Update folder location

Update whitelist
Update ollama
2025-01-06 05:01:00 -06:00 · 2025-01-04 07:17:43 -06:00 · 2024-12-19 05:00:42 -06:00 · 2024-12-15 08:04:32 -06:00 · 2024-12-15 08:01:14 -06:00 · 2024-12-13 10:52:57 +00:00
212 changed files with 9936 additions and 437 deletions
--- a/argocd/Chart.yaml
+++ b/argocd/Chart.yaml
@@ -9,6 +9,6 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 6.7.11
+  version: 6.11.1


--- a/argocd/templates/InternalProxy.yaml
+++ b/argocd/templates/InternalProxy.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: internalproxy
+    path: master/internalproxy
    directory:
      recurse: true
  destination:
--- a/argocd/templates/argocd.yaml
+++ b/argocd/templates/argocd.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: argocd
+    path: master/argocd
  destination:
    namespace: argocd
    name: in-cluster
@@ -18,3 +18,42 @@ spec:
      selfHeal: true  
    syncOptions:
      - CreateNamespace=true 
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`argocd.internal.durp.info`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: argocd-server
+          port: 443
+          scheme: https
+  tls:
+    secretName: argocd-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-tls
+spec:
+  secretName: argocd-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "argocd.internal.durp.info"
+  dnsNames:
+    - "argocd.internal.durp.info"
--- a/argocd/templates/authentik.yaml
+++ b/argocd/templates/authentik.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: authentik
+    path: master/authentik
  destination:
    namespace: authentik
    name: in-cluster
--- a/argocd/templates/bitwarden.yaml
+++ b/argocd/templates/bitwarden.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: bitwarden
+    path: master/bitwarden
    directory:
      recurse: true
  destination:
--- a/argocd/templates/cert-manager.yaml
+++ b/argocd/templates/cert-manager.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: cert-manager
+    path: master/cert-manager
  destination:
    namespace: cert-manager
    name: in-cluster
--- a/argocd/templates/crossplane.yml
+++ b/argocd/templates/crossplane.yml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: crossplane
+    path: master/crossplane
  destination:
    namespace: crossplane
    name: in-cluster
--- a/argocd/templates/durpapi.yaml
+++ b/argocd/templates/durpapi.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: durpapi
+    path: master/durpapi
  destination:
    namespace: durpapi
    name: in-cluster
--- a/argocd/templates/durpot.yaml
+++ b/argocd/templates/durpot.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: durpot
+    path: master/durpot
  destination:
    namespace: durpot
    name: in-cluster
--- a/argocd/templates/external-dns.yaml
+++ b/argocd/templates/external-dns.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: external-dns
+    path: master/external-dns
  destination:
    namespace: external-dns
    name: in-cluster
--- a/argocd/templates/external-secrets.yaml
+++ b/argocd/templates/external-secrets.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: external-secrets
+    path: master/external-secrets
  destination:
    namespace: external-secrets
    name: in-cluster
--- a/argocd/templates/gatekeeper.yaml
+++ b/argocd/templates/gatekeeper.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: gatekeeper
+    path: master/gatekeeper
  destination:
    namespace: gatekeeper
    name: in-cluster
--- a/argocd/templates/gitlab-runner.yaml
+++ b/argocd/templates/gitlab-runner.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: gitlab-runner
+    path: master/gitlab-runner
  destination:
    namespace: gitlab-runner
    name: in-cluster
--- a/argocd/templates/heimdall.yaml
+++ b/argocd/templates/heimdall.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: heimdall
+    path: master/heimdall
  destination:
    namespace: heimdall
    name: in-cluster
--- a/argocd/templates/krakend.yaml
+++ b/argocd/templates/krakend.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: krakend
+    path: master/krakend
  destination:
    namespace: krakend
    name: in-cluster
--- a/argocd/templates/kube-prometheus-stack.yaml
+++ b/argocd/templates/kube-prometheus-stack.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: kube-prometheus-stack
+    path: master/kube-prometheus-stack
  destination:
    namespace: kube-prometheus-stack
    name: in-cluster
--- a/argocd/templates/kubeclarity.yaml
+++ b/argocd/templates/kubeclarity.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: kubeclarity
+    path: master/kubeclarity
  destination:
    namespace: kubeclarity
    name: in-cluster
--- a/argocd/templates/littlelink.yaml
+++ b/argocd/templates/littlelink.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: littlelink
+    path: master/littlelink
    directory:
      recurse: true
  destination:
--- a/argocd/templates/longhorn.yaml
+++ b/argocd/templates/longhorn.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: longhorn
+    path: master/longhorn
  destination:
    namespace: longhorn-system
    name: in-cluster
--- a/argocd/templates/metallb-system.yaml
+++ b/argocd/templates/metallb-system.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: metallb-system
+    path: master/metallb-system
  destination:
    namespace: metallb-system
    name: in-cluster
--- a/argocd/templates/nfs-client.yaml
+++ b/argocd/templates/nfs-client.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: nfs-client
+    path: master/nfs-client
    directory:
      recurse: true
  destination:
--- a/argocd/templates/open-webui.yaml
+++ b/argocd/templates/open-webui.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: open-webui
+    path: master/open-webui
  destination:
    namespace: open-webui
    name: in-cluster
--- a/argocd/templates/traefik.yaml
+++ b/argocd/templates/traefik.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: traefik
+    path: master/traefik
  destination:
    namespace: traefik
    name: in-cluster
--- a/argocd/templates/uptimekuma.yaml
+++ b/argocd/templates/uptimekuma.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: uptimekuma
+    path: master/uptimekuma
    directory:
      recurse: true
  destination:
--- a/argocd/templates/vault.yaml
+++ b/argocd/templates/vault.yaml
@@ -8,7 +8,7 @@ spec:
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
    targetRevision: main
-    path: vault
+    path: master/vault
  destination:
    namespace: vault
    name: in-cluster
@@ -16,7 +16,7 @@ spec:
    automated:
      prune: true
      selfHeal: true  
-    syncOptions:
+    syncOptions: Gc
      - CreateNamespace=true 
  ignoreDifferences:
  - group: admissionregistration.k8s.io
--- a/authentik/Chart.yaml
+++ b/authentik/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: authentik
  repository: https://charts.goauthentik.io
-  version: 2024.4.1
+  version: 2024.8.3
--- a/authentik/values.yaml
+++ b/authentik/values.yaml
@@ -26,6 +26,8 @@ authentik:
  server:
    name: server
    replicas: 3
+  worker:
+    replicas: 3
  postgresql:
    enabled: true
    image:
@@ -42,6 +44,9 @@ authentik:
        - ReadWriteMany
  redis:
    enabled: true
+    master:
+      persistence:
+        enabled: false    
    image:
      registry: registry.internal.durp.info
      repository: bitnami/redis
--- a/bitwarden/templates/deployment.yaml
+++ b/bitwarden/templates/deployment.yaml
@@ -17,7 +17,7 @@ spec:
    spec:
      containers:
      - name: bitwarden
-        image: registry.internal.durp.info/vaultwarden/server:1.30.3
+        image: registry.internal.durp.info/vaultwarden/server:1.32.0
        imagePullPolicy: Always
        volumeMounts:
        - name: bitwarden-pvc
--- a/cert-manager/Chart.yaml
+++ b/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: 1.*.*
+  version: v1.15.3
--- a/crossplane/Chart.yaml
+++ b/crossplane/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: crossplane
  repository: https://charts.crossplane.io/stable
-  version: 1.12.0
+  version: 1.17.1
--- a/dmz/internalproxy/templates/ollama.yaml
+++ b/dmz/internalproxy/templates/ollama.yaml
@@ -0,0 +1,101 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ollama-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: ollama-secret
+  data:
+    - secretKey: users
+      remoteRef:
+        key: secrets/internalproxy/ollama
+        property: users
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ollama-basic-auth
+spec:
+  basicAuth:
+    secret: ollama-secret
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: ollama
+spec:
+  ports:
+    - name: app
+      port: 11435
+      protocol: TCP
+      targetPort: 11435
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: ollama
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 11435
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ollama-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: ollama-basic-auth
+      kind: Rule
+      services:
+        - name: ollama
+          port: 11435
+  tls:
+    secretName: ollama-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ollama-tls
+spec:
+  secretName: ollama-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "ollama.durp.info"
+  dnsNames:
+    - "ollama.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: ollama-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info
--- a/durpapi/Chart.yaml
+++ b/durpapi/Chart.yaml
@@ -1,11 +1,13 @@
-type: application
-appVersion: 0.1.0
-description: A Helm chart for Kubernetes
+apiVersion: v2
 name: durpapi
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0-dev0184
+appVersion: 0.1.0
+
 dependencies:
 - condition: postgresql.enabled
  version: 12.5.*
  repository: https://charts.bitnami.com/bitnami
  name: postgresql
-apiVersion: v2
-version: test
--- a/durpapi/values.yaml
+++ b/durpapi/values.yaml
@@ -10,15 +10,15 @@ deployment:
  probe:
    readiness:  
      httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
        port: 8080
    liveness: 
      httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
        port: 8080
    startup: 
      httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
        port: 8080
 service:
  type: ClusterIP
--- a/external-dns/Chart.yaml
+++ b/external-dns/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
  repository: https://charts.bitnami.com/bitnami
-  version: 6.20.3
+  version: 8.3.8
--- a/external-secrets/Chart.yaml
+++ b/external-secrets/Chart.yaml
@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
  repository: https://charts.external-secrets.io
-  version: 0.8.1
+  version: 0.10.4

--- a/gatekeeper/Chart.yaml
+++ b/gatekeeper/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gatekeeper
  repository: https://open-policy-agent.github.io/gatekeeper/charts
-  version: 3.14.0
+  version: 3.17.1
--- a/gatekeeper/values.yaml
+++ b/gatekeeper/values.yaml
@@ -1,277 +1,278 @@
-gatekeeper:
-  replicas: 3
-  revisionHistoryLimit: 10
-  auditInterval: 60
-  metricsBackends: ["prometheus"]
-  auditMatchKindOnly: false
-  constraintViolationsLimit: 20
-  auditFromCache: false
-  disableMutation: false
-  disableValidatingWebhook: false
-  validatingWebhookName: gatekeeper-validating-webhook-configuration
-  validatingWebhookTimeoutSeconds: 3
-  validatingWebhookFailurePolicy: Ignore
-  validatingWebhookAnnotations: {}
-  validatingWebhookExemptNamespacesLabels: {}
-  validatingWebhookObjectSelector: {}
-  validatingWebhookCheckIgnoreFailurePolicy: Fail
-  validatingWebhookCustomRules: {}
-  validatingWebhookURL: null
-  enableDeleteOperations: false
-  enableExternalData: true
-  enableGeneratorResourceExpansion: true
-  enableTLSHealthcheck: false
-  maxServingThreads: -1
-  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
-  mutatingWebhookFailurePolicy: Ignore
-  mutatingWebhookReinvocationPolicy: Never
-  mutatingWebhookAnnotations: {}
-  mutatingWebhookExemptNamespacesLabels: {}
-  mutatingWebhookObjectSelector: {}
-  mutatingWebhookTimeoutSeconds: 1
-  mutatingWebhookCustomRules: {}
-  mutatingWebhookURL: null
-  mutationAnnotations: false
-  auditChunkSize: 500
-  logLevel: INFO
-  logDenies: false
-  logMutations: false
-  emitAdmissionEvents: false
-  emitAuditEvents: false
-  admissionEventsInvolvedNamespace: false
-  auditEventsInvolvedNamespace: false
-  resourceQuota: true
-  externaldataProviderResponseCacheTTL: 3m
-  image:
-    repository: openpolicyagent/gatekeeper
-    crdRepository: openpolicyagent/gatekeeper-crds
-    release: v3.15.0-beta.0
-    pullPolicy: Always
-    pullSecrets: []
-  preInstall:
-    crdRepository:
-      image:
-        repository: null
-        tag: v3.15.0-beta.0
-  postUpgrade:
-    labelNamespace:
-      enabled: false
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      extraNamespaces: []
-      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-        "pod-security.kubernetes.io/audit-version=latest",
-        "pod-security.kubernetes.io/warn=restricted",
-        "pod-security.kubernetes.io/warn-version=latest",
-        "pod-security.kubernetes.io/enforce=restricted",
-        "pod-security.kubernetes.io/enforce-version=v1.24"]
-      extraAnnotations: {}
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  postInstall:
-    labelNamespace:
-      enabled: true
-      extraRules: []
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      extraNamespaces: []
-      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-        "pod-security.kubernetes.io/audit-version=latest",
-        "pod-security.kubernetes.io/warn=restricted",
-        "pod-security.kubernetes.io/warn-version=latest",
-        "pod-security.kubernetes.io/enforce=restricted",
-        "pod-security.kubernetes.io/enforce-version=v1.24"]
-      extraAnnotations: {}
-      priorityClassName: ""
-    probeWebhook:
-      enabled: true
-      image:
-        repository: curlimages/curl
-        tag: 7.83.1
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      waitTimeout: 60
-      httpTimeout: 2
-      insecureHTTPS: false
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  preUninstall:
-    deleteWebhookConfigurations:
-      extraRules: []
-      enabled: false
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  podAnnotations: {}
-  auditPodAnnotations: {}
-  podLabels: {}
-  podCountLimit: "100"
-  secretAnnotations: {}
-  enableRuntimeDefaultSeccompProfile: true
-  controllerManager:
-    exemptNamespaces: []
-    exemptNamespacePrefixes: []
-    hostNetwork: false
-    dnsPolicy: ClusterFirst
-    port: 8443
-    metricsPort: 8888
-    healthPort: 9090
-    readinessTimeout: 1
-    livenessTimeout: 1
-    priorityClassName: system-cluster-critical
-    disableCertRotation: false
-    tlsMinVersion: 1.3
-    clientCertName: ""
-    strategyType: RollingUpdate
-    affinity:
-      podAntiAffinity:
-        preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                  - key: gatekeeper.sh/operation
-                    operator: In
-                    values:
-                      - webhook
-              topologyKey: kubernetes.io/hostname
-            weight: 100
-    topologySpreadConstraints: []
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-    podSecurityContext:
-      fsGroup: 999
-      supplementalGroups:
-        - 999
-    extraRules: []
-    networkPolicy:
-      enabled: false
-      ingress: { }
-        # - from:
-        #   - ipBlock:
-        #       cidr: 0.0.0.0/0
-  audit:
-    enablePubsub: false
-    connection: audit-connection
-    channel: audit-channel
-    hostNetwork: false
-    dnsPolicy: ClusterFirst
-    metricsPort: 8888
-    healthPort: 9090
-    readinessTimeout: 1
-    livenessTimeout: 1
-    priorityClassName: system-cluster-critical
-    disableCertRotation: false
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-    podSecurityContext:
-      fsGroup: 999
-      supplementalGroups:
-        - 999
-    writeToRAMDisk: false
-    extraRules: []
-  crds:
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 65532
-      runAsNonRoot: true
-      runAsUser: 65532
-  pdb:
-    controllerManager:
-      minAvailable: 1
-  service: {}
-  disabledBuiltins: ["{http.send}"]
-  psp:
-    enabled: true
-  upgradeCRDs:
-    enabled: true
-    extraRules: []
-    priorityClassName: ""
-  rbac:
-    create: true
-  externalCertInjection:
-    enabled: false
-    secretName: gatekeeper-webhook-server-cert
+#gatekeeper:
+#  replicas: 3
+#  revisionHistoryLimit: 10
+#  auditInterval: 60
+#  metricsBackends: ["prometheus"]
+#  auditMatchKindOnly: false
+#  constraintViolationsLimit: 20
+#  auditFromCache: false
+#  disableMutation: false
+#  disableValidatingWebhook: false
+#  validatingWebhookName: gatekeeper-validating-webhook-configuration
+#  validatingWebhookTimeoutSeconds: 3
+#  validatingWebhookFailurePolicy: Ignore
+#  validatingWebhookAnnotations: {}
+#  validatingWebhookExemptNamespacesLabels: {}
+#  validatingWebhookObjectSelector: {}
+#  validatingWebhookCheckIgnoreFailurePolicy: Fail
+#  validatingWebhookCustomRules: {}
+#  validatingWebhookURL: null
+#  enableDeleteOperations: false
+#  enableExternalData: true
+#  enableGeneratorResourceExpansion: true
+#  enableTLSHealthcheck: false
+#  maxServingThreads: -1
+#  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
+#  mutatingWebhookFailurePolicy: Ignore
+#  mutatingWebhookReinvocationPolicy: Never
+#  mutatingWebhookAnnotations: {}
+#  mutatingWebhookExemptNamespacesLabels: {}
+#  mutatingWebhookObjectSelector: {}
+#  mutatingWebhookTimeoutSeconds: 1
+#  mutatingWebhookCustomRules: {}
+#  mutatingWebhookURL: null
+#  mutationAnnotations: false
+#  auditChunkSize: 500
+#  logLevel: INFO
+#  logDenies: false
+#  logMutations: false
+#  emitAdmissionEvents: false
+#  emitAuditEvents: false
+#  admissionEventsInvolvedNamespace: false
+#  auditEventsInvolvedNamespace: false
+#  resourceQuota: true
+#  externaldataProviderResponseCacheTTL: 3m
+#  image:
+#    repository: openpolicyagent/gatekeeper
+#    crdRepository: openpolicyagent/gatekeeper-crds
+#    release: v3.15.0-beta.0
+#    pullPolicy: Always
+#    pullSecrets: []
+#  preInstall:
+#    crdRepository:
+#      image:
+#        repository: null
+#        tag: v3.15.0-beta.0
+#  postUpgrade:
+#    labelNamespace:
+#      enabled: false
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      extraNamespaces: []
+#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+#        "pod-security.kubernetes.io/audit-version=latest",
+#        "pod-security.kubernetes.io/warn=restricted",
+#        "pod-security.kubernetes.io/warn-version=latest",
+#        "pod-security.kubernetes.io/enforce=restricted",
+#        "pod-security.kubernetes.io/enforce-version=v1.24"]
+#      extraAnnotations: {}
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  postInstall:
+#    labelNamespace:
+#      enabled: true
+#      extraRules: []
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      extraNamespaces: []
+#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+#        "pod-security.kubernetes.io/audit-version=latest",
+#        "pod-security.kubernetes.io/warn=restricted",
+#        "pod-security.kubernetes.io/warn-version=latest",
+#        "pod-security.kubernetes.io/enforce=restricted",
+#        "pod-security.kubernetes.io/enforce-version=v1.24"]
+#      extraAnnotations: {}
+#      priorityClassName: ""
+#    probeWebhook:
+#      enabled: true
+#      image:
+#        repository: curlimages/curl
+#        tag: 7.83.1
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      waitTimeout: 60
+#      httpTimeout: 2
+#      insecureHTTPS: false
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  preUninstall:
+#    deleteWebhookConfigurations:
+#      extraRules: []
+#      enabled: false
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  podAnnotations: {}
+#  auditPodAnnotations: {}
+#  podLabels: {}
+#  podCountLimit: "100"
+#  secretAnnotations: {}
+#  enableRuntimeDefaultSeccompProfile: true
+#  controllerManager:
+#    exemptNamespaces: []
+#    exemptNamespacePrefixes: []
+#    hostNetwork: false
+#    dnsPolicy: ClusterFirst
+#    port: 8443
+#    metricsPort: 8888
+#    healthPort: 9090
+#    readinessTimeout: 1
+#    livenessTimeout: 1
+#    priorityClassName: system-cluster-critical
+#    disableCertRotation: false
+#    tlsMinVersion: 1.3
+#    clientCertName: ""
+#    strategyType: RollingUpdate
+#    affinity:
+#      podAntiAffinity:
+#        preferredDuringSchedulingIgnoredDuringExecution:
+#          - podAffinityTerm:
+#              labelSelector:
+#                matchExpressions:
+#                  - key: gatekeeper.sh/operation
+#                    operator: In
+#                    values:
+#                      - webhook
+#              topologyKey: kubernetes.io/hostname
+#            weight: 100
+#    topologySpreadConstraints: []
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources:
+#      limits:
+#        memory: 512Mi
+#      requests:
+#        cpu: 100m
+#        memory: 512Mi
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#    podSecurityContext:
+#      fsGroup: 999
+#      supplementalGroups:
+#        - 999
+#    extraRules: []
+#    networkPolicy:
+#      enabled: false
+#      ingress: { }
+#        # - from:
+#        #   - ipBlock:
+#        #       cidr: 0.0.0.0/0
+#  audit:
+#    enablePubsub: false
+#    connection: audit-connection
+#    channel: audit-channel
+#    hostNetwork: false
+#    dnsPolicy: ClusterFirst
+#    metricsPort: 8888
+#    healthPort: 9090
+#    readinessTimeout: 1
+#    livenessTimeout: 1
+#    priorityClassName: system-cluster-critical
+#    disableCertRotation: false
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources:
+#      limits:
+#        memory: 512Mi
+#      requests:
+#        cpu: 100m
+#        memory: 512Mi
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#    podSecurityContext:
+#      fsGroup: 999
+#      supplementalGroups:
+#        - 999
+#    writeToRAMDisk: false
+#    extraRules: []
+#  crds:
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 65532
+#      runAsNonRoot: true
+#      runAsUser: 65532
+#  pdb:
+#    controllerManager:
+#      minAvailable: 1
+#  service: {}
+#  disabledBuiltins: ["{http.send}"]
+#  psp:
+#    enabled: true
+#  upgradeCRDs:
+#    enabled: true
+#    extraRules: []
+#    priorityClassName: ""
+#  rbac:
+#    create: true
+#  externalCertInjection:
+#    enabled: false
+#    secretName: gatekeeper-webhook-server-cert
+#
--- a/gitlab-runner/Chart.yaml
+++ b/gitlab-runner/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gitlab-runner
  repository: https://charts.gitlab.io/
-  version: 0.43.0
+  version: 0.69.0
--- a/heimdall/Chart.yaml
+++ b/heimdall/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: heimdall
  repository: https://djjudas21.github.io/charts/
-  version: 8.5.2
+  version: 8.5.4
--- a/internalproxy/templates/argocd.yaml
+++ b/internalproxy/templates/argocd.yaml
@@ -1,46 +1,46 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: argocd-ingress
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`argocd.internal.durp.info`)
-    middlewares:
-    - name: whitelist
-      namespace: traefik  
-    kind: Rule
-    services:
-    - name: argocd-server
-      port: 443
-      scheme: https
-  tls:
-    secretName: argocd-tls  
-
---
-
-kind: Service
-apiVersion: v1
-metadata:
-  name: argocd-server
-spec:
-  type: ExternalName
-  externalName: argocd-server.argocd.svc.cluster.local  
-
---
-
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: argocd-tls
-spec:
-  secretName: argocd-tls
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  commonName: "argocd.internal.durp.info"
-  dnsNames:
-  - "argocd.internal.durp.info"  
+#apiVersion: traefik.io/v1alpha1
+#kind: IngressRoute
+#metadata:
+#  name: argocd-ingress
+#  annotations:
+#    cert-manager.io/cluster-issuer: letsencrypt-production
+#spec:
+#  entryPoints:
+#    - websecure
+#  routes:
+#  - match: Host(`argocd.internal.durp.info`)
+#    middlewares:
+#    - name: whitelist
+#      namespace: traefik
+#    kind: Rule
+#    services:
+#    - name: argocd-server
+#      port: 443
+#      scheme: https
+#  tls:
+#    secretName: argocd-tls
+#
+#---
+#
+#kind: Service
+#apiVersion: v1
+#metadata:
+#  name: argocd-server
+#spec:
+#  type: ExternalName
+#  externalName: argocd-server.argocd.svc.cluster.local
+#
+#---
+#
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: argocd-tls
+#spec:
+#  secretName: argocd-tls
+#  issuerRef:
+#    name: letsencrypt-production
+#    kind: ClusterIssuer
+#  commonName: "argocd.internal.durp.info"
+#  dnsNames:
+#  - "argocd.internal.durp.info"
--- a/internalproxy/templates/blueiris.yaml
+++ b/internalproxy/templates/blueiris.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: blueiris
+spec:
+  ports:
+    - name: app
+      port: 81
+      protocol: TCP
+      targetPort: 81
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: blueiris
+subsets:
+  - addresses:
+      - ip: 192.168.99.2
+    ports:
+      - name: app
+        port: 81
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: blueiris-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: blueiris
+          port: 81
+          scheme: http
+  tls:
+    secretName: blueiris-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: blueiris-tls
+spec:
+  secretName: blueiris-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "blueiris.internal.durp.info"
+  dnsNames:
+    - "blueiris.internal.durp.info"
--- a/internalproxy/templates/gitea.yaml
+++ b/internalproxy/templates/gitea.yaml
@@ -1,3 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+spec:
+  ports:
+    - name: app
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: gitea
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 3000
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: gitea
+          port: 3000
+          scheme: http
+  tls:
+    secretName: gitea-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-tls
+spec:
+  secretName: gitea-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "gitea.durp.info"
+  dnsNames:
+    - "gitea.durp.info"
+
+---
+
 kind: Service
 apiVersion: v1
 metadata:
--- a/internalproxy/templates/jellyfin.yaml
+++ b/internalproxy/templates/jellyfin.yaml
@@ -1,3 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+spec:
+  ports:
+    - name: app
+      port: 8096
+      protocol: TCP
+      targetPort: 8096
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: jellyfin
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 8096
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: jellyfin-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: jellyfin
+          port: 8096
+          scheme: http
+  tls:
+    secretName: jellyfin-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jellyfin-tls
+spec:
+  secretName: jellyfin-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "jellyfin.durp.info"
+  dnsNames:
+    - "jellyfin.durp.info"
+
+---
+
 kind: Service
 apiVersion: v1
 metadata:
--- a/internalproxy/templates/kasm.yaml
+++ b/internalproxy/templates/kasm.yaml
@@ -1,3 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kasm
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: kasm
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kasm-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`kasm.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: kasm
+          port: 443
+          scheme: https
+  tls:
+    secretName: kasm-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kasm-tls
+spec:
+  secretName: kasm-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "kasm.durp.info"
+  dnsNames:
+    - "kasm.durp.info"
+
+---
+
 kind: Service
 apiVersion: v1
 metadata:
--- a/internalproxy/templates/minio.yaml
+++ b/internalproxy/templates/minio.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio
+spec:
+  ports:
+    - name: app
+      port: 9769
+      protocol: TCP
+      targetPort: 9769
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: minio
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 9769
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: minio-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: minio
+          port: 9769
+          scheme: http
+  tls:
+    secretName: minio-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: minio-tls
+spec:
+  secretName: minio-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "minio.internal.durp.info"
+  dnsNames:
+    - "minio.internal.durp.info"
--- a/internalproxy/templates/octopus.yaml
+++ b/internalproxy/templates/octopus.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octopus
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: octopus
+subsets:
+  - addresses:
+      - ip: 192.168.20.105
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: octopus-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: octopus
+          port: 443
+          scheme: https
+  tls:
+    secretName: octopus-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: octopus-tls
+spec:
+  secretName: octopus-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "octopus.internal.durp.info"
+  dnsNames:
+    - "octopus.internal.durp.info"
--- a/internalproxy/templates/ollama.yaml
+++ b/internalproxy/templates/ollama.yaml
@@ -0,0 +1,102 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ollama-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: ollama-secret
+  data:
+    - secretKey: users
+      remoteRef:
+        key: secrets/internalproxy/ollama
+        property: users
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ollama-basic-auth
+spec:
+  basicAuth:
+    headerField: x-api-key
+    secret: ollama-secret
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: ollama
+spec:
+  ports:
+    - name: app
+      port: 11435
+      protocol: TCP
+      targetPort: 11435
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: ollama
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 11435
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ollama-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: ollama-basic-auth
+      kind: Rule
+      services:
+        - name: ollama
+          port: 11435
+  tls:
+    secretName: ollama-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ollama-tls
+spec:
+  secretName: ollama-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "ollama.durp.info"
+  dnsNames:
+    - "ollama.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: ollama-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info
--- a/internalproxy/templates/pfsense.yaml
+++ b/internalproxy/templates/pfsense.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pfsense
+spec:
+  ports:
+    - name: app
+      port: 10443
+      protocol: TCP
+      targetPort: 10443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: pfsense
+subsets:
+  - addresses:
+      - ip: 192.168.20.1
+    ports:
+      - name: app
+        port: 10443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pfsense-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: pfsense
+          port: 10443
+          scheme: https
+  tls:
+    secretName: pfsense-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: pfsense-tls
+spec:
+  secretName: pfsense-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "pfsense.internal.durp.info"
+  dnsNames:
+    - "pfsense.internal.durp.info"
--- a/internalproxy/templates/plex.yaml
+++ b/internalproxy/templates/plex.yaml
@@ -1,3 +1,66 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  ports:
+    - name: app
+      port: 32400
+      protocol: TCP
+      targetPort: 32400
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: plex
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 32400
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: plex-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`plex.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: plex
+          port: 32400
+          scheme: https
+  tls:
+    secretName: plex-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: plex-tls
+spec:
+  secretName: plex-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "plex.durp.info"
+  dnsNames:
+    - "plex.durp.info"
+
+---
+
 kind: Service
 apiVersion: v1
 metadata:
--- a/internalproxy/templates/portainer.yaml
+++ b/internalproxy/templates/portainer.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: portainer
+spec:
+  ports:
+    - name: app
+      port: 9443
+      protocol: TCP
+      targetPort: 9443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: portainer
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 9443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: portainer-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: portainer
+          port: 9443
+          scheme: https
+  tls:
+    secretName: portainer-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: portainer-tls
+spec:
+  secretName: portainer-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "portainer.internal.durp.info"
+  dnsNames:
+    - "portainer.internal.durp.info"
--- a/internalproxy/templates/proxmox.yaml
+++ b/internalproxy/templates/proxmox.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxmox
+spec:
+  ports:
+    - name: app
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: proxmox
+subsets:
+  - addresses:
+      - ip: 192.168.21.252
+    ports:
+      - name: app
+        port: 8006
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: proxmox-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: proxmox
+          port: 8006
+          scheme: https
+  tls:
+    secretName: proxmox-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: proxmox-tls
+spec:
+  secretName: proxmox-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "proxmox.internal.durp.info"
+  dnsNames:
+    - "proxmox.internal.durp.info"
--- a/internalproxy/templates/registry-internal.yaml
+++ b/internalproxy/templates/registry-internal.yaml
@@ -5,9 +5,9 @@ metadata:
 spec:
  ports:
  - name: app
-    port: 5001
+    port: 5000
    protocol: TCP
-    targetPort: 5001
+    targetPort: 5000
  clusterIP: None
  type: ClusterIP

@@ -22,7 +22,7 @@ subsets:
  - ip: 192.168.20.253
  ports:
  - name: app
-    port: 5001
+    port: 5000
    protocol: TCP

 ---    
@@ -39,9 +39,9 @@ spec:
    kind: Rule
    services:
    - name: registry-internal
-      port: 5001
+      port: 5000
  tls:
-    secretName: registry-tls
+    secretName: registry-internal-tls

 ---

@@ -54,6 +54,6 @@ spec:
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
-  commonName: "registry.durp.info"
+  commonName: "registry.internal.durp.info"
  dnsNames:
-  - "registry.durp.info"  
+  - "registry.internal.durp.info"
--- a/internalproxy/templates/s3.yaml
+++ b/internalproxy/templates/s3.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: s3
+spec:
+  ports:
+    - name: app
+      port: 9768
+      protocol: TCP
+      targetPort: 9768
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: s3
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 9768
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: s3-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: s3
+          port: 9768
+          scheme: http
+  tls:
+    secretName: s3-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: s3-tls
+spec:
+  secretName: s3-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "s3.internal.durp.info"
+  dnsNames:
+    - "s3.internal.durp.info"
--- a/internalproxy/templates/semaphore.yaml
+++ b/internalproxy/templates/semaphore.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: semaphore
+spec:
+  ports:
+    - name: app
+      port: 3001
+      protocol: TCP
+      targetPort: 3001
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: semaphore
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 3001
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: semaphore-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: semaphore
+          port: 3001
+          scheme: http
+  tls:
+    secretName: semaphore-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: semaphore-tls
+spec:
+  secretName: semaphore-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "semaphore.internal.durp.info"
+  dnsNames:
+    - "semaphore.internal.durp.info"
--- a/internalproxy/templates/unraid.yaml
+++ b/internalproxy/templates/unraid.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: unraid
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: unraid
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: unraid-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: unraid
+          port: 443
+          scheme: https
+  tls:
+    secretName: unraid-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: unraid-tls
+spec:
+  secretName: unraid-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "unraid.internal.durp.info"
+  dnsNames:
+    - "unraid.internal.durp.info"
--- a/internalproxy/templates/wazuh.yaml
+++ b/internalproxy/templates/wazuh.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: wazuh
+subsets:
+  - addresses:
+      - ip: 192.168.20.102
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: wazuh-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: wazuh
+          port: 443
+          scheme: https
+  tls:
+    secretName: wazuh-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wazuh-tls
+spec:
+  secretName: wazuh-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "wazuh.internal.durp.info"
+  dnsNames:
+    - "wazuh.internal.durp.info"
--- a/kube-prometheus-stack/Chart.yaml
+++ b/kube-prometheus-stack/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: kube-prometheus-stack
  repository: https://prometheus-community.github.io/helm-charts
-  version: 40.5.0
+  version: 63.1.0
--- a/kubeclarity/Chart.yaml
+++ b/kubeclarity/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: kubeclarity
  repository: https://openclarity.github.io/kubeclarity
-  version: 2.22.0
+  version: 2.23.3
--- a/longhorn/Chart.yaml
+++ b/longhorn/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
  repository: https://charts.longhorn.io
-  version: 1.3.2
+  version: 1.7.1
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@@ -57,7 +57,7 @@ longhorn:
          {
            "name":"backup", 
            "task":"backup", 
-            "cron":"0 */6 * * *", 
+            "cron":"0 0 * * ?", 
            "retain":24
          }
        ]'
@@ -76,7 +76,7 @@ longhorn:
    snapshotterReplicaCount: ~
  
  defaultSettings:
-    backupTarget: S3://longhorn@us-east-1/
+    backupTarget: S3://longhorn-master@us-east-1/
    backupTargetCredentialSecret: longhorn-backup-token-secret
    allowRecurringJobWhileVolumeDetached: ~
    createDefaultDiskLabeledNodes: ~
--- a/master/argocd/Chart.yaml
+++ b/master/argocd/Chart.yaml
@@ -0,0 +1,14 @@
+apiVersion: v2
+name: argocd
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: argo-cd
+  repository: https://argoproj.github.io/argo-helm
+  version: 6.11.1
+
+
--- a/master/argocd/templates/InternalProxy.yaml
+++ b/master/argocd/templates/InternalProxy.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: internalproxy
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: internalproxy
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: internalproxy
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/master/argocd/templates/argocd.yaml
+++ b/master/argocd/templates/argocd.yaml
@@ -0,0 +1,59 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: argocd
+  destination:
+    namespace: argocd
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`argocd.internal.durp.info`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: argocd-server
+          port: 443
+          scheme: https
+  tls:
+    secretName: argocd-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-tls
+spec:
+  secretName: argocd-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "argocd.internal.durp.info"
+  dnsNames:
+    - "argocd.internal.durp.info"
--- a/master/argocd/templates/authentik.yaml
+++ b/master/argocd/templates/authentik.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: authentik
+  destination:
+    namespace: authentik
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/master/argocd/templates/bitwarden.yaml
+++ b/master/argocd/templates/bitwarden.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bitwarden
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: bitwarden
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: bitwarden
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/master/argocd/templates/cert-manager.yaml
+++ b/master/argocd/templates/cert-manager.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: cert-manager
+  destination:
+    namespace: cert-manager
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/crossplane.yml
+++ b/master/argocd/templates/crossplane.yml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: crossplane
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: crossplane
+  destination:
+    namespace: crossplane
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/durpapi.yaml
+++ b/master/argocd/templates/durpapi.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: durpapi
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: durpapi
+  destination:
+    namespace: durpapi
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/durpot.yaml
+++ b/master/argocd/templates/durpot.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: durpot
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: durpot
+  destination:
+    namespace: durpot
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/external-dns.yaml
+++ b/master/argocd/templates/external-dns.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-dns
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: external-dns
+  destination:
+    namespace: external-dns
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/external-secrets.yaml
+++ b/master/argocd/templates/external-secrets.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-secrets
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: external-secrets
+  destination:
+    namespace: external-secrets
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/gatekeeper.yaml
+++ b/master/argocd/templates/gatekeeper.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gatekeeper
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: gatekeeper
+  destination:
+    namespace: gatekeeper
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/gitlab-runner.yaml
+++ b/master/argocd/templates/gitlab-runner.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitlab-runner
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: gitlab-runner
+  destination:
+    namespace: gitlab-runner
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true    
+
--- a/master/argocd/templates/heimdall.yaml
+++ b/master/argocd/templates/heimdall.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: heimdall
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: heimdall
+  destination:
+    namespace: heimdall
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/krakend.yaml
+++ b/master/argocd/templates/krakend.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: krakend
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: krakend
+  destination:
+    namespace: krakend
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/kube-prometheus-stack.yaml
+++ b/master/argocd/templates/kube-prometheus-stack.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-prometheus-stack
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: kube-prometheus-stack
+  destination:
+    namespace: kube-prometheus-stack
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/master/argocd/templates/kubeclarity.yaml
+++ b/master/argocd/templates/kubeclarity.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kubeclarity
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: kubeclarity
+  destination:
+    namespace: kubeclarity
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/littlelink.yaml
+++ b/master/argocd/templates/littlelink.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: littlelink
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: littlelink
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: littlelink
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true        
--- a/master/argocd/templates/longhorn.yaml
+++ b/master/argocd/templates/longhorn.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: longhorn-system
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: longhorn
+  destination:
+    namespace: longhorn-system
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/master/argocd/templates/metallb-system.yaml
+++ b/master/argocd/templates/metallb-system.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: metallb-system
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: metallb-system
+  destination:
+    namespace: metallb-system
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
+
--- a/master/argocd/templates/nfs-client.yaml
+++ b/master/argocd/templates/nfs-client.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nfs-client
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: nfs-client
+    directory:
+      recurse: true
+  destination:
+    namespace: nfs-client
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/master/argocd/templates/open-webui.yaml
+++ b/master/argocd/templates/open-webui.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: open-webui
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: open-webui
+  destination:
+    namespace: open-webui
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/secrets.yaml
+++ b/master/argocd/templates/secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vault-argocd
+  labels:
+    app.kubernetes.io/part-of: argocd
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: client-secret
+  data:
+  - secretKey: clientSecret
+    remoteRef:
+      key: secrets/argocd/authentik
+      property: clientsecret
--- a/master/argocd/templates/traefik.yaml
+++ b/master/argocd/templates/traefik.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: traefik
+  destination:
+    namespace: traefik
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/uptimekuma.yaml
+++ b/master/argocd/templates/uptimekuma.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: uptimekuma
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: uptimekuma
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: uptimekuma
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true   
+
--- a/master/argocd/templates/vault.yaml
+++ b/master/argocd/templates/vault.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: vault
+  destination:
+    namespace: vault
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+  ignoreDifferences:
+  - group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    jqPathExpressions:
+    - .webhooks[]?.clientConfig.caBundle
--- a/master/argocd/values.yaml
+++ b/master/argocd/values.yaml
@@ -0,0 +1,62 @@
+argo-cd:
+
+  global:
+    revisionHistoryLimit: 1
+    image:
+      repository: registry.internal.durp.info/argoproj/argocd
+      imagePullPolicy: Always
+
+  server:
+    #extraArgs:
+    #  - --dex-server-plaintext
+    #  - --dex-server=argocd-dex-server:5556
+    # oidc.config: |
+    #   name: AzureAD
+    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
+    #   clientID: CLIENT_ID
+    #   clientSecret: $oidc.azuread.clientSecret
+    #   requestedIDTokenClaims:
+    #     groups:
+    #       essential: true
+    #   requestedScopes:
+    #     - openid
+    #     - profile
+    #     - email
+
+  dex:
+    enabled: true
+    image:
+      repository: registry.internal.durp.info/dexidp/dex
+      imagePullPolicy: Always
+
+  configs:
+    cm:
+      create: true
+      annotations: {}
+      url: https://argocd.internal.durp.info
+      oidc.tls.insecure.skip.verify: "true"
+      dex.config: |
+        connectors:
+          - config:
+              issuer: https://authentik.durp.info/application/o/argocd/
+              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
+              clientSecret: $client-secret:clientSecret
+              insecureEnableGroups: true
+              scopes:
+                - openid
+                - profile
+                - email
+                - groups
+            name: authentik
+            type: oidc
+            id: authentik
+
+    rbac:
+      create: true
+      policy.csv: |
+        g, ArgoCD Admins, role:admin 
+      scopes: "[groups]"
+
+  server:
+    route: 
+      enabled: false
--- a/master/authentik/Chart.yaml
+++ b/master/authentik/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: authentik
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
+
+dependencies:
+- name: authentik
+  repository: https://charts.goauthentik.io
+  version: 2024.8.3
--- a/master/authentik/templates/authentik-pv.yaml
+++ b/master/authentik/templates/authentik-pv.yaml
@@ -0,0 +1,24 @@
+#apiVersion: v1
+#kind: PersistentVolume
+#metadata:
+#  annotations:
+#    pv.kubernetes.io/provisioned-by: durp.info/nfs
+#  finalizers:
+#  - kubernetes.io/pv-protection
+#  name: authentik-pv
+#spec:
+#  accessModes:
+#  - ReadWriteMany
+#  capacity:
+#    storage: 10Gi
+#  claimRef:
+#    apiVersion: v1
+#    kind: PersistentVolumeClaim
+#    name: authentik-pvc
+#    namespace: authentik
+#  nfs:
+#    path: /mnt/user/k3s/authentik
+#    server: 192.168.20.253
+#  persistentVolumeReclaimPolicy: Retain
+#  storageClassName: nfs-storage
+#  volumeMode: Filesystem
--- a/master/authentik/templates/authentik-pvc.yaml
+++ b/master/authentik/templates/authentik-pvc.yaml
@@ -0,0 +1,18 @@
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+#  labels:
+#    app.kubernetes.io/component: app
+#    app.kubernetes.io/instance: authentik
+#    app.kubernetes.io/managed-by: Helm
+#    app.kubernetes.io/name: authentik
+#    helm.sh/chart: authentik-2.14.4
+#  name: authentik-pvc
+#  namespace: authentik
+#spec:
+#  accessModes:
+#    - ReadWriteMany
+#  resources:
+#    requests:
+#      storage: 10Gi
+#  storageClassName: nfs-storage
--- a/master/authentik/templates/ingress.yaml
+++ b/master/authentik/templates/ingress.yaml
@@ -0,0 +1,42 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: authentik-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
+    kind: Rule
+    services:
+    - name: authentik-server
+      port: 80
+  tls:
+    secretName: authentik-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: authentik-tls
+spec:
+  secretName: authentik-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "authentik.durp.info"
+  dnsNames:
+  - "authentik.durp.info" 
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: authentik-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info
--- a/master/authentik/templates/secrets.yaml
+++ b/master/authentik/templates/secrets.yaml
@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: authentik-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: db-pass
+  data:
+  - secretKey: dbpass
+    remoteRef:
+      key: secrets/authentik/database
+      property: dbpass
+  - secretKey: secretkey
+    remoteRef:
+      key: secrets/authentik/database
+      property: secretkey     
+  - secretKey: postgresql-postgres-password 
+    remoteRef:
+      key: secrets/authentik/database
+      property: dbpass
+  - secretKey: postgresql-password 
+    remoteRef:
+      key: secrets/authentik/database
+      property: dbpass
+        
--- a/master/authentik/values.yaml
+++ b/master/authentik/values.yaml
@@ -0,0 +1,56 @@
+authentik:
+  global:
+    env: 
+      - name: AUTHENTIK_POSTGRESQL__PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: db-pass
+            key: dbpass
+      - name: AUTHENTIK_SECRET_KEY
+        valueFrom:
+          secretKeyRef:
+            name: db-pass
+            key: secretkey
+    revisionHistoryLimit: 1
+    image:
+      repository: registry.internal.durp.info/goauthentik/server
+      pullPolicy: Always
+  authentik:
+    outposts:
+      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
+    postgresql:
+      host: '{{ .Release.Name }}-postgresql-hl'
+      name: "authentik"
+      user: "authentik"
+      port: 5432
+  server:
+    name: server
+    replicas: 3
+  worker:
+    replicas: 3
+  postgresql:
+    enabled: true
+    image:
+      registry: registry.internal.durp.info
+      repository: bitnami/postgresql
+      pullPolicy: Always
+    postgresqlUsername: "authentik"
+    postgresqlDatabase: "authentik"
+    existingSecret: db-pass 
+    persistence:
+      enabled: true
+      storageClass: longhorn
+      accessModes:
+        - ReadWriteMany
+  redis:
+    enabled: true
+    master:
+      persistence:
+        enabled: false    
+    image:
+      registry: registry.internal.durp.info
+      repository: bitnami/redis
+      pullPolicy: Always
+    architecture: standalone
+    auth:
+      enabled: false
--- a/master/bitwarden/Chart.yaml
+++ b/master/bitwarden/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: bitwarden
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0
+appVersion: "1.16.0"
--- a/master/bitwarden/templates/bitwarden-pv.yaml
+++ b/master/bitwarden/templates/bitwarden-pv.yaml
@@ -0,0 +1,25 @@
+#apiVersion: v1
+#kind: PersistentVolume
+#metadata:
+#  annotations:
+#    pv.kubernetes.io/provisioned-by: durp.info/nfs
+#  finalizers:
+#  - kubernetes.io/pv-protection
+#  name: bitwarden-pv
+#spec:
+#  accessModes:
+#  - ReadWriteMany
+#  capacity:
+#    storage: 10Gi
+#  claimRef:
+#    apiVersion: v1
+#    kind: PersistentVolumeClaim
+#    name: bitwarden-pvc
+#    namespace: bitwarden
+#  nfs:
+#    path: /mnt/user/k3s/bitwarden
+#    server: 192.168.20.253
+#  persistentVolumeReclaimPolicy: Retain
+#  storageClassName: nfs-storage
+#  volumeMode: Filesystem
+#
--- a/master/bitwarden/templates/bitwarden-pvc.yaml
+++ b/master/bitwarden/templates/bitwarden-pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden-pvc
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
--- a/master/bitwarden/templates/deployment.yaml
+++ b/master/bitwarden/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: bitwarden
+  name: bitwarden
+  labels:
+    app: bitwarden
+spec:
+  selector:
+    matchLabels:
+      app: bitwarden
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+      - name: bitwarden
+        image: registry.internal.durp.info/vaultwarden/server:1.32.0
+        imagePullPolicy: Always
+        volumeMounts:
+        - name: bitwarden-pvc
+          mountPath: /data
+          subPath: bitwaren-data              
+        ports:
+        - name: http
+          containerPort: 80
+        env:
+          - name: SIGNUPS_ALLOWED
+            value: "FALSE"
+          - name: INVITATIONS_ALLOWED
+            value: "FALSE"                      
+          - name: WEBSOCKET_ENABLED
+            value: "TRUE"          
+          - name: ROCKET_ENV
+            value: "staging"              
+          - name: ROCKET_PORT
+            value: "80"            
+          - name: ROCKET_WORKERS
+            value: "10"
+          - name: SECRET_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: bitwarden-secret
+                key: ADMIN_TOKEN
+      volumes:
+      - name: bitwarden-pvc
+        persistentVolumeClaim:
+          claimName: bitwarden-pvc             
--- a/master/bitwarden/templates/ingress.yaml
+++ b/master/bitwarden/templates/ingress.yaml
@@ -0,0 +1,42 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bitwarden-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: bitwarden
+      port: 80
+  tls:
+    secretName: bitwarden-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: bitwarden-tls
+spec:
+  secretName: bitwarden-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "bitwarden.durp.info"
+  dnsNames:
+  - "bitwarden.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: bitwarden-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info
--- a/master/bitwarden/templates/secrets.yaml
+++ b/master/bitwarden/templates/secrets.yaml
@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: bitwarden-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: bitwarden-secret
+  data:
+  - secretKey: ADMIN_TOKEN
+    remoteRef:
+      key: secrets/bitwarden/admin
+      property: ADMIN_TOKEN
+
--- a/master/bitwarden/templates/service.yaml
+++ b/master/bitwarden/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: bitwarden
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
DeveloperDurp	c39f20e371	Update folder location	2025-01-06 05:01:00 -06:00
DeveloperDurp	dc324a2d8b	Update whitelist	2025-01-04 07:17:43 -06:00
DeveloperDurp	2d4d3773b7	Update ollama	2024-12-19 05:00:42 -06:00
DeveloperDurp	54e12aa8c1	Update ollama auth	2024-12-15 08:04:32 -06:00
DeveloperDurp	47d4e5015e	Update ollama auth	2024-12-15 08:01:14 -06:00
DeveloperDurp	e60030016e	Update file ollama.yaml	2024-12-13 10:52:57 +00:00
DeveloperDurp	6645dd77f6	update IP range	2024-11-17 10:24:23 -06:00
DeveloperDurp	f1f8a9e837	update IP range	2024-11-17 10:14:22 -06:00
DeveloperDurp	47214c5a93	Update file values.yaml	2024-10-15 11:12:18 +00:00
DeveloperDurp	a1b05d6f8a	Update chart version	2024-09-30 04:47:53 -05:00
DeveloperDurp	8ca00e2715	Update chart version	2024-09-30 04:45:20 -05:00
DeveloperDurp	7cbe7932f1	Update chart version	2024-09-30 04:41:20 -05:00
DeveloperDurp	97d73b36c4	Update chart version	2024-09-29 08:56:15 -05:00
DeveloperDurp	679742ab45	Update chart version	2024-09-29 08:55:44 -05:00
DeveloperDurp	9b1680cfc8	Update chart version	2024-09-29 08:54:11 -05:00
DeveloperDurp	dd3ca7c9a4	Update chart version	2024-09-29 08:51:08 -05:00
DeveloperDurp	4a67df78b3	Update chart version	2024-09-29 08:45:48 -05:00
DeveloperDurp	dde4eac238	Update chart version	2024-09-29 08:43:25 -05:00
DeveloperDurp	f9987ac705	Update chart version	2024-09-29 08:43:01 -05:00
DeveloperDurp	6705352a10	Update chart version	2024-09-29 08:41:06 -05:00
DeveloperDurp	599e86e1a9	Update chart version	2024-09-29 08:37:42 -05:00
DeveloperDurp	4826c5beb6	Update chart version	2024-09-29 08:33:29 -05:00
DeveloperDurp	1284e2ec60	Update chart version	2024-09-29 08:28:14 -05:00
DeveloperDurp	7f6e182084	Update chart version	2024-09-29 07:50:40 -05:00
DeveloperDurp	a565952e0c	Update chart version	2024-09-29 07:48:50 -05:00
DeveloperDurp	f64bdfbedd	Update chart version	2024-09-29 07:39:11 -05:00
DeveloperDurp	e6a8aa74b4	Update chart version	2024-09-29 07:34:52 -05:00
DeveloperDurp	b1c45f939b	Update chart version	2024-09-29 07:29:39 -05:00
DeveloperDurp	3bfec1450f	Update chart version	2024-09-29 07:23:46 -05:00
DeveloperDurp	d5224c0c7f	Update chart version	2024-09-29 07:20:05 -05:00
DeveloperDurp	4e37bfb8dc	Update chart version	2024-09-29 07:13:09 -05:00
DeveloperDurp	45ae3523b9	Update chart version	2024-09-29 06:43:58 -05:00
DeveloperDurp	1151680f65	Update chart version	2024-09-29 06:42:16 -05:00
DeveloperDurp	1aefb8163b	Update chart version	2024-09-29 06:39:44 -05:00
DeveloperDurp	e935822058	Update chart version	2024-09-29 06:35:39 -05:00
DeveloperDurp	49b23b1788	Update chart version	2024-09-29 06:22:50 -05:00
DeveloperDurp	bd2def6d46	Update chart version	2024-09-29 06:18:47 -05:00
DeveloperDurp	10fcd43274	Update chart version	2024-09-13 06:23:48 -05:00
DeveloperDurp	126c6e6f45	Update chart version	2024-09-13 06:20:00 -05:00
DeveloperDurp	10ce90a460	Update chart version	2024-09-13 06:17:56 -05:00
DeveloperDurp	c3cd2c0b8b	Update chart version	2024-09-13 06:14:44 -05:00
DeveloperDurp	8b74b2efb6	Update chart version	2024-09-13 06:10:15 -05:00
DeveloperDurp	eecf949f86	Update worker count	2024-09-10 04:48:15 -05:00
DeveloperDurp	2b951b2814	update authentik version	2024-09-10 04:43:57 -05:00
DeveloperDurp	a1293abaf6	update	2024-08-31 07:40:14 -05:00
DeveloperDurp	5781c6ddda	update	2024-08-31 07:23:47 -05:00
DeveloperDurp	42fc48bb27	update	2024-08-31 07:22:25 -05:00
DeveloperDurp	0f908a1460	update	2024-08-31 07:19:33 -05:00
DeveloperDurp	1febc6915e	update	2024-08-31 07:14:08 -05:00
DeveloperDurp	a99e0649dd	update	2024-08-31 07:11:20 -05:00
DeveloperDurp	d28f17120b	upupdate	2024-08-30 05:08:33 -05:00
DeveloperDurp	44d099ad9e	update	2024-08-30 05:04:57 -05:00
DeveloperDurp	5c866c2eb7	update	2024-08-30 05:04:25 -05:00
DeveloperDurp	216cece298	update	2024-08-30 05:03:40 -05:00
DeveloperDurp	f16da3d3a8	update resources	2024-08-30 04:58:02 -05:00
DeveloperDurp	f12b7aa532	update resource	2024-08-30 04:56:01 -05:00
DeveloperDurp	8ec254f59c	enable autoscaller	2024-08-30 04:52:29 -05:00
DeveloperDurp	33fd621ec8	add resource limits	2024-08-30 04:51:35 -05:00
DeveloperDurp	89b8364fe5	add resource limits	2024-08-30 04:49:03 -05:00
DeveloperDurp	52038a7585	update	2024-08-29 05:04:25 -05:00
DeveloperDurp	885ab5e3d7	update	2024-08-29 05:02:08 -05:00
DeveloperDurp	7843ae7c29	update	2024-08-29 04:57:40 -05:00
DeveloperDurp	e2d1e01708	update	2024-08-29 04:55:28 -05:00
DeveloperDurp	e8cafed885	update	2024-08-29 04:50:55 -05:00
DeveloperDurp	62b7efad89	update	2024-08-27 04:58:07 -05:00
DeveloperDurp	47ddf2fd28	update	2024-08-25 06:32:15 -05:00
DeveloperDurp	31b689d5fe	update	2024-08-25 06:28:15 -05:00
DeveloperDurp	5ef03e6dbe	update	2024-08-25 06:27:05 -05:00
DeveloperDurp	38bb3538a3	update	2024-08-25 06:22:33 -05:00
DeveloperDurp	8c77e53669	update	2024-08-25 06:20:12 -05:00
DeveloperDurp	44aac27362	update	2024-08-25 06:19:34 -05:00
DeveloperDurp	0f4048072d	update	2024-08-25 06:11:13 -05:00
DeveloperDurp	b6f0c41d5d	update	2024-08-25 06:09:41 -05:00
DeveloperDurp	3259cd6f37	update	2024-08-25 06:07:19 -05:00
DeveloperDurp	418162a9e0	update	2024-08-25 05:43:48 -05:00
DeveloperDurp	de022ea46b	update	2024-08-25 05:33:43 -05:00
DeveloperDurp	a50214eafc	update	2024-08-25 05:32:20 -05:00
DeveloperDurp	be2ee6274a	update	2024-08-25 05:12:54 -05:00
DeveloperDurp	1fbe3dbc95	update	2024-08-25 05:08:59 -05:00
DeveloperDurp	f8a13c4bff	update	2024-08-25 05:05:59 -05:00
DeveloperDurp	c9d77c5eec	update	2024-08-25 05:03:23 -05:00
DeveloperDurp	3457eba0a2	update	2024-08-25 04:52:22 -05:00
DeveloperDurp	738d19edfa	update	2024-08-25 04:40:58 -05:00
DeveloperDurp	23d397e5d4	update	2024-08-25 04:35:16 -05:00
DeveloperDurp	10bfb6fd54	update	2024-08-25 04:34:31 -05:00
DeveloperDurp	0ff6377bd6	update	2024-08-24 21:30:35 -05:00
DeveloperDurp	8d92151ad3	update	2024-08-24 21:29:00 -05:00
DeveloperDurp	3f74860c28	update	2024-08-24 21:28:14 -05:00
DeveloperDurp	f12af0f92f	update	2024-08-24 21:28:03 -05:00
DeveloperDurp	86a5af321d	update	2024-08-24 21:25:12 -05:00
DeveloperDurp	4a1e4f980d	update	2024-08-24 21:23:10 -05:00
DeveloperDurp	bf6c021d8b	update	2024-08-24 21:09:10 -05:00
DeveloperDurp	0abc90d9cd	update	2024-08-24 21:08:06 -05:00
DeveloperDurp	e2cabee7dd	update	2024-08-24 20:57:18 -05:00
DeveloperDurp	1f2fd56d89	update	2024-08-24 20:56:13 -05:00
DeveloperDurp	785a256258	update	2024-08-24 20:47:17 -05:00
DeveloperDurp	26c3a919c6	update	2024-08-24 20:33:10 -05:00
DeveloperDurp	280298cc0a	update	2024-08-24 20:31:37 -05:00
DeveloperDurp	f5b4c58367	update	2024-08-24 20:30:21 -05:00
DeveloperDurp	0a3f3d99d7	update	2024-08-24 20:29:32 -05:00
DeveloperDurp	21405024f7	add pfsense	2024-08-24 20:23:35 -05:00
DeveloperDurp	61110282d5	update	2024-08-11 07:57:18 -05:00
DeveloperDurp	5765f9b5d7	revert	2024-08-11 07:50:53 -05:00
DeveloperDurp	f70c55dcf2	update	2024-08-11 07:48:13 -05:00
DeveloperDurp	b2212a6608	move to nfs	2024-08-11 07:47:05 -05:00
DeveloperDurp	5e5a7b3803	update	2024-08-11 07:40:16 -05:00