update

argocd/templates/InternalProxy.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: internalproxy
     directory:
       recurse: true

argocd/templates/argocd.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: argocd
   destination:
     namespace: argocd

argocd/templates/authentik.yaml

@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: authentik
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: authentik
-  destination:
-    namespace: authentik
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-

argocd/templates/bitwarden.yaml

@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: bitwarden
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: bitwarden
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: bitwarden
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
-    syncOptions:
-      - CreateNamespace=true   
-

argocd/templates/cert-manager.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: cert-manager
   destination:
     namespace: cert-manager

argocd/templates/crossplane.yml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: crossplane
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: crossplane
-  destination:
-    namespace: crossplane
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/durpapi.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpapi
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: durpapi
-  destination:
-    namespace: durpapi
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/durpot.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: durpot
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: durpot
-  destination:
-    namespace: durpot
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/external-dns.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: external-dns
   destination:
     namespace: external-dns

argocd/templates/external-secrets.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: external-secrets
   destination:
     namespace: external-secrets

argocd/templates/gatekeeper.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: gatekeeper
   destination:
     namespace: gatekeeper

argocd/templates/gitlab-runner.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: gitlab-runner
   destination:
     namespace: gitlab-runner

argocd/templates/heimdall.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: heimdall
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: heimdall
-  destination:
-    namespace: heimdall
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/krakend.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: krakend
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: krakend
-  destination:
-    namespace: krakend
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/kube-prometheus-stack.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: kube-prometheus-stack
   destination:
     namespace: kube-prometheus-stack

argocd/templates/kubeclarity.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: kubeclarity
   destination:
     namespace: kubeclarity

argocd/templates/littlelink.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: littlelink
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: littlelink
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: littlelink
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true        

argocd/templates/longhorn.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: longhorn
   destination:
     namespace: longhorn-system

argocd/templates/metallb-system.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: metallb-system
   destination:
     namespace: metallb-system
@@ -19,3 +19,4 @@ spec:
     syncOptions:
       - CreateNamespace=true 
 
+

argocd/templates/nfs-client.yaml

@@ -1,23 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: nfs-client
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: nfs-client
-    directory:
-      recurse: true
-  destination:
-    namespace: nfs-client
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 
-

argocd/templates/open-webui.yaml

@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: open-webui
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
-    path: open-webui
-  destination:
-    namespace: open-webui
-    name: in-cluster
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true  
-    syncOptions:
-      - CreateNamespace=true 

argocd/templates/secrets.yaml

@@ -1,17 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: vault-argocd
-  labels:
-    app.kubernetes.io/part-of: argocd
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: client-secret
-  data:
-  - secretKey: clientSecret
-    remoteRef:
-      key: secrets/argocd/authentik
-      property: clientsecret

argocd/templates/traefik.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: traefik
   destination:
     namespace: traefik

argocd/templates/uptimekuma.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: uptimekuma
     directory:
       recurse: true

argocd/templates/vault.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: dmz
     path: vault
   destination:
     namespace: vault

argocd/values.yaml

@@ -1,10 +1,28 @@
 argo-cd:
+
   global:
     revisionHistoryLimit: 1
     image:
       repository: registry.internal.durp.info/argoproj/argocd
       imagePullPolicy: Always
 
+  server:
+    #extraArgs:
+    #  - --dex-server-plaintext
+    #  - --dex-server=argocd-dex-server:5556
+    # oidc.config: |
+    #   name: AzureAD
+    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
+    #   clientID: CLIENT_ID
+    #   clientSecret: $oidc.azuread.clientSecret
+    #   requestedIDTokenClaims:
+    #     groups:
+    #       essential: true
+    #   requestedScopes:
+    #     - openid
+    #     - profile
+    #     - email
+
   dex:
     enabled: true
     image:
@@ -15,13 +33,13 @@ argo-cd:
     cm:
       create: true
       annotations: {}
-      url: https://argocd.dev.durp.info
+      url: https://argocd.internal.durp.info
       oidc.tls.insecure.skip.verify: "true"
       dex.config: |
         connectors:
           - config:
-              issuer: https://authentik.dev.durp.info/application/o/argocd/
-              clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl
+              issuer: https://authentik.durp.info/application/o/argocd/
+              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
               clientSecret: $client-secret:clientSecret
               insecureEnableGroups: true
               scopes:
@@ -36,9 +54,9 @@ argo-cd:
     rbac:
       create: true
       policy.csv: |
-        g, ArgoCD Admins, role:admin
+        g, ArgoCD Admins, role:admin 
       scopes: "[groups]"
 
   server:
-    route:
+    route: 
       enabled: false

authentik/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: authentik
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
-- name: authentik
-  repository: https://charts.goauthentik.io
-  version: 2024.4.1

authentik/templates/authentik-pv.yaml

@@ -1,24 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolume
-#metadata:
-#  annotations:
-#    pv.kubernetes.io/provisioned-by: durp.info/nfs
-#  finalizers:
-#  - kubernetes.io/pv-protection
-#  name: authentik-pv
-#spec:
-#  accessModes:
-#  - ReadWriteMany
-#  capacity:
-#    storage: 10Gi
-#  claimRef:
-#    apiVersion: v1
-#    kind: PersistentVolumeClaim
-#    name: authentik-pvc
-#    namespace: authentik
-#  nfs:
-#    path: /mnt/user/k3s/authentik
-#    server: 192.168.20.253
-#  persistentVolumeReclaimPolicy: Retain
-#  storageClassName: nfs-storage
-#  volumeMode: Filesystem

authentik/templates/authentik-pvc.yaml

@@ -1,18 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolumeClaim
-#metadata:
-#  labels:
-#    app.kubernetes.io/component: app
-#    app.kubernetes.io/instance: authentik
-#    app.kubernetes.io/managed-by: Helm
-#    app.kubernetes.io/name: authentik
-#    helm.sh/chart: authentik-2.14.4
-#  name: authentik-pvc
-#  namespace: authentik
-#spec:
-#  accessModes:
-#    - ReadWriteMany
-#  resources:
-#    requests:
-#      storage: 10Gi
-#  storageClassName: nfs-storage

authentik/templates/ingress.yaml

@@ -1,42 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`authentik.dev.durp.info`) && PathPrefix(`/`) 
-    kind: Rule
-    services:
-    - name: authentik-server
-      port: 80
-  tls:
-    secretName: authentik-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-tls
-spec:
-  secretName: authentik-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "authentik.dev.durp.info"
-  dnsNames:
-  - "authentik.dev.durp.info" 
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: authentik-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

authentik/templates/secrets.yaml

@@ -1,28 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: authentik-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: db-pass
-  data:
-  - secretKey: dbpass
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-  - secretKey: secretkey
-    remoteRef:
-      key: secrets/authentik/database
-      property: secretkey     
-  - secretKey: postgresql-postgres-password 
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-  - secretKey: postgresql-password 
-    remoteRef:
-      key: secrets/authentik/database
-      property: dbpass
-        

authentik/values.yaml

@@ -1,60 +0,0 @@
-authentik:
-  global:
-    env: 
-      - name: AUTHENTIK_REDIS__DB
-        value: "1"
-      - name: AUTHENTIK_POSTGRESQL__PASSWORD
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: dbpass
-      - name: AUTHENTIK_SECRET_KEY
-        valueFrom:
-          secretKeyRef:
-            name: db-pass
-            key: secretkey
-    revisionHistoryLimit: 1
-    image:
-      repository: registry.internal.durp.info/goauthentik/server
-      pullPolicy: Always
-  authentik:
-    outposts:
-      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
-    postgresql:
-      host: '{{ .Release.Name }}-postgresql-hl'
-      name: "authentik"
-      user: "authentik"
-      port: 5432
-  server:
-    name: server
-    replicas: 3
-  postgresql:
-    enabled: true
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/postgresql
-      pullPolicy: Always
-    auth:
-      username: "authentik"
-      existingSecret: db-pass
-      secretKeys:
-        adminPasswordKey: dbpass 
-        userPasswordKey: dbpass
-        
-          #postgresqlUsername: "authentik"
-          #postgresqlDatabase: "authentik"
-          #existingSecret: db-pass 
-    persistence:
-      enabled: true
-      storageClass: longhorn
-      accessModes:
-        - ReadWriteMany
-  redis:
-    enabled: true
-    image:
-      registry: registry.internal.durp.info
-      repository: bitnami/redis
-      pullPolicy: Always
-    architecture: standalone
-    auth:
-      enabled: false

bitwarden/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-name: bitwarden
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"

bitwarden/templates/bitwarden-pv.yaml

@@ -1,25 +0,0 @@
-#apiVersion: v1
-#kind: PersistentVolume
-#metadata:
-#  annotations:
-#    pv.kubernetes.io/provisioned-by: durp.info/nfs
-#  finalizers:
-#  - kubernetes.io/pv-protection
-#  name: bitwarden-pv
-#spec:
-#  accessModes:
-#  - ReadWriteMany
-#  capacity:
-#    storage: 10Gi
-#  claimRef:
-#    apiVersion: v1
-#    kind: PersistentVolumeClaim
-#    name: bitwarden-pvc
-#    namespace: bitwarden
-#  nfs:
-#    path: /mnt/user/k3s/bitwarden
-#    server: 192.168.20.253
-#  persistentVolumeReclaimPolicy: Retain
-#  storageClassName: nfs-storage
-#  volumeMode: Filesystem
-#

bitwarden/templates/bitwarden-pvc.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: bitwarden-pvc
-spec:
-  storageClassName: longhorn
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi

bitwarden/templates/deployment.yaml

@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: bitwarden
-  name: bitwarden
-  labels:
-    app: bitwarden
-spec:
-  selector:
-    matchLabels:
-      app: bitwarden
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: bitwarden
-    spec:
-      containers:
-      - name: bitwarden
-        image: registry.internal.durp.info/vaultwarden/server:1.30.5
-        imagePullPolicy: Always
-        volumeMounts:
-        - name: bitwarden-pvc
-          mountPath: /data
-          subPath: bitwaren-data              
-        ports:
-        - name: http
-          containerPort: 80
-        env:
-          - name: SIGNUPS_ALLOWED
-            value: "TRUE"
-          - name: INVITATIONS_ALLOWED
-            value: "FALSE"                      
-          - name: WEBSOCKET_ENABLED
-            value: "TRUE"          
-          - name: ROCKET_ENV
-            value: "staging"              
-          - name: ROCKET_PORT
-            value: "80"            
-          - name: ROCKET_WORKERS
-            value: "10"
-          - name: ADMIN_TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: bitwarden-secret
-                key: ADMIN_TOKEN
-      volumes:
-      - name: bitwarden-pvc
-        persistentVolumeClaim:
-          claimName: bitwarden-pvc             

bitwarden/templates/ingress.yaml

@@ -1,63 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: bitwarden-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: bitwarden
-      port: 80
-  tls:
-    secretName: bitwarden-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: bitwarden-tls
-spec:
-  secretName: bitwarden-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "bitwarden.dev.durp.info"
-  dnsNames:
-  - "bitwarden.dev.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: bitwarden-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: bitwarden.dev.durp.info
-spec:
-  type: ExternalName
-  externalName: dev.durp.info
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: bitwarden-admin-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/admin`)
-    kind: Rule
-    middlewares:
-    - name: whitelist
-      namespace: traefik  
-    services:
-    - name: bitwarden
-      port: 80
-  tls:
-    secretName: bitwarden-tls

bitwarden/templates/secrets.yaml

@@ -1,16 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: bitwarden-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: bitwarden-secret
-  data:
-  - secretKey: ADMIN_TOKEN
-    remoteRef:
-      key: secrets/bitwarden/admin
-      property: ADMIN_TOKEN
-

bitwarden/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: bitwarden
-spec:
-  ports:
-  - name: http
-    port: 80
-    targetPort: 80
-    protocol: TCP
-  selector:
-    app: bitwarden

cert-manager/templates/self-signed.yaml

@@ -1,13 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: selfsigned-issuer
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-cluster-issuer
-spec:
-  selfSigned: {}

crossplane/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: crossplane
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
-- name: crossplane
-  repository: https://charts.crossplane.io/stable
-  version: 1.16.0

crossplane/templates/gitlab.yml

@@ -1,55 +0,0 @@
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: provider-gitlab
-spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0
----
-
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: gitlab-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: gitlab-secret
-  data:
-  - secretKey: accesstoken
-    remoteRef:
-      key: secrets/gitlab/token
-      property: accesstoken
-
----
-
-#apiVersion: gitlab.crossplane.io/v1beta1
-#kind: ProviderConfig
-#metadata:
-#  name: gitlab-provider
-#spec:
-#  baseURL: https://gitlab.com/
-#  credentials:
-#    source: Secret
-#    secretRef:
-#      namespace: crossplane
-#      name: gitlab-secret
-#      key: accesstoken
-#
-#---
-#
-#apiVersion: projects.gitlab.crossplane.io/v1alpha1
-#kind: Project
-#metadata:
-#  name: example-project
-#spec:
-#  deletionPolicy: Orphan
-#  forProvider:
-#    name: "Example Project"
-#    description: "example project description"
-#  providerConfigRef:
-#    name: gitlab-provider
-#    policy:
-#      resolution: Optional
-#      resolve: Always

crossplane/values.yaml

@@ -1,186 +0,0 @@
-# helm-docs renders these comments into markdown. Use markdown formatting where
-# appropiate.
-#
-# -- The number of Crossplane pod `replicas` to deploy.
-replicas: 1
-
-# -- The deployment strategy for the Crossplane and RBAC Manager pods.
-deploymentStrategy: RollingUpdate
-
-image:
-  # -- Repository for the Crossplane pod image.
-  repository: xpkg.upbound.io/crossplane/crossplane
-  # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
-  tag: ""
-  # -- The image pull policy used for Crossplane and RBAC Manager pods.
-  pullPolicy: IfNotPresent
-
-# -- Add `nodeSelectors` to the Crossplane pod deployment.
-nodeSelector: {}
-# -- Add `tolerations` to the Crossplane pod deployment.
-tolerations: []
-# -- Add `affinities` to the Crossplane pod deployment.
-affinity: {}
-
-# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
-hostNetwork: false
-
-# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
-dnsPolicy: ""
-
-# -- Add custom `labels` to the Crossplane pod deployment.
-customLabels: {}
-
-# -- Add custom `annotations` to the Crossplane pod deployment.
-customAnnotations: {}
-
-serviceAccount:
-  # -- Add custom `annotations` to the Crossplane ServiceAccount.
-  customAnnotations: {}
-
-# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
-leaderElection: true
-# -- Add custom arguments to the Crossplane pod.
-args: []
-
-provider:
-  # -- A list of Provider packages to install.
-  packages: []
-
-configuration:
-  # -- A list of Configuration packages to install.
-  packages: []
-
-function:
-  # -- A list of Function packages to install
-  packages: []
-
-# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
-imagePullSecrets: []
-
-registryCaBundleConfig:
-  # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
-  name: ""
-  # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
-  key: ""
-
-service:
-  # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
-  customAnnotations: {}
-
-webhooks:
-  # -- Enable webhooks for Crossplane and installed Provider packages.
-  enabled: true
-
-rbacManager:
-  # -- Deploy the RBAC Manager pod and its required roles.
-  deploy: true
-  # -- Don't install aggregated Crossplane ClusterRoles.
-  skipAggregatedClusterRoles: false
-  # -- The number of RBAC Manager pod `replicas` to deploy.
-  replicas: 1
-  # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
-  leaderElection: true
-  # -- Add custom arguments to the RBAC Manager pod.
-  args: []
-  # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
-  nodeSelector: {}
-  # -- Add `tolerations` to the RBAC Manager pod deployment.
-  tolerations: []
-  # -- Add `affinities` to the RBAC Manager pod deployment.
-  affinity: {}
-
-# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
-priorityClassName: ""
-
-resourcesCrossplane:
-  limits:
-    # -- CPU resource limits for the Crossplane pod.
-    cpu: 500m
-    # -- Memory resource limits for the Crossplane pod.
-    memory: 1024Mi
-  requests:
-    # -- CPU resource requests for the Crossplane pod.
-    cpu: 100m
-    # -- Memory resource requests for the Crossplane pod.
-    memory: 256Mi
-
-securityContextCrossplane:
-  # -- The user ID used by the Crossplane pod.
-  runAsUser: 65532
-  # -- The group ID used by the Crossplane pod.
-  runAsGroup: 65532
-  # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
-  allowPrivilegeEscalation: false
-  # -- Set the Crossplane pod root file system as read-only.
-  readOnlyRootFilesystem: true
-
-packageCache:
-  # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
-  medium: ""
-  # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
-  sizeLimit: 20Mi
-  # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
-  pvc: ""
-  # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
-  configMap: ""
-
-resourcesRBACManager:
-  limits:
-    # -- CPU resource limits for the RBAC Manager pod.
-    cpu: 100m
-    # -- Memory resource limits for the RBAC Manager pod.
-    memory: 512Mi
-  requests:
-    # -- CPU resource requests for the RBAC Manager pod.
-    cpu: 100m
-    # -- Memory resource requests for the RBAC Manager pod.
-    memory: 256Mi
-
-securityContextRBACManager:
-  # -- The user ID used by the RBAC Manager pod.
-  runAsUser: 65532
-  # -- The group ID used by the RBAC Manager pod.
-  runAsGroup: 65532
-  # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
-  allowPrivilegeEscalation: false
-  # -- Set the RBAC Manager pod root file system as read-only.
-  readOnlyRootFilesystem: true
-
-metrics:
-  # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
-  enabled: false
-
-# -- Add custom environmental variables to the Crossplane pod deployment.
-# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
-extraEnvVarsCrossplane: {}
-
-# -- Add custom environmental variables to the RBAC Manager pod deployment.
-# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
-extraEnvVarsRBACManager: {}
-
-# -- Add a custom `securityContext` to the Crossplane pod.
-podSecurityContextCrossplane: {}
-
-# -- Add a custom `securityContext` to the RBAC Manager pod.
-podSecurityContextRBACManager: {}
-
-# -- Add custom `volumes` to the Crossplane pod.
-extraVolumesCrossplane: {}
-
-# -- Add custom `volumeMounts` to the Crossplane pod.
-extraVolumeMountsCrossplane: {}
-
-# -- To add arbitrary Kubernetes Objects during a Helm Install
-extraObjects: []
-  # - apiVersion: pkg.crossplane.io/v1alpha1
-  #   kind: ControllerConfig
-  #   metadata:
-  #     name: aws-config
-  #     annotations:
-  #       eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
-  #       helm.sh/hook: post-install
-  #   spec:
-  #     podSecurityContext:
-  #       fsGroup: 2000
-

durpapi/Chart.yaml

@@ -1,11 +0,0 @@
-apiVersion: v2
-type: application
-version: 0.1.0-dev0192
-description: A Helm chart for Kubernetes
-appVersion: 0.1.0
-name: durpapi
-dependencies:
-- version: 12.5.*
-  condition: postgresql.enabled
-  repository: https://charts.bitnami.com/bitnami
-  name: postgresql

durpapi/templates/deployment.yaml

@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Chart.Name }}
-  labels:
-    app: {{ .Chart.Name }}
-spec:
-  revisionHistoryLimit: 1
-  selector:
-    matchLabels:
-      app: {{ .Chart.Name }}
-  replicas: {{ .Values.deployment.hpa.minReplicas }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Chart.Name }}
-    spec:
-      containers:
-      - name: api
-        image: "{{ .Values.deployment.image }}:{{ default .Chart.Version .Values.deployment.tag }}"
-        imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}   
-        readinessProbe:
-          {{- toYaml .Values.deployment.probe.readiness | nindent 12 }}
-        livenessProbe:
-          {{- toYaml .Values.deployment.probe.liveness | nindent 12 }}
-        startupProbe:
-          {{- toYaml .Values.deployment.probe.startup | nindent 12 }}
-        ports:
-        - name: http
-          containerPort: {{ .Values.service.targetport }}
-        env:
-          - name: host
-            value: {{ .Values.swagger.host }}
-          - name: version
-            value: {{ default .Chart.Version .Values.deployment.tag }}
-        envFrom:
-        - secretRef:
-            name: {{ .Values.deployment.secretfile }} 

durpapi/templates/hpa.yaml

@@ -1,24 +0,0 @@
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: "{{ .Chart.Name }}-hpa"
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ .Chart.Name }}
-  minReplicas: {{ .Values.deployment.hpa.minReplicas  }}
-  maxReplicas: {{ .Values.deployment.hpa.maxReplicas  }}
-  metrics:
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: 80
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: 40

durpapi/templates/ingress.yaml

@@ -1,45 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Chart.Name }}-ingress"
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host("api.dev.durp.info") && PathPrefix(`/api`)
-    kind: Rule
-    middlewares:
-      - name: jwt
-    services:
-    - name: "durpapi-service"
-      port: 80
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Chart.Name }}-swagger"
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host("api.dev.durp.info") && PathPrefix(`/swagger`)
-    kind: Rule
-    services:
-    - name: "durpapi-service"
-      port: 80
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: jwt
-spec:
-  plugin:
-    jwt:
-      Required: true
-      Keys:
-        - https://authentik.durp.info/application/o/api/jwks
-

durpapi/templates/secrets.yaml

@@ -1,39 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: durpapi-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: durpapi-secret
-  data:
-  - secretKey: db_host
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_host
-  - secretKey: db_port
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_port
-  - secretKey: db_pass
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_pass
-  - secretKey: db_user
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_user                                                        
-  - secretKey: db_sslmode
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_sslmode
-  - secretKey: db_name
-    remoteRef:
-      key: secrets/durpapi/postgres
-      property: db_name
-  - secretKey: llamaurl
-    remoteRef:
-      key: secrets/durpapi/llamaurl
-      property: llamaurl

durpapi/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Chart.Name }}-service"
-spec:
-  ports:
-  - name: http
-    port: {{ .Values.service.port }}
-    targetPort: {{ .Values.service.targetport }}
-    protocol: TCP
-  selector:
-    app: {{ .Chart.Name }}

durpapi/values.yaml

@@ -1,39 +0,0 @@
-ingress:
-  enabled: false
-deployment: 
-  image: registry.internal.durp.info/developerdurp/durpapi
-  secretfile: durpapi-secret
-  imagePullPolicy: Always
-  hpa:
-    minReplicas: 3
-    maxReplicas: 10
-  probe:
-    readiness:  
-      httpGet:
-        path: /api/health/gethealth
-        port: 8080
-    liveness: 
-      httpGet:
-        path: /api/health/gethealth
-        port: 8080
-    startup: 
-      httpGet:
-        path: /api/health/gethealth
-        port: 8080
-service:
-  type: ClusterIP
-  port: 80
-  targetport: 8080
-
-swagger:
-  host: api.durp.info
-postgresql:
-  enabled: true
-  auth:
-    existingSecret: durpapi-secret
-    secretKeys:
-      adminPasswordKey: db_pass
-      userPasswordKey: db_pass
-      replicationPasswordKey: db_pass
-    database: postgres
-    username: postgres

durpot/Chart.yaml

@@ -1,11 +0,0 @@
-apiVersion: v2
-name: durpapi
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
-- name: durpot
-  repository: https://gitlab.com/api/v4/projects/45025485/packages/helm/stable
-  version: 0.1.0-dev0038

durpot/templates/secrets.yaml

@@ -1,43 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: durpot-secert
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: durpot-secret
-  data:
-  - secretKey: OPENAI_API_KEY
-    remoteRef:
-      key: secrets/durpot/openai
-      property: OPENAI_API_KEY
-  - secretKey: BOTPREFIX
-    remoteRef:
-      key: secrets/durpot/discord
-      property: BOTPREFIX
-  - secretKey: ChannelID
-    remoteRef:
-      key: secrets/durpot/discord
-      property: ChannelID
-  - secretKey: TOKEN
-    remoteRef:
-      key: secrets/durpot/discord
-      property: TOKEN
-  - secretKey: ClientID
-    remoteRef:
-      key: secrets/durpot/auth
-      property: ClientID
-  - secretKey: Password
-    remoteRef:
-      key: secrets/durpot/auth
-      property: Password
-  - secretKey: TokenURL
-    remoteRef:
-      key: secrets/durpot/auth
-      property: TokenURL
-  - secretKey: Username
-    remoteRef:
-      key: secrets/durpot/auth
-      property: Username

external-dns/values.yaml

@@ -4,10 +4,10 @@ external-dns:
 
   image:
     pullPolicy: Always
-  txtPrefix: "dev-"
+  txtPrefix: "dmz-"
   sources:
     - service
-    
+
   provider: cloudflare
   cloudflare:
     secretName : "external-dns"

external-secrets/templates/secret-store.yaml

@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault
+spec:
+  provider:
+    vault:
+      server: "https://vault.internal.prd.durp.info"
+      path: "secrets"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "dmz-external-secrets"
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloudflare-api-token-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: cloudflare-api-token-secret
+  data:
+  - secretKey: cloudflare-api-token-secret
+    remoteRef:
+      key: secrets/cert-manager
+      property: cloudflare-api-token-secret
+

heimdall/Chart.yaml

@@ -1,11 +0,0 @@
-apiVersion: v2
-name: heimdall
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
-- name: heimdall
-  repository: https://djjudas21.github.io/charts/
-  version: 8.5.2

heimdall/templates/ingress.yaml

@@ -1,52 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  annotations:
-  name: heimdall-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/`)
-    middlewares:
-    - name: authentik-proxy-provider
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: heimdall
-      port: 80
-  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    kind: Rule
-    services:
-    - name: ak-outpost-authentik-embedded-outpost
-      namespace: authentik
-      port: 9000
-  tls:
-    secretName: heimdall-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: heimdall-tls
-spec:
-  secretName: heimdall-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "heimdall.dev.durp.info"
-  dnsNames:
-  - "heimdall.dev.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: heimdall-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info

heimdall/values.yaml

@@ -1,28 +0,0 @@
-heimdall:
-
-  image:
-    registry: 
-    repository: registry.internal.durp.info/linuxserver/heimdall
-    pullPolicy: Always    
-
-  env:
-    TZ: UTC
-    PUID: "1000"
-    PGID: "1000"
-
-  service:
-    main:
-      annotations:
-          external-dns.alpha.kubernetes.io/hostname: heimdall.durp.info
-          external-dns.alpha.kubernetes.io/target: home.durp.info
-      ports:
-        http:
-          port: 80
-
-  ingress:
-    main:
-      enabled: false
-
-  persistence:
-    config:
-      enabled: true

internalproxy/templates/argocd.yaml

@@ -8,9 +8,9 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`argocd.internal.dev.durp.info`)
+  - match: Host(`argocd.internal.durp.info`)
     middlewares:
-    - name: internal-only
+    - name: whitelist
       namespace: traefik  
     kind: Rule
     services:
@@ -22,6 +22,16 @@ spec:
 
 ---
 
+kind: Service
+apiVersion: v1
+metadata:
+  name: argocd-server
+spec:
+  type: ExternalName
+  externalName: argocd-server.argocd.svc.cluster.local  
+
+---
+
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -31,6 +41,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "argocd.internal.dev.durp.info"
+  commonName: "argocd.internal.durp.info"
   dnsNames:
-  - "argocd.internal.dev.durp.info"  
+  - "argocd.internal.durp.info"  

internalproxy/templates/duplicati-ingress.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: duplicati
+spec:
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+    targetPort: 8200
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: duplicati
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: duplicati-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: duplicati
+      port: 8200
+  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: duplicati-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: duplicati-tls
+spec:
+  secretName: duplicati-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "duplicati.internal.durp.info"
+  dnsNames:
+  - "duplicati.internal.durp.info"  

internalproxy/templates/gitea.yaml

@@ -0,0 +1,9 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: gitea-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/guac.yaml

@@ -0,0 +1,71 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: guac-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: guac.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: guac
+spec:
+  ports:
+  - name: app
+    port: 8082
+    protocol: TCP
+    targetPort: 8082
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: guac
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8082
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: guac-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`guac.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: guac
+      port: 8082
+  tls:
+    secretName: guac-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: guac-tls
+spec:
+  secretName: guac-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "guac.durp.info"
+  dnsNames:
+  - "guac.durp.info"  

internalproxy/templates/jellyfin.yaml

@@ -0,0 +1,9 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: jellyfin-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/kasm.yaml

@@ -0,0 +1,9 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: kasm-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/nexus.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nexus
+spec:
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: nexus
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nexus-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`nexus.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: nexus
+      port: 8081
+  tls:
+    secretName: nexus-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nexus-tls
+spec:
+  secretName: nexus-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "nexus.durp.info"
+  dnsNames:
+  - "nexus.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: nexus-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/plex.yaml

@@ -0,0 +1,9 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: plex-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: plex.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/registry-internal.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-internal
+spec:
+  ports:
+  - name: app
+    port: 5001
+    protocol: TCP
+    targetPort: 5001
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: registry-internal
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 5001
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-internal-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: registry-internal
+      port: 5001
+  tls:
+    secretName: registry-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-internal-tls
+spec:
+  secretName: registry-internal-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "registry.durp.info"
+  dnsNames:
+  - "registry.durp.info"  

internalproxy/templates/registry.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+spec:
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: registry
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`registry.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: registry
+      port: 5000
+  tls:
+    secretName: registry-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-tls
+spec:
+  secretName: registry-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "registry.durp.info"
+  dnsNames:
+  - "registry.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: registry-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/smokeping.yaml

@@ -0,0 +1,82 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: smokeping
+spec:
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+    targetPort: 81
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: smokeping
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: smokeping-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: smokeping
+      port: 81
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: smokeping-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: smokeping-tls
+spec:
+  secretName: smokeping-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "smokeping.durp.info"
+  dnsNames:
+  - "smokeping.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: smokeping-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/speedtest.yaml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: speedtest
+spec:
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+    targetPort: 6580
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: speedtest
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: speedtest-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    middlewares:
+    - name: authentik-proxy-provider
+      namespace: traefik 
+    services:
+    - name: speedtest
+      port: 6580
+  tls:
+    secretName: speedtest-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: speedtest-tls
+spec:
+  secretName: speedtest-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "speedtest.durp.info"
+  dnsNames:
+  - "speedtest.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: speedtest-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/tdarr.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tdarr
+spec:
+  ports:
+  - name: app
+    port: 8267
+    protocol: TCP
+    targetPort: 8267
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: tdarr
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8267
+    protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: tdarr-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`tdarr.internal.durp.info`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik  
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: tdarr
+      port: 8267
+      scheme: http
+  tls:
+    secretName: tdarr-tls  
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tdarr-tls
+spec:
+  secretName: tdarr-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "tdarr.internal.durp.info"
+  dnsNames:
+  - "tdarr.internal.durp.info"  

krakend/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-name: krakend
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"

krakend/templates/deployments.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: krakend
-  name: krakend
-  labels:
-    app: krakend
-spec:
-  selector:
-    matchLabels:
-      app: krakend
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: krakend
-    spec:
-      volumes:
-      - name: krakend-secret
-        secret:
-          secretName: krakend-secret
-      containers:
-      - name: krakend
-        image: registry.internal.durp.info/devopsfaith/krakend:2.4.3
-        imagePullPolicy: Always
-        livenessProbe:
-          httpGet:
-            path: /__health
-            port: 8080
-        readinessProbe:
-          httpGet:
-            path: /__health
-            port: 8080            
-        ports:
-        - name: http
-          containerPort: 8080          
-        volumeMounts:
-        - name: krakend-secret
-          mountPath: /etc/krakend

krakend/templates/ingress.yaml

@@ -1,56 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: api-tls
-spec:
-  secretName: api-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "api.dev.durp.info"
-  dnsNames:
-  - "api.dev.durp.info"        
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: krakend-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`api.dev.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: krakend-service
-          port: 8080
-          scheme: http
-  tls:
-    secretName: api-tls
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: api-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: api.dev.durp.info
-spec:
-  type: ExternalName
-  externalName: dev.durp.info
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: api-developer-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: developer.dev.durp.info
-    external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
-spec:
-  type: ExternalName
-  externalName: developerdurp.github.io

krakend/templates/secrets.yaml

@@ -1,15 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: krakend-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: krakend-secret
-  data:
-  - secretKey: krakend.json
-    remoteRef:
-      key: secrets/krakend/config
-      property: config

krakend/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: krakend-service
-spec:
-  ports:
-  - name: http
-    port: 8080
-    targetPort: 8080
-    protocol: TCP
-  selector:
-    app: krakend

kube-prometheus-stack/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`grafana.dev.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`grafana.durp.info`) && PathPrefix(`/`) 
     kind: Rule
     services:
     - name: grafana
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "grafana.dev.durp.info"
+  commonName: "grafana.durp.info"
   dnsNames:
-  - "grafana.dev.durp.info"  
+  - "grafana.durp.info"  
 
 ---
 
@@ -39,7 +39,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`alertmanager.dev.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) 
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -63,9 +63,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "alertmanager.dev.durp.info"
+  commonName: "alertmanager.durp.info"
   dnsNames:
-  - "alertmanager.dev.durp.info"  
+  - "alertmanager.durp.info"  
 
 ---
 
@@ -74,7 +74,7 @@ apiVersion: v1
 metadata:
   name: grafana-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: grafana.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info  
+  externalName: durp.info  

kubeclarity/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`kubeclarity.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -30,9 +30,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "kubeclarity.dev.durp.info"
+  commonName: "kubeclarity.durp.info"
   dnsNames:
-  - "kubeclarity.dev.durp.info"  
+  - "kubeclarity.durp.info"  
 
 ---
 
@@ -41,7 +41,7 @@ apiVersion: v1
 metadata:
   name: kubeclarity-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: kubeclarity.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
+  externalName: durp.info

littlelink/templates/deployment.yaml

@@ -1,99 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: littlelink
-  name: littlelink
-  labels:
-    app: littlelink
-spec:
-  selector:
-    matchLabels:
-      app: littlelink
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: littlelink
-    spec:
-      containers:
-      - name: littlelink
-        image: registry.internal.durp.info/techno-tim/littlelink-server:latest
-        imagePullPolicy: Always
-        livenessProbe:
-          httpGet:
-            path: /healthcheck
-            port: 3000
-        readinessProbe:
-          httpGet:
-            path: /healthcheck
-            port: 3000            
-        env:
-          - name: META_TITLE
-            value: DeveloperDurp
-          - name: META_DESCRIPTION
-            value: The Durpy Developer
-          - name: META_AUTHOR
-            value: DeveloperDurp
-          - name: LANG
-            value: en
-          - name: META_INDEX_STATUS
-            value: all
-          - name: OG_TITLE
-            value: DeveloperDurp
-          - name: OG_DESCRIPTION
-            value: DeveloperDurp
-          - name: OG_URL
-            value: https://gitlab.com/developerdurp
-          - name: OG_IMAGE
-            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
-          - name : OG_IMAGE_WIDTH
-            value: "400"
-          - name : OG_IMAGE_HEIGHT
-            value: "400"
-          - name : THEME
-            value: Dark 
-          - name : FAVICON_URL
-            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
-          - name : AVATAR_URL
-            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png
-          - name : AVATAR_2X_URL
-            value: https://gitlab.com/uploads/-/system/user/avatar/9987937/avatar.png   
-          - name : AVATAR_ALT
-            value: DeveloperDurp Profile Pic
-          - name : NAME
-            value: DeveloperDurp
-          - name : BIO
-            value: Sup Nerd,
-          - name : BUTTON_ORDER
-            value: GITHUB,GITLAB,YOUTUBE,TWITTER,COFFEE,EMAIL
-          - name : TWITTER
-            value: https://twitter.com/developerdurp                
-          - name : GITHUB
-            value: https://github.com/DeveloperDurp
-          - name : GITLAB
-            value: https://gitlab.com/developerdurp
-          - name: YOUTUBE
-            value: https://www.youtube.com/channel/UC1rGa6s6kER_gLpIQsxeMVQ
-          - name : EMAIL
-            value: DeveloperDurp@durp.info
-          - name : EMAIL_TEXT
-            value: DeveloperDurp@durp.info            
-          - name : FOOTER
-            value: DeveloperDurp © 2022         
-          - name: CUSTOM_BUTTON_TEXT
-            value: BuyMeACoffee
-          - name: CUSTOM_BUTTON_URL
-            value: https://www.buymeacoffee.com/DeveloperDurp
-          - name: CUSTOM_BUTTON_COLOR
-            value: '#ffdd00'          
-          - name: CUSTOM_BUTTON_TEXT_COLOR
-            value: '#000000'
-          - name: CUSTOM_BUTTON_ALT_TEXT
-            value: Support
-          - name: CUSTOM_BUTTON_NAME
-            value: COFFEE
-          - name: CUSTOM_BUTTON_ICON
-            value: fa-solid fa-cup-togo
-        ports:
-        - name: http
-          containerPort: 3000          

littlelink/templates/ingress.yaml

@@ -1,43 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: littlelink-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`links.dev.durp.info`) && PathPrefix(`/`)
-    kind: Rule
-    services:
-    - name: littlelink
-      port: 80
-  tls:
-    secretName: littlelink-tls
-
----
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: littlelink-tls
-spec:
-  secretName: littlelink-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "links.dev.durp.info"
-  dnsNames:
-  - "links.dev.durp.info"  
-
----
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: links-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: links.dev.durp.info
-spec:
-  type: ExternalName
-  externalName: dev.durp.info
-

littlelink/templates/service.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: littlelink
-spec:
-  ports:
-  - name: http
-    port: 80
-    targetPort: 3000
-    protocol: TCP 
-  selector:
-    app: littlelink

longhorn/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
   repository: https://charts.longhorn.io
-  version: 1.7.0
+  version: 1.3.2

longhorn/templates/ingress.yaml

@@ -6,17 +6,17 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
-        #- name: authentik-proxy-provider
-        #  namespace: traefik  
+    - name: authentik-proxy-provider
+      namespace: traefik  
     kind: Rule
     services:
     - name: longhorn-frontend
       port: 80
-  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -36,6 +36,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "longhorn.internal.dev.durp.info"
+  commonName: "longhorn.internal.durp.info"
   dnsNames:
-  - "longhorn.internal.dev.durp.info"  
+  - "longhorn.internal.durp.info"  

longhorn/templates/secrets.yaml

@@ -8,7 +8,7 @@ spec:
     name: vault
     kind: ClusterSecretStore
   target:
-    name: longhorn-backup-token-secret2
+    name: longhorn-backup-token-secret
   data:
   - secretKey: AWS_ACCESS_KEY_ID
     remoteRef:

longhorn/values.yaml

@@ -47,7 +47,7 @@ longhorn:
   persistence:
     defaultClass: true
     defaultFsType: ext4
-    defaultClassReplicaCount: 1
+    defaultClassReplicaCount: 3
     defaultDataLocality: disabled # best-effort otherwise
     reclaimPolicy: Retain
     migratable: false
@@ -76,8 +76,8 @@ longhorn:
     snapshotterReplicaCount: ~
   
   defaultSettings:
-    backupTarget: S3://longhorn-dev@us-east-1/
-    backupTargetCredentialSecret: longhorn-backup-token-secret2
+    backupTarget: S3://longhorn@us-east-1/
+    backupTargetCredentialSecret: longhorn-backup-token-secret
     allowRecurringJobWhileVolumeDetached: ~
     createDefaultDiskLabeledNodes: ~
     defaultDataPath: ~
@@ -238,7 +238,7 @@ longhorn:
     #   certificate:
   
   # Configure a pod security policy in the Longhorn namespace to allow privileged pods
-  enablePSP: false
+  enablePSP: true
   
   ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
   ## and its release namespace is not the `longhorn-system`

metallb-system/Chart.yaml

@@ -10,3 +10,4 @@ dependencies:
 - name: metallb
   repository: https://metallb.github.io/metallb
   version: 0.14.5
+

metallb-system/templates/config.yaml

@@ -4,7 +4,7 @@ metadata:
   name: cheap
 spec:
   addresses:
-    - 192.168.10.110-192.168.10.120
+    - 192.168.20.34-192.168.20.39
 ---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
@@ -14,3 +14,4 @@ metadata:
 spec:
   ipAddressPools:
   - cheap
+

metallb-system/values.yaml

@@ -194,3 +194,4 @@ metallb:
     validationFailurePolicy: Fail
   frrk8s:
     enabled: false
+

nfs-client/Chart.yml

@@ -1,8 +0,0 @@
-apiVersion: v2
-name: nfs-client
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-

nfs-client/templates/cluster-role-binding.yml

@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: run-nfs-client-provisioner
-subjects:
-  - kind: ServiceAccount
-    name: nfs-client-provisioner
-    namespace: nfs-client 
-roleRef:
-  kind: ClusterRole
-  name: nfs-client-provisioner-runner
-  apiGroup: rbac.authorization.k8s.io

nfs-client/templates/cluster-role.yml

@@ -1,20 +0,0 @@
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: nfs-client-provisioner-runner  
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["endpoints"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]   

nfs-client/templates/provisioner.yml

@@ -1,42 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: nfs-client-provisioner
-  namespace: nfs-client 
-spec:
-  selector:
-    matchLabels:
-      app: nfs-client-provisioner
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: nfs-client-provisioner
-    spec:
-      serviceAccountName: nfs-client-provisioner
-      containers:
-        - name: nfs-client-provisioner
-          image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0
-          resources:
-            requests:
-              cpu: 500m
-              memory: 512Mi
-            limits:
-              memory: 1Gi
-          volumeMounts:
-            - name: nfs-client-ssd
-              mountPath: /persistentvolumes
-          env:
-            - name: PROVISIONER_NAME
-              value: durp.info/nfs
-            - name: NFS_SERVER
-              value: 192.168.20.253
-            - name: NFS_PATH
-              value: /mnt/user/k3s-dev 
-      volumes:
-        - name: nfs-client-ssd
-          nfs:
-            server: 192.168.20.253
-            path: /mnt/user/k3s-dev

nfs-client/templates/role-binding.yml

@@ -1,13 +0,0 @@
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: leader-locking-nfs-client-provisioner
-  namespace: nfs-client
-subjects:
-  - kind: ServiceAccount
-    name: nfs-client-provisioner    
-    namespace: nfs-client 
-roleRef:
-  kind: Role
-  name: leader-locking-nfs-client-provisioner
-  apiGroup: rbac.authorization.k8s.io

nfs-client/templates/role.yml

@@ -1,9 +0,0 @@
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: leader-locking-nfs-client-provisioner
-  namespace: nfs-client 
-rules:
-  - apiGroups: [""]
-    resources: ["endpoints"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]

nfs-client/templates/service-account.yml

@@ -1,5 +0,0 @@
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: nfs-client-provisioner
-  namespace: nfs-client 

nfs-client/templates/storage-class.yml

@@ -1,10 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: nfs-storage
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "false"
-provisioner: durp.info/nfs
-parameters:
-  archiveOnDelete: "false"
-reclaimPolicy: Retain

open-webui/Chart.yaml

@@ -1,7 +0,0 @@
-apiVersion: v2
-name: open-webui
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"

open-webui/templates/deployment.yaml

@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  namespace: open-webui
-  name: open-webui
-  labels:
-    app: open-webui
-spec:
-  selector:
-    matchLabels:
-      app: open-webui
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: open-webui
-    spec:
-      containers:
-      - name: open-webui
-        image: registry.internal.durp.info/open-webui/open-webui:main
-        imagePullPolicy: Always
-        volumeMounts:
-        - name: open-webui-pvc
-          mountPath: /app/backend/data
-        ports:
-        - name: http
-          containerPort: 8080
-        env:
-          - name: OLLAMA_BASE_URL
-            valueFrom:
-              secretKeyRef:
-                name: open-webui-secret
-                key: OLLAMA_BASE_URL
-      volumes:
-      - name: open-webui-pvc
-        persistentVolumeClaim:
-          claimName: open-webui-pvc