update

Merge branch 'mr-prd' into 'prd'
Mr prd See merge request developerdurp/homelab!2
2024-07-21 09:49:15 -05:00 · 2024-07-21 12:58:33 +00:00 · 2024-07-21 12:58:33 +00:00 · 2024-07-21 07:41:04 -05:00 · 2024-07-21 07:39:08 -05:00 · 2024-07-21 07:33:18 -05:00
402 changed files with 979 additions and 13321 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1 @@
 .idea
-infra/terraform/.terraform
-infra/terraform/.terraform.lock.hcl
--- a/.gitlab/.gitlab-ci.yml
+++ b/.gitlab/.gitlab-ci.yml
@@ -1,34 +0,0 @@
-stages:
-  - triggers
-
-build_dmz:
-  stage: triggers
-  trigger:
-    include: infra/.gitlab/.gitlab-ci.yml
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-
-build_infra:
-  stage: triggers
-  trigger:
-    include: infra/.gitlab/.gitlab-ci.yml
-  rules:
-    - changes:
-        - "infra/terraform/*.tf"
-
-build_dev:
-  stage: triggers
-  trigger:
-    include: dev/.gitlab/.gitlab-ci.yml
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-
-build_prd:
-  stage: triggers
-  trigger:
-    include: prd/.gitlab/.gitlab-ci.yml
-  rules:
-    - changes:
-        - "prd/terraform/*.tf"
--- a/4
+++ b/4
@@ -1,4 +0,0 @@
-VAULT_HELM_SECRET_NAME=$(kubectl get secrets -n vault --output=json | jq -r '.items[].metadata | select(.name|startswith("vault-token-")).name')
-TOKEN_REVIEW_JWT=$(kubectl get secret $VAULT_HELM_SECRET_NAME -n vault --output='go-template={{ .data.token }}' | base64 --decode)
-KUBE_CA_CERT=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.certificate-authority-data}' | base64 --decode)
-KUBE_HOST=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.server}')
--- a/ansible/base.yaml
+++ b/ansible/base.yaml
@@ -1,5 +0,0 @@
- hosts: all
-  gather_facts: yes
-  become: yes
-  roles:
-    - base
--- a/ansible/newcluster.yaml
+++ b/ansible/newcluster.yaml
@@ -1,2 +0,0 @@
-argocd login --insecure
-argocd cluster add default --name prd --yes --kubeconfig ~/Documents/config-prd
--- a/ansible/roles/base/files/01proxy
+++ b/ansible/roles/base/files/01proxy
@@ -1 +0,0 @@
-Acquire::http::Proxy "http://192.168.21.200:3142";
--- a/ansible/roles/base/files/10periodic
+++ b/ansible/roles/base/files/10periodic
@@ -1,4 +0,0 @@
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Download-Upgradeable-Packages "1";
-APT::Periodic::AutocleanInterval "7";
-APT::Periodic::Unattended-Upgrade "1";
--- a/ansible/roles/base/files/authorized_keys_user
+++ b/ansible/roles/base/files/authorized_keys_user
@@ -1,2 +0,0 @@
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGilcndatMrXg06VxtNKuIo3scoyyXbYX8Z7cOjeA102AAAABHNzaDo= desktop-arch-09-08-2025-yubikey
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINsbNSZ5Wr+50Ahz+IeZxt6F7gZ6wm1J8uKXQLbdbKFaAAAABHNzaDo= desktop-arch-09-08-2025-yubikeyNano
--- a/ansible/roles/base/files/issue
+++ b/ansible/roles/base/files/issue
@@ -1,4 +0,0 @@
-Use of this system is restricted to authorized users only, and all use is subjected to an acceptable use policy.
-
-IF YOU ARE NOT AUTHORIZED TO USE THIS SYSTEM, DISCONNECT NOW.
-
--- a/ansible/roles/base/files/motd
+++ b/ansible/roles/base/files/motd
@@ -1,4 +0,0 @@
-THIS SYSTEM IS FOR AUTHORIZED USE ONLY
-
-All activities are logged and monitored.
-
--- a/ansible/roles/base/files/sshd_config_secured
+++ b/ansible/roles/base/files/sshd_config_secured
@@ -1,95 +0,0 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
-Port 22
-# Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-Protocol 2
-# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
-
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin no
-StrictModes yes
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile %h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding no
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-ClientAliveInterval 300
-
-#enable remote powershell
-#Subsystem powershell /usr/bin/pwsh -sshs -NoLogo
-
-
--- a/ansible/roles/base/tasks/main.yaml
+++ b/ansible/roles/base/tasks/main.yaml
@@ -1,155 +0,0 @@
- name: Copy apt proxy
-  copy: 
-    src: files/01proxy
-    dest: /etc/apt/apt.conf.d/01proxy
-    owner: root 
-    group: root 
-    mode: "0644"
-    force: yes
-  when: 
-    - ansible_os_family == "Debian"      
-    - inventory_hostname not in hosts_deny
-
- name: Update packages
-  apt:
-    name: '*'
-    state: latest
-    update_cache: yes
-    only_upgrade: yes
-  retries: 300
-  delay: 10
-
- name: Remove packages not needed anymore
-  apt:
-    autoremove: yes  
-  retries: 300
-  delay: 10      
-      
- name: Install required packages Debian
-  apt: 
-    state: latest 
-    pkg: "{{ item }}"
-  with_items:  "{{ required_packages }}" 
-  retries: 300
-  delay: 10  
-
- name: Create user account
-  user: 
-    name: "user"
-    shell: /bin/bash
-    state: present
-    createhome: yes
-
- name: ensure ssh folder exists for user
-  file: 
-    path: /home/user/.ssh
-    owner: user 
-    group: user 
-    mode: "0700"
-    state: directory
-
- name: Deploy SSH Key (user)
-  copy:
-    dest: /home/user/.ssh/authorized_keys
-    src: files/authorized_keys_user
-    owner: user 
-    group: user
-    force: true 
-
- name: Remove Root SSH Configuration
-  file: 
-    path: /root/.ssh
-    state: absent
-
- name: Copy Secured SSHD Configuration
-  copy: 
-    src: files/sshd_config_secured 
-    dest: /etc/ssh/sshd_config 
-    owner: root 
-    group: root 
-    mode: "0644"
-  when: ansible_os_family == "Debian"   
-
- name: Copy Secured SSHD Configuration
-  copy: 
-    src: files/sshd_config_secured_redhat 
-    dest: /etc/ssh/sshd_config 
-    owner: root 
-    group: root 
-    mode: "0644"    
-  when: ansible_os_family == "RedHat"   
-
- name: Restart SSHD
-  systemd:
-    name: sshd
-    daemon_reload: yes
-    state: restarted
-    enabled: yes
-  ignore_errors: yes
-
-
- name: Copy unattended-upgrades file
-  copy: 
-    src: files/10periodic
-    dest: /etc/apt/apt.conf.d/10periodic 
-    owner: root 
-    group: root 
-    mode: "0644"
-    force: yes
-  when: ansible_os_family == "Debian"      
-
- name: Remove undesirable packages
-  package:
-    name: "{{ unnecessary_software }}"
-    state: absent
-  when: ansible_os_family == "Debian"    
-
- name: Stop and disable unnecessary services
-  service:
-    name: "{{ item }}"
-    state: stopped
-    enabled: no
-  with_items: "{{ unnecessary_services }}"
-  ignore_errors: yes
-
- name: Set a message of the day
-  copy:
-    dest: /etc/motd
-    src: files/motd
-    owner: root
-    group: root
-    mode: 0644
-
- name: Set a login banner
-  copy:
-    dest: "{{ item }}"
-    src: files/issue
-    owner: root
-    group: root
-    mode: 0644
-  with_items:
-    - /etc/issue
-    - /etc/issue.net
-
- name: set timezone
-  shell: timedatectl set-timezone America/Chicago
-
- name: Enable cockpit
-  systemd:
-    name: cockpit
-    daemon_reload: yes
-    state: restarted
-    enabled: yes
-
- name: change password
-  ansible.builtin.user:
-    name: "user"
-    state: present
-    password: "{{ lookup('ansible.builtin.env', 'USER_PASSWORD') | password_hash('sha512') }}"
-
- name: add user to sudoers
-  community.general.sudoers:
-    name: user
-    state: present
-    user: user
-    commands: ALL
--- a/ansible/roles/base/vars/main.yaml
+++ b/ansible/roles/base/vars/main.yaml
@@ -1,17 +0,0 @@
-required_packages:
-    - ufw
-    - qemu-guest-agent
-    - fail2ban
-    - unattended-upgrades
-    - cockpit
-    - nfs-common
-    - open-iscsi
-
-unnecessary_services:
-    - postfix
-    - telnet
-    
-unnecessary_software:
-    - tcpdump
-    - nmap-ncat
-    - wpa_supplicant    
--- a/master/argocd/Chart.yaml
+++ b/master/argocd/Chart.yaml
@@ -9,6 +9,6 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
  repository: https://argoproj.github.io/argo-helm
-  version: 8.1.3
+  version: 6.7.11


--- a/infra/argocd/templates/nebula-sync.yaml
+++ b/infra/argocd/templates/nebula-sync.yaml
@@ -1,16 +1,16 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: nebula-sync
+  name: argocd
  namespace: argocd
 spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: infra/nebula-sync
+    targetRevision: prd
+    path: argocd
  destination:
-    namespace: nebula-sync
+    namespace: argocd
    name: in-cluster
  syncPolicy:
    automated:
--- a/argocd/templates/authentik.yaml
+++ b/argocd/templates/authentik.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: authentik
+  destination:
+    namespace: authentik
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+
--- a/master/argocd/templates/bitwarden.yaml
+++ b/master/argocd/templates/bitwarden.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/bitwarden
+    targetRevision: prd
+    path: bitwarden
    directory:
      recurse: true
  destination:
--- a/master/argocd/templates/cert-manager.yaml
+++ b/master/argocd/templates/cert-manager.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/cert-manager
+    targetRevision: prd
+    path: cert-manager
  destination:
    namespace: cert-manager
    name: in-cluster
--- a/argocd/templates/crossplane.yml
+++ b/argocd/templates/crossplane.yml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: crossplane
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: crossplane
+  destination:
+    namespace: crossplane
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/durpapi.yaml
+++ b/master/argocd/templates/durpapi.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpapi
+    targetRevision: prd
+    path: durpapi
  destination:
    namespace: durpapi
    name: in-cluster
--- a/master/argocd/templates/durpot.yaml
+++ b/master/argocd/templates/durpot.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/durpot
+    targetRevision: prd
+    path: durpot
  destination:
    namespace: durpot
    name: in-cluster
--- a/master/argocd/templates/external-dns.yaml
+++ b/master/argocd/templates/external-dns.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-dns
+    targetRevision: prd
+    path: external-dns
  destination:
    namespace: external-dns
    name: in-cluster
--- a/master/argocd/templates/external-secrets.yaml
+++ b/master/argocd/templates/external-secrets.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/external-secrets
+    targetRevision: prd
+    path: external-secrets
  destination:
    namespace: external-secrets
    name: in-cluster
--- a/argocd/templates/gatekeeper.yaml
+++ b/argocd/templates/gatekeeper.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gatekeeper
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: gatekeeper
+  destination:
+    namespace: gatekeeper
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/infra/argocd/templates/gitlab-runner.yaml
+++ b/infra/argocd/templates/gitlab-runner.yaml
@@ -1,21 +1,21 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: gitlab-runner-dmz
+  name: gitlab-runner
  namespace: argocd
 spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: dmz/gitlab-runner
+    targetRevision: prd
+    path: gitlab-runner
  destination:
    namespace: gitlab-runner
-    name: dmz
+    name: in-cluster
  syncPolicy:
    automated:
      prune: true
      selfHeal: true  
    syncOptions:
-      - CreateNamespace=true 
+      - CreateNamespace=true    

--- a/master/argocd/templates/heimdall.yaml
+++ b/master/argocd/templates/heimdall.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/heimdall
+    targetRevision: prd
+    path: heimdall
  destination:
    namespace: heimdall
    name: in-cluster
--- a/argocd/templates/ingress.yaml
+++ b/argocd/templates/ingress.yaml
@@ -0,0 +1,36 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`argocd.internal.prd.durp.info`)
+    middlewares:
+    - name: internal-only
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: argocd-server
+      port: 443
+      scheme: https
+  tls:
+    secretName: argocd-tls  
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-tls
+spec:
+  secretName: argocd-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "argocd.internal.prd.durp.info"
+  dnsNames:
+  - "argocd.internal.prd.durp.info"  
--- a/master/argocd/templates/krakend.yaml
+++ b/master/argocd/templates/krakend.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/krakend
+    targetRevision: prd
+    path: krakend
  destination:
    namespace: krakend
    name: in-cluster
--- a/infra/argocd/templates/kube-prometheus-stack.yaml
+++ b/infra/argocd/templates/kube-prometheus-stack.yaml
@@ -7,14 +7,15 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: infra/kube-prometheus-stack
+    targetRevision: prd
+    path: kube-prometheus-stack
  destination:
    namespace: kube-prometheus-stack
    name: in-cluster
  syncPolicy:
    automated:
      prune: true
-      selfHeal: true
+      selfHeal: true  
    syncOptions:
-      - CreateNamespace=true
+      - CreateNamespace=true 
+
--- a/argocd/templates/kubeclarity.yaml
+++ b/argocd/templates/kubeclarity.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kubeclarity
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: kubeclarity
+  destination:
+    namespace: kubeclarity
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/littlelink.yaml
+++ b/master/argocd/templates/littlelink.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/littlelink
+    targetRevision: prd
+    path: littlelink
    directory:
      recurse: true
  destination:
--- a/master/argocd/templates/longhorn.yaml
+++ b/master/argocd/templates/longhorn.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/longhorn
+    targetRevision: prd
+    path: longhorn
  destination:
    namespace: longhorn-system
    name: in-cluster
--- a/master/argocd/templates/metallb-system.yaml
+++ b/master/argocd/templates/metallb-system.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/metallb-system
+    targetRevision: prd
+    path: metallb-system
  destination:
    namespace: metallb-system
    name: in-cluster
@@ -19,4 +19,3 @@ spec:
    syncOptions:
      - CreateNamespace=true 

-
--- a/master/argocd/templates/nfs-client.yaml
+++ b/master/argocd/templates/nfs-client.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/nfs-client
+    targetRevision: prd
+    path: nfs-client
    directory:
      recurse: true
  destination:
--- a/argocd/templates/open-webui.yaml
+++ b/argocd/templates/open-webui.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: open-webui
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: open-webui
+  destination:
+    namespace: open-webui
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
--- a/master/argocd/templates/secrets.yaml
+++ b/master/argocd/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: vault-argocd
--- a/master/argocd/templates/traefik.yaml
+++ b/master/argocd/templates/traefik.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/traefik
+    targetRevision: prd
+    path: traefik
  destination:
    namespace: traefik
    name: in-cluster
--- a/master/argocd/templates/uptimekuma.yaml
+++ b/master/argocd/templates/uptimekuma.yaml
@@ -7,8 +7,8 @@ spec:
  project: default
  source:
    repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: main
-    path: master/uptimekuma
+    targetRevision: prd
+    path: uptimekuma
    directory:
      recurse: true
  destination:
--- a/argocd/templates/vault.yaml
+++ b/argocd/templates/vault.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: prd
+    path: vault
+  destination:
+    namespace: vault
+    name: in-cluster
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+  ignoreDifferences:
+  - group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    jqPathExpressions:
+    - .webhooks[]?.clientConfig.caBundle
--- a/master/argocd/values.yaml
+++ b/master/argocd/values.yaml
@@ -3,7 +3,7 @@ argo-cd:
  global:
    revisionHistoryLimit: 1
    image:
-      repository: registry.durp.info/argoproj/argocd
+      repository: registry.internal.durp.info/argoproj/argocd
      imagePullPolicy: Always

  server:
@@ -26,20 +26,20 @@ argo-cd:
  dex:
    enabled: true
    image:
-      repository: registry.durp.info/dexidp/dex
+      repository: registry.internal.durp.info/dexidp/dex
      imagePullPolicy: Always

  configs:
    cm:
      create: true
      annotations: {}
-      url: https://argocd.internal.durp.info
+      url: https://argocd.internal.prd.durp.info
      oidc.tls.insecure.skip.verify: "true"
      dex.config: |
        connectors:
          - config:
-              issuer: https://authentik.durp.info/application/o/argocd/
-              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
+              issuer: https://authentik.prd.durp.info/application/o/argocd/
+              clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl
              clientSecret: $client-secret:clientSecret
              insecureEnableGroups: true
              scopes:
--- a/master/authentik/Chart.yaml
+++ b/master/authentik/Chart.yaml
@@ -7,6 +7,6 @@ version: 0.1.0
 appVersion: "1.16.0"

 dependencies:
- name: authentik-remote-cluster
+- name: authentik
  repository: https://charts.goauthentik.io
-  version: 2.1.0
+  version: 2024.4.1
--- a/master/authentik/templates/authentik-pv.yaml
+++ b/master/authentik/templates/authentik-pv.yaml
--- a/master/authentik/templates/authentik-pvc.yaml
+++ b/master/authentik/templates/authentik-pvc.yaml
--- a/master/bitwarden/templates/ingress.yaml
+++ b/master/bitwarden/templates/ingress.yaml
@@ -1,42 +1,42 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: bitwarden-ingress
+  name: authentik-ingress
 spec:
  entryPoints:
    - websecure
  routes:
-  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
+  - match: Host(`authentik.prd.durp.info`) && PathPrefix(`/`) 
    kind: Rule
    services:
-    - name: bitwarden
+    - name: authentik-server
      port: 80
  tls:
-    secretName: bitwarden-tls
+    secretName: authentik-tls

 ---

 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: bitwarden-tls
+  name: authentik-tls
 spec:
-  secretName: bitwarden-tls
+  secretName: authentik-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
-  commonName: "bitwarden.durp.info"
+  commonName: "authentik.prd.durp.info"
  dnsNames:
-  - "bitwarden.durp.info"  
+  - "authentik.prd.durp.info" 

 ---

 kind: Service
 apiVersion: v1
 metadata:
-  name: bitwarden-external-dns
+  name: authentik-external-dns
  annotations:
-    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
+    external-dns.alpha.kubernetes.io/hostname: authentik.prd.durp.info
 spec:
  type: ExternalName
-  externalName: durp.info
+  externalName:.prd.durp.info
--- a/master/authentik/templates/secrets.yaml
+++ b/master/authentik/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: authentik-secret
--- a/infra/authentik/values.yaml
+++ b/infra/authentik/values.yaml
@@ -1,8 +1,8 @@
 authentik:
  global:
-    security:
-      allowInsecureImages: true
-    env:
+    env: 
+      - name: AUTHENTIK_REDIS__DB
+        value: "1"
      - name: AUTHENTIK_POSTGRESQL__PASSWORD
        valueFrom:
          secretKeyRef:
@@ -15,43 +15,44 @@ authentik:
            key: secretkey
    revisionHistoryLimit: 1
    image:
-      repository: registry.durp.info/goauthentik/server
+      repository: registry.internal.durp.info/goauthentik/server
      pullPolicy: Always
  authentik:
    outposts:
-      container_image_base: registry.durp.info/goauthentik/%(type)s:%(version)s
+      container_image_base: registry.internal.durp.info/goauthentik/%(type)s:%(version)s
    postgresql:
-      host: "{{ .Release.Name }}-postgresql-hl"
+      host: '{{ .Release.Name }}-postgresql-hl'
      name: "authentik"
      user: "authentik"
      port: 5432
  server:
    name: server
    replicas: 3
-  worker:
-    replicas: 3
  postgresql:
    enabled: true
    image:
-      registry: registry.durp.info
+      registry: registry.internal.durp.info
      repository: bitnami/postgresql
      pullPolicy: Always
-    postgresqlUsername: "authentik"
-    postgresqlDatabase: "authentik"
-    existingSecret: db-pass
+    auth:
+      username: "authentik"
+      existingSecret: db-pass
+      secretKeys:
+        adminPasswordKey: dbpass 
+        userPasswordKey: dbpass
+        
+          #postgresqlUsername: "authentik"
+          #postgresqlDatabase: "authentik"
+          #existingSecret: db-pass 
    persistence:
      enabled: true
      storageClass: longhorn
-      size: 16Gi
      accessModes:
        - ReadWriteMany
  redis:
    enabled: true
-    master:
-      persistence:
-        enabled: false
    image:
-      registry: registry.durp.info
+      registry: registry.internal.durp.info
      repository: bitnami/redis
      pullPolicy: Always
    architecture: standalone
--- a/infra/bitwarden/Chart.yaml
+++ b/infra/bitwarden/Chart.yaml
--- a/master/bitwarden/templates/bitwarden-pv.yaml
+++ b/master/bitwarden/templates/bitwarden-pv.yaml
--- a/infra/bitwarden/templates/bitwarden-pvc.yaml
+++ b/infra/bitwarden/templates/bitwarden-pvc.yaml
--- a/master/bitwarden/templates/deployment.yaml
+++ b/master/bitwarden/templates/deployment.yaml
@@ -17,7 +17,7 @@ spec:
    spec:
      containers:
      - name: bitwarden
-        image: registry.durp.info/vaultwarden/server:1.32.7
+        image: registry.internal.durp.info/vaultwarden/server:1.30.5
        imagePullPolicy: Always
        volumeMounts:
        - name: bitwarden-pvc
@@ -28,7 +28,7 @@ spec:
          containerPort: 80
        env:
          - name: SIGNUPS_ALLOWED
-            value: "FALSE"
+            value: "TRUE"
          - name: INVITATIONS_ALLOWED
            value: "FALSE"                      
          - name: WEBSOCKET_ENABLED
@@ -39,7 +39,7 @@ spec:
            value: "80"            
          - name: ROCKET_WORKERS
            value: "10"
-          - name: SECRET_USERNAME
+          - name: ADMIN_TOKEN
            valueFrom:
              secretKeyRef:
                name: bitwarden-secret
--- a/bitwarden/templates/ingress.yaml
+++ b/bitwarden/templates/ingress.yaml
@@ -0,0 +1,63 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bitwarden-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: bitwarden
+      port: 80
+  tls:
+    secretName: bitwarden-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: bitwarden-tls
+spec:
+  secretName: bitwarden-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "bitwarden.prd.durp.info"
+  dnsNames:
+  - "bitwarden.prd.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: bitwarden-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: bitwarden.prd.durp.info
+spec:
+  type: ExternalName
+  externalName:.prd.durp.info
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bitwarden-admin-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`bitwarden.prd.durp.info`) && PathPrefix(`/admin`)
+    kind: Rule
+    middlewares:
+    - name: whitelist
+      namespace: traefik  
+    services:
+    - name: bitwarden
+      port: 80
+  tls:
+    secretName: bitwarden-tls
--- a/master/bitwarden/templates/secrets.yaml
+++ b/master/bitwarden/templates/secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: bitwarden-secret
--- a/infra/bitwarden/templates/service.yaml
+++ b/infra/bitwarden/templates/service.yaml
--- a/infra/cert-manager/Chart.yaml
+++ b/infra/cert-manager/Chart.yaml
@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
  repository: https://charts.jetstack.io
-  version: v1.17.2
+  version: 1.*.*
--- a/master/cert-manager/templates/letsencrypt-prroduction.yaml
+++ b/master/cert-manager/templates/letsencrypt-prroduction.yaml
--- a/master/cert-manager/templates/letsencrypt-staging.yaml
+++ b/master/cert-manager/templates/letsencrypt-staging.yaml
--- a/master/cert-manager/templates/sealedsecret.yaml
+++ b/master/cert-manager/templates/sealedsecret.yaml
@@ -1,4 +1,4 @@
-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: cloudflare-api-token-secret
--- a/cert-manager/templates/self-signed.yaml
+++ b/cert-manager/templates/self-signed.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-cluster-issuer
+spec:
+  selfSigned: {}
--- a/master/cert-manager/values.yaml
+++ b/master/cert-manager/values.yaml
--- a/master/crossplane/Chart.yaml
+++ b/master/crossplane/Chart.yaml
@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: crossplane
  repository: https://charts.crossplane.io/stable
-  version: 1.20.0
+  version: 1.16.0
--- a/master/crossplane/templates/gitlab.yml
+++ b/master/crossplane/templates/gitlab.yml
@@ -3,10 +3,10 @@ kind: Provider
 metadata:
  name: provider-gitlab
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
+  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0
 ---

-apiVersion: external-secrets.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: gitlab-secret
--- a/crossplane/values.yaml
+++ b/crossplane/values.yaml
@@ -0,0 +1,186 @@
+# helm-docs renders these comments into markdown. Use markdown formatting where
+# appropiate.
+#
+# -- The number of Crossplane pod `replicas` to deploy.
+replicas: 1
+
+# -- The deployment strategy for the Crossplane and RBAC Manager pods.
+deploymentStrategy: RollingUpdate
+
+image:
+  # -- Repository for the Crossplane pod image.
+  repository: xpkg.upbound.io/crossplane/crossplane
+  # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
+  tag: ""
+  # -- The image pull policy used for Crossplane and RBAC Manager pods.
+  pullPolicy: IfNotPresent
+
+# -- Add `nodeSelectors` to the Crossplane pod deployment.
+nodeSelector: {}
+# -- Add `tolerations` to the Crossplane pod deployment.
+tolerations: []
+# -- Add `affinities` to the Crossplane pod deployment.
+affinity: {}
+
+# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
+hostNetwork: false
+
+# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
+dnsPolicy: ""
+
+# -- Add custom `labels` to the Crossplane pod deployment.
+customLabels: {}
+
+# -- Add custom `annotations` to the Crossplane pod deployment.
+customAnnotations: {}
+
+serviceAccount:
+  # -- Add custom `annotations` to the Crossplane ServiceAccount.
+  customAnnotations: {}
+
+# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
+leaderElection: true
+# -- Add custom arguments to the Crossplane pod.
+args: []
+
+provider:
+  # -- A list of Provider packages to install.
+  packages: []
+
+configuration:
+  # -- A list of Configuration packages to install.
+  packages: []
+
+function:
+  # -- A list of Function packages to install
+  packages: []
+
+# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
+imagePullSecrets: []
+
+registryCaBundleConfig:
+  # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+  name: ""
+  # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
+  key: ""
+
+service:
+  # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
+  customAnnotations: {}
+
+webhooks:
+  # -- Enable webhooks for Crossplane and installed Provider packages.
+  enabled: true
+
+rbacManager:
+  # -- Deploy the RBAC Manager pod and its required roles.
+  deploy: true
+  # -- Don't install aggregated Crossplane ClusterRoles.
+  skipAggregatedClusterRoles: false
+  # -- The number of RBAC Manager pod `replicas` to deploy.
+  replicas: 1
+  # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
+  leaderElection: true
+  # -- Add custom arguments to the RBAC Manager pod.
+  args: []
+  # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
+  nodeSelector: {}
+  # -- Add `tolerations` to the RBAC Manager pod deployment.
+  tolerations: []
+  # -- Add `affinities` to the RBAC Manager pod deployment.
+  affinity: {}
+
+# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
+priorityClassName: ""
+
+resourcesCrossplane:
+  limits:
+    # -- CPU resource limits for the Crossplane pod.
+    cpu: 500m
+    # -- Memory resource limits for the Crossplane pod.
+    memory: 1024Mi
+  requests:
+    # -- CPU resource requests for the Crossplane pod.
+    cpu: 100m
+    # -- Memory resource requests for the Crossplane pod.
+    memory: 256Mi
+
+securityContextCrossplane:
+  # -- The user ID used by the Crossplane pod.
+  runAsUser: 65532
+  # -- The group ID used by the Crossplane pod.
+  runAsGroup: 65532
+  # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
+  allowPrivilegeEscalation: false
+  # -- Set the Crossplane pod root file system as read-only.
+  readOnlyRootFilesystem: true
+
+packageCache:
+  # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
+  medium: ""
+  # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
+  sizeLimit: 20Mi
+  # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
+  pvc: ""
+  # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
+  configMap: ""
+
+resourcesRBACManager:
+  limits:
+    # -- CPU resource limits for the RBAC Manager pod.
+    cpu: 100m
+    # -- Memory resource limits for the RBAC Manager pod.
+    memory: 512Mi
+  requests:
+    # -- CPU resource requests for the RBAC Manager pod.
+    cpu: 100m
+    # -- Memory resource requests for the RBAC Manager pod.
+    memory: 256Mi
+
+securityContextRBACManager:
+  # -- The user ID used by the RBAC Manager pod.
+  runAsUser: 65532
+  # -- The group ID used by the RBAC Manager pod.
+  runAsGroup: 65532
+  # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
+  allowPrivilegeEscalation: false
+  # -- Set the RBAC Manager pod root file system as read-only.
+  readOnlyRootFilesystem: true
+
+metrics:
+  # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
+  enabled: false
+
+# -- Add custom environmental variables to the Crossplane pod deployment.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsCrossplane: {}
+
+# -- Add custom environmental variables to the RBAC Manager pod deployment.
+# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
+extraEnvVarsRBACManager: {}
+
+# -- Add a custom `securityContext` to the Crossplane pod.
+podSecurityContextCrossplane: {}
+
+# -- Add a custom `securityContext` to the RBAC Manager pod.
+podSecurityContextRBACManager: {}
+
+# -- Add custom `volumes` to the Crossplane pod.
+extraVolumesCrossplane: {}
+
+# -- Add custom `volumeMounts` to the Crossplane pod.
+extraVolumeMountsCrossplane: {}
+
+# -- To add arbitrary Kubernetes Objects during a Helm Install
+extraObjects: []
+  # - apiVersion: pkg.crossplane.io/v1alpha1
+  #   kind: ControllerConfig
+  #   metadata:
+  #     name: aws-config
+  #     annotations:
+  #       eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
+  #       helm.sh/hook: post-install
+  #   spec:
+  #     podSecurityContext:
+  #       fsGroup: 2000
+
--- a/master/dashboards/nginx-dashboard.yaml
+++ b/master/dashboards/nginx-dashboard.yaml
--- a/dev/.gitlab/.gitlab-ci.yml
+++ b/dev/.gitlab/.gitlab-ci.yml
@@ -1,95 +0,0 @@
-stages:
-  - plan
-  - apply
-  - destroy
-
-variables:
-  WORKDIR: $CI_PROJECT_DIR/dev/terraform
-  GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev
-
-image:
-  name: registry.durp.info/opentofu/opentofu:latest
-  entrypoint: [""]
-
-.tf-init:
-  before_script:
-    - cd $WORKDIR
-    - tofu init 
-      -reconfigure 
-      -backend-config="address=${GITLAB_TF_ADDRESS}" 
-      -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" 
-      -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-      -backend-config="username=gitlab-ci-token" 
-      -backend-config="password=${CI_JOB_TOKEN}"
-      -backend-config="lock_method=POST"
-      -backend-config="unlock_method=DELETE"
-      -backend-config="retry_wait_min=5"
-
-format:
-  stage: .pre
-  allow_failure: false
-  script:
-    - cd $WORKDIR
-    - tofu fmt -diff -check -write=false
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-
-validate:
-  stage: .pre
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu validate
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-
-plan-dev-infrastructure:
-  stage: plan
-  variables:
-    PLAN: plan.tfplan
-    JSON_PLAN_FILE: tfplan.json
-    ENVIRONMENT_NAME: dev
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - apk add --update curl jq
-    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
-    - tofu plan -out=$PLAN $ARGUMENTS
-    - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
-  artifacts:
-    reports:
-      terraform: $WORKDIR/$JSON_PLAN_FILE
-  needs: ["validate","format"]
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-
-apply-dev-infrastructure:
-  stage: apply
-  variables:
-    ENVIRONMENT_NAME: dev
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu apply -auto-approve $ARGUMENTS
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-      when: manual
-  needs: ["plan-dev-infrastructure"]
-
-destroy-dev-infrastructure:
-  stage: destroy
-  variables:
-    ENVIRONMENT_NAME: dev
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu destroy -auto-approve $ARGUMENTS
-  rules:
-    - changes:
-        - "dev/terraform/*.tf"
-      when: manual
-  needs: ["plan-dev-infrastructure"]
--- a/dev/cert-manager/Chart.yaml
+++ b/dev/cert-manager/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: cert-manager
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: cert-manager
-  repository: https://charts.jetstack.io
-  version: v1.17.2
--- a/dev/cert-manager/templates/issuer.yaml
+++ b/dev/cert-manager/templates/issuer.yaml
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: issuer
-secrets:
-  - name:  issuer-token-lmzpj
-
---
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: issuer-token-lmzpj
-  annotations:
-    kubernetes.io/service-account.name: issuer
-type: kubernetes.io/service-account-token
--- a/dev/cert-manager/templates/letsencrypt.yaml
+++ b/dev/cert-manager/templates/letsencrypt.yaml
--- a/dev/cert-manager/templates/secretvault.yaml
+++ b/dev/cert-manager/templates/secretvault.yaml
@@ -1,22 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: cloudflare-api-token-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: cloudflare-api-token-secret
-  data:
-  - secretKey: cloudflare-api-token-secret
-    remoteRef:
-      key: kv/cert-manager
-      property: cloudflare-api-token-secret
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dev/cert-manager/values.yaml
+++ b/dev/cert-manager/values.yaml
@@ -1,26 +0,0 @@
-cert-manager:
-  crds:
-    enabled: true
-  image:
-    registry: registry.internal.durp.info
-    repository: jetstack/cert-manager-controller
-    pullPolicy: Always
-  replicaCount: 3
-  extraArgs:
-    - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
-    - --dns01-recursive-nameservers-only
-  podDnsPolicy: None
-  podDnsConfig:
-    nameservers:
-      - "1.1.1.1"
-      - "1.0.0.1"
-  webhook:
-    image:
-      registry: registry.internal.durp.info
-      repository: jetstack/cert-manager-webhook
-      pullPolicy: Always  
-  cainjector:
-    image:
-      registry: registry.internal.durp.info
-      repository: jetstack/cert-manager-cainjector
-      pullPolicy: Always
--- a/dev/external-dns/Chart.yaml
+++ b/dev/external-dns/Chart.yaml
@@ -1,12 +0,0 @@
-
-apiVersion: v2
-name: external-dns
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: external-dns
-  repository: https://charts.bitnami.com/bitnami
-  version: 8.9.2
--- a/dev/external-dns/templates/secrets.yaml
+++ b/dev/external-dns/templates/secrets.yaml
@@ -1,30 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: external-dns-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: external-dns
-  data:
-  - secretKey: cloudflare_api_email
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_email
-  - secretKey: cloudflare_api_key
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_key
-  - secretKey: cloudflare_api_token
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_token
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dev/external-dns/values.yaml
+++ b/dev/external-dns/values.yaml
@@ -1,18 +0,0 @@
-external-dns:
-  global:
-    imageRegistry: "registry.durp.info"
-
-  image:
-    pullPolicy: Always
-
-  txtPrefix: "dmz-"
-
-  sources:
-    - service
-    
-  provider: cloudflare
-  cloudflare:
-    secretName : "external-dns"
-    proxied: false
-
-  policy: sync
--- a/dev/external-secrets/Chart.yaml
+++ b/dev/external-secrets/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: external-secrets
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: external-secrets
-  repository: https://charts.external-secrets.io
-  version: 0.17.0
--- a/dev/external-secrets/templates/ca.yaml
+++ b/dev/external-secrets/templates/ca.yaml
@@ -1,81 +0,0 @@
-apiVersion: v1
-data:
-  vault.pem: |
-    -----BEGIN CERTIFICATE-----
-    MIIEszCCA5ugAwIBAgIUZEzzxqEuYiKHkL1df+Cb22NRRJMwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzIyMzQ0MloXDTM1MDEy
-    MTExMTU1NVowIDEeMBwGA1UEAxMVdmF1bHQuaW5mcmEuZHVycC5pbmZvMIIBIjAN
-    BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZM0ue4bMcmmATs+kGYSpR2hLUzq
-    scGIwCtqmaKCMbd1xhmgjnIR3zvSRptLR2GVGvc1ti6qby0jXYvcqbxkHvay00zW
-    2zYN+M2m4lXpuWzg1t6NEoO6XGAsGj2v0vcVktPPU9uj0rGUVGWWfsvjoXqQFg5I
-    jdxsxK9SvMvw2XtE3FgKxpzCyw94InIHlcPwFTO+3ZdKStZlMbUDIkmszLBrWFcr
-    XOsPDfLxqMy0Ck//LKIt8djh3254FHB1GG5+kI+JSW1o+tUcL2NymvIINwm/2acS
-    1uTm+j9W7iEXav0pJNmm+/dzSskc3Y0ftM0h2HCXgitBIaEZnUVneNHOLwIDAQAB
-    o4IB7zCCAeswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-    BBYEFCaQ2q7j7LyBGETEZ5qaJAdlISKCMB8GA1UdIwQYMBaAFO1jCyGkpFO+QiR2
-    dfBMWVYeWrQ2MIH0BggrBgEFBQcBAQSB5zCB5DAzBggrBgEFBQcwAYYnaHR0cHM6
-    Ly8xOTIuMTY4LjIwLjI1Mzo4MjAxL3YxL3BraS9vY3NwMD0GCCsGAQUFBzABhjFo
-    dHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3BraS9vY3Nw
-    MDEGCCsGAQUFBzAChiVodHRwczovLzE5Mi4xNjguMjAuMjUzOjgyMDEvdjEvcGtp
-    L2NhMDsGCCsGAQUFBzAChi9odHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVy
-    cC5pbmZvL3YxL3BraS9jYTAgBgNVHREEGTAXghV2YXVsdC5pbmZyYS5kdXJwLmlu
-    Zm8wbwYDVR0fBGgwZjAsoCqgKIYmaHR0cHM6Ly8xOTIuMTY4LjIwLjI1Mzo4MjAx
-    L3YxL3BraS9jcmwwNqA0oDKGMGh0dHBzOi8vcm9vdC12YXVsdC5pbnRlcm5hbC5k
-    dXJwLmluZm8vdjEvcGtpL2NybDANBgkqhkiG9w0BAQsFAAOCAQEAuJ+lplY/+A5L
-    5LzkljbKDTy3U6PLv1LtxqVCOFGiJXBnXMjtVW07bBEUadzFRNW8GHQ3w5QzOG6k
-    /vE/TrrJho7l05J/uc+BUrPSNjefLmQV6hn4jrP86PR0vzRfbSqKKBIID9M7+zi6
-    GFvHlVkSHsQyMQp7JOoax9KVzW2Y+OIgw7Lgw2tP122WCt2SIF0QenoZHsoW0guj
-    tzTJRmJDjn6XeJ7L3FPkf37H6ub0Jg3zBGr6eorEFfYZNN5CXezjqMFBpRdq4UIo
-    1M3A7o3uyZFcFsp/vGDcMBkwaCsBV9idu/HwkvGaTUNI285ilBORPD0bMZnACq/9
-    +Q/cdsO5lg==
-    -----END CERTIFICATE-----
-    -----BEGIN CERTIFICATE-----
-    MIIEmzCCA4OgAwIBAgIUQwCAs82sgSuiaVbjANHScO2DSfAwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzExMjEyNVoXDTM1MDEy
-    MTExMTU1NVowFDESMBAGA1UEAxMJZHVycC5pbmZvMIIBIjANBgkqhkiG9w0BAQEF
-    AAOCAQ8AMIIBCgKCAQEAn9fjGRqqFsqguz56X6cXZwEMtD9wElwSFCb4Fc8YTzlH
-    4fV13QwXKESLE/Q+7bw4y4FJQ8BiGNbxxbQOOgWhfGGlQyFa1lfhJtYLfqRN5C2/
-    S7nr0YxDB9duc4OAExVL6Pr4/Koc+vDZY03l7RzwnF2AOM9DjFTASw01TphCQjRk
-    U+upiN2TUhUPejV/gMR+zXM6pn98UBKG1dNubS0HzAMwAEXAPm141NDyWUCPT9+3
-    6P03Ka8mUTx3X49OCtvJEGEQbtlnTFQaOSkP1yLW+XRMHw3sQaV2PWXu5fInbEpZ
-    +SuzmgLOXtmQNmHLav9q1qeTVkpBGPWvfh2Vh1JJhQIDAQABo4IB4zCCAd8wDgYD
-    VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJaP17f1Zw0V
-    55Ks9Uf0USVWl0BPMB8GA1UdIwQYMBaAFO1jCyGkpFO+QiR2dfBMWVYeWrQ2MIH0
-    BggrBgEFBQcBAQSB5zCB5DAzBggrBgEFBQcwAYYnaHR0cHM6Ly8xOTIuMTY4LjIw
-    LjI1Mzo4MjAxL3YxL3BraS9vY3NwMD0GCCsGAQUFBzABhjFodHRwczovL3Jvb3Qt
-    dmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3BraS9vY3NwMDEGCCsGAQUFBzAC
-    hiVodHRwczovLzE5Mi4xNjguMjAuMjUzOjgyMDEvdjEvcGtpL2NhMDsGCCsGAQUF
-    BzAChi9odHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3Br
-    aS9jYTAUBgNVHREEDTALgglkdXJwLmluZm8wbwYDVR0fBGgwZjAsoCqgKIYmaHR0
-    cHM6Ly8xOTIuMTY4LjIwLjI1Mzo4MjAxL3YxL3BraS9jcmwwNqA0oDKGMGh0dHBz
-    Oi8vcm9vdC12YXVsdC5pbnRlcm5hbC5kdXJwLmluZm8vdjEvcGtpL2NybDANBgkq
-    hkiG9w0BAQsFAAOCAQEAiqAZ4zNIEkCWcvpDRq0VyJuk59sVtJr5X4FscHQ179nE
-    QbbvMe+EBDFS6XQml1Elj8jiPa/D5O9Oc6Iisnm5+weZKwApz/lQ+XVkWLCoEplB
-    ZZ9fcWVCbMLt0xlt8qn5z/mYKfbCT7ZCqDO+prQZt+ADJcQbiknfroAAqEbNKxwN
-    Y9uUyOWNF3SxJEch4w2dtX+IEVmxeZnhMy8OuP0SQKl8aW40ugiG0ZD5yTBBfOD9
-    zsrGSU/iSatn0b7bevBhaL96hz1/rNR1cL+4/albX2hrr8Rv3/SB2DLtNQlQW0ls
-    AfhXAqP5zL+Ytgf1Of/pVdgnhxrYUY7RKCSGY5Hagw==
-    -----END CERTIFICATE-----
-    -----BEGIN CERTIFICATE-----
-    MIIDLzCCAhegAwIBAgIUNHdvOzam2HPVdwXpMHUy4wl8ZRYwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzExMTUyNVoXDTM1MDEy
-    MTExMTU1NVowFDESMBAGA1UEAxMJZHVycC5pbmZvMIIBIjANBgkqhkiG9w0BAQEF
-    AAOCAQ8AMIIBCgKCAQEA8XDTVEtRI3+k4yuvqVqfIiLRQJcXbmhfVtAeYk+5j9Ox
-    p1w9YHdnPLqLFrD1PzadjqYeAp/fwlEFfs6lqwoTS8S9vhaFqcgB57nVMb77dTBb
-    /08XHXOU6FPRjdFKm5QMpS7tn1XacPMy/o0bKqRREQeiuFDGVRyuF5PUgvWc1dvJ
-    l27JvvgYktgjfpNS4DlCxg4lGXT5abvaKf2hnr65egaIo/yRWN9wnvAzRiY7oci7
-    GA1oKz87Yc1tfL2gcynrwccOOCF/eUKesJR1I6GXNkN/a1fcr+Ld9Z9NhHBtO+vE
-    N8DsZY+kG7DE3M4BCCTFUzllcYHjaW4HaF9vZW+PYwIDAQABo3kwdzAOBgNVHQ8B
-    Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7WMLIaSkU75CJHZ1
-    8ExZVh5atDYwHwYDVR0jBBgwFoAU7WMLIaSkU75CJHZ18ExZVh5atDYwFAYDVR0R
-    BA0wC4IJZHVycC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQAS/qUI/1Yv07xUTK5k
-    r93kC7GSPpmpkXIsfjChAl93sebN143fu70NUP74jjCc0Wkb8hRofGg10E+/24r1
-    AI0KsLhzKzfIASxUVQAn8RTptLruaaPLboSA4MUZ8IB5y8Vy8E3/KtD0gD80j64Y
-    rm9XGHA0HTJHbPUTb/Rux2g0E7WtiyWSWH8mqzbegU8IrkM3eVT4+ylBE7YkfWDD
-    dw44sB71tfmDKpzWg6XQ6YMh0YfnyG1fYCj9LhuecNY9Uuo6cjDaAvkzMewWwqDx
-    Q2Ekas98Di6itCP8vET+gBDjeCc+XR6Hx6vzWmxlZhwDuxEKL1a2/DabUxJyMNzv
-    55Fn
-    -----END CERTIFICATE-----
-kind: ConfigMap
-metadata:
-  name: ca-pemstore
--- a/dev/external-secrets/values.yaml
+++ b/dev/external-secrets/values.yaml
@@ -1,94 +0,0 @@
-external-secrets:
-  replicaCount: 3
-  revisionHistoryLimit: 1
-  leaderElect: true
-
-  installCRDs: true
-  crds:
-    createClusterExternalSecret: true
-    createClusterSecretStore: true
-    createClusterGenerator: true
-    createPushSecret: true
-    conversion:
-      enabled: false
-
-  image:
-    repository: registry.durp.info/external-secrets/external-secrets
-    pullPolicy: Always
-
-  extraVolumes: 
-    - name: ca-pemstore
-      configMap:
-        name: ca-pemstore
-
-  extraVolumeMounts: 
-    - name: ca-pemstore
-      mountPath: /etc/ssl/certs/vault.pem
-      subPath: vault.pem
-      readOnly: true
-
-  resources: 
-    requests:
-      memory: 32Mi
-      cpu: 10m
-    limits:
-      memory: 32Mi
-      cpu: 10m
-
-  webhook:
-    create: false
-    failurePolicy: Ignore
-    log:
-      level: debug
-    image:
-      repository: registry.durp.info/external-secrets/external-secrets
-      pullPolicy: Always
-
-    extraVolumes: 
-      - name: ca-pemstore
-        configMap:
-          name: ca-pemstore
-
-    extraVolumeMounts: 
-      - name: ca-pemstore
-        mountPath: /etc/ssl/certs/vault.pem
-        subPath: vault.pem
-        readOnly: true
-
-    resources: 
-      requests:
-        memory: 32Mi
-        cpu: 10m
-      limits:
-        memory: 32Mi
-        cpu: 10m
-
-  certController:
-    create: false
-    revisionHistoryLimit: 1
-    log:
-      level: debug
-
-    image:
-      repository: registry.durp.info/external-secrets/external-secrets
-      pullPolicy: Always
-      tag: ""
-
-    resources: 
-      requests:
-        memory: 32Mi
-        cpu: 10m
-      limits:
-        memory: 32Mi
-        cpu: 10m
-
-    extraVolumes: 
-      - name: ca-pemstore
-        configMap:
-          name: ca-pemstore
-
-    extraVolumeMounts: 
-      - name: ca-pemstore
-        mountPath: /etc/ssl/certs/vault.pem
-        subPath: vault.pem
-        readOnly: true
--- a/dev/metallb-system/templates/config.yaml
+++ b/dev/metallb-system/templates/config.yaml
@@ -1,17 +0,0 @@
-apiVersion: metallb.io/v1beta1
-kind: IPAddressPool
-metadata:
-  name: cheap
-spec:
-  addresses:
-    - 192.168.10.130-192.168.10.140
---
-apiVersion: metallb.io/v1beta1
-kind: L2Advertisement
-metadata:
-  name: pool
-  namespace: metallb-system
-spec:
-  ipAddressPools:
-  - cheap
-
--- a/dev/metallb-system/values.yaml
+++ b/dev/metallb-system/values.yaml
--- a/dev/terraform/k3s.tf
+++ b/dev/terraform/k3s.tf
@@ -1,115 +0,0 @@
-resource "proxmox_vm_qemu" "k3smaster" {
-  count       = local.k3smaster.count
-  ciuser      = "administrator"
-  vmid        = "${local.vlan}${local.k3smaster.ip[count.index]}"
-  name        = local.k3smaster.name[count.index]
-  target_node = local.k3smaster.node[count.index]
-  clone       = local.template
-  tags        = local.k3smaster.tags
-  qemu_os     = "l26"
-  full_clone  = true
-  os_type     = "cloud-init"
-  agent       = 1
-  cores       = local.k3smaster.cores
-  sockets     = 1
-  cpu_type    = "host"
-  memory      = local.k3smaster.memory
-  scsihw      = "virtio-scsi-pci"
-  #bootdisk    = "scsi0"
-  boot    = "order=virtio0"
-  onboot  = true
-  sshkeys = local.sshkeys
-  vga {
-    type = "serial0"
-  }
-  serial {
-    id   = 0
-    type = "socket"
-  }
-  disks {
-    ide {
-      ide2 {
-        cloudinit {
-          storage = local.k3smaster.storage
-        }
-      }
-    }
-    virtio {
-      virtio0 {
-        disk {
-          size    = local.k3smaster.drive
-          format  = local.format
-          storage = local.k3smaster.storage
-        }
-      }
-    }
-  }
-  network {
-    id     = 0
-    model  = "virtio"
-    bridge = "vmbr0"
-    tag    = local.vlan
-  }
-  #Cloud Init Settings
-  ipconfig0    = "ip=192.168.${local.vlan}.${local.k3smaster.ip[count.index]}/24,gw=192.168.${local.vlan}.1"
-  searchdomain = "durp.loc"
-  nameserver   = local.dnsserver
-}
-
-resource "proxmox_vm_qemu" "k3sserver" {
-  count       = local.k3sserver.count
-  ciuser      = "administrator"
-  vmid        = "${local.vlan}${local.k3sserver.ip[count.index]}"
-  name        = local.k3sserver.name[count.index]
-  target_node = local.k3sserver.node[count.index]
-  clone       = local.template
-  tags        = local.k3sserver.tags
-  qemu_os     = "l26"
-  full_clone  = true
-  os_type     = "cloud-init"
-  agent       = 1
-  cores       = local.k3sserver.cores
-  sockets     = 1
-  cpu_type    = "host"
-  memory      = local.k3sserver.memory
-  scsihw      = "virtio-scsi-pci"
-  #bootdisk    = "scsi0"
-  boot    = "order=virtio0"
-  onboot  = true
-  sshkeys = local.sshkeys
-  vga {
-    type = "serial0"
-  }
-  serial {
-    id   = 0
-    type = "socket"
-  }
-  disks {
-    ide {
-      ide2 {
-        cloudinit {
-          storage = local.k3sserver.storage
-        }
-      }
-    }
-    virtio {
-      virtio0 {
-        disk {
-          size    = local.k3sserver.drive
-          format  = local.format
-          storage = local.k3sserver.storage
-        }
-      }
-    }
-  }
-  network {
-    id     = 0
-    model  = "virtio"
-    bridge = "vmbr0"
-    tag    = local.vlan
-  }
-  #Cloud Init Settings
-  ipconfig0    = "ip=192.168.${local.vlan}.${local.k3sserver.ip[count.index]}/24,gw=192.168.${local.vlan}.1"
-  searchdomain = "durp.loc"
-  nameserver   = local.dnsserver
-}
--- a/dev/terraform/main.tf
+++ b/dev/terraform/main.tf
@@ -1,48 +0,0 @@
-terraform {
-  backend "http" {}
-  required_providers {
-    proxmox = {
-      source  = "Telmate/proxmox"
-      version = "3.0.1-rc9"
-    }
-  }
-}
-
-provider "proxmox" {
-  pm_parallel     = 1
-  pm_tls_insecure = true
-  pm_api_url      = var.pm_api_url
-  pm_user         = var.pm_user
-  pm_password     = var.pm_password
-  pm_debug        = false
-}
-
-locals {
-  sshkeys   = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEphzWgwUZnvL6E5luKLt3WO0HK7Kh63arSMoNl5gmjzXyhG1DDW0OKfoIl0T+JZw/ZjQ7iii6tmSLFRk6nuYCldqe5GVcFxvTzX4/xGEioAyG0IiUGKy6s+9xzO8QXF0EtSNPH0nfHNKcCjgwWAzM+Lt6gW0Vqs+aU5ICuDiEchmvYPz+rBaVldJVTG7m3ogKJ2aIF7HU/pCPp5l0E9gMOw7s0ABijuc3KXLEWCYgL39jIST6pFH9ceRLmu8Xy5zXHAkkEEauY/e6ld0hlzLadiUD7zYJMdDcm0oRvenYcUlaUl9gS0569IpfsJsjCejuqOxCKzTHPJDOT0f9TbIqPXkGq3s9oEJGpQW+Z8g41BqRpjBCdBk+yv39bzKxlwlumDwqgx1WP8xxKavAWYNqNRG7sBhoWwtxYEOhKXoLNjBaeDRnO5OY5AQJvONWpuByyz0R/gTh4bOFVD+Y8WWlKbT4zfhnN70XvapRsbZiaGhJBPwByAMGg6XxSbC6xtbyligVGCEjCXbTLkeKq1w0DuItY+FBGO3J2k90OiciTVSeyiVz9J/Y03UB0gHdsMCoVNrj+9QWfrTLDhM7D5YrXUt5nj2LQTcbtf49zoQXWxUhozlg42E/FJU/Yla7y55qWizAEVyP2/Ks/PHrF679k59HNd2IJ/aicA9QnmWtLQ== ansible"
-  template  = "Debian12-Template"
-  format    = "raw"
-  dnsserver = "192.168.10.1"
-  vlan      = 10
-  k3smaster = {
-    tags    = "k3s_dev"
-    count   = 3
-    name    = ["master01-dev", "master02-dev", "master03-dev"]
-    cores   = 2
-    memory  = "4096"
-    drive   = 20
-    storage = "cache-domains"
-    node    = ["mothership", "overlord", "vanguard"]
-    ip      = ["11", "12", "13"]
-  }
-  k3sserver = {
-    tags    = "k3s_dev"
-    count   = 3
-    name    = ["node01-dev", "node02-dev", "node03-dev"]
-    cores   = 4
-    memory  = "8192"
-    drive   = 120
-    storage = "cache-domains"
-    node    = ["mothership", "overlord", "vanguard"]
-    ip      = ["21", "22", "23"]
-  }
-}
--- a/dev/terraform/variables.tf
+++ b/dev/terraform/variables.tf
@@ -1,14 +0,0 @@
-variable "pm_api_url" {
-  description = "API URL to Proxmox provider"
-  type        = string
-}
-
-variable "pm_password" {
-  description = "Passowrd to Proxmox provider"
-  type        = string
-}
-
-variable "pm_user" {
-  description = "Username to Proxmox provider"
-  type        = string
-}
--- a/dev/traefik/values.yaml
+++ b/dev/traefik/values.yaml
@@ -1,58 +0,0 @@
-traefik:
-  image:
-    #    registry: registry.durp.info
-    #    repository: traefik
-    pullPolicy: Always
-
-  providers:
-    kubernetesCRD:
-      allowCrossNamespace: true
-      allowExternalNameServices: true
-      allowEmptyServices: false
-
-  deployment:
-    replicas: 3
-    revisionHistoryLimit: 1
-
-  # volumes:
-  #   - name: traefik-configmap
-  #     mountPath: "/config"
-  #     type: configMap
-
-  ingressRoute:
-    dashboard:
-      enabled: true
-
-  additionalArguments:
-    #  - "--providers.file.filename=/config/config.yml"
-    - "--serversTransport.insecureSkipVerify=true"
-    - "--log.level=DEBUG"
-    - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
-    - --experimental.plugins.jwt.version=v0.7.0
-
-  autoscaling:
-    enabled: true
-    minReplicas: 3
-    maxReplicas: 10
-    metrics:
-      - type: Resource
-        resource:
-          name: cpu
-          target:
-            type: Utilization
-            averageUtilization: 80
-    behavior:
-      scaleDown:
-        stabilizationWindowSeconds: 300
-        policies:
-          - type: Pods
-            value: 1
-            periodSeconds: 60
-
-  # -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container.
-  resources:
-    requests:
-      cpu: "100m"
-      memory: "512Mi"
-    limits:
-      memory: "512Mi"
--- a/dev/vault/Chart.yaml
+++ b/dev/vault/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: vault
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: vault
-  repository: https://helm.releases.hashicorp.com  
-  version: 0.30.0
-
--- a/dev/vault/templates/secret-store.yaml
+++ b/dev/vault/templates/secret-store.yaml
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ClusterSecretStore
-metadata:
-  name: vault
-spec:
-  provider:
-    vault:
-      server: "https://vault.infra.durp.info"
-      path: "kv"
-      version: "v2"
-      auth:
-        kubernetes:
-          mountPath: "dmz-cluster"
-          role: "external-secrets"
-          serviceAccountRef:
-            name: "vault"
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dev/vault/values.yaml
+++ b/dev/vault/values.yaml
@@ -1,13 +0,0 @@
-vault:
-  global:
-    enabled: true
-    tlsDisable: false
-    externalVaultAddr: "https://vault.infra.durp.info"
-    resources:
-      requests:
-        memory: 256Mi
-        cpu: 250m
-      limits:
-        memory: 256Mi
-        cpu: 250m
-  
--- a/dmz/.gitlab/.gitlab-ci.yml
+++ b/dmz/.gitlab/.gitlab-ci.yml
@@ -1,95 +0,0 @@
-stages:
-  - plan
-  - apply
-  - destroy
-
-variables:
-  WORKDIR: $CI_PROJECT_DIR/dmz/terraform
-  GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dmz
-
-image:
-  name: registry.durp.info/opentofu/opentofu:latest
-  entrypoint: [""]
-
-.tf-init:
-  before_script:
-    - cd $WORKDIR
-    - tofu init 
-      -reconfigure 
-      -backend-config="address=${GITLAB_TF_ADDRESS}" 
-      -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" 
-      -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock"
-      -backend-config="username=gitlab-ci-token" 
-      -backend-config="password=${CI_JOB_TOKEN}"
-      -backend-config="lock_method=POST"
-      -backend-config="unlock_method=DELETE"
-      -backend-config="retry_wait_min=5"
-
-format:
-  stage: .pre
-  allow_failure: false
-  script:
-    - cd $WORKDIR
-    - tofu fmt -diff -check -write=false
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-
-validate:
-  stage: .pre
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu validate
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-
-plan-dmz-infrastructure:
-  stage: plan
-  variables:
-    PLAN: plan.tfplan
-    JSON_PLAN_FILE: tfplan.json
-    ENVIRONMENT_NAME: dmz
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - apk add --update curl jq
-    - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
-    - tofu plan -out=$PLAN $ARGUMENTS
-    - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE
-  artifacts:
-    reports:
-      terraform: $WORKDIR/$JSON_PLAN_FILE
-  needs: ["validate","format"]
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-
-apply-dmz-infrastructure:
-  stage: apply
-  variables:
-    ENVIRONMENT_NAME: dmz
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu apply -auto-approve $ARGUMENTS
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-      when: manual
-  needs: ["plan-dmz-infrastructure"]
-
-destroy-dmz-infrastructure:
-  stage: destroy
-  variables:
-    ENVIRONMENT_NAME: dmz
-  allow_failure: false
-  extends: .tf-init
-  script:
-    - tofu destroy -auto-approve $ARGUMENTS
-  rules:
-    - changes:
-        - "dmz/terraform/*.tf"
-      when: manual
-  needs: ["plan-dmz-infrastructure"]
--- a/dmz/authentik/Chart.yaml
+++ b/dmz/authentik/Chart.yaml
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: authentik
-description: A Helm chart for Kubernetes
-type: application
-
-version: 0.1.0
-appVersion: "1.16.0"
-
-dependencies:
-  - name: authentik-remote-cluster
-    repository: https://charts.goauthentik.io
-    version: 2.1.0
--- a/dmz/authentik/templates/ingress.yaml
+++ b/dmz/authentik/templates/ingress.yaml
@@ -1,62 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-tls
-spec:
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  secretName: authentik-tls
-  commonName: "authentik.durp.info"
-  dnsNames:
-    - "authentik.durp.info"
-
---
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: infra-cluster
-          port: 443
-  tls:
-    secretName: authentik-tls
-
---
-kind: Service
-apiVersion: v1
-metadata:
-  name: authentik-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
-
---
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: infra-cluster
-subsets:
-  - addresses:
-      - ip: 192.168.12.130
-    ports:
-      - port: 443
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: infra-cluster
-spec:
-  ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 443
--- a/dmz/authentik/values.yaml
+++ b/dmz/authentik/values.yaml
@@ -1,30 +0,0 @@
-authentik-remote-cluster:
-  # -- Provide a name in place of `authentik`. Prefer using global.nameOverride if possible
-  nameOverride: ""
-  # -- String to fully override `"authentik.fullname"`. Prefer using global.fullnameOverride if possible
-  fullnameOverride: ""
-  # -- Override the Kubernetes version, which is used to evaluate certain manifests
-  kubeVersionOverride: ""
-
-  ## Globally shared configuration for authentik components.
-  global:
-    # -- Provide a name in place of `authentik`
-    nameOverride: ""
-    # -- String to fully override `"authentik.fullname"`
-    fullnameOverride: ""
-    # -- A custom namespace to override the default namespace for the deployed resources.
-    namespaceOverride: ""
-    # -- Common labels for all resources.
-    additionalLabels: {}
-      # app: authentik
-
-  # -- Annotations to apply to all resources
-  annotations: {}
-
-  serviceAccountSecret:
-    # -- Create a secret with the service account credentials
-    enabled: true
-
-  clusterRole:
-    # -- Create a clusterole in addition to a namespaced role.
-    enabled: true
--- a/dmz/cert-manager/Chart.yaml
+++ b/dmz/cert-manager/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: cert-manager
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
- name: cert-manager
-  repository: https://charts.jetstack.io
-  version: v1.17.2
--- a/dmz/cert-manager/templates/issuer.yaml
+++ b/dmz/cert-manager/templates/issuer.yaml
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: issuer
-secrets:
-  - name:  issuer-token-lmzpj
-
---
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: issuer-token-lmzpj
-  annotations:
-    kubernetes.io/service-account.name: issuer
-type: kubernetes.io/service-account-token
--- a/dmz/cert-manager/templates/letsencrypt.yaml
+++ b/dmz/cert-manager/templates/letsencrypt.yaml
--- a/dmz/cert-manager/templates/secretvault.yaml
+++ b/dmz/cert-manager/templates/secretvault.yaml
@@ -1,22 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: cloudflare-api-token-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: cloudflare-api-token-secret
-  data:
-  - secretKey: cloudflare-api-token-secret
-    remoteRef:
-      key: kv/cert-manager
-      property: cloudflare-api-token-secret
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dmz/cert-manager/values.yaml
+++ b/dmz/cert-manager/values.yaml
@@ -1,31 +0,0 @@
-cert-manager:
-  crds:
-    enabled: true
-  image:
-    registry: registry.durp.info
-    repository: jetstack/cert-manager-controller
-    pullPolicy: Always
-  replicaCount: 3
-  extraArgs:
-    - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
-    - --dns01-recursive-nameservers-only
-  podDnsPolicy: None
-  podDnsConfig:
-    nameservers:
-      - "1.1.1.1"
-      - "1.0.0.1"
-  webhook:
-    image:
-      registry: registry.durp.info
-      repository: jetstack/cert-manager-webhook
-      pullPolicy: Always  
-  cainjector:
-    image:
-      registry: registry.durp.info
-      repository: jetstack/cert-manager-cainjector
-      pullPolicy: Always
-
-  hostAliases: 
-  - ip: 192.168.12.130
-    hostnames:
-    - vault.infra.durp.info
--- a/dmz/crowdsec/Chart.yaml
+++ b/dmz/crowdsec/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: crowdsec
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
-  - name: crowdsec
-    repository: https://crowdsecurity.github.io/helm-charts
-    version: 0.19.4
--- a/dmz/crowdsec/templates/secrets.yaml
+++ b/dmz/crowdsec/templates/secrets.yaml
@@ -1,29 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: enroll-key
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: enroll-key
-  data:
-    - secretKey: ENROLL_INSTANCE_NAME
-      remoteRef:
-        key: kv/crowdsec/dmz-enroll
-        property: ENROLL_INSTANCE_NAME
-    - secretKey: ENROLL_KEY
-      remoteRef:
-        key: kv/crowdsec/dmz-enroll
-        property: ENROLL_KEY
-    - secretKey: ENROLL_TAGS
-      remoteRef:
-        key: kv/crowdsec/dmz-enroll
-        property: ENROLL_TAGS
-
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dmz/crowdsec/values.yaml
+++ b/dmz/crowdsec/values.yaml
@@ -1,24 +0,0 @@
-crowdsec:
-  #
-  image:
-    repository: registry.durp.info/crowdsecurity/crowdsec
-    pullPolicy: Always
-
-  # for raw logs format: json or cri (docker|containerd)
-  container_runtime: containerd
-  agent:
-    # Specify each pod whose logs you want to process
-    acquisition:
-      # The namespace where the pod is located
-      - namespace: traefik
-        # The pod name
-        podName: traefik-*
-        # as in crowdsec configuration, we need to specify the program name to find a matching parser
-        program: traefik
-    env:
-      - name: COLLECTIONS
-        value: "crowdsecurity/traefik"
-  lapi:
-    envFrom:
-      - secretRef:
-          name: enroll-key
--- a/dmz/external-dns/templates/secrets.yaml
+++ b/dmz/external-dns/templates/secrets.yaml
@@ -1,30 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: external-dns-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: external-dns
-  data:
-  - secretKey: cloudflare_api_email
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_email
-  - secretKey: cloudflare_api_key
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_key
-  - secretKey: cloudflare_api_token
-    remoteRef:
-      key: kv/cloudflare
-      property: cloudflare_api_token
-
---
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
--- a/dmz/external-dns/values.yaml
+++ b/dmz/external-dns/values.yaml
@@ -1,20 +0,0 @@
-external-dns:
-  global:
-    imageRegistry: "registry.durp.info"
-    security:
-      allowInsecureImages: true
-
-  image:
-    pullPolicy: Always
-
-  txtPrefix: "dmz-"
-
-  sources:
-    - service
-
-  provider: cloudflare
-  cloudflare:
-    secretName: "external-dns"
-    proxied: false
-
-  policy: sync
--- a/dmz/external-secrets/Chart.yaml
+++ b/dmz/external-secrets/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v2
-name: external-secrets
-description: A Helm chart for Kubernetes
-type: application
-version: 0.0.1
-appVersion: 0.0.1
-
-dependencies:
-  - name: external-secrets
-    repository: https://charts.external-secrets.io
-    version: 0.17.0
--- a/dmz/external-secrets/templates/ca.yaml
+++ b/dmz/external-secrets/templates/ca.yaml
@@ -1,81 +0,0 @@
-apiVersion: v1
-data:
-  vault.pem: |
-    -----BEGIN CERTIFICATE-----
-    MIIEszCCA5ugAwIBAgIUZEzzxqEuYiKHkL1df+Cb22NRRJMwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzIyMzQ0MloXDTM1MDEy
-    MTExMTU1NVowIDEeMBwGA1UEAxMVdmF1bHQuaW5mcmEuZHVycC5pbmZvMIIBIjAN
-    BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZM0ue4bMcmmATs+kGYSpR2hLUzq
-    scGIwCtqmaKCMbd1xhmgjnIR3zvSRptLR2GVGvc1ti6qby0jXYvcqbxkHvay00zW
-    2zYN+M2m4lXpuWzg1t6NEoO6XGAsGj2v0vcVktPPU9uj0rGUVGWWfsvjoXqQFg5I
-    jdxsxK9SvMvw2XtE3FgKxpzCyw94InIHlcPwFTO+3ZdKStZlMbUDIkmszLBrWFcr
-    XOsPDfLxqMy0Ck//LKIt8djh3254FHB1GG5+kI+JSW1o+tUcL2NymvIINwm/2acS
-    1uTm+j9W7iEXav0pJNmm+/dzSskc3Y0ftM0h2HCXgitBIaEZnUVneNHOLwIDAQAB
-    o4IB7zCCAeswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
-    BBYEFCaQ2q7j7LyBGETEZ5qaJAdlISKCMB8GA1UdIwQYMBaAFO1jCyGkpFO+QiR2
-    dfBMWVYeWrQ2MIH0BggrBgEFBQcBAQSB5zCB5DAzBggrBgEFBQcwAYYnaHR0cHM6
-    Ly8xOTIuMTY4LjIwLjI1Mzo4MjAxL3YxL3BraS9vY3NwMD0GCCsGAQUFBzABhjFo
-    dHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3BraS9vY3Nw
-    MDEGCCsGAQUFBzAChiVodHRwczovLzE5Mi4xNjguMjAuMjUzOjgyMDEvdjEvcGtp
-    L2NhMDsGCCsGAQUFBzAChi9odHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVy
-    cC5pbmZvL3YxL3BraS9jYTAgBgNVHREEGTAXghV2YXVsdC5pbmZyYS5kdXJwLmlu
-    Zm8wbwYDVR0fBGgwZjAsoCqgKIYmaHR0cHM6Ly8xOTIuMTY4LjIwLjI1Mzo4MjAx
-    L3YxL3BraS9jcmwwNqA0oDKGMGh0dHBzOi8vcm9vdC12YXVsdC5pbnRlcm5hbC5k
-    dXJwLmluZm8vdjEvcGtpL2NybDANBgkqhkiG9w0BAQsFAAOCAQEAuJ+lplY/+A5L
-    5LzkljbKDTy3U6PLv1LtxqVCOFGiJXBnXMjtVW07bBEUadzFRNW8GHQ3w5QzOG6k
-    /vE/TrrJho7l05J/uc+BUrPSNjefLmQV6hn4jrP86PR0vzRfbSqKKBIID9M7+zi6
-    GFvHlVkSHsQyMQp7JOoax9KVzW2Y+OIgw7Lgw2tP122WCt2SIF0QenoZHsoW0guj
-    tzTJRmJDjn6XeJ7L3FPkf37H6ub0Jg3zBGr6eorEFfYZNN5CXezjqMFBpRdq4UIo
-    1M3A7o3uyZFcFsp/vGDcMBkwaCsBV9idu/HwkvGaTUNI285ilBORPD0bMZnACq/9
-    +Q/cdsO5lg==
-    -----END CERTIFICATE-----
-    -----BEGIN CERTIFICATE-----
-    MIIEmzCCA4OgAwIBAgIUQwCAs82sgSuiaVbjANHScO2DSfAwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzExMjEyNVoXDTM1MDEy
-    MTExMTU1NVowFDESMBAGA1UEAxMJZHVycC5pbmZvMIIBIjANBgkqhkiG9w0BAQEF
-    AAOCAQ8AMIIBCgKCAQEAn9fjGRqqFsqguz56X6cXZwEMtD9wElwSFCb4Fc8YTzlH
-    4fV13QwXKESLE/Q+7bw4y4FJQ8BiGNbxxbQOOgWhfGGlQyFa1lfhJtYLfqRN5C2/
-    S7nr0YxDB9duc4OAExVL6Pr4/Koc+vDZY03l7RzwnF2AOM9DjFTASw01TphCQjRk
-    U+upiN2TUhUPejV/gMR+zXM6pn98UBKG1dNubS0HzAMwAEXAPm141NDyWUCPT9+3
-    6P03Ka8mUTx3X49OCtvJEGEQbtlnTFQaOSkP1yLW+XRMHw3sQaV2PWXu5fInbEpZ
-    +SuzmgLOXtmQNmHLav9q1qeTVkpBGPWvfh2Vh1JJhQIDAQABo4IB4zCCAd8wDgYD
-    VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJaP17f1Zw0V
-    55Ks9Uf0USVWl0BPMB8GA1UdIwQYMBaAFO1jCyGkpFO+QiR2dfBMWVYeWrQ2MIH0
-    BggrBgEFBQcBAQSB5zCB5DAzBggrBgEFBQcwAYYnaHR0cHM6Ly8xOTIuMTY4LjIw
-    LjI1Mzo4MjAxL3YxL3BraS9vY3NwMD0GCCsGAQUFBzABhjFodHRwczovL3Jvb3Qt
-    dmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3BraS9vY3NwMDEGCCsGAQUFBzAC
-    hiVodHRwczovLzE5Mi4xNjguMjAuMjUzOjgyMDEvdjEvcGtpL2NhMDsGCCsGAQUF
-    BzAChi9odHRwczovL3Jvb3QtdmF1bHQuaW50ZXJuYWwuZHVycC5pbmZvL3YxL3Br
-    aS9jYTAUBgNVHREEDTALgglkdXJwLmluZm8wbwYDVR0fBGgwZjAsoCqgKIYmaHR0
-    cHM6Ly8xOTIuMTY4LjIwLjI1Mzo4MjAxL3YxL3BraS9jcmwwNqA0oDKGMGh0dHBz
-    Oi8vcm9vdC12YXVsdC5pbnRlcm5hbC5kdXJwLmluZm8vdjEvcGtpL2NybDANBgkq
-    hkiG9w0BAQsFAAOCAQEAiqAZ4zNIEkCWcvpDRq0VyJuk59sVtJr5X4FscHQ179nE
-    QbbvMe+EBDFS6XQml1Elj8jiPa/D5O9Oc6Iisnm5+weZKwApz/lQ+XVkWLCoEplB
-    ZZ9fcWVCbMLt0xlt8qn5z/mYKfbCT7ZCqDO+prQZt+ADJcQbiknfroAAqEbNKxwN
-    Y9uUyOWNF3SxJEch4w2dtX+IEVmxeZnhMy8OuP0SQKl8aW40ugiG0ZD5yTBBfOD9
-    zsrGSU/iSatn0b7bevBhaL96hz1/rNR1cL+4/albX2hrr8Rv3/SB2DLtNQlQW0ls
-    AfhXAqP5zL+Ytgf1Of/pVdgnhxrYUY7RKCSGY5Hagw==
-    -----END CERTIFICATE-----
-    -----BEGIN CERTIFICATE-----
-    MIIDLzCCAhegAwIBAgIUNHdvOzam2HPVdwXpMHUy4wl8ZRYwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAxMJZHVycC5pbmZvMB4XDTI1MDEyMzExMTUyNVoXDTM1MDEy
-    MTExMTU1NVowFDESMBAGA1UEAxMJZHVycC5pbmZvMIIBIjANBgkqhkiG9w0BAQEF
-    AAOCAQ8AMIIBCgKCAQEA8XDTVEtRI3+k4yuvqVqfIiLRQJcXbmhfVtAeYk+5j9Ox
-    p1w9YHdnPLqLFrD1PzadjqYeAp/fwlEFfs6lqwoTS8S9vhaFqcgB57nVMb77dTBb
-    /08XHXOU6FPRjdFKm5QMpS7tn1XacPMy/o0bKqRREQeiuFDGVRyuF5PUgvWc1dvJ
-    l27JvvgYktgjfpNS4DlCxg4lGXT5abvaKf2hnr65egaIo/yRWN9wnvAzRiY7oci7
-    GA1oKz87Yc1tfL2gcynrwccOOCF/eUKesJR1I6GXNkN/a1fcr+Ld9Z9NhHBtO+vE
-    N8DsZY+kG7DE3M4BCCTFUzllcYHjaW4HaF9vZW+PYwIDAQABo3kwdzAOBgNVHQ8B
-    Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7WMLIaSkU75CJHZ1
-    8ExZVh5atDYwHwYDVR0jBBgwFoAU7WMLIaSkU75CJHZ18ExZVh5atDYwFAYDVR0R
-    BA0wC4IJZHVycC5pbmZvMA0GCSqGSIb3DQEBCwUAA4IBAQAS/qUI/1Yv07xUTK5k
-    r93kC7GSPpmpkXIsfjChAl93sebN143fu70NUP74jjCc0Wkb8hRofGg10E+/24r1
-    AI0KsLhzKzfIASxUVQAn8RTptLruaaPLboSA4MUZ8IB5y8Vy8E3/KtD0gD80j64Y
-    rm9XGHA0HTJHbPUTb/Rux2g0E7WtiyWSWH8mqzbegU8IrkM3eVT4+ylBE7YkfWDD
-    dw44sB71tfmDKpzWg6XQ6YMh0YfnyG1fYCj9LhuecNY9Uuo6cjDaAvkzMewWwqDx
-    Q2Ekas98Di6itCP8vET+gBDjeCc+XR6Hx6vzWmxlZhwDuxEKL1a2/DabUxJyMNzv
-    55Fn
-    -----END CERTIFICATE-----
-kind: ConfigMap
-metadata:
-  name: ca-pemstore
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
DeveloperDurp	d38a2d2840	update	2024-07-21 09:49:15 -05:00
DeveloperDurp	2b88107a28	Merge branch 'mr-prd' into 'prd' Mr prd See merge request developerdurp/homelab!2	2024-07-21 12:58:33 +00:00
DeveloperDurp	d9be744f17	Mr prd	2024-07-21 12:58:33 +00:00
DeveloperDurp	b1a4779d96	update	2024-07-21 07:41:04 -05:00
DeveloperDurp	54432a447f	update	2024-07-21 07:39:08 -05:00
DeveloperDurp	779d3448d5	update	2024-07-21 07:33:18 -05:00
DeveloperDurp	7d9ddc574f	update	2024-07-21 06:57:15 -05:00
DeveloperDurp	0b4238217b	update ingress	2024-07-21 06:50:32 -05:00
DeveloperDurp	39020882f4	update	2024-07-21 06:28:57 -05:00
DeveloperDurp	39f53751ea	update	2024-07-21 06:27:08 -05:00
DeveloperDurp	d686567857	update	2024-07-21 06:25:13 -05:00
DeveloperDurp	74bca2946b	update	2024-07-21 06:23:44 -05:00
DeveloperDurp	1972f4a965	add metallb	2024-07-21 06:21:02 -05:00
DeveloperDurp	b4f11ea722	update for ollama url	2024-07-20 09:22:12 -05:00
DeveloperDurp	004990a4ca	update	2024-06-23 12:15:12 -05:00
pipeline	1481dbe107	Update Chart	2024-05-29 11:29:48 +00:00
DeveloperDurp	0414919e05	update	2024-05-25 07:30:32 -05:00
DeveloperDurp	d5ab5c4671	move all to prd	2024-05-11 06:34:17 -05:00
				`@@ -1 +0,0 @@`
				`Acquire::http::Proxy "http://192.168.21.200:3142";`