Update Chart

argocd/Chart.yaml

@@ -9,6 +9,6 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
   repository: https://argoproj.github.io/argo-helm
-  version: 6.11.1
+  version: 6.7.11
 
 

argocd/templates/InternalProxy.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/internalproxy
+    targetRevision: dev
+    path: internalproxy
     directory:
       recurse: true
   destination:

argocd/templates/argocd.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/argocd
+    targetRevision: dev
+    path: argocd
   destination:
     namespace: argocd
     name: in-cluster
@@ -18,42 +18,3 @@ spec:
       selfHeal: true  
     syncOptions:
       - CreateNamespace=true 
-
----
-
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: argocd-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`argocd.internal.durp.info`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: argocd-server
-          port: 443
-          scheme: https
-  tls:
-    secretName: argocd-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: argocd-tls
-spec:
-  secretName: argocd-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "argocd.internal.durp.info"
-  dnsNames:
-    - "argocd.internal.durp.info"

argocd/templates/authentik.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/authentik
+    targetRevision: dev
+    path: authentik
   destination:
     namespace: authentik
     name: in-cluster

argocd/templates/bitwarden.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/bitwarden
+    targetRevision: dev
+    path: bitwarden
     directory:
       recurse: true
   destination:

argocd/templates/cert-manager.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/cert-manager
+    targetRevision: dev
+    path: cert-manager
   destination:
     namespace: cert-manager
     name: in-cluster

argocd/templates/crossplane.yml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/crossplane
+    targetRevision: dev
+    path: crossplane
   destination:
     namespace: crossplane
     name: in-cluster

argocd/templates/durpapi.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpapi
+    targetRevision: dev
+    path: durpapi
   destination:
     namespace: durpapi
     name: in-cluster

argocd/templates/durpot.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpot
+    targetRevision: dev
+    path: durpot
   destination:
     namespace: durpot
     name: in-cluster

argocd/templates/external-dns.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-dns
+    targetRevision: dev
+    path: external-dns
   destination:
     namespace: external-dns
     name: in-cluster

argocd/templates/external-secrets.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-secrets
+    targetRevision: dev
+    path: external-secrets
   destination:
     namespace: external-secrets
     name: in-cluster

argocd/templates/gatekeeper.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/gatekeeper
+    targetRevision: dev
+    path: gatekeeper
   destination:
     namespace: gatekeeper
     name: in-cluster

argocd/templates/gitlab-runner.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/gitlab-runner
+    targetRevision: dev
+    path: gitlab-runner
   destination:
     namespace: gitlab-runner
     name: in-cluster

argocd/templates/heimdall.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/heimdall
+    targetRevision: dev
+    path: heimdall
   destination:
     namespace: heimdall
     name: in-cluster

argocd/templates/ingress.yaml

@@ -1,37 +1,36 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: vault-ingress
+  name: argocd-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
 spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`vault.internal.durp.info`)
+  - match: Host(`argocd.internal.dev.durp.info`)
     middlewares:
-    - name: whitelist
+    - name: internal-only
       namespace: traefik  
     kind: Rule
     services:
-    - name: vault
-      port: 8200
-      scheme: http
+    - name: argocd-server
+      port: 443
+      scheme: https
   tls:
-    secretName: vault-tls  
+    secretName: argocd-tls  
 
 ---
 
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: vault-tls
+  name: argocd-tls
 spec:
-  secretName: vault-tls
+  secretName: argocd-tls
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "vault.internal.durp.info"
+  commonName: "argocd.internal.dev.durp.info"
   dnsNames:
-  - "vault.internal.durp.info"  
-
+  - "argocd.internal.dev.durp.info"  

argocd/templates/krakend.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/krakend
+    targetRevision: dev
+    path: krakend
   destination:
     namespace: krakend
     name: in-cluster

argocd/templates/kube-prometheus-stack.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/kube-prometheus-stack
+    targetRevision: dev
+    path: kube-prometheus-stack
   destination:
     namespace: kube-prometheus-stack
     name: in-cluster

argocd/templates/kubeclarity.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/kubeclarity
+    targetRevision: dev
+    path: kubeclarity
   destination:
     namespace: kubeclarity
     name: in-cluster

argocd/templates/littlelink.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/littlelink
+    targetRevision: dev
+    path: littlelink
     directory:
       recurse: true
   destination:

argocd/templates/longhorn.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/longhorn
+    targetRevision: dev
+    path: longhorn
   destination:
     namespace: longhorn-system
     name: in-cluster

argocd/templates/metallb-system.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/metallb-system
+    targetRevision: dev
+    path: metallb-system
   destination:
     namespace: metallb-system
     name: in-cluster
@@ -19,4 +19,3 @@ spec:
     syncOptions:
       - CreateNamespace=true 
 
-

argocd/templates/nfs-client.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/nfs-client
+    targetRevision: dev
+    path: nfs-client
     directory:
       recurse: true
   destination:

argocd/templates/open-webui.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/open-webui
+    targetRevision: dev
+    path: open-webui
   destination:
     namespace: open-webui
     name: in-cluster

argocd/templates/traefik.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/traefik
+    targetRevision: dev
+    path: traefik
   destination:
     namespace: traefik
     name: in-cluster

argocd/templates/uptimekuma.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/uptimekuma
+    targetRevision: dev
+    path: uptimekuma
     directory:
       recurse: true
   destination:

argocd/templates/vault.yaml

@@ -7,8 +7,8 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/vault
+    targetRevision: dev
+    path: vault
   destination:
     namespace: vault
     name: in-cluster
@@ -16,7 +16,7 @@ spec:
     automated:
       prune: true
       selfHeal: true  
-    syncOptions: Gc
+    syncOptions:
       - CreateNamespace=true 
   ignoreDifferences:
   - group: admissionregistration.k8s.io

argocd/values.yaml

@@ -1,28 +1,10 @@
 argo-cd:
-
   global:
     revisionHistoryLimit: 1
     image:
       repository: registry.internal.durp.info/argoproj/argocd
       imagePullPolicy: Always
 
-  server:
-    #extraArgs:
-    #  - --dex-server-plaintext
-    #  - --dex-server=argocd-dex-server:5556
-    # oidc.config: |
-    #   name: AzureAD
-    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
-    #   clientID: CLIENT_ID
-    #   clientSecret: $oidc.azuread.clientSecret
-    #   requestedIDTokenClaims:
-    #     groups:
-    #       essential: true
-    #   requestedScopes:
-    #     - openid
-    #     - profile
-    #     - email
-
   dex:
     enabled: true
     image:
@@ -33,13 +15,13 @@ argo-cd:
     cm:
       create: true
       annotations: {}
-      url: https://argocd.internal.durp.info
+      url: https://argocd.dev.durp.info
       oidc.tls.insecure.skip.verify: "true"
       dex.config: |
         connectors:
           - config:
-              issuer: https://authentik.durp.info/application/o/argocd/
-              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
+              issuer: https://authentik.dev.durp.info/application/o/argocd/
+              clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl
               clientSecret: $client-secret:clientSecret
               insecureEnableGroups: true
               scopes:
@@ -54,9 +36,9 @@ argo-cd:
     rbac:
       create: true
       policy.csv: |
-        g, ArgoCD Admins, role:admin 
+        g, ArgoCD Admins, role:admin
       scopes: "[groups]"
 
   server:
-    route: 
+    route:
       enabled: false

authentik/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: authentik
   repository: https://charts.goauthentik.io
-  version: 2024.8.3
+  version: 2024.4.1

authentik/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`authentik.dev.durp.info`) && PathPrefix(`/`) 
     kind: Rule
     services:
     - name: authentik-server
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "authentik.durp.info"
+  commonName: "authentik.dev.durp.info"
   dnsNames:
-  - "authentik.durp.info" 
+  - "authentik.dev.durp.info" 
 
 ---
 

authentik/values.yaml

@@ -1,6 +1,8 @@
 authentik:
   global:
     env: 
+      - name: AUTHENTIK_REDIS__DB
+        value: "1"
       - name: AUTHENTIK_POSTGRESQL__PASSWORD
         valueFrom:
           secretKeyRef:
@@ -26,17 +28,22 @@ authentik:
   server:
     name: server
     replicas: 3
-  worker:
-    replicas: 3
   postgresql:
     enabled: true
     image:
       registry: registry.internal.durp.info
       repository: bitnami/postgresql
       pullPolicy: Always
-    postgresqlUsername: "authentik"
-    postgresqlDatabase: "authentik"
-    existingSecret: db-pass 
+    auth:
+      username: "authentik"
+      existingSecret: db-pass
+      secretKeys:
+        adminPasswordKey: dbpass 
+        userPasswordKey: dbpass
+        
+          #postgresqlUsername: "authentik"
+          #postgresqlDatabase: "authentik"
+          #existingSecret: db-pass 
     persistence:
       enabled: true
       storageClass: longhorn
@@ -44,9 +51,6 @@ authentik:
         - ReadWriteMany
   redis:
     enabled: true
-    master:
-      persistence:
-        enabled: false    
     image:
       registry: registry.internal.durp.info
       repository: bitnami/redis

bitwarden/templates/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: bitwarden
-        image: registry.internal.durp.info/vaultwarden/server:1.32.0
+        image: registry.internal.durp.info/vaultwarden/server:1.30.5
         imagePullPolicy: Always
         volumeMounts:
         - name: bitwarden-pvc
@@ -28,7 +28,7 @@ spec:
           containerPort: 80
         env:
           - name: SIGNUPS_ALLOWED
-            value: "FALSE"
+            value: "TRUE"
           - name: INVITATIONS_ALLOWED
             value: "FALSE"                      
           - name: WEBSOCKET_ENABLED
@@ -39,7 +39,7 @@ spec:
             value: "80"            
           - name: ROCKET_WORKERS
             value: "10"
-          - name: SECRET_USERNAME
+          - name: ADMIN_TOKEN
             valueFrom:
               secretKeyRef:
                 name: bitwarden-secret

bitwarden/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
+  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/`)
     kind: Rule
     services:
     - name: bitwarden
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "bitwarden.durp.info"
+  commonName: "bitwarden.dev.durp.info"
   dnsNames:
-  - "bitwarden.durp.info"  
+  - "bitwarden.dev.durp.info"  
 
 ---
 
@@ -36,7 +36,28 @@ apiVersion: v1
 metadata:
   name: bitwarden-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
+    external-dns.alpha.kubernetes.io/hostname: bitwarden.dev.durp.info
 spec:
   type: ExternalName
-  externalName: durp.info
+  externalName: dev.durp.info
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bitwarden-admin-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/admin`)
+    kind: Rule
+    middlewares:
+    - name: whitelist
+      namespace: traefik  
+    services:
+    - name: bitwarden
+      port: 80
+  tls:
+    secretName: bitwarden-tls

cert-manager/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
   repository: https://charts.jetstack.io
-  version: v1.15.3
+  version: 1.*.*

cert-manager/templates/self-signed.yaml

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-cluster-issuer
+spec:
+  selfSigned: {}

crossplane/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: crossplane
   repository: https://charts.crossplane.io/stable
-  version: 1.17.1
+  version: 1.16.0

crossplane/templates/gitlab.yml

@@ -3,7 +3,7 @@ kind: Provider
 metadata:
   name: provider-gitlab
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
+  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0
 ---
 
 apiVersion: external-secrets.io/v1beta1

crossplane/values.yaml

@@ -0,0 +1,186 @@
+# helm-docs renders these comments into markdown. Use markdown formatting where
+# appropiate.
+#
+# -- The number of Crossplane pod `replicas` to deploy.
+replicas: 1
+
+# -- The deployment strategy for the Crossplane and RBAC Manager pods.
+deploymentStrategy: RollingUpdate
+
+image:
+  # -- Repository for the Crossplane pod image.
+  repository: xpkg.upbound.io/crossplane/crossplane
+  # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
+  tag: ""
+  # -- The image pull policy used for Crossplane and RBAC Manager pods.
+  pullPolicy: IfNotPresent
+
+# -- Add `nodeSelectors` to the Crossplane pod deployment.
+nodeSelector: {}
+# -- Add `tolerations` to the Crossplane pod deployment.
+tolerations: []
+# -- Add `affinities` to the Crossplane pod deployment.
+affinity: {}
+
+# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
+hostNetwork: false
+
+# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
+dnsPolicy: ""
+
+# -- Add custom `labels` to the Crossplane pod deployment.
+customLabels: {}
+
+# -- Add custom `annotations` to the Crossplane pod deployment.
+customAnnotations: {}
+
+serviceAccount:
+  # -- Add custom `annotations` to the Crossplane ServiceAccount.
+  customAnnotations: {}
+
+# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
+leaderElection: true
+# -- Add custom arguments to the Crossplane pod.
+args: []
+
+provider:
+  # -- A list of Provider packages to install.
+  packages: []
+
+configuration:
+  # -- A list of Configuration packages to install.
+  packages: []
+
+function:
+  # -- A list of Function packages to install
+  packages: []
+
+# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
+imagePullSecrets: []
+
+registryCaBundleConfig:
+  # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+  name: ""
+  # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+  key: ""
+
+service:
+  # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
+  customAnnotations: {}
+
+webhooks:
+  # -- Enable webhooks for Crossplane and installed Provider packages.
+  enabled: true
+
+rbacManager:
+  # -- Deploy the RBAC Manager pod and its required roles.
+  deploy: true
+  # -- Don't install aggregated Crossplane ClusterRoles.
+  skipAggregatedClusterRoles: false
+  # -- The number of RBAC Manager pod `replicas` to deploy.
+  replicas: 1
+  # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
+  leaderElection: true
+  # -- Add custom arguments to the RBAC Manager pod.
+  args: []
+  # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
+  nodeSelector: {}
+  # -- Add `tolerations` to the RBAC Manager pod deployment.
+  tolerations: []
+  # -- Add `affinities` to the RBAC Manager pod deployment.
+  affinity: {}
+
+# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
+priorityClassName: ""
+
+resourcesCrossplane:
+  limits:
+    # -- CPU resource limits for the Crossplane pod.
+    cpu: 500m
+    # -- Memory resource limits for the Crossplane pod.
+    memory: 1024Mi
+  requests:
+    # -- CPU resource requests for the Crossplane pod.
+    cpu: 100m
+    # -- Memory resource requests for the Crossplane pod.
+    memory: 256Mi
+
+securityContextCrossplane:
+  # -- The user ID used by the Crossplane pod.
+  runAsUser: 65532
+  # -- The group ID used by the Crossplane pod.
+  runAsGroup: 65532
+  # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
+  allowPrivilegeEscalation: false
+  # -- Set the Crossplane pod root file system as read-only.
+  readOnlyRootFilesystem: true
+
+packageCache:
+  # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
+  medium: ""
+  # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+  sizeLimit: 20Mi
+  # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
+  pvc: ""
+  # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
+  configMap: ""
+
+resourcesRBACManager:
+  limits:
+    # -- CPU resource limits for the RBAC Manager pod.
+    cpu: 100m
+    # -- Memory resource limits for the RBAC Manager pod.
+    memory: 512Mi
+  requests:
+    # -- CPU resource requests for the RBAC Manager pod.
+    cpu: 100m
+    # -- Memory resource requests for the RBAC Manager pod.
+    memory: 256Mi
+
+securityContextRBACManager:
+  # -- The user ID used by the RBAC Manager pod.
+  runAsUser: 65532
+  # -- The group ID used by the RBAC Manager pod.
+  runAsGroup: 65532
+  # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
+  allowPrivilegeEscalation: false
+  # -- Set the RBAC Manager pod root file system as read-only.
+  readOnlyRootFilesystem: true
+
+metrics:
+  # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
+  enabled: false
+
+# -- Add custom environmental variables to the Crossplane pod deployment.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsCrossplane: {}
+
+# -- Add custom environmental variables to the RBAC Manager pod deployment.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsRBACManager: {}
+
+# -- Add a custom `securityContext` to the Crossplane pod.
+podSecurityContextCrossplane: {}
+
+# -- Add a custom `securityContext` to the RBAC Manager pod.
+podSecurityContextRBACManager: {}
+
+# -- Add custom `volumes` to the Crossplane pod.
+extraVolumesCrossplane: {}
+
+# -- Add custom `volumeMounts` to the Crossplane pod.
+extraVolumeMountsCrossplane: {}
+
+# -- To add arbitrary Kubernetes Objects during a Helm Install
+extraObjects: []
+  # - apiVersion: pkg.crossplane.io/v1alpha1
+  #   kind: ControllerConfig
+  #   metadata:
+  #     name: aws-config
+  #     annotations:
+  #       eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
+  #       helm.sh/hook: post-install
+  #   spec:
+  #     podSecurityContext:
+  #       fsGroup: 2000
+

dmz/internalproxy/templates/ollama.yaml

@@ -1,101 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: ollama-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: ollama-secret
-  data:
-    - secretKey: users
-      remoteRef:
-        key: secrets/internalproxy/ollama
-        property: users
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: ollama-basic-auth
-spec:
-  basicAuth:
-    secret: ollama-secret
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: ollama
-spec:
-  ports:
-    - name: app
-      port: 11435
-      protocol: TCP
-      targetPort: 11435
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: ollama
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 11435
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ollama-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: ollama-basic-auth
-      kind: Rule
-      services:
-        - name: ollama
-          port: 11435
-  tls:
-    secretName: ollama-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ollama-tls
-spec:
-  secretName: ollama-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "ollama.durp.info"
-  dnsNames:
-    - "ollama.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: ollama-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

durpapi/Chart.yaml

@@ -1,13 +1,11 @@
 apiVersion: v2
-name: durpapi
-description: A Helm chart for Kubernetes
 type: application
-
-version: 0.1.0-dev0184
+version: 0.1.0-dev0192
+description: A Helm chart for Kubernetes
 appVersion: 0.1.0
-
+name: durpapi
 dependencies:
-- condition: postgresql.enabled
-  version: 12.5.*
+- version: 12.5.*
+  condition: postgresql.enabled
   repository: https://charts.bitnami.com/bitnami
   name: postgresql

durpapi/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host("api.durp.info") && PathPrefix(`/api`)
+  - match: Host("api.dev.durp.info") && PathPrefix(`/api`)
     kind: Rule
     middlewares:
       - name: jwt
@@ -24,7 +24,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host("api.durp.info") && PathPrefix(`/swagger`)
+  - match: Host("api.dev.durp.info") && PathPrefix(`/swagger`)
     kind: Rule
     services:
     - name: "durpapi-service"
@@ -42,3 +42,4 @@ spec:
       Required: true
       Keys:
         - https://authentik.durp.info/application/o/api/jwks
+

durpapi/values.yaml

@@ -10,15 +10,15 @@ deployment:
   probe:
     readiness:  
       httpGet:
-        path: /health/gethealth
+        path: /api/health/gethealth
         port: 8080
     liveness: 
       httpGet:
-        path: /health/gethealth
+        path: /api/health/gethealth
         port: 8080
     startup: 
       httpGet:
-        path: /health/gethealth
+        path: /api/health/gethealth
         port: 8080
 service:
   type: ClusterIP

external-dns/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
   repository: https://charts.bitnami.com/bitnami
-  version: 8.3.8
+  version: 6.20.3

external-dns/values.yaml

@@ -4,7 +4,7 @@ external-dns:
 
   image:
     pullPolicy: Always
-
+  txtPrefix: "dev-"
   sources:
     - service
     

external-secrets/Chart.yaml

@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
   repository: https://charts.external-secrets.io
-  version: 0.10.4
+  version: 0.8.1
 

gatekeeper/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gatekeeper
   repository: https://open-policy-agent.github.io/gatekeeper/charts
-  version: 3.17.1
+  version: 3.14.0

gatekeeper/values.yaml

@@ -1,278 +1,277 @@
-#gatekeeper:
-#  replicas: 3
-#  revisionHistoryLimit: 10
-#  auditInterval: 60
-#  metricsBackends: ["prometheus"]
-#  auditMatchKindOnly: false
-#  constraintViolationsLimit: 20
-#  auditFromCache: false
-#  disableMutation: false
-#  disableValidatingWebhook: false
-#  validatingWebhookName: gatekeeper-validating-webhook-configuration
-#  validatingWebhookTimeoutSeconds: 3
-#  validatingWebhookFailurePolicy: Ignore
-#  validatingWebhookAnnotations: {}
-#  validatingWebhookExemptNamespacesLabels: {}
-#  validatingWebhookObjectSelector: {}
-#  validatingWebhookCheckIgnoreFailurePolicy: Fail
-#  validatingWebhookCustomRules: {}
-#  validatingWebhookURL: null
-#  enableDeleteOperations: false
-#  enableExternalData: true
-#  enableGeneratorResourceExpansion: true
-#  enableTLSHealthcheck: false
-#  maxServingThreads: -1
-#  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
-#  mutatingWebhookFailurePolicy: Ignore
-#  mutatingWebhookReinvocationPolicy: Never
-#  mutatingWebhookAnnotations: {}
-#  mutatingWebhookExemptNamespacesLabels: {}
-#  mutatingWebhookObjectSelector: {}
-#  mutatingWebhookTimeoutSeconds: 1
-#  mutatingWebhookCustomRules: {}
-#  mutatingWebhookURL: null
-#  mutationAnnotations: false
-#  auditChunkSize: 500
-#  logLevel: INFO
-#  logDenies: false
-#  logMutations: false
-#  emitAdmissionEvents: false
-#  emitAuditEvents: false
-#  admissionEventsInvolvedNamespace: false
-#  auditEventsInvolvedNamespace: false
-#  resourceQuota: true
-#  externaldataProviderResponseCacheTTL: 3m
-#  image:
-#    repository: openpolicyagent/gatekeeper
-#    crdRepository: openpolicyagent/gatekeeper-crds
-#    release: v3.15.0-beta.0
-#    pullPolicy: Always
-#    pullSecrets: []
-#  preInstall:
-#    crdRepository:
-#      image:
-#        repository: null
-#        tag: v3.15.0-beta.0
-#  postUpgrade:
-#    labelNamespace:
-#      enabled: false
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      extraNamespaces: []
-#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-#        "pod-security.kubernetes.io/audit-version=latest",
-#        "pod-security.kubernetes.io/warn=restricted",
-#        "pod-security.kubernetes.io/warn-version=latest",
-#        "pod-security.kubernetes.io/enforce=restricted",
-#        "pod-security.kubernetes.io/enforce-version=v1.24"]
-#      extraAnnotations: {}
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  postInstall:
-#    labelNamespace:
-#      enabled: true
-#      extraRules: []
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      extraNamespaces: []
-#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-#        "pod-security.kubernetes.io/audit-version=latest",
-#        "pod-security.kubernetes.io/warn=restricted",
-#        "pod-security.kubernetes.io/warn-version=latest",
-#        "pod-security.kubernetes.io/enforce=restricted",
-#        "pod-security.kubernetes.io/enforce-version=v1.24"]
-#      extraAnnotations: {}
-#      priorityClassName: ""
-#    probeWebhook:
-#      enabled: true
-#      image:
-#        repository: curlimages/curl
-#        tag: 7.83.1
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      waitTimeout: 60
-#      httpTimeout: 2
-#      insecureHTTPS: false
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  preUninstall:
-#    deleteWebhookConfigurations:
-#      extraRules: []
-#      enabled: false
-#      image:
-#        repository: openpolicyagent/gatekeeper-crds
-#        tag: v3.15.0-beta.0
-#        pullPolicy: IfNotPresent
-#        pullSecrets: []
-#      priorityClassName: ""
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#  podAnnotations: {}
-#  auditPodAnnotations: {}
-#  podLabels: {}
-#  podCountLimit: "100"
-#  secretAnnotations: {}
-#  enableRuntimeDefaultSeccompProfile: true
-#  controllerManager:
-#    exemptNamespaces: []
-#    exemptNamespacePrefixes: []
-#    hostNetwork: false
-#    dnsPolicy: ClusterFirst
-#    port: 8443
-#    metricsPort: 8888
-#    healthPort: 9090
-#    readinessTimeout: 1
-#    livenessTimeout: 1
-#    priorityClassName: system-cluster-critical
-#    disableCertRotation: false
-#    tlsMinVersion: 1.3
-#    clientCertName: ""
-#    strategyType: RollingUpdate
-#    affinity:
-#      podAntiAffinity:
-#        preferredDuringSchedulingIgnoredDuringExecution:
-#          - podAffinityTerm:
-#              labelSelector:
-#                matchExpressions:
-#                  - key: gatekeeper.sh/operation
-#                    operator: In
-#                    values:
-#                      - webhook
-#              topologyKey: kubernetes.io/hostname
-#            weight: 100
-#    topologySpreadConstraints: []
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources:
-#      limits:
-#        memory: 512Mi
-#      requests:
-#        cpu: 100m
-#        memory: 512Mi
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#    podSecurityContext:
-#      fsGroup: 999
-#      supplementalGroups:
-#        - 999
-#    extraRules: []
-#    networkPolicy:
-#      enabled: false
-#      ingress: { }
-#        # - from:
-#        #   - ipBlock:
-#        #       cidr: 0.0.0.0/0
-#  audit:
-#    enablePubsub: false
-#    connection: audit-connection
-#    channel: audit-channel
-#    hostNetwork: false
-#    dnsPolicy: ClusterFirst
-#    metricsPort: 8888
-#    healthPort: 9090
-#    readinessTimeout: 1
-#    livenessTimeout: 1
-#    priorityClassName: system-cluster-critical
-#    disableCertRotation: false
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources:
-#      limits:
-#        memory: 512Mi
-#      requests:
-#        cpu: 100m
-#        memory: 512Mi
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 999
-#      runAsNonRoot: true
-#      runAsUser: 1000
-#    podSecurityContext:
-#      fsGroup: 999
-#      supplementalGroups:
-#        - 999
-#    writeToRAMDisk: false
-#    extraRules: []
-#  crds:
-#    affinity: {}
-#    tolerations: []
-#    nodeSelector: {kubernetes.io/os: linux}
-#    resources: {}
-#    securityContext:
-#      allowPrivilegeEscalation: false
-#      capabilities:
-#        drop:
-#        - ALL
-#      readOnlyRootFilesystem: true
-#      runAsGroup: 65532
-#      runAsNonRoot: true
-#      runAsUser: 65532
-#  pdb:
-#    controllerManager:
-#      minAvailable: 1
-#  service: {}
-#  disabledBuiltins: ["{http.send}"]
-#  psp:
-#    enabled: true
-#  upgradeCRDs:
-#    enabled: true
-#    extraRules: []
-#    priorityClassName: ""
-#  rbac:
-#    create: true
-#  externalCertInjection:
-#    enabled: false
-#    secretName: gatekeeper-webhook-server-cert
-#
+gatekeeper:
+  replicas: 3
+  revisionHistoryLimit: 10
+  auditInterval: 60
+  metricsBackends: ["prometheus"]
+  auditMatchKindOnly: false
+  constraintViolationsLimit: 20
+  auditFromCache: false
+  disableMutation: false
+  disableValidatingWebhook: false
+  validatingWebhookName: gatekeeper-validating-webhook-configuration
+  validatingWebhookTimeoutSeconds: 3
+  validatingWebhookFailurePolicy: Ignore
+  validatingWebhookAnnotations: {}
+  validatingWebhookExemptNamespacesLabels: {}
+  validatingWebhookObjectSelector: {}
+  validatingWebhookCheckIgnoreFailurePolicy: Fail
+  validatingWebhookCustomRules: {}
+  validatingWebhookURL: null
+  enableDeleteOperations: false
+  enableExternalData: true
+  enableGeneratorResourceExpansion: true
+  enableTLSHealthcheck: false
+  maxServingThreads: -1
+  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
+  mutatingWebhookFailurePolicy: Ignore
+  mutatingWebhookReinvocationPolicy: Never
+  mutatingWebhookAnnotations: {}
+  mutatingWebhookExemptNamespacesLabels: {}
+  mutatingWebhookObjectSelector: {}
+  mutatingWebhookTimeoutSeconds: 1
+  mutatingWebhookCustomRules: {}
+  mutatingWebhookURL: null
+  mutationAnnotations: false
+  auditChunkSize: 500
+  logLevel: INFO
+  logDenies: false
+  logMutations: false
+  emitAdmissionEvents: false
+  emitAuditEvents: false
+  admissionEventsInvolvedNamespace: false
+  auditEventsInvolvedNamespace: false
+  resourceQuota: true
+  externaldataProviderResponseCacheTTL: 3m
+  image:
+    repository: openpolicyagent/gatekeeper
+    crdRepository: openpolicyagent/gatekeeper-crds
+    release: v3.15.0-beta.0
+    pullPolicy: Always
+    pullSecrets: []
+  preInstall:
+    crdRepository:
+      image:
+        repository: null
+        tag: v3.15.0-beta.0
+  postUpgrade:
+    labelNamespace:
+      enabled: false
+      image:
+        repository: openpolicyagent/gatekeeper-crds
+        tag: v3.15.0-beta.0
+        pullPolicy: IfNotPresent
+        pullSecrets: []
+      extraNamespaces: []
+      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+        "pod-security.kubernetes.io/audit-version=latest",
+        "pod-security.kubernetes.io/warn=restricted",
+        "pod-security.kubernetes.io/warn-version=latest",
+        "pod-security.kubernetes.io/enforce=restricted",
+        "pod-security.kubernetes.io/enforce-version=v1.24"]
+      extraAnnotations: {}
+      priorityClassName: ""
+    affinity: {}
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    resources: {}
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 999
+      runAsNonRoot: true
+      runAsUser: 1000
+  postInstall:
+    labelNamespace:
+      enabled: true
+      extraRules: []
+      image:
+        repository: openpolicyagent/gatekeeper-crds
+        tag: v3.15.0-beta.0
+        pullPolicy: IfNotPresent
+        pullSecrets: []
+      extraNamespaces: []
+      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+        "pod-security.kubernetes.io/audit-version=latest",
+        "pod-security.kubernetes.io/warn=restricted",
+        "pod-security.kubernetes.io/warn-version=latest",
+        "pod-security.kubernetes.io/enforce=restricted",
+        "pod-security.kubernetes.io/enforce-version=v1.24"]
+      extraAnnotations: {}
+      priorityClassName: ""
+    probeWebhook:
+      enabled: true
+      image:
+        repository: curlimages/curl
+        tag: 7.83.1
+        pullPolicy: IfNotPresent
+        pullSecrets: []
+      waitTimeout: 60
+      httpTimeout: 2
+      insecureHTTPS: false
+      priorityClassName: ""
+    affinity: {}
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 999
+      runAsNonRoot: true
+      runAsUser: 1000
+  preUninstall:
+    deleteWebhookConfigurations:
+      extraRules: []
+      enabled: false
+      image:
+        repository: openpolicyagent/gatekeeper-crds
+        tag: v3.15.0-beta.0
+        pullPolicy: IfNotPresent
+        pullSecrets: []
+      priorityClassName: ""
+    affinity: {}
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    resources: {}
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 999
+      runAsNonRoot: true
+      runAsUser: 1000
+  podAnnotations: {}
+  auditPodAnnotations: {}
+  podLabels: {}
+  podCountLimit: "100"
+  secretAnnotations: {}
+  enableRuntimeDefaultSeccompProfile: true
+  controllerManager:
+    exemptNamespaces: []
+    exemptNamespacePrefixes: []
+    hostNetwork: false
+    dnsPolicy: ClusterFirst
+    port: 8443
+    metricsPort: 8888
+    healthPort: 9090
+    readinessTimeout: 1
+    livenessTimeout: 1
+    priorityClassName: system-cluster-critical
+    disableCertRotation: false
+    tlsMinVersion: 1.3
+    clientCertName: ""
+    strategyType: RollingUpdate
+    affinity:
+      podAntiAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: gatekeeper.sh/operation
+                    operator: In
+                    values:
+                      - webhook
+              topologyKey: kubernetes.io/hostname
+            weight: 100
+    topologySpreadConstraints: []
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    resources:
+      limits:
+        memory: 512Mi
+      requests:
+        cpu: 100m
+        memory: 512Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 999
+      runAsNonRoot: true
+      runAsUser: 1000
+    podSecurityContext:
+      fsGroup: 999
+      supplementalGroups:
+        - 999
+    extraRules: []
+    networkPolicy:
+      enabled: false
+      ingress: { }
+        # - from:
+        #   - ipBlock:
+        #       cidr: 0.0.0.0/0
+  audit:
+    enablePubsub: false
+    connection: audit-connection
+    channel: audit-channel
+    hostNetwork: false
+    dnsPolicy: ClusterFirst
+    metricsPort: 8888
+    healthPort: 9090
+    readinessTimeout: 1
+    livenessTimeout: 1
+    priorityClassName: system-cluster-critical
+    disableCertRotation: false
+    affinity: {}
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    resources:
+      limits:
+        memory: 512Mi
+      requests:
+        cpu: 100m
+        memory: 512Mi
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 999
+      runAsNonRoot: true
+      runAsUser: 1000
+    podSecurityContext:
+      fsGroup: 999
+      supplementalGroups:
+        - 999
+    writeToRAMDisk: false
+    extraRules: []
+  crds:
+    affinity: {}
+    tolerations: []
+    nodeSelector: {kubernetes.io/os: linux}
+    resources: {}
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+        - ALL
+      readOnlyRootFilesystem: true
+      runAsGroup: 65532
+      runAsNonRoot: true
+      runAsUser: 65532
+  pdb:
+    controllerManager:
+      minAvailable: 1
+  service: {}
+  disabledBuiltins: ["{http.send}"]
+  psp:
+    enabled: true
+  upgradeCRDs:
+    enabled: true
+    extraRules: []
+    priorityClassName: ""
+  rbac:
+    create: true
+  externalCertInjection:
+    enabled: false
+    secretName: gatekeeper-webhook-server-cert

gitlab-runner/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gitlab-runner
   repository: https://charts.gitlab.io/
-  version: 0.69.0
+  version: 0.43.0

heimdall/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: heimdall
   repository: https://djjudas21.github.io/charts/
-  version: 8.5.4
+  version: 8.5.2

heimdall/templates/ingress.yaml

@@ -7,7 +7,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
+  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: authentik-proxy-provider
       namespace: traefik  
@@ -15,7 +15,7 @@ spec:
     services:
     - name: heimdall
       port: 80
-  - match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -35,9 +35,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "heimdall.durp.info"
+  commonName: "heimdall.dev.durp.info"
   dnsNames:
-  - "heimdall.durp.info"  
+  - "heimdall.dev.durp.info"  
 
 ---
 

internalproxy/templates/argocd.yaml

@@ -1,46 +0,0 @@
-#apiVersion: traefik.io/v1alpha1
-#kind: IngressRoute
-#metadata:
-#  name: argocd-ingress
-#  annotations:
-#    cert-manager.io/cluster-issuer: letsencrypt-production
-#spec:
-#  entryPoints:
-#    - websecure
-#  routes:
-#  - match: Host(`argocd.internal.durp.info`)
-#    middlewares:
-#    - name: whitelist
-#      namespace: traefik
-#    kind: Rule
-#    services:
-#    - name: argocd-server
-#      port: 443
-#      scheme: https
-#  tls:
-#    secretName: argocd-tls
-#
-#---
-#
-#kind: Service
-#apiVersion: v1
-#metadata:
-#  name: argocd-server
-#spec:
-#  type: ExternalName
-#  externalName: argocd-server.argocd.svc.cluster.local
-#
-#---
-#
-#apiVersion: cert-manager.io/v1
-#kind: Certificate
-#metadata:
-#  name: argocd-tls
-#spec:
-#  secretName: argocd-tls
-#  issuerRef:
-#    name: letsencrypt-production
-#    kind: ClusterIssuer
-#  commonName: "argocd.internal.durp.info"
-#  dnsNames:
-#  - "argocd.internal.durp.info"

internalproxy/templates/blueiris.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: blueiris
-spec:
-  ports:
-    - name: app
-      port: 81
-      protocol: TCP
-      targetPort: 81
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: blueiris
-subsets:
-  - addresses:
-      - ip: 192.168.99.2
-    ports:
-      - name: app
-        port: 81
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: blueiris-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: blueiris
-          port: 81
-          scheme: http
-  tls:
-    secretName: blueiris-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: blueiris-tls
-spec:
-  secretName: blueiris-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "blueiris.internal.durp.info"
-  dnsNames:
-    - "blueiris.internal.durp.info"

internalproxy/templates/duplicati-ingress.yaml

@@ -1,70 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: duplicati
-spec:
-  ports:
-  - name: app
-    port: 8200
-    protocol: TCP
-    targetPort: 8200
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: duplicati
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8200
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: duplicati-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: duplicati
-      port: 8200
-  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: duplicati-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: duplicati-tls
-spec:
-  secretName: duplicati-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "duplicati.internal.durp.info"
-  dnsNames:
-  - "duplicati.internal.durp.info"  

internalproxy/templates/gitea.yaml

@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea
-spec:
-  ports:
-    - name: app
-      port: 3000
-      protocol: TCP
-      targetPort: 3000
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: gitea
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 3000
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`gitea.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: gitea
-          port: 3000
-          scheme: http
-  tls:
-    secretName: gitea-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: gitea-tls
-spec:
-  secretName: gitea-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "gitea.durp.info"
-  dnsNames:
-    - "gitea.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: gitea-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/jellyfin.yaml

@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: jellyfin
-spec:
-  ports:
-    - name: app
-      port: 8096
-      protocol: TCP
-      targetPort: 8096
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: jellyfin
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 8096
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: jellyfin-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: jellyfin
-          port: 8096
-          scheme: http
-  tls:
-    secretName: jellyfin-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: jellyfin-tls
-spec:
-  secretName: jellyfin-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "jellyfin.durp.info"
-  dnsNames:
-    - "jellyfin.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: jellyfin-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  

internalproxy/templates/kasm.yaml

@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kasm
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: kasm
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: kasm-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`kasm.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: kasm
-          port: 443
-          scheme: https
-  tls:
-    secretName: kasm-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: kasm-tls
-spec:
-  secretName: kasm-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "kasm.durp.info"
-  dnsNames:
-    - "kasm.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: kasm-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/minio.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: minio
-spec:
-  ports:
-    - name: app
-      port: 9769
-      protocol: TCP
-      targetPort: 9769
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: minio
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 9769
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: minio-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: minio
-          port: 9769
-          scheme: http
-  tls:
-    secretName: minio-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: minio-tls
-spec:
-  secretName: minio-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "minio.internal.durp.info"
-  dnsNames:
-    - "minio.internal.durp.info"

internalproxy/templates/nexus.yaml

@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: nexus
-spec:
-  ports:
-  - name: app
-    port: 8081
-    protocol: TCP
-    targetPort: 8081
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: nexus
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8081
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nexus-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`nexus.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: nexus
-      port: 8081
-  tls:
-    secretName: nexus-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: nexus-tls
-spec:
-  secretName: nexus-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "nexus.durp.info"
-  dnsNames:
-  - "nexus.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: nexus-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/octopus.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: octopus
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: octopus
-subsets:
-  - addresses:
-      - ip: 192.168.20.105
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: octopus-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: octopus
-          port: 443
-          scheme: https
-  tls:
-    secretName: octopus-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: octopus-tls
-spec:
-  secretName: octopus-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "octopus.internal.durp.info"
-  dnsNames:
-    - "octopus.internal.durp.info"

internalproxy/templates/ollama.yaml

@@ -1,102 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: ollama-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: ollama-secret
-  data:
-    - secretKey: users
-      remoteRef:
-        key: secrets/internalproxy/ollama
-        property: users
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: ollama-basic-auth
-spec:
-  basicAuth:
-    headerField: x-api-key
-    secret: ollama-secret
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: ollama
-spec:
-  ports:
-    - name: app
-      port: 11435
-      protocol: TCP
-      targetPort: 11435
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: ollama
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 11435
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ollama-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: ollama-basic-auth
-      kind: Rule
-      services:
-        - name: ollama
-          port: 11435
-  tls:
-    secretName: ollama-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ollama-tls
-spec:
-  secretName: ollama-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "ollama.durp.info"
-  dnsNames:
-    - "ollama.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: ollama-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/pfsense.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: pfsense
-spec:
-  ports:
-    - name: app
-      port: 10443
-      protocol: TCP
-      targetPort: 10443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: pfsense
-subsets:
-  - addresses:
-      - ip: 192.168.20.1
-    ports:
-      - name: app
-        port: 10443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: pfsense-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: pfsense
-          port: 10443
-          scheme: https
-  tls:
-    secretName: pfsense-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: pfsense-tls
-spec:
-  secretName: pfsense-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "pfsense.internal.durp.info"
-  dnsNames:
-    - "pfsense.internal.durp.info"

internalproxy/templates/plex.yaml

@@ -1,72 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: plex
-spec:
-  ports:
-    - name: app
-      port: 32400
-      protocol: TCP
-      targetPort: 32400
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: plex
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 32400
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: plex-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`plex.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: plex
-          port: 32400
-          scheme: https
-  tls:
-    secretName: plex-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: plex-tls
-spec:
-  secretName: plex-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "plex.durp.info"
-  dnsNames:
-    - "plex.durp.info"
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: plex-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: plex.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  

internalproxy/templates/portainer.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: portainer
-spec:
-  ports:
-    - name: app
-      port: 9443
-      protocol: TCP
-      targetPort: 9443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: portainer
-subsets:
-  - addresses:
-      - ip: 192.168.20.104
-    ports:
-      - name: app
-        port: 9443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: portainer-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: portainer
-          port: 9443
-          scheme: https
-  tls:
-    secretName: portainer-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: portainer-tls
-spec:
-  secretName: portainer-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "portainer.internal.durp.info"
-  dnsNames:
-    - "portainer.internal.durp.info"

internalproxy/templates/proxmox.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: proxmox
-spec:
-  ports:
-    - name: app
-      port: 8006
-      protocol: TCP
-      targetPort: 8006
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: proxmox
-subsets:
-  - addresses:
-      - ip: 192.168.21.252
-    ports:
-      - name: app
-        port: 8006
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: proxmox-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: proxmox
-          port: 8006
-          scheme: https
-  tls:
-    secretName: proxmox-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: proxmox-tls
-spec:
-  secretName: proxmox-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "proxmox.internal.durp.info"
-  dnsNames:
-    - "proxmox.internal.durp.info"

internalproxy/templates/registry-internal.yaml

@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry-internal
-spec:
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: registry-internal
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: registry-internal-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: registry-internal
-      port: 5000
-  tls:
-    secretName: registry-internal-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: registry-internal-tls
-spec:
-  secretName: registry-internal-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "registry.internal.durp.info"
-  dnsNames:
-  - "registry.internal.durp.info"

internalproxy/templates/registry.yaml

@@ -1,71 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: registry
-spec:
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-    targetPort: 5000
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: registry
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: registry-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`registry.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: registry
-      port: 5000
-  tls:
-    secretName: registry-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: registry-tls
-spec:
-  secretName: registry-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "registry.durp.info"
-  dnsNames:
-  - "registry.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: registry-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/s3.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: s3
-spec:
-  ports:
-    - name: app
-      port: 9768
-      protocol: TCP
-      targetPort: 9768
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: s3
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 9768
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: s3-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: s3
-          port: 9768
-          scheme: http
-  tls:
-    secretName: s3-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: s3-tls
-spec:
-  secretName: s3-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "s3.internal.durp.info"
-  dnsNames:
-    - "s3.internal.durp.info"

internalproxy/templates/semaphore.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: semaphore
-spec:
-  ports:
-    - name: app
-      port: 3001
-      protocol: TCP
-      targetPort: 3001
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: semaphore
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 3001
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: semaphore-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: semaphore
-          port: 3001
-          scheme: http
-  tls:
-    secretName: semaphore-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: semaphore-tls
-spec:
-  secretName: semaphore-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "semaphore.internal.durp.info"
-  dnsNames:
-    - "semaphore.internal.durp.info"

internalproxy/templates/smokeping.yaml

@@ -1,82 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: smokeping
-spec:
-  ports:
-  - name: app
-    port: 81
-    protocol: TCP
-    targetPort: 81
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: smokeping
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 81
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: smokeping-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: smokeping
-      port: 81
-  - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: smokeping-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: smokeping-tls
-spec:
-  secretName: smokeping-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "smokeping.durp.info"
-  dnsNames:
-  - "smokeping.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: smokeping-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info  

internalproxy/templates/speedtest.yaml

@@ -1,74 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: speedtest
-spec:
-  ports:
-  - name: app
-    port: 6580
-    protocol: TCP
-    targetPort: 6580
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: speedtest
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 6580
-    protocol: TCP
-
----    
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: speedtest-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    middlewares:
-    - name: authentik-proxy-provider
-      namespace: traefik 
-    services:
-    - name: speedtest
-      port: 6580
-  tls:
-    secretName: speedtest-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: speedtest-tls
-spec:
-  secretName: speedtest-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "speedtest.durp.info"
-  dnsNames:
-  - "speedtest.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: speedtest-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

internalproxy/templates/tdarr.yaml

@@ -1,67 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: tdarr
-spec:
-  ports:
-  - name: app
-    port: 8267
-    protocol: TCP
-    targetPort: 8267
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: tdarr
-subsets:
-- addresses:
-  - ip: 192.168.20.253
-  ports:
-  - name: app
-    port: 8267
-    protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: tdarr-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`tdarr.internal.durp.info`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik  
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: tdarr
-      port: 8267
-      scheme: http
-  tls:
-    secretName: tdarr-tls  
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: tdarr-tls
-spec:
-  secretName: tdarr-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "tdarr.internal.durp.info"
-  dnsNames:
-  - "tdarr.internal.durp.info"  

internalproxy/templates/unraid.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: unraid
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: unraid
-subsets:
-  - addresses:
-      - ip: 192.168.20.253
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: unraid-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: unraid
-          port: 443
-          scheme: https
-  tls:
-    secretName: unraid-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: unraid-tls
-spec:
-  secretName: unraid-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "unraid.internal.durp.info"
-  dnsNames:
-    - "unraid.internal.durp.info"

internalproxy/templates/wazuh.yaml

@@ -1,63 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh
-spec:
-  ports:
-    - name: app
-      port: 443
-      protocol: TCP
-      targetPort: 443
-  clusterIP: None
-  type: ClusterIP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: wazuh
-subsets:
-  - addresses:
-      - ip: 192.168.20.102
-    ports:
-      - name: app
-        port: 443
-        protocol: TCP
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: wazuh-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: wazuh
-          port: 443
-          scheme: https
-  tls:
-    secretName: wazuh-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wazuh-tls
-spec:
-  secretName: wazuh-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "wazuh.internal.durp.info"
-  dnsNames:
-    - "wazuh.internal.durp.info"

krakend/templates/ingress.yaml

@@ -7,9 +7,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "api.durp.info"
+  commonName: "api.dev.durp.info"
   dnsNames:
-  - "api.durp.info"        
+  - "api.dev.durp.info"        
 
 ---
 
@@ -21,7 +21,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`api.durp.info`) && PathPrefix(`/`)
+    - match: Host(`api.dev.durp.info`) && PathPrefix(`/`)
       kind: Rule
       services:
         - name: krakend-service
@@ -37,10 +37,10 @@ apiVersion: v1
 metadata:
   name: api-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: api.durp.info
+    external-dns.alpha.kubernetes.io/hostname: api.dev.durp.info
 spec:
   type: ExternalName
-  externalName: durp.info
+  externalName: dev.durp.info
 
 ---
 
@@ -49,7 +49,7 @@ apiVersion: v1
 metadata:
   name: api-developer-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: developer.durp.info
+    external-dns.alpha.kubernetes.io/hostname: developer.dev.durp.info
     external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
 spec:
   type: ExternalName

kube-prometheus-stack/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: kube-prometheus-stack
   repository: https://prometheus-community.github.io/helm-charts
-  version: 63.1.0
+  version: 40.5.0

kube-prometheus-stack/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`grafana.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`grafana.dev.durp.info`) && PathPrefix(`/`) 
     kind: Rule
     services:
     - name: grafana
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "grafana.durp.info"
+  commonName: "grafana.dev.durp.info"
   dnsNames:
-  - "grafana.durp.info"  
+  - "grafana.dev.durp.info"  
 
 ---
 
@@ -39,7 +39,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`alertmanager.dev.durp.info`) && PathPrefix(`/`) 
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -63,9 +63,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "alertmanager.durp.info"
+  commonName: "alertmanager.dev.durp.info"
   dnsNames:
-  - "alertmanager.durp.info"  
+  - "alertmanager.dev.durp.info"  
 
 ---
 
@@ -74,7 +74,7 @@ apiVersion: v1
 metadata:
   name: grafana-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
+    external-dns.alpha.kubernetes.io/hostname: grafana.dev.durp.info
 spec:
   type: ExternalName
-  externalName: durp.info  
+  externalName: dev.durp.info  

kubeclarity/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: kubeclarity
   repository: https://openclarity.github.io/kubeclarity
-  version: 2.23.3
+  version: 2.22.0

kubeclarity/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
+  - match: Host(`kubeclarity.dev.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -30,9 +30,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "kubeclarity.durp.info"
+  commonName: "kubeclarity.dev.durp.info"
   dnsNames:
-  - "kubeclarity.durp.info"  
+  - "kubeclarity.dev.durp.info"  
 
 ---
 
@@ -41,7 +41,7 @@ apiVersion: v1
 metadata:
   name: kubeclarity-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
+    external-dns.alpha.kubernetes.io/hostname: kubeclarity.dev.durp.info
 spec:
   type: ExternalName
-  externalName: durp.info
+  externalName: dev.durp.info

littlelink/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`links.durp.info`) && PathPrefix(`/`)
+  - match: Host(`links.dev.durp.info`) && PathPrefix(`/`)
     kind: Rule
     services:
     - name: littlelink
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "links.durp.info"
+  commonName: "links.dev.durp.info"
   dnsNames:
-  - "links.durp.info"  
+  - "links.dev.durp.info"  
 
 ---
 
@@ -36,7 +36,8 @@ apiVersion: v1
 metadata:
   name: links-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: links.durp.info
+    external-dns.alpha.kubernetes.io/hostname: links.dev.durp.info
 spec:
   type: ExternalName
-  externalName: durp.info
+  externalName: dev.durp.info
+

longhorn/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
   repository: https://charts.longhorn.io
-  version: 1.7.1
+  version: 1.7.0

longhorn/templates/ingress.yaml

@@ -6,17 +6,17 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`)
+  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
-    - name: authentik-proxy-provider
-      namespace: traefik  
+        #- name: authentik-proxy-provider
+        #  namespace: traefik  
     kind: Rule
     services:
     - name: longhorn-frontend
       port: 80
-  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -36,6 +36,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "longhorn.internal.durp.info"
+  commonName: "longhorn.internal.dev.durp.info"
   dnsNames:
-  - "longhorn.internal.durp.info"  
+  - "longhorn.internal.dev.durp.info"  

longhorn/templates/secrets.yaml

@@ -8,7 +8,7 @@ spec:
     name: vault
     kind: ClusterSecretStore
   target:
-    name: longhorn-backup-token-secret
+    name: longhorn-backup-token-secret2
   data:
   - secretKey: AWS_ACCESS_KEY_ID
     remoteRef:

longhorn/values.yaml

@@ -47,7 +47,7 @@ longhorn:
   persistence:
     defaultClass: true
     defaultFsType: ext4
-    defaultClassReplicaCount: 3
+    defaultClassReplicaCount: 1
     defaultDataLocality: disabled # best-effort otherwise
     reclaimPolicy: Retain
     migratable: false
@@ -57,7 +57,7 @@ longhorn:
           {
             "name":"backup", 
             "task":"backup", 
-            "cron":"0 0 * * ?", 
+            "cron":"0 */6 * * *", 
             "retain":24
           }
         ]'
@@ -76,8 +76,8 @@ longhorn:
     snapshotterReplicaCount: ~
   
   defaultSettings:
-    backupTarget: S3://longhorn-master@us-east-1/
-    backupTargetCredentialSecret: longhorn-backup-token-secret
+    backupTarget: S3://longhorn-dev@us-east-1/
+    backupTargetCredentialSecret: longhorn-backup-token-secret2
     allowRecurringJobWhileVolumeDetached: ~
     createDefaultDiskLabeledNodes: ~
     defaultDataPath: ~
@@ -238,7 +238,7 @@ longhorn:
     #   certificate:
   
   # Configure a pod security policy in the Longhorn namespace to allow privileged pods
-  enablePSP: true
+  enablePSP: false
   
   ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
   ## and its release namespace is not the `longhorn-system`

master/argocd/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: argocd
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
-- name: argo-cd
-  repository: https://argoproj.github.io/argo-helm
-  version: 6.11.1
-
-

master/argocd/templates/InternalProxy.yaml

@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: internalproxy
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: internalproxy
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: internalproxy
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true   
-

master/argocd/templates/argocd.yaml

@@ -1,59 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: argocd
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: argocd
-  destination:
-    namespace: argocd
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-
----
-
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: argocd-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`argocd.internal.durp.info`)
-      middlewares:
-        - name: whitelist
-          namespace: traefik
-      kind: Rule
-      services:
-        - name: argocd-server
-          port: 443
-          scheme: https
-  tls:
-    secretName: argocd-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: argocd-tls
-spec:
-  secretName: argocd-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "argocd.internal.durp.info"
-  dnsNames:
-    - "argocd.internal.durp.info"

master/argocd/templates/authentik.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: authentik
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: authentik
-  destination:
-    namespace: authentik
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-

master/argocd/templates/bitwarden.yaml

@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: bitwarden
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: bitwarden
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: bitwarden
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
-    syncOptions:
-      - CreateNamespace=true   
-

master/argocd/templates/cert-manager.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: cert-manager
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: cert-manager
-  destination:
-    namespace: cert-manager
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/crossplane.yml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: crossplane
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: crossplane
-  destination:
-    namespace: crossplane
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/durpapi.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpapi
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: durpapi
-  destination:
-    namespace: durpapi
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/durpot.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpot
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: durpot
-  destination:
-    namespace: durpot
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/external-dns.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: external-dns
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: external-dns
-  destination:
-    namespace: external-dns
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/external-secrets.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: external-secrets
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: external-secrets
-  destination:
-    namespace: external-secrets
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/gatekeeper.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gatekeeper
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: gatekeeper
-  destination:
-    namespace: gatekeeper
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/gitlab-runner.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gitlab-runner
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: gitlab-runner
-  destination:
-    namespace: gitlab-runner
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true    
-

master/argocd/templates/heimdall.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: heimdall
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: heimdall
-  destination:
-    namespace: heimdall
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/krakend.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: krakend
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: krakend
-  destination:
-    namespace: krakend
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

master/argocd/templates/kube-prometheus-stack.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-prometheus-stack
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: kube-prometheus-stack
-  destination:
-    namespace: kube-prometheus-stack
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-

master/argocd/templates/kubeclarity.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kubeclarity
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: kubeclarity
-  destination:
-    namespace: kubeclarity
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true