diff --git a/README.md b/README.md
index 536755c..3d48e5e 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
-*TODO: Files with sensitive data; move to Vault*
+*TODO: Files with sensitive data; migrate to SealedSecret*
```
-# line 6-8: services/Guacamole/configMap_Guacamole.yml
+# line ??: services/TfState/deploy-TfState.yml
+# line ??: services/Mastodon/deploy-Mastodon.yml
+# line ??: services/PVR/deploy-SpotWeb.yml
```
# Kubernetes.K3s.installLog
@@ -179,24 +181,29 @@ kubectl apply -f services/Adminer/sealedSecret-Adminer.yml
kubectl apply -f services/Bitwarden/deploy-Bitwarden.yml
kubectl apply -f services/Bitwarden/sealedSecret-Bitwarden.yml
```
-##### 4.3) [DroneCI](https://drone.io/) (contineous delivery)
+##### 4.3) [DDclient](https://github.com/linuxserver/docker-ddclient) (dynamic dns)
+```shell
+kubectl apply -f services/DDclient/deploy-DDclient.yml
+kubectl apply -f services/DDclient/sealedSecret-DDclient.yml
+```
+##### 4.4) [DroneCI](https://drone.io/) (contineous delivery)
```shell
kubectl apply -f services/DroneCI/deploy-DroneCI.yml
kubectl apply -f services/DroneCI/sealedSecret-DroneCI.yml
```
-##### 4.4) [Gitea](https://gitea.io/) (git repository)
+##### 4.5) [Gitea](https://gitea.io/) (git repository)
```shell
kubectl apply -f services/Gitea/deploy-Gitea.yml
```
-##### 4.5) [Gotify](https://gotify.net/) (notifications)
+##### 4.6) [Gotify](https://gotify.net/) (notifications)
```shell
kubectl apply -f services/Gotify/deploy-Gotify.yml
```
-##### 4.6) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html) (remote desktop gateway)
+##### 4.7) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html) (remote desktop gateway)
*Requires specifying a `uid` & `gid` in both the `securityContext` of the MySQL container and the `persistentVolume`*
```shell
-kubectl apply -f services/Guacamole/configMap-Guacamole.yml
kubectl apply -f services/Guacamole/deploy-Guacamole.yml
+kubectl apply -f services/Guacamole/sealedSecret-Guacamole.yml
```
Wait for the included containers to start, then perform the following commands to initialize the database:
```shell
@@ -205,29 +212,25 @@ kubectl exec -i guacamole- --container mysql -- mysql -uguacamole -pguac
kubectl rollout restart deployment guacamole
```
-##### 4.7) [Lighttpd](https://www.lighttpd.net/) (webserver)
+##### 4.8) [Lighttpd](https://www.lighttpd.net/) (webserver)
*Serves various semi-containerized websites; respective webcontent is stored on fileshare*
```shell
kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
kubectl apply -f services/Lighttpd/cronJob-Spotweb.yml
```
-##### 4.8) PVR `namespace` (automated media management)
+##### 4.9) PVR `namespace` (automated media management)
*Containers use shared resources to be able to interact with downloaded files*
```shell
kubectl create secret generic --type=mount/smb smb-secret --from-literal=username=<> --from-literal=password=<> -n pvr
kubectl apply -f services/PVR/persistentVolumeClaim-PVR.yml
kubectl apply -f services/PVR/storageClass-PVR.yml
```
-###### 4.8.1) [NZBHydra](https://github.com/theotherp/nzbhydra2) (index aggregator)
-```shell
-kubectl apply -f services/PVR/deploy-NZBHydra.yml
-```
-###### 4.8.2) [Overseerr](https://overseerr.dev/) (request management)
+###### 4.9.1) [Overseerr](https://overseerr.dev/) (request management)
```shell
kubectl apply -f services/PVR/deploy-Overseerr.yml
```
-###### 4.8.3) [Plex](https://www.plex.tv/) (media library)
+###### 4.9.2) [Plex](https://www.plex.tv/) (media library)
*Due to usage of symlinks, partially incompatible with SMB-share-backed storage*
```shell
kubectl apply -f services/PVR/deploy-Plex.yml
@@ -237,31 +240,31 @@ After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
kubectl get endpoints Plex -n PVR
```
Browse to the respective IP address (http://:32400/web) and follow instructions.
-###### 4.8.4) [Radarr](https://radarr.video/) (movie management)
+###### 4.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr) (indexer management)
+```shell
+kubectl apply -f services/PVR/deploy-Prowlarr.yml
+```
+###### 4.9.4) [Radarr](https://radarr.video/) (movie management)
```shell
kubectl apply -f services/PVR/deploy-Radarr.yml
```
-###### 4.8.5) [Readarr](https://readarr.com/) (book management)
+###### 4.9.5) [Readarr](https://readarr.com/) (book management)
```shell
kubectl apply -f services/PVR/deploy-Readarr.yml
```
-###### 4.8.6) [SABnzbd](https://sabnzbd.org/) (download client)
+###### 4.9.6) [SABnzbd](https://sabnzbd.org/) (download client)
```shell
kubectl apply -f services/PVR/deploy-SABnzbd.yml
```
-###### 4.8.7) [Sonarr](https://sonarr.tv/) (tv management)
+###### 4.9.7) [Sonarr](https://sonarr.tv/) (tv management)
```shell
kubectl apply -f services/PVR/deploy-Sonarr.yml
```
-##### 4.9) [Shaarli](https://github.com/shaarli/Shaarli) (bookmarks/notes)
+##### 4.10) [Shaarli](https://github.com/shaarli/Shaarli) (bookmarks/notes)
```shell
kubectl apply -f services/Shaarli/deploy-Shaarli.yml
```
-##### 4.10) [Theia](https://theia-ide.org/) (web IDE)
-```shell
-kubectl apply -f services/Theia/deploy-Theia.yml
-```
##### 4.11) [Traefik-Certs-Dumper](https://github.com/ldez/traefik-certs-dumper) (certificate tooling)
```shell
kubectl apply -f services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml
diff --git a/services/Guacamole/configMap-Guacamole.yml b/services/Guacamole/configMap-Guacamole.yml
deleted file mode 100644
index 5865e74..0000000
--- a/services/Guacamole/configMap-Guacamole.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: configmap-guacamole-mysql-conf
-data:
- MYSQL_DATABASE: 'guacamole'
- MYSQL_PASSWORD: 'guacamole'
- MYSQL_USER: 'guacamole'
diff --git a/services/Guacamole/deploy-Guacamole.yml b/services/Guacamole/deploy-Guacamole.yml
index 7e7f071..e63f83d 100644
--- a/services/Guacamole/deploy-Guacamole.yml
+++ b/services/Guacamole/deploy-Guacamole.yml
@@ -44,8 +44,8 @@ spec:
- name: GUACAMOLE_HOME
value: '/etc/guacamole'
envFrom:
- - configMapRef:
- name: configmap-guacamole-mysql-conf
+ - secretRef:
+ name: secret-guacamole
volumeMounts:
- name: flexvolsmb-guacamole-home
mountPath: /etc/guacamole
@@ -69,8 +69,8 @@ spec:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: 'true'
envFrom:
- - configMapRef:
- name: configmap-guacamole-mysql-conf
+ - secretRef:
+ name: secret-guacamole
volumeMounts:
- name: flexvolsmb-guacamole-db
mountPath: /var/lib/mysql
diff --git a/services/Guacamole/sealedSecret-Guacamole.yml b/services/Guacamole/sealedSecret-Guacamole.yml
new file mode 100644
index 0000000..7e64ee2
--- /dev/null
+++ b/services/Guacamole/sealedSecret-Guacamole.yml
@@ -0,0 +1,27 @@
+{
+ "kind": "SealedSecret",
+ "apiVersion": "bitnami.com/v1alpha1",
+ "metadata": {
+ "name": "secret-guacamole",
+ "namespace": "default",
+ "creationTimestamp": null
+ },
+ "spec": {
+ "template": {
+ "metadata": {
+ "name": "secret-guacamole",
+ "namespace": "default",
+ "creationTimestamp": null,
+ "labels": {
+ "app": "guacamole"
+ }
+ },
+ "data": null
+ },
+ "encryptedData": {
+ "MYSQL_DATABASE": "AgCNYEqUj7vsYObdSWOn71lLOzN3MVD2YdW9dpFFrxzMtfhEi33NR16HNFB8zuDZ7G9XscxVAUjMt2Bj9vOwm4IeQGT+paJofLEPNrEyz/1d4SdCv4/kDGnrApfEiwn97DNW6DDRqLQhakb5MPWHWuK+aJU6EnTtvC2L0LxFFnUWqfo9VxBmRqZqaR4PI+uI5M6GFnMAovDgCjPKxCCtY4ikzQmghAymiyepEJ0KBsk7OQQT/0GJf0OxJ1Es+0ancRZVnUtzVEVGk5BRTG2RloxEzKkWF9p/YQ+5DAv1PMkKoCJTX/3ZMUaB3gwIZ6lOwWcjbYJ2lnBz6O6U2hSOMpDLakPTYeLmntVm1osEbQaB9vVFNusMXhtVBZi/B76XFxY2P/5ROs6xRi69bqzQnP+gt3D1ABYTf4PWGmsg+2W3bXH1u5btTWBIxGpV5oaHU4MP5XyTP49zhLVmo4QkWmJ8i/+TEQumyxZKBQebeJXy/oRHy0Wk6PDZnSkkSDFasolB9GoVrT4u8BJZEs3QjAzWmdYbiH5tvbqkqStUiSS5+WKHVNn1ElY/53FkIHJTmStPfhIk/ufUp5POL9PU/ZR8uPrOaTVTFT4FvW9vpFpqYUWMTJeZLpcma4PEuvkyj74KTgJEf+4d7w/8ha9ju4Q2O0Lt1YLhymVE67M8EnxM9ZZSmU2cq9j+T5w9rapbESDZjPvXYLAg4aM=",
+ "MYSQL_PASSWORD": "AgAdsr4LSf5Q4ssEL4vQEsCMj3BJ++tDj81v3xpsK7H2Asb7Oe79RBw+aOm3GI+go0+U7MjoHLEDwbw6NiAas7kDTFpQH1+lJAY/qBY/os2srFwSRoBRnLz3D4usU3WraUzjyCzRTyblj3Va4uUsAtc4vf82+m1kAI4z65ADRfkgx1TpiT2+nmXgUHmzjJuBsHsXAI/+Xvhi2ukO+eyH17ddYa1OOHkpFgkPwgbUBy+rZi+5wpv+C43qkjQmkYzWmM9BOzJB/QXZiJXxgYBOshDAlX+DmJ53ZsuekE8bz3plvRpIIVhNdBFzDA3TMMIEjLLhpyO0vhodrqZR5e9ccd9diE6tbZjJyIYt1OmU2F0Kg7rTDcWtwBwwXr7CnQRlOcCESB/qbaCI3Ic1d03beHAhzcKN5132xW8Zz3ae92rznL3MLlRzv9228vs9980UKcBr2obFjYSTQf0mHmkFaSRqAW1P1eoNpVDIDkJ6Zyzf/6IK6fMx2b9ChkkGEgMVfu+6ZaXwgu5piVhyyNsdgmBQUNiQDKRb7Ie2Ro8HwtRDQM+zxB2sU7eCrg/rYQoDZWa8aMI86ITaEYlo/QNE0GxM5gZAeq7vAKoM8P54W9Bfpfnx9JQ5nyRT8xi58oqJp/hnf7JpZwcm546/65wRfVeP0UE7e5/Cd2z4qcrzIvmuUWzj3PoZCNPSQModMuZ3O8hRtzZ9MWNb8Lw=",
+ "MYSQL_USER": "AgA2esAjP463d4h5dmKOMOXPlBKs6XO0DcdyuPOyFKsbZ3r4Vwg/rrOjKtVQuCVB8iv2WcrDzpn2STtigmww2HWLFqkCWCD2W+5XfI1vRT086zVvFDtVRmzmeVSsZZ9RZy5vaabTg9e0NbN1Zr/mn31WjHaJAVHrFZpkTHgnQQFsqwZVHoHRl4p9oPl+SF5dSPx1l4sUWj+5VwvcyxFy4UN9la4dG1kx0sCuh9ek4iTfSg5R1k4RQGQ1vy0CAYa4JDkXx62s1FMLEmVmNI5o5GcPUWtxFcBNDKQ2FYS+2z/5RmD2nOFAxbVnvOpaolHa1sD6QTQtNY1HODjn/gbzKgXQO4AgGgJGDaRPd2ckXgzQjf3kxIl6sUAtqK9AJduXrxBpEndeT8zCOZbbqcXA/CPM1qW0ejGmZp+SV3lSBHqY5fzfQP4NF5u8tEDGhlxEop3WZvsXxSNuhxs3qDYwXQFDsuMUxzy5JYrXU0HuWQhlAP7cOrk6Oxi60lWaY5WO6U1hSWwVZHMgwNEfGdJ+mxBlvGnk+uhqRMS3xfKTcWrLGTo7dxism6p+EUZmrW6nZdEfVDfI1OQzE0mIz5ryx5woc8aSCLgxu/6vEe+8tvjOaa0yXZg1z5tdv6LTR+RxL7YWNTzCznnf0hN11ICh5cJzumdr3RxCq35My0jZKhAwuzUTomSjGhnODoLRse//TNONjiyowLCWlyg="
+ }
+ }
+}