip: 192.168.20.102
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: wazuh-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: wazuh
-          port: 443
-          scheme: https
-  tls:
-    secretName: wazuh-tls
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wazuh-tls
-spec:
-  secretName: wazuh-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "wazuh.internal.durp.info"
-  dnsNames:
-    - "wazuh.internal.durp.info"
--- a/krakend/Chart.yaml
+++ b/krakend/Chart.yaml
@@ -1,7 +0,0 @@
-apiVersion: v2
-name: krakend
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
--- a/krakend/templates/deployments.yaml
+++ b/krakend/templates/deployments.yaml
@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: krakend
-  name: krakend
-  labels:
-    app: krakend
-spec:
-  selector:
-    matchLabels:
-      app: krakend
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: krakend
-    spec:
-      volumes:
-      - name: krakend-secret
-        secret:
-          secretName: krakend-secret
-      containers:
-      - name: krakend
-        image: registry.internal.durp.info/devopsfaith/krakend:2.4.3
-        imagePullPolicy: Always
-        livenessProbe:
-          httpGet:
-            path: /__health
-            port: 8080
-        readinessProbe:
-          httpGet:
-            path: /__health
-            port: 8080            
-        ports:
-        - name: http
-          containerPort: 8080          
-        volumeMounts:
-        - name: krakend-secret
-          mountPath: /etc/krakend
--- a/krakend/templates/ingress.yaml
+++ b/krakend/templates/ingress.yaml
@@ -1,56 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: api-tls
-spec:
-  secretName: api-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "api.durp.info"
-  dnsNames:
-  - "api.durp.info"        
-
---
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: krakend-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`api.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: krakend-service
-          port: 8080
-          scheme: http
-  tls:
-    secretName: api-tls
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: api-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: api.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: api-developer-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: developer.durp.info
-    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
-spec:
-  type: ExternalName
-  externalName: developerdurp.github.io
--- a/krakend/templates/secrets.yaml
+++ b/krakend/templates/secrets.yaml
@@ -1,15 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: krakend-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: krakend-secret
-  data:
-  - secretKey: krakend.json
-    remoteRef:
-      key: secrets/krakend/config
-      property: config
--- a/krakend/templates/service.yaml
+++ b/krakend/templates/service.yaml
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: krakend-service
-spec:
-  ports:
-  - name: http
-    port: 8080
-    targetPort: 8080
-    protocol: TCP
-  selector:
-    app: krakend
--- a/kube-prometheus-stack/Chart.yaml
+++ b/kube-prometheus-stack/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: kube-prometheus-stack
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
- name: kube-prometheus-stack
-  repository: https://prometheus-community.github.io/helm-charts
-  version: 63.1.0
--- a/Show More
+++ b/Show More