initial commit

2022-10-10 17:36:40 -05:00
commit d91a4238cc
86 changed files with 4143 additions and 0 deletions
--- a/argocd/Chart.yaml
+++ b/argocd/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: argocd
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: argo-cd
+  repository: https://argoproj.github.io/argo-helm
+  version: 5.5.18
--- a/argocd/templates/InternalProxy.yaml
+++ b/argocd/templates/InternalProxy.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: internalproxy
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: internalproxy
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: internalproxy
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/argocd/templates/bitwarden.yaml
+++ b/argocd/templates/bitwarden.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bitwarden
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: bitwarden
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: bitwarden
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/argocd/templates/cert-manager.yaml
+++ b/argocd/templates/cert-manager.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: cert-manager
+  destination:
+    namespace: cert-manager
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/argocd/templates/durpot.yaml
+++ b/argocd/templates/durpot.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: durpot
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: durpot
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: durpot
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true  
+
--- a/argocd/templates/gitlab-runner.yaml
+++ b/argocd/templates/gitlab-runner.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitlab-runner
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: gitlab-runner
+  destination:
+    namespace: gitlab-runner
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true    
+
--- a/argocd/templates/ingress-nginx.yaml
+++ b/argocd/templates/ingress-nginx.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: ingress-nginx
+  destination:
+    namespace: ingress-nginx
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/argocd/templates/keycloak.yaml
+++ b/argocd/templates/keycloak.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: keycloak
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: keycloak
+  destination:
+    namespace: keycloak
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/argocd/templates/kong.yaml
+++ b/argocd/templates/kong.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kong
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: kong
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: kong
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true    
+
--- a/argocd/templates/kube-prometheus-stack.yaml
+++ b/argocd/templates/kube-prometheus-stack.yaml
@@ -0,0 +1,21 @@
+#apiVersion: argoproj.io/v1alpha1
+#kind: Application
+#metadata:
+#  name: kube-prometheus-stack
+#  namespace: argocd
+#spec:
+#  project: default
+#  source:
+#    repoURL: https://github.com/DeveloperDurp/homelab.git
+#    targetRevision: main
+#    path: kube-prometheus-stack
+#  destination:
+#    namespace: kube-prometheus-stack
+#    name: in-cluster
+#  syncPolicy:
+#    automated:
+#      prune: true
+#      selfHeal: true  
+#    syncOptions:
+#      - CreateNamespace=true 
+#
--- a/argocd/templates/littlelink.yaml
+++ b/argocd/templates/littlelink.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: littlelink
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: littlelink
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: littlelink
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true        
--- a/argocd/templates/longhorn-system.yaml
+++ b/argocd/templates/longhorn-system.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: longhorn-system
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: longhorn-system
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: longhorn-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true  
--- a/argocd/templates/nextcloud.yaml
+++ b/argocd/templates/nextcloud.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nextcloud
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: nextcloud
+  destination:
+    namespace: nextcloud
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/argocd/templates/oauth2-proxy.yaml
+++ b/argocd/templates/oauth2-proxy.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: oauth2-proxy
+  destination:
+    namespace: oauth2-proxy
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/argocd/templates/sealed-secrets.yaml
+++ b/argocd/templates/sealed-secrets.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secrets
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: sealed-secrets
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: sealed-secrets
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true                         
--- a/argocd/templates/uptimekuma.yaml
+++ b/argocd/templates/uptimekuma.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: uptimekuma
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: uptimekuma
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: uptimekuma
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/argocd/templates/whoogle.yaml
+++ b/argocd/templates/whoogle.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: whoogle
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/DeveloperDurp/homelab.git
+    targetRevision: main
+    path: whoogle
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: whoogle
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true    
+
--- a/argocd/values.yaml
+++ b/argocd/values.yaml
@@ -0,0 +1,182 @@
+argocd:
+  
+  image:
+    registry: docker.io
+    repository: bitnami/argo-cd
+    pullPolicy: Always
+  
+  controller:
+    replicaCount: 3
+  
+    startupProbe:
+      enabled: false
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+  
+    livenessProbe:
+      enabled: true
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+  
+    readinessProbe:
+      enabled: true
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+  
+    resources:
+      limits: {}
+      requests: {}
+  
+    service:
+      type: ClusterIP
+      port: 8082
+      
+  
+  server:
+  
+    replicaCount: 3
+  
+    startupProbe:
+      enabled: false
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+  
+    livenessProbe:
+      enabled: true
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+  
+    readinessProbe:
+      enabled: true
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+      successThreshold: 1
+    
+    resources:
+      limits: {}
+      requests: {}
+    
+    url: "argocd.internal.durp.info"
+  
+    ## Argo CD server config. This object will be directly rendered
+    ## @param server.config [object] Argo CD server configuration that will end on the argocd-cm Config Map
+    ## Ref: https://argoproj.github.io/argo-cd/operator-manual/user-management/
+    ## E.g:
+    ## repositories:
+    ##   - url: git@github.com:group/repo.git
+    ##     sshPrivateKeySecret:
+    ##       name: secret-name
+    ##       key: sshPrivateKey
+    ##   - type: helm
+    ##     url: https://charts.helm.sh/stable
+    ##     name: stable
+    ##   - type: helm
+    ##     url: https://argoproj.github.io/argo-helm
+    ##     name: argo
+    ## oidc.config:
+    ##   name: AzureAD
+    ##   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
+    ##   clientID: CLIENT_ID
+    ##   clientSecret: $oidc.azuread.clientSecret
+    ##   requestedIDTokenClaims:
+    ##     groups:
+    ##       essential: true
+    ##   requestedScopes:
+    ##     - openid
+    ##     - profile
+    ##     - email
+    ## dex.config:
+    ##    connectors:
+    ##      # GitHub example
+    ##      - type: github
+    ##        id: github
+    ##        name: GitHub
+    ##        config:
+    ##          clientID: aabbccddeeff00112233
+    ##          clientSecret: $dex.github.clientSecret
+    ##          orgs:
+    ##          - name: your-github-org
+    config:
+      url: "{{ .Values.server.url }}"
+      application.instanceLabelKey: argocd.argoproj.io/instance
+  
+    ingress:
+      enabled: true
+      pathType: ImplementationSpecific
+      hostname: argocd.internal.durp.info
+      path: /
+      annotations: 
+        kubernetes.io/ingress.class: nginx
+        cert-manager.io/cluster-issuer: letsencrypt-production 
+        nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+  
+      tls: 
+        - secretName: argocd-tls
+          hosts:
+          - argocd.internal.durp.info
+  
+  repoServer:
+    replicaCount: 3
+    
+    resources:
+      limits: {}
+      requests: {}
+  
+  
+  dex:
+    image:
+      registry: docker.io
+      repository: bitnami/dex
+      pullPolicy: Always
+  
+    enabled: true
+  
+    replicaCount: 3
+  
+    resources:
+      limits: {}
+      requests: {}
+    
+  config:
+    
+  redis:
+    image:
+      registry: docker.io
+      repository: bitnami/redis
+      pullPolicy: Always
+  
+    enabled: true
+    nameOverride: ""
+    service:
+      port: 6379
+  
+    auth:
+      enabled: true
+      existingSecret: ""
+      existingSecretPasswordKey: 'redis-password'
+  
+    architecture: standalone
+  
+  redisWait:
+    enabled: true
+    extraArgs: ''
+    securityContext: {}
+  
--- a/bitwarden/Chart.yaml
+++ b/bitwarden/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: bitwarden
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/bitwarden/templates/deployment.yaml
+++ b/bitwarden/templates/deployment.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: bitwarden
+  name: bitwarden
+  labels:
+    app: bitwarden
+spec:
+  selector:
+    matchLabels:
+      app: bitwarden
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+      - name: bitwarden
+        image: bitwardenrs/server:latest
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: bitwarden-longhorn-pvc
+          mountPath: /data
+          subPath: bitwaren-data              
+        ports:
+        - name: http
+          containerPort: 80
+        env:
+          - name: SIGNUPS_ALLOWED
+            value: "TRUE"
+          - name: INVITATIONS_ALLOWED
+            value: "TRUE"                      
+          - name: WEBSOCKET_ENABLED
+            value: "TRUE"          
+          - name: ROCKET_ENV
+            value: "staging"              
+          - name: ROCKET_PORT
+            value: "80"            
+          - name: ROCKET_WORKERS
+            value: "10"            
+      volumes:
+      - name: bitwarden-longhorn-pvc
+        persistentVolumeClaim:
+          claimName: bitwarden-longhorn-pvc             
--- a/bitwarden/templates/ingress.yaml
+++ b/bitwarden/templates/ingress.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bitwarden-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+spec:
+  rules:
+  - host: bitwarden.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bitwarden
+            port: 
+              number: 80         
+  tls:
+    - hosts: 
+      - bitwarden.durp.info
+      secretName: bitwarden-tls
--- a/bitwarden/templates/service.yaml
+++ b/bitwarden/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: bitwarden
--- a/bitwarden/templates/volume.yaml
+++ b/bitwarden/templates/volume.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden-longhorn-pvc
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
--- a/cert-manager/Chart.yaml
+++ b/cert-manager/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cert-manager
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: 1.9.1
--- a/cert-manager/templates/letsencrypt-prroduction.yaml
+++ b/cert-manager/templates/letsencrypt-prroduction.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          email: developerdurp@durp.info
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/cert-manager/templates/letsencrypt-staging.yaml
+++ b/cert-manager/templates/letsencrypt-staging.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: example-issuer-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          email: developerdurp@durp.info
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/cert-manager/templates/sealedsecret.yaml
+++ b/cert-manager/templates/sealedsecret.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+spec:
+  encryptedData:
+    api-token: AgByFA+3NxZ6EPc0kt99+9+aFFRoYN0L82HPYilEtkxBKWdIc70k6SAmOAGUQnrBbCulWSq+qLaGSOk7l/ul2IzJLLitpluJbb2Ck2qiZyAoGCaO0V+rdZxzrOpKnDrEk8/puvz1jbfRbiDvPzz1/x/U3hG6InXzj63wU+WYsu3xCEcVrPSlEUILK0DeAVJipdn/5Auw5ckgVMZ6j+Fjcp94INWUw/Z7wiiebXOgeh5BxvFiYw9Pk7CMMRqdIkDT30ynCgn9v2Gl280P/J6QCByljGkr7b6gOXgYw/KIxSsl2mzv9Ar2+ZWvka9nqykdL8dE3Ju3MtFTPCNv+REdEZH+EubxXeE+WS+hYhMVoPPIt/47yh6Pu1xU7Ms8aLXlUMBxIzonBTcyRvktH2Mc86CWPXYYdfi7885iq/uRt4hJN3akAh4zazfBwJ/FCVzrJb+zMfozwR4tPiGwb2HxfggAy0UW0SYxUNGbwmr7J+9g5QOFyNrtPqsslH5piGHtERtegpB4MngdNFLln3oidt+ef0//Y3E+V4c2vY+t0OirgRgJ59UVhEFDLUgvaHNjJ2PGlmyQa98hSzYfpmm/4sAsTAIM/W/oRwtsA2arOjg79An397upqbepBVqYe0wqHML50eE1C3mX9bwtdq4+W3A1GmpadYl9n2HrtLF/rTPenFVLqzodN7VLBRNU8f49Xc7s9hEHnlMegrh/drYC2ckn3w/V2s1Yya8RUQiGnqztdOAJqCwL1o/f
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: cloudflare-api-token-secret
+      namespace: cert-manager
+
--- a/cert-manager/values.yaml
+++ b/cert-manager/values.yaml
@@ -0,0 +1,11 @@
+cert-manager:
+  installCRDs: true
+  replicaCount: 3
+  extraArgs:
+    - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
+    - --dns01-recursive-nameservers-only
+  podDnsPolicy: None
+  podDnsConfig:
+    nameservers:
+      - "1.1.1.1"
+      - "1.0.0.1"
--- a/durpot/Chart.yaml
+++ b/durpot/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: durpot
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "0.1.0"
--- a/durpot/templates/deployment.yaml
+++ b/durpot/templates/deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: durpot
+  name: durpot
+  labels:
+    app: durpot
+spec:
+  selector:
+    matchLabels:
+      app: durpot
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: durpot
+    spec:
+      containers:
+      - name: durpot
+        image: ghcr.io/developerdurp/durpot:latest
+        imagePullPolicy: Always       
+        envFrom:
+        - secretRef:
+            name: durpot-secret
--- a/durpot/templates/sealedsecret.yaml
+++ b/durpot/templates/sealedsecret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: durpot-secret
+  namespace: durpot
+spec:
+  encryptedData:
+    CHANNEL_ID: AgBCMRT0w3n3ehhILFRoRdqPwOy9+ebZpM+ZhMwqiazrTCvE3vFXrWd1uZ0hmf051PSFwkJ79QXlnYyffx8Mp/VGGwe8Zk8+61NCymxpnYXEYCLFtQu0BqGAK/da7JWBOOaqZ6F80A1QHnszW9K6hh4BsdseGUPNrc6l4C51pblsg+cwGUbUSRflPdmDHBa/3sjDYOCg/gJ5Ec27+Y7UA+0AZ1mZVR3BtN9HtNF++ui3Uqr+jQ+HUisjeZ2ercj8AZcRtpCD8jA6oCNNbJiODZTZUx19AlZ/NME1lVaqNbnFXG8RJD7tFN1Zf+QUdP+5ZeY6PxNy2oRgI5vQvH0xc1lSGGhDRhKlBVZNLtvJGYVYBpQXi3jwZAFvpjBTMXARv2VpnvQwzPaXZVn0vgisPLQ9WUr1+Fe8w3F6TxMPjZ7m6lpXDel7TCMngvu984YRj1O3KZy3jP3vXcMOT6rCtsMqTIibAAVWegQFth1vsBUN2iyt20RBSRlL71CuyOcOCYtQAD9f6LDSbB5yMyL80s0Q1dEQV+B2pHDfzvroHosKzp40da6OrKf5NczhzSit6ZKTaPgZntil6yiIb38lqv14A53L3PFFcTP/rKtsMCKCma0X6MvXqsEkAQ6lh5AmrNqqTFIwuv1tXAMBE1jyusRzj1lLu76GAkQ5WovpRB87/JGJk2VwfFRddFrH+313KqXHfcXgUm/RCKOqPyZE8iW5/GI=
+    DISCORD_TOKEN: AgBSmUFVINgcE7yMfZWy++nF3tTWPpiCJj+Dqlq4XD+CrV6nxtcFYFYfm0EWEmPVWCLiKbd8Dy6dKMqKmFmA71qcDavYZFuB1AlZEiXix4Cuu+givoLeImUcmHGSxvOTWUlK2HSqEaDbp7ndxVWymasVfgctvHqRfeF1HCHKn1un7GFK6/MKRt3w8VNjQr7m/lybyE9k63/g4/vkQVjO4wA3cLK8e+vcb3v3w7X27fucwG0ESW/O6GdMw/zNKVmy65zb+uR+t5CCmDtOaGhak0pw1s9SqFtBFlaahQvX9Y6LIn/wFj220+XgtOe6dbio26lHXl4S8d/TPJ1JEfQ6/7k0jvBcvlItlNhd9J5GoQS9F+uzJib4Vh0wro7hzGoeIYKMNh0jUe5tnOQLLFiEmvhedhXx+W2O7ZrR/zGuFgCkCDsv1+/F4ts7TBW2Q6fPdojnJr0sHw+K3s1wuWcQPvH+N/FjSIiJUY6gFVizIy+2KpsHHogfUfq/iiooN8TceF2ZtEMjVN9G2+VZu9SzC57EPqXmzZ79GO4cJtQBuDNL5UGfqZ2mgesx8Hs/DJrLqHoZ9ZcTORhhTYQO6s44fuMJ5Kb2xOkmb5HmpxLM1tgmZmRs9OTVPE3WtT48Sk6CBN4OXY8rlUK2BH6A3Ah/IfCDG0hNoysbrY3jvnrOjsdBN9L+3IMa/nNrFD2kUm2ac/pGHKNEI6cEDWWQzcb+KHSMFfTSTsURuazdsqyffYYj+Ki+D19DHWvuwLZYcWEWxKgZAckVSB+dTYBIhg==
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: durpot-secret
+      namespace: durpot
+
--- a/gitlab-runner/Chart.yaml
+++ b/gitlab-runner/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: gitlab-runner
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: gitlab-runner
+  repository: https://charts.gitlab.io/
+  version: 0.43.0
--- a/gitlab-runner/templates/gitlab-secret-sealed.yaml
+++ b/gitlab-runner/templates/gitlab-secret-sealed.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: gitlab-secret
+  namespace: gitlab-runner
+spec:
+  encryptedData:
+    runner-registration-token: AgAdk9x5mBbfTpHn9ZPvSH7mQomld7sVebv222t1E6VQqZzhfKosvSB8DPFEkinYRMS5TjC0C1Gd5UMZbdqEaYlljqnq6FcGkfrqV1uQcAAEoWgNuZZlMHz3av2dRcRIFOMxKkpNevVY/Gg11ETv1voZ6EaI394C1jmUGBan02RRKja74F0IiRkHdn80gZAYdWS1SEsJ5k2v9H5WoEprkq93aK2zKII3lCTMpd//D2TIasPPQSy2Ybgx5Vrdx47Cpu8IlnZmoFwbnkbEzV4+eLmlVbDKOhOMJiYn1JMvbBl/th1y98M/SJfFZC8vuBeJ2W+6Dr+RTqfucC/d6IYHrDXXD9Gh4yhNG97uvVVab3R9KCXQO1WXeMYqCF3o5k9jrrFsBKJ1oMw3+6TCy8hkMDAyPcDdS42x1k+NpbtfLA2LZ4CVrK+L484Y2tZESElHjtQsnxGwHp1E/U43UGRN0giOK52OYu5tziNjIMlfg1bc8sBCHEUw4Ln5VHQ/AHeXv+3TrWaNc7Wr01TqEOuTXwrYlC4gLd291uofudjgNUKS+/+Mzbi17c+GRovQpXteot7YlTaWaO1YmmoePVJxH12VDSl2RN8R4lDn0qhvnQWCpCeZzxcFeCn3dMC4lQVUh4P8SwnCJDfEl10cXIdvscmv/ga8KXBfXxXRC0dLRWlzn9u+SQFru0aJpZXYJ7lJfuyi/BpuDCxDGoCy2w1i2fs37eG8PDp0MXEgiC9wFA==
+    runner-token: AgBr5ZkTMkbzGNQW5hFVs13qD7HuXd1W3AxDqxAo3H2g8PcBRp3rQ+XRRzqC8PYiIkobry2SGbm7/YX/Y9OqWvA2ZCMnIhwdrZr1feSWzty1o5Euo4I3g4tSVjcpB+WwvLy8+YyD0hy8q7oU4qTCNkieVJ5TYLIZcgIK2JCNER3YdRMfwDdHSC++bP9thmClqXFflFL1CKGIBCFYrJUBvFH5fWhku7t5XD39zltKC/tTKgFPDHdlDfsWGynl3vQHaMyU8OkAB2EJsKjzghKGG4jxr23TxSrSpXVpo8+CT/iyvUmo6vs3h8/5aB0pYZgy2MBlLxgSmP5oHtVZ0jnqhpiqyHsfqiHbJTZsSxu8kvPB7+66Wh8VYHEsecKTAUKVw+ZKY+eP5CVk6YwXJpPfBmw6T5wJVGatE5/GGJ0/esiz0vlay5jLuWmM9SUpjZ1yHoeV9jczA5vtYOwyzNzk2feYCRcV+g7HO4kk3vmqgTH9E1D1ScQcQ8ciPLi+9dSDFYhicWRkx+dN7eEZMyb6Kbr/ed2k9PfRTkEaPqBE1gjBS0t9JqYFZkTRWREZVkSI5CTr2jiZn2gO3GO5P2HhQ9PtSbdc5oTOr1UHINko2TltGA1LsG5XW9LZaYrBYRxQGcPn7/SGlOGM46ZA2RS3l38OQrPD0+2WoAL4HRW4nsM2EHHOT/Oyb/YO0GLePCTJu1E=
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: gitlab-secret
+      namespace: gitlab-runner
+
--- a/gitlab-runner/values.yaml
+++ b/gitlab-runner/values.yaml
@@ -0,0 +1,60 @@
+gitlab-runner:
+
+  imagePullPolicy: Always
+  gitlabUrl: https://gitlab.com/
+  unregisterRunner: true
+  terminationGracePeriodSeconds: 3600
+  concurrent: 10
+  checkInterval: 30
+
+  rbac:
+    create: true
+    rules: []
+    clusterWideAccess: false
+    podSecurityPolicy:
+      enabled: false
+      resourceNames:
+      - gitlab-runner
+
+  runners:
+    config: |
+      [[runners]]
+        [runners.kubernetes]
+          namespace = "{{.Release.Namespace}}"
+          image = "ubuntu:22.04"
+          privileged = true
+
+    executor: kubernetes
+    name: "k3s"
+    runUntagged: true
+    privileged: true
+    secret: gitlab-secret
+    builds: 
+      cpuLimit: 200m
+      cpuLimitOverwriteMaxAllowed: 400m
+      memoryLimit: 256Mi
+      memoryLimitOverwriteMaxAllowed: 512Mi
+      cpuRequests: 100m
+      cpuRequestsOverwriteMaxAllowed: 200m
+      memoryRequests: 128Mi
+      memoryRequestsOverwriteMaxAllowed: 256Mi
+
+  securityContext:
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    privileged: false
+    capabilities:
+      drop: ["ALL"]
+
+  podSecurityContext:
+    runAsUser: 100
+    fsGroup: 65533
+
+  resources: 
+    limits:
+      memory: 256Mi
+      cpu: 200m
+    requests:
+      memory: 128Mi
+      cpu: 100m
--- a/ingress-nginx/Chart.yaml
+++ b/ingress-nginx/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: nginx
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.2.5
--- a/ingress-nginx/values.yaml
+++ b/ingress-nginx/values.yaml
@@ -0,0 +1,109 @@
+ingress-nginx:
+
+  controller:
+    name: controller
+    image:
+      chroot: false
+      registry: registry.k8s.io
+      image: ingress-nginx/controller
+      pullPolicy: Always
+      runAsUser: 101
+      allowPrivilegeEscalation: true
+
+    containerName: controller
+    containerPort:
+      http: 80
+      https: 443
+
+    livenessProbe:
+      httpGet:
+        path: "/healthz"
+        port: 10254
+        scheme: HTTP
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      successThreshold: 1
+      failureThreshold: 5
+    readinessProbe:
+      httpGet:
+        path: "/healthz"
+        port: 10254
+        scheme: HTTP
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      timeoutSeconds: 1
+      successThreshold: 1
+      failureThreshold: 3
+
+    healthCheckPath: "/healthz"
+    healthCheckHost: ""
+    podAnnotations: {}
+
+    replicaCount: 3
+
+    minAvailable: 3
+
+    resources:
+      limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 200m
+        memory: 256Mi
+
+    service:
+      enabled: true
+      appProtocol: true
+      annotations: {}
+      labels: {}
+      externalIPs: []
+
+      loadBalancerIP: ""
+      loadBalancerSourceRanges: []
+
+      enableHttp: true
+      enableHttps: true
+      
+      ports:
+        http: 80
+        https: 443
+
+      targetPorts:
+        http: http
+        https: https
+
+      type: LoadBalancer
+
+      external:
+        enabled: true
+      externalTrafficPolicy: "Local"
+
+      patch:
+        enabled: true
+        image:
+          registry: registry.k8s.io
+          image: ingress-nginx/kube-webhook-certgen
+          pullPolicy: Always
+        runAsUser: 2000
+        fsGroup: 2000
+
+    lifecycle:
+      preStop:
+        exec:
+          command:
+            - /wait-shutdown
+
+    priorityClassName: ""
+
+  revisionHistoryLimit: 1
+
+  rbac:
+    create: true
+    scope: false
+
+  serviceAccount:
+    create: true
+    name: ""
+    automountServiceAccountToken: true
+    annotations: {}
--- a/internalproxy/Chart.yaml
+++ b/internalproxy/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: internalproxy
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "0.1.0"
--- a/internalproxy/templates/duplicati-ingress.yaml
+++ b/internalproxy/templates/duplicati-ingress.yaml
@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: duplicati
+spec:
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+    targetPort: 8200
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: duplicati
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: duplicati-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+    nginx.ingress.kubernetes.io/auth-response-headers: Authorization
+    nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth
+    nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args
+spec:
+  rules:
+  - host: duplicati.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: duplicati
+            port: 
+              number: 8200         
+  tls:
+    - hosts: 
+      - duplicati.internal.durp.info
+      secretName: duplicati-tls
--- a/internalproxy/templates/kasm-ingress.yaml
+++ b/internalproxy/templates/kasm-ingress.yaml
@@ -0,0 +1,84 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kasm
+spec:
+  ports:
+  - name: app
+    port: 443
+    protocol: TCP
+    targetPort: 8443
+  clusterIP: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: kasm
+subsets:
+- addresses:
+  - ip: 192.168.20.110
+  ports:
+  - name: app
+    port: 8443
+    protocol: TCP
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kasm-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    #nginx.ingress.kubernetes.io/proxy-body-size: 10M
+    #nginx.ingress.kubernetes.io/proxy-read-timeout: "1800s"
+    #nginx.ingress.kubernetes.io/proxy-send-timeout: "1800s"
+    #nginx.ingress.kubernetes.io/proxy_connect_timeout: "1800s"
+    nginx.ingress.kubernetes.io/server-snippets: |
+      location / {
+         # The following configurations must be configured when proxying to Kasm Workspaces
+
+         # WebSocket Support
+         proxy_set_header        Upgrade $http_upgrade;
+         proxy_set_header        Connection "upgrade";
+
+         # Host and X headers
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+
+         # Connectivity Options
+         proxy_http_version      1.1;
+         proxy_read_timeout      1800s;
+         proxy_send_timeout      1800s;
+         proxy_connect_timeout   1800s;
+         proxy_buffering         off;
+
+         # Allow large requests to support file uploads to sessions
+         client_max_body_size 10M;
+
+         # Proxy to Kasm Workspaces running locally on 8443 using ssl
+         proxy_pass https://192.168.20.110:8443 ;
+      }
+
+
+spec:
+  rules:
+  - host: kasm.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kasm
+            port: 
+              number: 443         
+  tls:
+    - hosts: 
+      - kasm.durp.info
+      secretName: kasm-tls
+
--- a/internalproxy/templates/minio-ingress.yaml
+++ b/internalproxy/templates/minio-ingress.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio
+spec:
+  ports:
+  - name: app
+    port: 9769
+    protocol: TCP
+    targetPort: 9769
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: minio
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 9769
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+spec:
+  rules:
+  - host: minio.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: minio
+            port: 
+              number: 9769         
+  tls:
+    - hosts: 
+      - minio.internal.durp.info
+      secretName: minio-tls
--- a/internalproxy/templates/overlord-ingress.yaml
+++ b/internalproxy/templates/overlord-ingress.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: overlord
+spec:
+  ports:
+  - name: app
+    port: 8006
+    protocol: TCP
+    targetPort: 8006
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: overlord
+subsets:
+- addresses:
+  - ip: 192.168.20.254
+  ports:
+  - name: app
+    port: 8006
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: overlord-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: overlord.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: overlord
+            port: 
+              number: 8006         
+  tls:
+    - hosts: 
+      - overlord.internal.durp.info
+      secretName: overlord-tls
--- a/internalproxy/templates/pfsense-ingress.yaml
+++ b/internalproxy/templates/pfsense-ingress.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pfsense
+spec:
+  ports:
+  - name: app
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: pfsense
+subsets:
+- addresses:
+  - ip: 192.168.20.1
+  ports:
+  - name: app
+    port: 443
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pfsense-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: pfsense.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: pfsense
+            port: 
+              number: 443         
+  tls:
+    - hosts: 
+      - pfsense.internal.durp.info
+      secretName: pfsense-tls
--- a/internalproxy/templates/plex-ingress.yaml
+++ b/internalproxy/templates/plex-ingress.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  ports:
+  - name: app
+    port: 32400
+    protocol: TCP
+    targetPort: 32400
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: plex
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 32400
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: plex-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: plex.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: plex
+            port: 
+              number: 32400         
+  tls:
+    - hosts: 
+      - plex.durp.info
+      secretName: plex-tls
--- a/internalproxy/templates/unraid-ingress.yaml
+++ b/internalproxy/templates/unraid-ingress.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: unraid
+spec:
+  ports:
+  - name: app
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: unraid
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 443
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: unraid-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: unraid.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: unraid
+            port: 
+              number: 443         
+  tls:
+    - hosts: 
+      - unraid.internal.durp.info
+      secretName: unraid-tls
--- a/keycloak/Chart.yaml
+++ b/keycloak/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: keycloak
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: keycloak
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.1.4
--- a/keycloak/templates/keyclock.yaml
+++ b/keycloak/templates/keyclock.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: keycloak-credentials
+  namespace: keycloak
+spec:
+  encryptedData:
+    admin-password: AgAahQvC7WJ0AQuDEC1trSxEi2C8AeJwhz1nzH+44V6rt3lxiCjWzDJcIFsnXhQJDk+Cpn9vuyZarIgwUhegpJlkdILURnWa6Zc6XvbDCCBoQ2aqQWvMbG56DZdzK352G+taPny8/wAdXFAsDx3vSG0wfrmIU7Fo1IJKdvdKI204L+zJ8Msvkodoj9gt8Iq1ZkIGYk2jaN5eGuRr2g9qkCMPdInR/Vj9nrlUmS1w9MJv5Jr3djSkTaENucTpaqtl0dtJv7Br7mWZ6QTWKsuVa/UwaIm//wcw+RQh3QHqrau7KOeZdEy3xVJf8w5XkSQam/qcFL5MP1WYzLiuaGvQlsQlaI5ud9bFW/rFerGaOvWxs4elrFQjkxwqegyFPg41s8tTwA0/D46bhetRm+TzhXa/nAgsj9CI53SQhNFRsmNH3gQghsL2C8PS67b+Rk4kJ3XxPFegMRLZqNe55u5dN5eTsNyq0yDLaqf3extTogwtLMB4G68TwFxCVuMecoeRvFitl3WJyDtPGr2fWGhoOr3QzZn8hlw3e5+Kx3w1KATMd1WGonp2w+IIOe8nLMXQDHGAJaCG5u8BNjHhdIRS+0mDHp40jNSdaFlM9OrEpsnfUU25+H3cEn5f2Bd9OYzWWFrOr60CBvG3qIBnMytHOKtXC8vqrhSdtSScgqIqbcYGHFzts/fujc3IUvjeoGyrTGwB3o6DUTxD3+uMNsI=
+    password: AgBruTBtb5AXviMuqM4eimlN6SwwJaXf3XBKX/2K7oYG8XTMJNq7135imrPULdvgR7rA5RLKXPiE5bZV/kkJhANbJuf/H4g6R0c0eBVEzoM+dlLHN5ktFrwAGaNsAim/UH5CmPATap8QtVfdBmQwBO1fdmCbtXqYJq0yhHSs7XeE+M8b408Sn2tr95i0/8wLqii4/as0B3Ecqrx8g66P0pPcMEsp3CuJTppchIQu35Ty6rKTHrwhcs2OZpfUu0oevAaVQwPulNYQ4tG6y+z2CT1bsJ3W7OS4HnhRtONiG8URlcrFgkBfwYQbofl781DskcjWxIlpOmyFl3m5riWrNHmznhalptScr7Eg+vxPHCeK5XjMD5Rg5z6YYPpfXwmq1rReCv9IWMaMV+0LdaTiU0JTKT6mfJxuZEtwBmU6N4Z00EIGghYFZ/xZ2Ld9jqfOl53QCapv2lqWN26+ZAr8FB7I0qQ7qWp2iMbaoKNZ2YMopjDQm8PEH328GXOuE+pPZM5V6rEw53urJn3pOf1ZUAEzoKo1zOqzU54Scg1xARHQI17RdyiR8+jbzmztV38orpf4jT/srxdPKUZKTI099kt+qB3YAkPrxgESq//fcIme1q2Ox1H3vVQydFRWXrDCXDX8WA1tdwKHBZwBhQJ5DKAXRRSLLXxGqmPG36WZ7du+KfPTIYpq+Mh2Hut750ALZ5XnMnioxc3OTLGzjiY=
+    postgres-password: AgARK2JKzY8lXbAxBxZYkpjoKPY9wMFgVrVtaZpS5gs0p9M+pRdEhSPVfQxJ/MzrkadBWxaCd3ShracqQLy+WvnCXc3hI65TKKgTp6uwkGppWnKg2AA3JICwMDOdax/U2qbsKXjdbC0XEsRlJBCBaIZ3Tr5cbCx7eZYgg5RsBXGP3rz6joeV30CU6qH2Q466WsdHl7PECyroTwc9uQ1eTB96b5Tw+VS/uJjQv4EP0Yte9ljfxbpQofuf2DmiJCAcDsulJLhebwGVDjAX+sF01NBEJT3Oau3P9MwHDwuoOXZguK/RRE+vrkU/EfnsTaOJhGxgKGGV5DmM5HRkV74ezxbyh44UgkKkhw6SvjX8W8V08eZmBvJXGpsldsIM8QlV9nO+xJWMK9G62HCjL0TZb/QwbaQWXq/7u4Rl0QWtJA7FNdlJwkJhzQXhgMUYXjcC1R22iuq5qYLs/93Q2MMKpOcsyyMo2p/P2mTJSncPPZQjuwSr2WXnGAbMLfYSQ3aiCGJfbB0rRQeMVDv5rvtWlRb6jggycZcfVH2Zxe1ggjRoWT+mUMyIuC4L8MPe6JcZJljbN57499QRZfZM+EfqVT2lkvGokQNyHPF5cpbezbZAFkQCIBwF6C3laPAkwb2Kgk44yf+umznl6hNm8B8JLmkYmLQVZOlyZ++tscPrmD4CQxKJmlawZ8DVODfz8rVrwsd9CLfBd/Fn6iSnJo0=
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: keycloak-credentials
+      namespace: keycloak
--- a/keycloak/values.yaml
+++ b/keycloak/values.yaml
@@ -0,0 +1,114 @@
+keycloak:  
+
+  global:
+    storageClass: longhorn
+
+  image:
+    registry: docker.io
+    repository: bitnami/keycloak
+    digest: ""
+    pullPolicy: Always
+    pullSecrets: []
+    debug: false
+  auth:
+    adminUser: user
+    existingSecret: "keycloak-credentials"
+    existingSecretPerPassword: {}
+
+  replicaCount: 1
+
+  containerPorts:
+    http: 8080
+    https: 8443
+
+  podSecurityContext:
+    enabled: true
+    fsGroup: 1001
+
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    runAsNonRoot: true
+
+  resources:
+    limits: {}
+    requests: {}
+
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 300
+    periodSeconds: 1
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 1
+    failureThreshold: 3
+    successThreshold: 1
+
+  startupProbe:
+    enabled: false
+
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate: {}
+
+  service:
+    type: ClusterIP
+    http:
+      enabled: true
+    ports:
+      http: 80
+      https: 443
+  
+  ingress:
+    enabled: true
+    ingressClassName: ""
+    pathType: ImplementationSpecific
+    hostname: keycloak.durp.info
+    servicePort: http
+    annotations: 
+        cert-manager.io/cluster-issuer: letsencrypt-production
+        kubernetes.io/ingress.class: nginx
+    tls: 
+      - secretName: keycloak-tls
+        hosts:
+        - keycloak.durp.info
+    selfSigned: false
+    secrets: []
+    extraRules: []
+  
+  
+  serviceAccount:
+    create: true
+    name: ""
+    automountServiceAccountToken: true
+    annotations: {}
+    
+  postgresql:
+    enabled: true
+    auth:
+      username: bn_keycloak
+      database: bitnami_keycloak
+      existingSecret: "keycloak-credentials"
+    architecture: standalone
+
+  externalDatabase:
+    host: ""
+    port: 5432
+    user: bn_keycloak
+    database: bitnami_keycloak
+    password: "password122"
+    existingSecret: ""
+    existingSecretPasswordKey: ""
+  
+  cache:
+    enabled: false
+  
+  logging:
+    output: default
+  
--- a/kong/Chart.yaml
+++ b/kong/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: kong
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "0.1.0"
--- a/kong/templates/configmap.yaml
+++ b/kong/templates/configmap.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+data:
+  config.yaml: "_format_version: \"2.1\"\n\nservices:\n  - name: random-cats\n    url:
+    https://aws.random.cat/meow\n    routes:\n      - name: random-cats-route\n        paths:\n
+    \         - /random-cats\n\n  - name: urban-dictionary\n    url: https://api.urbandictionary.com\n
+    \   routes:\n      - name: urban-dictionary\n        paths:\n          - /urban-dictionary\n\n
+    \ - name: cat-facts\n    url: https://catfact.ninja/\n    routes:\n      - name:
+    cat-facts\n        paths:\n          - /cat-facts\n\n  - name: random-meme\n    url:
+    https://meme-api.herokuapp.com/gimme\n    routes:\n      - name: random-meme-route\n
+    \       paths:\n          - /random-meme    \n\n  - name: yomama\n    url: https://api.yomomma.info/\n
+    \   routes:\n      - name: yomama-route\n        paths:\n          - /yomama        \n\n
+    \ - name: dadjoke\n    url: https://icanhazdadjoke.com/\n    routes:\n      -
+    name: dadjoke\n        paths:\n          - /dadjoke    \n\n  - name: random-dogs\n
+    \   url: https://dog.ceo/api/breeds/image/random\n    routes:\n      - name: random-dogs\n
+    \       paths:\n          - /random-dogs   \n\n  - name: geekjoke\n    url: https://geek-jokes.sameerkumar.website/api?format=json\n
+    \   routes:\n      - name: geekjoke\n        paths:\n          - /geekjoke     \n
+    \           \n  - name: ronswanson\n    url: https://ron-swanson-quotes.herokuapp.com/v2/quotes\n
+    \   routes:\n      - name: ronswanson\n        paths:\n          - /ronswanson
+    \      \n\n  - name: foaas\n    url: http://foaas.com/\n    routes:\n      - name:
+    foaas\n        paths:\n          - /foaas  \n\n  - name: dnmss\n    url: http://192.168.1.120:30985\n
+    \   routes:\n      - name: dotnet-microservices-services\n        paths:\n          -
+    /dnmss  \n\n\n\n          \n"
+kind: ConfigMap
+metadata:
+  creationTimestamp: "2022-04-15T02:44:07Z"
+  name: kongconfig
+  namespace: kong
--- a/kong/templates/deployment.yaml
+++ b/kong/templates/deployment.yaml
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: kong
+  name: kong
+  labels:
+    app: kong
+spec:
+  selector:
+    matchLabels:
+      app: kong
+  #replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kong
+    spec:
+      containers:
+      - name: kong
+        image: kong
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: 1000m
+          requests:
+            cpu: 100m     
+        env:
+          - name: KONG_DATABASE
+            value: 'off'
+          - name: KONG_NGINX_WORKER_PROCESSES
+            value: "1"
+          - name: KONG_LOG_LEVEL
+            value: notice
+          - name: KONG_ADMIN_ACCESS_LOG
+            value: /dev/stdout
+          - name: KONG_PROXY_ERROR_LOG
+            value: /dev/stderr
+          - name: KONG_ADMIN_ERROR_LOG
+            value: /dev/stderr
+          - name: KONG_ADMIN_LISTEN
+            value: '127.0.0.1:8001'
+          - name: KONG_PROXY_LISTEN
+            value: 0.0.0.0:8000,0.0.0.0:8443 ssl
+          - name: KONG_DECLARATIVE_CONFIG
+            value: /kong/config.yaml
+        volumeMounts:
+          - name: kongconfig
+            mountPath: /kong
+        ports:
+        - name: data-http
+          containerPort: 8000
+        ports:
+        - name: data-https
+          containerPort: 8443          
+      volumes:
+      - name: kongconfig
+        configMap:
+          name: kongconfig
--- a/kong/templates/ingress.yaml
+++ b/kong/templates/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kong-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    external-dns.alpha.kubernetes.io/hostname: kong.durp.info
+spec:
+  rules:
+  - host: kong.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: kong
+            port: 
+              number: 80              
+  tls:
+    - hosts: 
+      - kong.durp.info
+      secretName: kong-durp-tls      
--- a/kong/templates/namespace.yaml
+++ b/kong/templates/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kong
--- a/kong/templates/service.yaml
+++ b/kong/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kong
+spec:
+  ports:
+  - name: kong-proxy-http
+    port: 80
+    targetPort: 8000
+    protocol: TCP
+  - name: kong-proxy-https
+    port: 443
+    targetPort: 8443
+    protocol: TCP    
+  selector:
+    app: kong
--- a/kube-prometheus-stack/Chart.yaml
+++ b/kube-prometheus-stack/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: kube-prometheus-stack
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: kube-prometheus-stack
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 40.1.2
--- a/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
+++ b/kube-prometheus-stack/templates/grafana-secrets-sealed.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: grafana-admin-credentials
+  namespace: kube-prometheus-stack
+spec:
+  encryptedData:
+    admin-password: AgBJ8Qa8+CHmx8Su56BA/ikKb2nPFyyYkc2LBffuHKwHgeSNI6LfriTIS+UJgaq7fn2q0p/c4RO7jVtNC1q9hCgqNiyqHcHAtr1+j5ByviK1/v8FVjnT4vsdFuadOv9HdFI87sUx18r0n07u9BzH0G1MB6Tuc6M/OQjPGf2GOxW+muLiqO16BzsFu4eQyv3SlYSTH8EtlBhLVIZgF6n0J0da0KLJYwzhMulkMmq89oIg17TtNQTFU1zNgO+s2j2SxbCvS5NhlosMWQe1SdD+WCClsW7hwlqzKNZtYga6wIQjDYtGCGpLlr8X355se2kKzr4toyAnMnigx85dxMBGj9WizgBa28zuTWCR5RuNqFN9S1jvqL4PtXrgeUcic1WxRICYUD4IJ/uxvBTEdoXMlPnTo3qCgFMWVET+haCq27VdqFsa+zdcEBOHfXJffoX/fulit0C4tvyyGaTjRET43VRedICfadSHAOcmLDEe4QGd7Q2EYG4cY9AYPZeA42jCXVN4vOql2Dr2KoJgNmeKdHxiLegUhTeLZQ34YkOZaYvdM7dHesrjV8Eh0cZ72dqXm+uZbfeGlhFcA0lvY96F9R6BlLnuwzyb5HAvAgALymjP4UbDcx6Ux5EAvdZl+vMA6JW9WzwhNMK84WHuKRpFeqIpHL7EJWagcvSCcynRu81B3oWkn3KypAPXJ4jCHg2t5QJ9HurA+piKjJCGfAU=
+    admin-user: AgBq9gHXDVp2f949tDjHC9pBG1YC/YcQcY23HHIKxf7UZRvlwoQwI1Qfc+J1hM8At2UURd8/rsKlp/itaFFpMqxfbNQAtZMzzAUHwpoyhDlOxTUmsX4XSFEZgWbH8tAxy3LeKEnOedx+12hqrPzUgLTMns4GVyEySqQyA6rTAfiohRyqt4MzTdUUs16+L2L3+clDDi5/srt0kfLF9yHSUrMwfGS7KyDBkYk7ppj7TEHHoedxaPI7917L+a15qq4RMLMiBd5cLwGOnncFFT5UiTphc7l9IDa9W6jbTpEt2YS0y/h7RHRU3XDZKaUma1mIloYjHqk96Fr1+2AoDEwlj4gnPX04oeYohnakETMM9yX7wwlBweijMOXdMmT375/k9SkwPFNLmwfXIRAyaBpHIYEsAx1LPFyE2HkUpnawTY3aQ3AYkqDsd/CYWLxbhBymYciPVbjshdUYiluwVn8Prqv8CCC5tjFznKHqZztz65etyhWpkqZDiHkgEmeJySeamvh+LtlkQa0vAxZxO86N3+UDiDCHIhVbjP4kvIxPx3R5jpBkjbwdSdDsHHgyqQons2zCXcXxuq+ie7+iUrXQmbNplK9m8h0SSomYr1Zr0C1FGn1f64iHoVCk+3v9Be5sHDDTUTEiBSa4W01ZDw9oaIfDdPW8KhEm27e/L9DIIEt+jlRSciLGWSvIRU78ZLX4Gl5WkpRgH15u5VL9j+ML
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: grafana-admin-credentials
+      namespace: kube-prometheus-stack
+
--- a/kube-prometheus-stack/values.yaml
+++ b/kube-prometheus-stack/values.yaml
@@ -0,0 +1,208 @@
+kube-prometheus-stack: 
+  fullnameOverride: prometheus
+
+  defaultRules:
+    create: true
+    rules:
+      alertmanager: true
+      etcd: true
+      configReloaders: true
+      general: true
+      k8s: true
+      kubeApiserverAvailability: true
+      kubeApiserverBurnrate: true
+      kubeApiserverHistogram: true
+      kubeApiserverSlos: true
+      kubelet: true
+      kubeProxy: true
+      kubePrometheusGeneral: true
+      kubePrometheusNodeRecording: true
+      kubernetesApps: true
+      kubernetesResources: true
+      kubernetesStorage: true
+      kubernetesSystem: true
+      kubeScheduler: true
+      kubeStateMetrics: true
+      network: true
+      node: true
+      nodeExporterAlerting: true
+      nodeExporterRecording: true
+      prometheus: true
+      prometheusOperator: true
+
+  alertmanager:
+    fullnameOverride: alertmanager
+    enabled: true
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
+        kubernetes.io/ingress.class: nginx
+        nginx.ingress.kubernetes.io/auth-response-headers: Authorization
+        nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth
+        nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args        
+      hosts:
+        - alertmanager.durp.info
+      paths: 
+        - /
+      tls: 
+      - secretName: alertmanager-tls
+        hosts:
+        - alertmanager.durp.info
+  grafana:
+    enabled: true
+    fullnameOverride: grafana
+    forceDeployDatasources: false
+    forceDeployDashboards: false
+    defaultDashboardsEnabled: true
+    defaultDashboardsTimezone: utc
+    serviceMonitor:
+      enabled: true
+    admin:
+      existingSecret: grafana-admin-credentials
+      userKey: admin-user
+      passwordKey: admin-password
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
+        kubernetes.io/ingress.class: nginx
+      hosts:
+        - grafana.durp.info
+      paths: 
+        - /
+      tls: 
+      - secretName: grafana-tls
+        hosts:
+        - grafana.durp.info      
+
+  kubeApiServer:
+    enabled: true
+
+  kubelet:
+    enabled: true
+    serviceMonitor:
+      metricRelabelings:
+        - action: replace
+          sourceLabels:
+            - node
+          targetLabel: instance
+
+  kubeControllerManager:
+    enabled: true
+    endpoints: # ips of servers 
+      - 192.168.20.121
+      - 192.168.20.122
+      - 192.168.20.123
+
+  coreDns:
+    enabled: false
+
+  kubeDns:
+    enabled: false
+
+  kubeEtcd:
+    enabled: true
+    endpoints: # ips of servers
+      - 192.168.20.121
+      - 192.168.20.122
+      - 192.168.20.123
+    service:
+      enabled: true
+      port: 2381
+      targetPort: 2381
+
+  kubeScheduler:
+    enabled: true
+    endpoints: # ips of servers
+      - 192.168.20.121
+      - 192.168.20.122
+      - 192.168.20.123
+
+  kubeProxy:
+    enabled: true
+    endpoints: # ips of servers
+      - 192.168.20.121
+      - 192.168.20.122
+      - 192.168.20.123
+
+  kubeStateMetrics:
+    enabled: true
+
+  kube-state-metrics:
+    fullnameOverride: kube-state-metrics
+    selfMonitor:
+      enabled: true
+    prometheus:
+      monitor:
+        enabled: true
+        relabelings:
+          - action: replace
+            regex: (.*)
+            replacement: $1
+            sourceLabels:
+              - __meta_kubernetes_pod_node_name
+            targetLabel: kubernetes_node
+
+  nodeExporter:
+    enabled: true
+    serviceMonitor:
+      relabelings:
+        - action: replace
+          regex: (.*)
+          replacement: $1
+          sourceLabels:
+            - __meta_kubernetes_pod_node_name
+          targetLabel: kubernetes_node
+
+  prometheus-node-exporter:
+    fullnameOverride: node-exporter
+    podLabels:
+      jobLabel: node-exporter
+    extraArgs:
+      - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
+      - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
+    service:
+      portName: http-metrics
+    prometheus:
+      monitor:
+        enabled: true
+        relabelings:
+          - action: replace
+            regex: (.*)
+            replacement: $1
+            sourceLabels:
+              - __meta_kubernetes_pod_node_name
+            targetLabel: kubernetes_node
+    resources:
+      requests:
+        memory: 512Mi
+        cpu: 250m
+      limits:
+        memory: 2048Mi
+
+  prometheusOperator:
+    enabled: true
+    prometheusConfigReloader:
+      resources:
+        requests:
+          cpu: 200m
+          memory: 50Mi
+        limits:
+          memory: 100Mi
+
+  prometheus:
+    enabled: true
+    prometheusSpec:
+      replicas: 1
+      replicaExternalLabelName: "replica"
+      ruleSelectorNilUsesHelmValues: false
+      serviceMonitorSelectorNilUsesHelmValues: false
+      podMonitorSelectorNilUsesHelmValues: false
+      probeSelectorNilUsesHelmValues: false
+      retention: 6h
+      enableAdminAPI: true
+      walCompression: true
+
+  thanosRuler:
+    enabled: false
--- a/littlelink/Chart.yaml
+++ b/littlelink/Chart.yaml
--- a/littlelink/templates/deployment.yaml
+++ b/littlelink/templates/deployment.yaml
@@ -0,0 +1,97 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: littlelink
+  name: littlelink
+  labels:
+    app: littlelink
+spec:
+  selector:
+    matchLabels:
+      app: littlelink
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: littlelink
+    spec:
+      containers:
+      - name: littlelink
+        image: ghcr.io/techno-tim/littlelink-server:latest
+        imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthcheck
+            port: 3000
+        readinessProbe:
+          httpGet:
+            path: /healthcheck
+            port: 3000            
+        env:
+          - name: META_TITLE
+            value: DeveloperDurp
+          - name: META_DESCRIPTION
+            value: The Durpy Developer
+          - name: META_AUTHOR
+            value: DeveloperDurp
+          - name: LANG
+            value: en
+          - name: META_INDEX_STATUS
+            value: all
+          - name: OG_TITLE
+            value: DeveloperDurp
+          - name: OG_DESCRIPTION
+            value: DeveloperDurp
+          - name: OG_URL
+            value: https://gitlab.com/developerdurp
+          - name: OG_IMAGE
+            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
+          - name : OG_IMAGE_WIDTH
+            value: "400"
+          - name : OG_IMAGE_HEIGHT
+            value: "400"
+          - name : THEME
+            value: Dark 
+          - name : FAVICON_URL
+            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
+          - name : AVATAR_URL
+            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
+          - name : AVATAR_2X_URL
+            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png   
+          - name : AVATAR_ALT
+            value: DeveloperDurp Profile Pic
+          - name : NAME
+            value: DeveloperDurp
+          - name : BIO
+            value: Sup Nerd,
+          - name : BUTTON_ORDER
+            value: GITHUB,GITLAB,REDDIT,WEBSITE,EMAIL
+          - name : GITHUB
+            value: https://github.com/DeveloperDurp
+          - name : GITLAB
+            value: https://gitlab.com/developerdurp
+          - name : REDDIT
+            value: https://www.reddit.com/user/DeveloperDurp 
+          - name : EMAIL
+            value: DeveloperDurp@durp.info
+          - name : EMAIL_TEXT
+            value: DeveloperDurp@durp.info            
+          - name : FOOTER
+            value: DeveloperDurp © 2022         
+          - name: CUSTOM_BUTTON_TEXT
+            value: Website
+          - name: CUSTOM_BUTTON_URL
+            value: https://developerdurp.durp.info/
+          - name: CUSTOM_BUTTON_COLOR
+            value: '#000000'
+          - name: CUSTOM_BUTTON_TEXT_COLOR
+            value: '#ffffff'
+          - name: CUSTOM_BUTTON_ALT_TEXT
+            value: Tech documentation site for my videos and more
+          - name: CUSTOM_BUTTON_NAME
+            value: WEBSITE
+          - name: CUSTOM_BUTTON_ICON
+            value: fas file-alt                        
+        ports:
+        - name: http
+          containerPort: 3000          
--- a/littlelink/templates/ingress.yaml
+++ b/littlelink/templates/ingress.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: littlelink-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  rules:
+  - host: links.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: littlelink
+            port: 
+              number: 80          
+  tls:
+    - hosts: 
+      - links.durp.info
+      secretName: links-durp-tls      
--- a/littlelink/templates/service.yaml
+++ b/littlelink/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: littlelink
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 3000
+    protocol: TCP 
+  selector:
+    app: littlelink
--- a/longhorn-system/Chart.yaml
+++ b/longhorn-system/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: longhorn-system
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/longhorn-system/templates/deployment.yaml
+++ b/longhorn-system/templates/deployment.yaml
--- a/longhorn-system/templates/ingress.yaml
+++ b/longhorn-system/templates/ingress.yaml
@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    #nginx.ingress.kubernetes.io/auth-response-headers: Authorization
+    #nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/oauth2/auth
+    #nginx.ingress.kubernetes.io/auth-signin: https://oauth.durp.info/oauth2/start?rd=https://$host$request_uri$is_args$args
+    #nginx.ingress.kubernetes.io/auth-signin: "https://oauth.durp.info/oauth2/start?rd=https://longhorn.internal.durp.info"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+spec:
+  rules:
+  - host: longhorn.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: longhorn-frontend
+            port: 
+              number: 80         
+  tls:
+    - hosts: 
+      - longhorn.internal.durp.info
+      secretName: longhorn-tls
+
--- a/longhorn-system/templates/longhorn-minio-sealed.yaml
+++ b/longhorn-system/templates/longhorn-minio-sealed.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: longhorn-backup-token-secret
+  namespace: longhorn-system
+spec:
+  encryptedData:
+    AWS_ACCESS_KEY_ID: AgBymd0rPV936HYhBzhVoS9+yyJUUnmvFR3Z8a69J5gYILnwwLYpTLNwrNt442S0/gqmsH6ndU2l3SoCxXGdv/yf4WUIA2v++IclJFhSGmvzxqv+UKM6KzLJ6ECaibVcBOhJxYbmwG+qkNjhTKn9CK2IJx5xN4p0WQL/aU8DZYnb3YB/bZscQlZVzJ+27QCeU0SDOIV3b7X56hz+075bo1awHnKc1uvnxe9uz+Lr5UipJhrSM/IHFfFhtl5SyPRyF6Tz0LGRrxd9uKPy1MAoEnYXO9MvoUJi1DEGtbZnp8QH1WCpu+Hl+gyKnkqJh+mmkdxcCqo36fTHbSA7acQ/rtzYYnJbLXg5vy3GxfN1MByVE5yg9CLiAu7CPl4hMwlR5WM/obEHiMEKl5ukzjTI4MN4eF/NZNwC/8kmGnoyNL2EQJHPFj1VpQk7CuKKNO/YDD2DGh0Hw1ysTiAXUV1u5sM6k5MzdmG16zddbK5jdZw09SfoprwMWxFDQrPFDRF1H0rbGurLf/1BxaRn34Klz+mAKDARtxZ5PyLn2WDbuoF79Odwt3dqHbXqXTGJvqb7A2wUe+2eDpcR0bv8ruwq8E4MfJLoDahgEH4NXYwvF/6OS0oUEpfQaHzA4C63y9Vs2w9kUopFwNRa/vRUlxXv8ZIHsIUVnWkQycrukE9fzO+5Dlp/uYT7yhltJjRgBWx8qzsXz9v3ebEnut1Smiv3LyaF
+    AWS_ENDPOINTS: AgCVb6ge099ScIfgWttv+Pj/s9UP5JNWQRValqTCYOVgenbIcNZC9YkYSItg2QQQpZaGcbp4URxHJJd6fLarZNjXrdWaqIRMzWiyhLmGWsMfyhmYNhzsq8vzZEjYX/9GhsJyZRP3fz8lm6YojBSUJ60hOc5jRCbqtS5EJjUkkH7zwRdt1iKueNkjc9EnkhS/bs/x4BcwNiAPYCfUoyOWFtyZXQnGUFZgGqcFbkam3K/NrbahnckHdGCZAdDH5h4DTv/EZzU9tsHFl4oxlzYNQzm3xjMe2JrftJBAAv3Nfqlo4PXA9q+FURhGhSTwSfRWDEWlLDRnEVWTGGeNT2SBQCdrcV3MzhC49mbD0X/jGMJlbtl5ol5N7bN5Ft3X5zVpATHT2d+3SkByt1nL/aTa2VKoGwUUnkaEs2BkPVD3ErzWlHiDkVROgRAdhCx8LNGJP57Li7lmvc1JeH0map4RpfW72CRiGTnCicIS9663VZErHbNKNhun3YbS+GykLFURUu6l47c5RX1qiF3TOYbFA+SocBUUoe6OzgIKSiU35F0wHH0S2CwOx9qfl2JAKyAdRcsDCEdh/0ZWmCU5Oloml9Igooirt41tbEMV/IqvHO8EGNX+Xgt7IcLJ56yzoAs8Ng1oTFERu4FjjNnpQr4ph2s/TZsutls9VgagJs/U0TcCyib+olWCCweW5YAH0VLOkYF6CCJO67+kI6Rw0yuF1yisgrYVCNbHx1wRFg==
+    AWS_SECRET_ACCESS_KEY: AgA4GmNtldp7PK35ra7HwavACWRZ03jr/3GLAiEB/Ff5Cmc0A3cjj+Mb4/+xUf11DS07AWlCs3aIcnyQ7DRtdQChIUK1ZYnDRPMBz/uH6BbIrWlqlDz5wRg5GZ5pUrK9hHxa9cj3MBaJIjl5WnPuFszFwz2y5LkeghiVIsy4zgFbvKyyE4HNR2lZFmzihH384JlYhm60zXu8+nTvIlRx/8AHxLvnXCld94odbSzd91+Vj5FN6I+05BiGqlAM4jzU9eUBKMckOKig22JXQIPIeMjYUh59J59OPK3UxC/+SFUWcr4hZBskM9KLF9OCb145C73yZBNFBkE4VgoKb+YcvgzdS6NrzzId+E22lubwEBHN8SYpWFihtZmjUzg/Dx0/w5IDkXROUK0zuxuj67OuzLFkgBR0F7+yqZXsf5ysYhW1z3ibeppfhzTTwiwN2JdWLc+fAt0UsHWv9GH7+ryGQ/Yq+w/3o6wWcBWCe5CU7bEu4rDQ8hdrwftTvBYrQziU4PaAk9AOMg0tMoGPWv06Kzf7wTPhVTAxdBuOMJNmkWDzs0RIMEf0V+MyVqZ36TlSg45RriX+Zv7TUnkrHiuhBFtkFj2muCP9SeaoPxFn4YGT2J4p3LNYY/2YGhaofQYFbmyb2IFSGViLe5jf0M4vM2i08CvKT1hH8cX6agEYK/TOU1DXkLPz6F2ir2W10v6AF2Eml94ZIFEB8jn5FKVHItnvYqEu+wB9wk0pCcQV4VDjQg==
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: longhorn-backup-token-secret
+      namespace: longhorn-system
+
--- a/longhorn-system/values.yaml
+++ b/longhorn-system/values.yaml
--- a/nextcloud/Chart.yaml
+++ b/nextcloud/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: nextcloud
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: nextcloud
+  repository: https://nextcloud.github.io/helm/
+  version: 2.14.4
--- a/nextcloud/templates/nextcloud-collabora-sealedsecret.yaml
+++ b/nextcloud/templates/nextcloud-collabora-sealedsecret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: nextcloud-collabora-secret
+  namespace: nextcloud
+spec:
+  encryptedData:
+    password: AgBHS1Yl8mvZfZglullA/fi0ocDeWviz1XwGmxA+wn/b/9HZJLK/pv3UWg6nn0N6iofM7h3ycuny4lN6G8m+AYzUzV3pPwGLIHT4JL8idFBQ9iS4pTClLWo/Zsqsa2hsZ0vCS4g5Iq1oLixrSXl/s4CGTLyKmeCyAiQDCPLRCV30hlyud3K4zVmMCP+5DMjYx99CWDyscotM/EhmSA7s2w14gMdFQSppOO792rBf/fEe/DDDIYtF4KNSvEfo2lZ9CJwYTOmXRMsx1bRT8K6sVzTBgHNKRuzYq3a3yrH+CMLJVBvlidGBTUBx9nJpvLdR+Uff3xdE5IPqxFZ4E2DvMOJ2u4leHOfrZFoDbRmM8c++RlE9Ri292lzQ9d4vIF9X7VbnnPNH2TEkqCNF2wC1HrbAEGwwNwsgamsFo2gmgRh2b8XWdIl5L59kkUuQpvTbCDsB7yvjnfz3gI6WUTw83MulMIaI+2jZLqKgHI5xGGO3J6MdP78r7XE+Ozm5Szz8/1Gl5RjWKV/1T9DKOwyVGoUt7ik8S/fgtaLjFayW67JOMq/p22trosSP+vIQb+eC4KGjwE4NHUPpCw0QiqbDJmOe9RPnfvLptiSOsj+ZRApuGx8w4pNzENb0jzr3oJDnKLOkAObQBUXd1xP/0wN4+PBERVUMKik79ETcodhz7I32npoBLcble5+n/bFUUj6MYVRBCAJbvMgKDWGUuRw=
+    username: AgA05h6kIDyC+1a+KGuYN2o2Bmt0GZDa2xZkzfxkDg42pZodsFm0rOC1lTLa8wLCpiY1k2+/jF/FSdhQH+jHJYcz1xmNLczjRHbZu0n2g7ydVEiHmIN2hM9M9O6y2J2jx6Huoi+316cophdnvis5gq86rDPG9Kpv6bI5dPFDkftVH8olmR/NrPFaRazJ806rv+holemy5XtZ2rFFWlXfpZKDWXBWjopP6pyQpVykSxAqFHBijVBTJ59TLx1FsZ9v4aYXzYtAhuIr1fMrsx8MmoG22rVTIiPvswa+GP+nvGGtUzjIkYhKWhKARMQWXwLT59iQ6FBivNzFqd3EOjVFkrjASwXsT6jnJSGt2oRMSErKyHBbT9gd4y8BPlKDEucBXRtZ0VYBDHqCfKdbHZw6wy3hmSkpUQxEzU2Ei/L5xfhlL0nm2t5ayfJCmrmpMe7j1uI9q8dveOka/An7pNxbzb73sPWKWD+OkDewCT+x+ZP7ADMU7KzG/CmbFjX3NR9Cqx6xRVGAB9TKO6SVuxas67m3nRnp9jDGx5L2fcDZIgU+be00DyOVNzow0LX65GpowJwbecr5EqoiltFHYl1qTX/ZuqOabNApEuxdNQgIYLo8wK8FtJlAH4gO/nTIu4LPtKFECU25eOWGHF0Nfq0E/hEe4/e2AwvXcNp77NXtNntSWITerMV89CCYLthGmq+QYSZW7rxJJg==
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: nextcloud-collabora-secret
+      namespace: nextcloud
+
--- a/nextcloud/templates/nextcloud-secret.yaml
+++ b/nextcloud/templates/nextcloud-secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: nextcloud-secret
+  namespace: nextcloud
+spec:
+  encryptedData:
+    password: AgBOUNFK0b3zuVDrnEYheTVavvADPFT4AAdFgffm2u0rG0lKi2n3EGkMYah23DWcQjFEBVWc4G3PReDxZv2+yrdp+GNSGwhzB8rGFYaqiuUu0Uvs7oB1juJpl5+CfiFgRHp/dqvQDE9R6AqXl75r07kPB+naraE0eLKeTY5wX2hc4bJBkZ9/qraxeBwiOMm+FP3MiF6nDWDJXwMEk5H7RrwAnUnwy/VZEab5CmDlLOqNvNoAI0+Ne+LiIZ9s4uSuvqKV5hsPbu9sbSC5WSJBxLm3BgfFqZE5yPojOo3f9YGNm598G9dszEC+9rQvyug3oZqL3tspg4f88r1l8NZ4MYGMv5S+lWcrP3L0XuLR+NBd7GDKgD5F3RpJ3na0yB0mRAp4lvYbGbiTfYQ0j4OzRmNj3OMF4N1Qoy1MCb2cRG/tyAvTTB7WWfLcFLFcbyrJMPaXlEQk6FGQMkJKdF9p2s9QVmRvh+fl8+cLJC4n1xldWz39NMK6VTaNNwtfUGesmqpqZNtVL+6dk2yGIn5lIiPkhEhzp+ATObKHfqqVjX2jKeZIjJ2tSGA5OeBC55QdsC5AUb2xSPo/hG+dYETXuBm661cEvYqaSKVOI2ySRNUC+1qvp73UMt7Zefo8R8wX8pHN8CVqjNSIpCGogu3qsz2tNDXXfKA08ZKMTr4AVDycFUPMJiXuu55dPu1CFqFEtiHRQ+9Wqr1rdP0jmew=
+    username: AgBpgrxTAt1QacTvCHENfCpNu9lPTsKgBCjuwprk2Mw5vnN0s8CjwLSqDf8sWCbr36H1c1OMGgeM8YT40HuabusaPgc0voSKKo3cdfB7+r/SsBvhwWlZwUXECxgpbRb4YbAl4tJy7tPw70F3ii4eZgdS8ZyLNAM/yIlnb8yTJjQ6ck+hQgvTjRP0k/jEL9GqMA8SbEj7ezPWH8zPzlt0z8i4THxbhQuy1yppiNjj1ddquvLZ7nCofk2Av56C8MYEPnsAZtxH8zoZJwcmeamm4oF+cSPJrm+kEFputdDCW++mToMgK31XApnQ8tac/DYEGTl4a1zewJvodPq+m7XqWKHomqU4DSXyJk68bPhWNUiJQxWmhzFdo83y1HYOEZPyZkSKDw2ZeCZvPHbfi0iWhLoU/hyZ+VNfiiobbYHieVv99kHNhnGY8r3X3YMxr1BencIxqZZIBC/Y8A7tgmJonYm61EW3hyu2LLhNbv1dwLHCYmo4OZVqhHV/jH9895YzAnAeZ0hjl3yn+OnRzz10MZ7omwjPGqSSFZi/8obEl7LfnztdbZMf7S1MktR1nI/DxtO8yKwLFaUw6eqm9d+H1WDpETAuM5wcpHic+S2SaygFb8gfPLhX6IyN7YbUOCztKzX0KpmeCuO7WJDxnBDpvXOxFO6/8hmw3bNVpy7Cn87OQ7pSJSLAFWkCvTtOzuuia8cWzyPDEeiA9G4doyKH
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: nextcloud-secret
+      namespace: nextcloud
+
--- a/nextcloud/templates/sealedsecret.yaml
+++ b/nextcloud/templates/sealedsecret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: nextcloud-db-secret
+  namespace: nextcloud
+spec:
+  encryptedData:
+    MYSQL_PASSWORD: AgAVuNAp+rTG09UM80k/f1OpWk9dclyrMjOKoln3K8vCM6RXPhtBQyv+s78SpbgNnpNPcZk/l8nVop6BOh4n6rzftkuRDeDg6OgcVIxEFVe7U59XSNkF7p/IMTDQGTiZBVv5ChpaxLsEbTOIN09pOLs7ID/n8D9LliKeCLf0spO1XJt4RRsBHsKO2SyPaF1RU78fwHYWKsEsSVMWKcCkRRMFAYGBcXTtqDxpGmaPpaTRzg0kvvnMzPdDFwWB0Pn5MAO69tKj2vg8LAF1uqmFBusb6hLsFt5pkHexFViWcD2nz4NW68R0rMFiZ54ISJMLB2xsSNXV0bmBiAr+JI20Xs/XK6UzwEmUSt+Y6qYojTD+AuasgCMgDWwT5eCwYz6/cQc5FR286sF7K8eQqdtQKA6UltA2LDHjizlo0Mxkfw7MGGO7RuBMt6ryGAf+I9b8VZtRLEhfGI/KlGLS68KRKf5Cq23LrHcgQ1XrEk8LbA/oApcFbTJO/wt8kGn8PSX0xE083z8j/czXIlKHElK67xtu4G3dRP+04l41tMmKiotTKzrwI9zk1GeZq5GoPPXv4IwmQW00HKNLv+J4K7eJuoIUHumCkFuSmLU4cW7wokhP/gkk9Cg4uL53OcjGxV65Srv7o+NfSvhKG/kFFRQAW8xiL40mN+Uewv0QdaFMt6Ga1YCsNK+oHMAn8xR8IjWUDkE4BbGqura21GVUTtY=
+    MYSQL_ROOT_PASSWORD: AgBPkyMut8MyzO9yUuiAU033GYoSIfk3Rzsyh8akqLjy17eTOFMlG89Upaj9Vxiy8MzDd40UCSKMyd4/TissTuoeKj0stX7zHK8H6kE7dOQQ3tGuVj09hjdIaoupSyZjJvGNm5982+DK0W3nGYgB3uxi5+TnAQd6U+srJju8O52kx6QJPTYMOEhFp2ZfU3gMSSW6Nn4YE3X76yqPTg79C/tJJjimBZgLMak5daIAHnf/aT458RjHKUSwPMbG5lCkTaiJZ/QiKKgxY3sZ7PIfiEnG7B8RY6MB10PtqwAodOcU9l3pJe4zobgM5VJIZCi9Yr9vreAr0s3UqUzO5Lmht6due60G61HHfUyuUZqwOiR4G3pnpYrDP+baAVV5L+0NrhET1Md4mxM5UeWXfBBT8BCRG4dyutdjtsfQH3c0/m6rpQODTd+T5i929F2YsfNyzGIbDLqBlix0JKFT9Dj7GEQ5V5QNwiwbGrcok0rrQK+Pu+aOyEhkUs0Yz/A1jzikFLe0+VjIzNdXETXDlHmzkumgLyPQ39qRFeKAteHGentvZe5ACtemvggI97oEKsqoGgSmRv6bcPwoJmQiAoeDqiEKz4HYzVbZ9yAs9RVSV2o7ggMHL0zDlghm0L1oMkAoYJ8bUh+B1IE5+El/UZjr2Jmvf+bGZeoN3zVtqUsbOjvzWFcEWPGNUtSwvicrqVBTBSbGWup4jjZNJgHkxvs=
+    MYSQL_USER: AgAm+YFzVuzcBbGR/ZoK1J647a5XKMWA/LyrNy6l6C0tMRQaaOduwPmJb25E4KDiOJsoZZ8xBFbyVMEx/0l4bqnwYOJ8Qlq5teRT4Cb036Ptu50aa4EcCE3Zr5yMRNsQy9feod0aMQQEdx3PRjOZxpfVQRGiL6p5DIE9oNmbebB1rQbHx1d1B+PFE1PKYhDT/WSBrQhWW/DyXqc35vWf1+IKbokauFO0ffgpKu4rgO7bgSGbReY77P4tAld4jwKMU6JHbMVUWGg72oCmYuujT0cj13IU7xcT80C83+YIBz8J0u7PsX/zdtZ75cnMHP6ID61rYNAaQJtX5CJ7I9iS0ps8nBo7qeeLojErAjkusFxrmAUtFa+cOgCKlrbA/iVWz92sucRuRInqteHG7U6tqCTsWyNB0HO30OmQrj1OnNAxX0K8riYz7KRuB0+N2DRsKytHrzVozvLPRQgGdK55C5lkAqIkyPvPzf+wJc+C84rnlnQ+jFLbJM3h13EYTH62mEUB6qvdHHWcJfpvKr45rwkzKLY6QbZ1CToZTemGDZmRJIR9V+Md+K3V0hLmNJjmtNDnXHgIHxUtdzQ30teyZd/TyT/cLPhUs7hEmMXmJxbOb0SF5xP7IC2k0UP8y8y7NxdbBc3hqF5ClaxySyVEUoIeHxv6v/1h/BLpwnbx5ZU8S/RebneR76DAvQeo4sbU/9fqoJSMz2aF0Ck=
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: nextcloud-db-secret
+      namespace: nextcloud
+
--- a/nextcloud/values.yaml
+++ b/nextcloud/values.yaml
@@ -0,0 +1,142 @@
+nextcloud:  
+
+  image:
+    repository: nextcloud
+    flavor: apache
+    pullPolicy: Always
+
+  replicaCount: 1
+
+  ingress:
+    enabled: true
+    annotations:
+      nginx.ingress.kubernetes.io/proxy-body-size: 4G
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/cluster-issuer: letsencrypt-production
+      nginx.ingress.kubernetes.io/server-snippet: |-
+        server_tokens off;
+        proxy_hide_header X-Powered-By;
+        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
+        location = /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location = /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location = /robots.txt {
+          allow all;
+          log_not_found off;
+          access_log off;
+        }
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+          deny all;
+        }
+        location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
+          deny all;
+        }
+    tls:
+      - secretName: nextcloud-tls
+        hosts:
+          - nextcloud.durp.info
+    labels: {}
+    path: /
+    pathType: Prefix
+
+
+  nextcloud:
+    host: nextcloud.durp.info
+    existingSecret:
+      enabled: true
+      secretName: nextcloud-secret
+      usernameKey: username
+      passwordKey: password
+    
+    phpConfigs: {}
+
+    # For example, to use S3 as primary storage
+    # ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
+    #
+    #  configs:
+    #    s3.config.php: |-
+    #      <?php
+    #      $CONFIG = array (
+    #        'objectstore' => array(
+    #          'class' => '\\OC\\Files\\ObjectStore\\S3',
+    #          'arguments' => array(
+    #            'bucket'     => 'my-bucket',
+    #            'autocreate' => true,
+    #            'key'        => 'xxx',
+    #            'secret'     => 'xxx',
+    #            'region'     => 'us-east-1',
+    #            'use_ssl'    => true
+    #          )
+    #        )
+    #      );
+
+  internalDatabase:
+    enabled: true
+    name: nextcloud
+
+  externalDatabase:
+    enabled: false
+    type: mysql
+    host:
+    user: nextcloud
+    password:
+    database: nextcloud
+    existingSecret:
+      enabled: false
+      # secretName: nameofsecret
+      # usernameKey: username
+      # passwordKey: password
+
+  redis:
+    enabled: false
+    auth:
+      enabled: true
+      password: 'changeme'
+
+  service:
+    type: ClusterIP
+    port: 8080
+    loadBalancerIP: nil
+    nodePort: nil
+
+  persistence:
+    enabled: true
+    annotations: {}
+    storageClass: "longhorn"
+    accessMode: ReadWriteOnce
+    size: 50Gi
+
+  resources: {}
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+    # requests:
+    #  cpu: 100m
+    #  memory: 128Mi
+
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 30
+    successThreshold: 1
--- a/oauth2-proxy/Chart.yaml
+++ b/oauth2-proxy/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: oauth2-proxy
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: oauth2-proxy
+  repository: https://oauth2-proxy.github.io/manifests
+  version: 6.2.1
+
+
+
--- a/oauth2-proxy/templates/oauth-credentials.yaml
+++ b/oauth2-proxy/templates/oauth-credentials.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: oauth-credentials
+  namespace: oauth2-proxy
+spec:
+  encryptedData:
+    client-id: AgAaSZY4qz9DPg4c0qbdoLbvGkT9PU8I/qd7AVXf/povNcNICvQYih+gWX9xjZlHc6V50dNjzSOtEKHNOCvX08EYd89uOeUNGvaig12JkqQNJUUZcozCCz1MeKm4P0NRWExn9GVnc/pnweMS7RDX0dwzax0m3HgyX+3XRVxK5uT8+et8mbXZhTvAmOuzcEb0UQZMgFZtM6APDuKYqVmS4VabnesxRfrbS0eUut+K1s9oSd9ZFQBGgEMHdBxFVsws7mxJ+u4WaDrSJTtS4PMtDqZ9g6gWTs+4ttns/v4rlO4wcyuRUb2UjRAACCGN8DPDtze7htTcDVSqwODREXOPtcfJtEOLGWTx+jbJHmWFEBbEWtkfPjrQcAvvGdwS/QSAz7JFMwsO19uCLEzZYXWAejfvXgiqAaQEIn0uF42L6pZ+gIhRXN/fQYlCsA1x+MAKjoZvcoNM3nGfjLog7j3Hb0V7jAbmyEwSxAbEaNQAM+3lVzha/SPZMDYrE9JL1SpXO1C+vg0U6OWrxhN6eXiAhhXkrbRIe33gb5YnDJvvXvTo4nl+r0sC+Oar9yWWM05mjy/Mk7bQBhUWnhjnKGIG516tMPl0wZV6DgiXhgRCRG4ufYfH2kwBKrM5fHP5RsL1FcfBwMdJ3I3mAvwHTfBuRweOsbUgXGKORRZ5NtKK8TPEPOgEB4sJEkRy72TPoP7GawUCOhrAxr6r
+    client-secret: AgCWW9mPWGxp83RVnSwg5nKELRWKQg3gDtVY+40qTn/oRvFxkHwqmPA5lZCVcuumRX4QQNaz41Gi0DlFXMFGN5z+CwTBo854y4MsdiXk5Thu/4khl0SR2+rOlYhyifhWwIcSWt+4US11gT/4kh3dPrS+4RO7RvVBZ8m4k1mgku7qrqVBMfvZAcJGSViX7N6xb/BtkPMj3AqT10WK5m9J47Q6YF6Aw8smc6EfJwzHuJfq6eFO8Mj8/dPW2E74M9ZhFuuL5XVT/7/1TCa/k3fsEvVAcpAnaALPiZrd9dNOnBKRSVQP8XQxQ5IFcNGQQOjXffQnhMonLQJJo+HEAKSwoznQk3yCmCMRgWRkuj5NM/g2UxXLueCEVBI5PcSSq1BpSPFWyv8REVVf20SOYKS46tJ6eWbs8rV0dcvjp+6BzaGVGlFBJGBNqhAjPHF1uuTYDxbJmT+qbKpEJj0yXDGBrWKXjYTbPJ81J6daSlxtC5PGO5DrYz1sT+WjQtC/NOIa8/07Bkf6pBqjBZRI+/tItH+VjQdbOhyAY/B7Mr7N/daf1kFWQkQlYbf7BJrr9VZppNnUh+YdBZutVYPmaoiAYL0FtAZW4bRRtiTGIPFa63XdidPchROiWJAY7xI5RhoFKVKkfqufqT3N68wsOBgXjekfPZeZWkY+Rnk2DixlXoWC+IA9JUoCL4W9ubXT3ZyJdKnjdjcV04hxviP3HI2LVpJpzBJYPvMDIAnbJIxdAIlWGQ==
+    cookie-secret: AgAdo/PA4h8bOiV/SjHWuSml8piPV1Zub/YOCy19hGrwpSeRujTHBONEWB6mtgATYzbUL463603ifbs9cvCCVNbblB0FrEes45hnZ0XYOZSu4jlwltbkLTxChTkIXlVnxTUTpgUgY6vfzQRlGjPFN/Lsa3Dw3uYJ5xwTfS5Z4hF3AQZ/kokdlOdkqQJVGHWVI48gFHlOvHvJvAe6xzjtKryVH3xOOMXNFtkb0uTmw0+++n1S181UTAkUBT6EUdrqNrf04/YVfp/lPUn2MH/420175I3xB0Ez5S8SYyEHg4JuejbsyaSYkRhz2xZlJz62OGi99wSwx9Ocujp4R3UfIbTWBohIPLqgMlb4i6uiTgnGMQzkx/M9P0R/vMkyzdR5RScFWVI8PUAM5d4HbSae4Q2nToXGu9Yu9tNrvw/UylqdCJmS4P5ICnoRr+Zx1CejCFwZR47oF9sfeBZf4DboG3DMXFQ6j4namcG5syrrRxXCza8XhvRcd9ssl2DLddFznF7deFOFnd6Nueh1Eadw6kHcAOc4YyCIgzDbDGjRh22Ege1L92TWAzSNWoAJrcK/AFPrSSiDK6FZ6RP1LQaya6phEjBSooUmcKIM+SICz3xR+nI1puJQES8V70lnRvvQR442TJ1tw9iwgqYhS6uuKAioiLkNeSXTAN/x2BWEt7SIlsb2dyWdKoutprHE9JYmQcLcgeOWaMzQA4PC7OdnG8XiCEOA+WO20zTVgukcPZI7yA4kdaBU8SxfaeP5+Q==
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: oauth-credentials
+      namespace: oauth2-proxy
--- a/oauth2-proxy/values.yaml
+++ b/oauth2-proxy/values.yaml
@@ -0,0 +1,64 @@
+oauth2-proxy:
+
+  config:
+    existingSecret: oauth-credentials
+    configFile: |-
+      email_domains = [ "*" ]
+      upstreams = [ "file:///dev/null" ]
+      set_xauthrequest=true
+      pass_host_header=true
+      pass_user_headers=true
+      request_logging=true
+      cookie_secure=true
+
+  image:
+    repository: "quay.io/oauth2-proxy/oauth2-proxy"
+    pullPolicy: "Always"
+
+  extraArgs: 
+    provider: keycloak-oidc
+    redirect-url: https://oauth.durp.info/oauth2/callback/
+    oidc-issuer-url: https://keycloak.durp.info/realms/homelab
+    allowed-role: user
+
+  serviceAccount:
+    enabled: true
+    name:
+    annotations: {}
+
+  ingress:
+    enabled: true
+    path: /
+    pathType: Prefix
+    hosts:
+      - oauth.durp.info
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      kubernetes.io/tls-acme: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-production 
+    tls:
+      - secretName: oauth-tls
+        hosts:
+          - oauth.durp.info
+
+  resources: 
+    limits:
+      cpu: 100m
+      memory: 300Mi
+    requests:
+      cpu: 100m
+      memory: 300Mi
+
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 0
+    timeoutSeconds: 1
+
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 0
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+
+  replicaCount: 1
--- a/sealed-secrets/Chart.yaml
+++ b/sealed-secrets/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: sealed-secrets
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/sealed-secrets/templates/deployment.yaml
+++ b/sealed-secrets/templates/deployment.yaml
@@ -0,0 +1,252 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-service-proxier
+  name: sealed-secrets-service-proxier
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - sealed-secrets-controller
+  resources:
+  - services
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resourceNames:
+  - 'http:sealed-secrets-controller:'
+  - sealed-secrets-controller
+  resources:
+  - services/proxy
+  verbs:
+  - create
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-key-admin
+  name: sealed-secrets-key-admin
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secrets-unsealer
+subjects:
+- kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations: {}
+  labels:
+    name: secrets-unsealer
+  name: secrets-unsealer
+rules:
+- apiGroups:
+  - bitnami.com
+  resources:
+  - sealedsecrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - bitnami.com
+  resources:
+  - sealedsecrets/status
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  minReadySeconds: 30
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      name: sealed-secrets-controller
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations: {}
+      labels:
+        name: sealed-secrets-controller
+    spec:
+      containers:
+      - args: []
+        command:
+        - controller
+        env: []
+        image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
+        imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        name: sealed-secrets-controller
+        ports:
+        - containerPort: 8080
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1001
+        stdin: false
+        tty: false
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp
+      imagePullSecrets: []
+      initContainers: []
+      securityContext:
+        fsGroup: 65534
+      serviceAccountName: sealed-secrets-controller
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: tmp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: sealedsecrets.bitnami.com
+spec:
+  group: bitnami.com
+  names:
+    kind: SealedSecret
+    listKind: SealedSecretList
+    plural: sealedsecrets
+    singular: sealedsecret
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  ports:
+  - port: 8080
+    targetPort: 8080
+  selector:
+    name: sealed-secrets-controller
+  type: ClusterIP
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-service-proxier
+  name: sealed-secrets-service-proxier
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-service-proxier
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:authenticated
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-key-admin
+subjects:
+- kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
--- a/sealed-secrets/values.yaml
+++ b/sealed-secrets/values.yaml
--- a/uptimekuma/Chart.yaml
+++ b/uptimekuma/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: uptimekuma
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/uptimekuma/templates/deployment.yaml
+++ b/uptimekuma/templates/deployment.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: uptime-kuma
+  name: deployment
+spec:
+  selector:
+    matchLabels:
+      component: uptime-kuma
+  replicas: 1
+  strategy:
+    type: Recreate
+
+  template:
+    metadata:
+      labels:
+        component: uptime-kuma
+    spec:
+      containers:
+        - name: app
+          image: louislam/uptime-kuma:1
+          ports:
+            - containerPort: 3001
+          volumeMounts:
+            - mountPath: /app/data
+              name: storage
+          livenessProbe:
+            exec:
+              command:
+                - node
+                - extra/healthcheck.js
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3001
+              scheme: HTTP
+
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: storage
--- a/uptimekuma/templates/ingress.yaml
+++ b/uptimekuma/templates/ingress.yaml
@@ -0,0 +1,40 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/server-snippets: |
+      location / {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_cache_bypass $http_upgrade;
+        }
+  name: ingress
+spec:
+  tls:
+  - hosts:
+    - kuma.durp.info
+    secretName: kuma-tls
+  rules:
+  - host: kuma.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: service
+            port:
+              number: 3001
+
--- a/uptimekuma/templates/service.yaml
+++ b/uptimekuma/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:  
+  name: service
+spec:
+  selector:    
+    component: uptime-kuma
+  type: ClusterIP
+  ports:  
+  - name: http
+    port: 3001
+    targetPort: 3001
+    protocol: TCP
--- a/uptimekuma/templates/volume.yaml
+++ b/uptimekuma/templates/volume.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: storage
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
--- a/whoogle/Chart.yaml
+++ b/whoogle/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+name: whoogle
+description: A self hosted search engine on Kubernetes
+type: application
+version: 0.1.0
+appVersion: 0.7.2
+
+icon: https://github.com/benbusby/whoogle-search/raw/main/app/static/img/favicon/favicon-96x96.png
+
+sources:
+  - https://github.com/benbusby/whoogle-search
+  - https://gitlab.com/benbusby/whoogle-search
+  - https://gogs.benbusby.com/benbusby/whoogle-search
+
+keywords:
+  - whoogle
+  - degoogle
+  - search
+  - google
+  - search-engine
+  - privacy
+  - tor
+  - python
--- a/whoogle/templates/deployment.yaml
+++ b/whoogle/templates/deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: whoogle
+  labels:
+    helm.sh/chart: whoogle-0.1.0
+    app.kubernetes.io/name: whoogle
+    app.kubernetes.io/instance: whoogle
+    app.kubernetes.io/version: "0.7.2"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: whoogle
+      app.kubernetes.io/instance: whoogle
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: whoogle
+        app.kubernetes.io/instance: whoogle
+    spec:
+      serviceAccountName: whoogle
+      securityContext:
+        {}
+      containers:
+        - name: whoogle
+          securityContext:
+            runAsUser: 0
+          image: "benbusby/whoogle-search:0.7.2"
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: 1000m
+            requests:
+              cpu: 100m
+          ports:
+            - name: http
+              containerPort: 5000
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
--- a/whoogle/templates/ingress.yaml
+++ b/whoogle/templates/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: whoogle
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+spec:
+  rules:     
+  - host: whoogle.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: whoogle
+            port: 
+              number: 5000                                
+  tls:
+    - hosts: 
+      - whoogle.durp.info
+      secretName: whoogle-tls
--- a/whoogle/templates/service.yaml
+++ b/whoogle/templates/service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: whoogle
+  labels:
+    helm.sh/chart: whoogle-0.1.0
+    app.kubernetes.io/name: whoogle
+    app.kubernetes.io/instance: whoogle
+    app.kubernetes.io/version: "0.7.2"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5000
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: whoogle
+    app.kubernetes.io/instance: whoogle
--- a/whoogle/templates/serviceaccount.yaml
+++ b/whoogle/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: whoogle
+  labels:
+    helm.sh/chart: whoogle-0.1.0
+    app.kubernetes.io/name: whoogle
+    app.kubernetes.io/instance: whoogle
+    app.kubernetes.io/version: "0.7.2"
+    app.kubernetes.io/managed-by: Helm