Replace Guacamole with Webtop

services/Webtop/_namespace-webtop.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: webtop

services/Webtop/application-webtop.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: webtop
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: webtop
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Webtop
+    targetRevision: HEAD

services/Webtop/configmap-init.d-zsh.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: init.d-zsh
+  namespace: webtop
+data:
+  00-zsh.sh: |
+    #!/bin/bash
+
+    # Make sure zsh is installed and available
+    ZSH_BIN=$(command -v zsh)
+
+    if [[ -x "$ZSH_BIN" ]]; then
+        echo "[webtop] Setting abc's default shell to $ZSH_BIN"
+        usermod -s "$ZSH_BIN" abc
+    else
+        echo "[webtop] zsh not found, skipping chsh"
+    fi

services/Webtop/deployment-webtop.yaml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: webtop
+  namespace: webtop
+  labels:
+    app: webtop
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: webtop
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: webtop
+    spec:
+      containers:
+      - name: webtop
+        image: lscr.io/linuxserver/webtop:latest
+        env:
+          - name: START_DOCKER
+            value: "false"
+          - name: DOCKER_MODS
+            value: linuxserver/mods:universal-package-install
+          - name: INSTALL_PACKAGES
+            value: nano|zsh
+          - name: TZ
+            value: Australia/Melbourne
+        ports:
+          - name: web
+            containerPort: 3001
+        volumeMounts:
+        - mountPath: /config
+          name: webtop-config
+        - mountPath: /custom-cont-init.d/00-zsh.sh
+          name: webtop-initd
+          subPath: 00-zsh.sh
+      volumes:
+      - name: webtop-config
+        persistentVolumeClaim:
+          claimName: webtop-config
+      - name: webtop-initd
+        configMap:
+          name: init.d-zsh
+          defaultMode: 0700

services/Webtop/ingressroute-webtop.yaml

@@ -0,0 +1,19 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: webtop
+  namespace: webtop
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`remote.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: webtop
+      port: 3001
+      scheme: https
+      serversTransport: insecure-skip-verify
+    middlewares:
+      - name: 2fa-authentication@file
+      - name: security-headers@file

services/Webtop/persistentvolumeclaim-webtop-config.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: webtop-config
+  namespace: webtop
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

services/Webtop/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: webtop
+spec:
+  encryptedData:
+    password: AgAwMck+jQJxNiv0vSkvgEcpbToRv2u5KzJSvJveY4gYXDeBW3mOdweCznypGtDZ6au+gDsAphqJKmgp7TMC3nYppjaqEm9nFybOnwQHhX+7t36c1MRQWNwBhMp3DDNikv9EhQBVdqiXQShX/sPQEBYgNCmspBGQNv/QWFxJPRbmpg1DdFn6TkRlW3VNqecO6RTgbj6YpKG9SCgQjsvXdOOEM85tc2v0UODITFNlemxq2anks8FzSb3VxXBqWOq3np1DcrTbHkcQMokVp9to8d/UXdD1L2jbWr4ykhosf3AV+9Ojgp32D48ODS0GgGykgN9bArwmRLNSYJbclIqViePO78CaOTAnquKf7HN1ZqaLhCNMLvY+MOzrwvmXlWVmmHLI1YLYJSxV9u2WTJlU7jRN/xlCgKbAUC50fhgqMd8l4RXlieqrSePnpgpnI96+fovW1Q2jeYngXX1RzjEsG1Up2ZhSiuWoP+We0nH3VCbIUrjk5XAdojrO1Uj9A1FOd0Gx1GVj6e++3/DpjuGOSphNspXXWiCn3hbH0idh/r011AQwKq6RgDO8QhtSZx8Ditnqu50hCmg8gRK6h2hSZ8LXiRvKy7l5H3Ca/99KyhDHoA7n1fqRN7702rOyz8txjwkbgyadk7T0zYdMYxXffrVgfD2XIWhKdjwtxbiO0OGeWcLD3IQwlZcyRsz0stqUPhbB+t4BNN5RE78tGpx3e0yv
+    username: AgAyzzViZggLUc47A3TkctmUG6rCEDnu2wsLXgRGs2Vw5Sg1KnOuUDhE/BQpM70Zhl07af+v0SqWkMJHM2n+L5jQ7ed27rqsRDYNJNXJqt6gwY6D7Rx0OYOfxOILrk0LXAfLIaZiuREzwrm6JExI5+xu/nTDgQm7sIufQvIrWvaJVM2zfhtHLGaB1x/CGzrc6ViXfPsYAFrlHWihNJJ+PVb3aoW68/oip5MmhKdmm9igf0Hmtr67fMm2A0JSA8cSbFA/bG2i94qHX+zswWrIzePgNrz2x2bpeag7p2/2XO6JssMn5XkZZVIWbB+cEX1wf8srrUnJqD8ycgiD1CY96A5ILPd50IErDYGv9xZAkxpfO53q3USC4dx8O4AnZFHkVWHfNYd0RBqhnHWTMpUXfEY5TC5KHA2RxS6v5wa3oBU446uSviswDuDPhg4aKStTasBvgmVgRLmnI9d/NxvIlSmNxMfaIvpyKXnvNZ8eaKIB9LeBVBzmubtATx712blNua78NuojBHtVCp042KW027fDs9aAJvUg1zFArxCwrgepakOrxO4WgUB1AUTomzKzZfKu4PjWRCYRwpyBHg38F/Y1IYAkffIMfWXQ31YQm2ng4/Xg+OYPJG7eKoVvGEWrqwFi0hqcEvXJPcYpp/o1fDKnwB61paMZOk7D4rJmdI9dTJsEZ6aIZzMSvRWZuw817FH3Feu1bgs=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: webtop
+    type: Opaque

services/Webtop/serverstransport-insecure-skip-verify.yaml

@@ -0,0 +1,7 @@
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: insecure-skip-verify
+  namespace: webtop
+spec:
+  insecureSkipVerify: true

services/Webtop/service-webtop.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: webtop
+  namespace: webtop
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 3001
+  selector:
+    app: webtop