Update system/ArgoCD/application-argo-cd.yaml

README.md

@@ -118,26 +118,6 @@ helm install longhorn longhorn/longhorn --namespace longhorn-system --create-nam
 
 Log on to the web interface and delete the default disks on each node (mounted at `/var/lib/longhorn`) and replace them with new disks mounted at `/mnt/blockstorage`.
 
-Add additional `storageClass` with backup schedule:
-***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
-```yaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: longhorn-dailybackup
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "3"
-  staleReplicaTimeout: "2880"
-  fromBackup: ""
-  recurringJobs: '[{"name":"backup", "task":"backup", "cron":"0 0 * * *", "retain":14}]'
-```
-Then make this the new default `storageClass`:
-```shell
-kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
-#kubectl delete storageclass longhorn
-```
 
 ### 3) Ingress Controller
 Reconfigure default Traefik configuration:
@@ -161,10 +141,6 @@ kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.pas
 ```
 Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
 
-Create ArgoCD applicationset
-```shell
-kubectl apply -f system/ArgoCD/applicationset-homelab.yml
-```
 ### 5) Services
 ##### 5.1) [Argus]()    <small>(release management)</small>
 ```shell
@@ -261,15 +237,4 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
   or
 
       kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
-* Delete namespaces stuck in `Terminating` state:
-  *First* check whether there are any resources still present; preventing the namespace from being deleted:
 
-      kubectl api-resources --verbs=list --namespaced -o name \
-        | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
-
-  Any resources returned should be deleted first (worth mentioning: if you get an error `error: unable to retrieve the complete list of server APIs`, you should check `kubectl get apiservice` for any apiservice with a status of `False`)
-  If there are no resources left in the namespace, and it is still stuck *terminating*, the following commands remove the blocking finalizer (this is a last resort, you are bypassing protections put in place to prevent zombie processes):
-
-      kubectl get namespace <namespace> -o json | jq -j '.spec.finalizers=null' > tmp.json
-      kubectl replace --raw "/api/v1/namespaces/<namespace>/finalize" -f ./tmp.json
-      rm ./tmp.json

ingress/Traefik2.x/helmchartconfig-traefik.yaml

@@ -5,11 +5,14 @@ metadata:
   namespace: kube-system
 spec:
   valuesContent: |-
+    core:
+      defaultRuleSyntax: v2
     additionalArguments:
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
-    certResolvers:
+    certificatesResolvers:
       default:
+        acme:
           email: letsencrypt.org.danny@spamasaurus.com
           storage: /data/acme.json
           dnsChallenge:
@@ -66,8 +69,8 @@ spec:
                     stsSeconds: 315360000
                     stsIncludeSubdomains: true
                     stsPreload: true
-                compression:
+                # compression:
-                  compress: {}
+                #   compress: {}
             tls:
               options:
                 defaults:
@@ -76,6 +79,7 @@ spec:
                   curvePreferences:
                     - secp521r1
                     - secp384r1
+                    - secp256r1
                   cipherSuites:
                     - TLS_AES_128_GCM_SHA256
                     - TLS_AES_256_GCM_SHA384
@@ -123,8 +127,11 @@ spec:
       storageClass: longhorn
     ports:
       web:
-        redirectTo:
+        redirections:
-          port: websecure
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
       websecure:
         forwardedHeaders:
           insecure: true

services/Argus/application-argus.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argus
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: argus
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Argus
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Argus/deployment-argus.yml

@@ -18,7 +18,7 @@ spec:
       serviceAccountName: argus
       containers:
       - name: argus
-        image: releaseargus/argus:0.18.0
+        image: releaseargus/argus:0.21.0
         args:
         - -config.file=/app/config/config.yml
         ports:

services/Argus/ingressroute-argus.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: argus
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Argus/persistentvolume-argus-config.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/argus/config

services/Argus/persistentvolume-argus-data.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/argus/data

services/Authelia/application-authelia.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authelia
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: authelia
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Authelia
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Authelia/ingressroute-authelia.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: authelia
@@ -14,4 +14,4 @@ spec:
       port: 9091
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/authelia/conf

services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/authelia/redis

services/Authelia/service-authelia.yaml

@@ -4,6 +4,7 @@ metadata:
   name: authelia
   namespace: authelia
 spec:
+  #externalTrafficPolicy: Local
   ports:
     - protocol: TCP
       name: web

services/DDclient/application-ddclient.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ddclient
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: ddclient
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/DDclient
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/DDclient/persistentVolume-DDclient.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/ddclient/config

services/Gitea/application-gitea.yaml

@@ -11,10 +11,14 @@ spec:
   sources:
   - repoURL: https://dl.gitea.com/charts/
     chart: gitea
-    targetRevision: 10.6.0
+    # targetRevision: 10.6.0
+    targetRevision: 11.0.0
     helm:
       valueFiles:
       - $values/services/Gitea/values.yaml
   - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
     targetRevision: master
     ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/Gotify/application-gotify.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: gotify
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Gotify
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Gotify/ingressroute-gotify.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: gotify
@@ -14,4 +14,4 @@ spec:
       port: 80
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/gotify/data

services/Guacamole/application-guacamole.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: guacamole
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: guacamole
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Guacamole
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Guacamole/deployment-Guacamole.yml

@@ -35,6 +35,10 @@ spec:
         ports:
           - name: ui
             containerPort: 8080
+        livenessProbe:
+          httpGet:
+            port: ui
+            path: /guacamole
       - name: guacd
         image: guacamole/guacd:1.5.5
         env:
@@ -43,6 +47,9 @@ spec:
         ports:
           - name: proxy
             containerPort: 4822
+        livenessProbe:
+          tcpSocket:
+            port: 4822
       - name: db
         image: postgres:16-alpine
         securityContext:
@@ -60,6 +67,9 @@ spec:
         ports:
           - name: db
             containerPort: 5432
+        livenessProbe:
+          exec:
+            command: ["pg_isready" ,"-U" ,"$POSTGRES_USER", "-d" ,"$POSTGRES_DATABASE"]
       volumes:
       - name: flexvolsmb-guacamole-db
         persistentVolumeClaim:

services/Guacamole/ingressRoute-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: guacamole
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: prepend-path-guacamole
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Guacamole/middleware-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: prepend-path-guacamole

services/Guacamole/persistentVolume-Guacamole.yml

@@ -14,7 +14,7 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/db
 ---
 apiVersion: v1
@@ -33,5 +33,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/home

services/Headlamp/application-headlamp.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: headlamp
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: headlamp
+  project: default
+  sources:
+  - repoURL: https://kubernetes-sigs.github.io/headlamp/
+    chart: headlamp
+    targetRevision: 0.30.1
+    helm:
+      valueFiles:
+      - $values/services/Headlamp/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/Headlamp/sealedsecret-headlamp-kubeconfig.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: headlamp-kubeconfig
+  namespace: headlamp
+spec:
+  encryptedData:
+    kubeconfig: AgBeAP7vtPNm+FBdLPRDkV/k7Uy3mR/eC3Repuvyw5uEKZdBGqzLwInaBcySSiLFUTRfc/csDFxHgviFh9jyGJPCBlEZpHBStz3BrTc33ehwTYTDPf7P1bvPZlWLomnFdEkh16Wn6In4YZnMcpMDxswY/LHQheHeEIAp2YnkZRvd9aJJbQbLYK1Dl90xRjHq0gqTl4QZX9BMzGZE3iUr08suTOY84b8V8Y+mrzy9DvbU7S7SusPpiX7HZ0Ty1IQEDHXPDAyIX6VnPqPCxx2p+/Dce1Io8Ql1CB5So/g/3+VcMlQEKUKt2bReFKslrv9veuvg5N4ZGlTlOu7uU/Q44AgbjB9jYvJrmHclt9dnYSIICP3x3MuNVsQ4CxOtIRG2KDJdzCnYFv16tBHc4zL3WABonmLzzuQoBFYqx/JxWfIr2U+nvbqKMm3yfFi4fvsp7Wcgu76Vak0ndBo+HwkzDWHxYNQOZO/LwEfQcoetHzlzpzzoS1Qw9JKjIlTt4Yc/7OOE6luKv18ZI/MXx4bfZ31HwkJ1P/4hnmsBwNVWLFtfGi1bmpc7Ahv0EnZuLjmxH2APnDKVvpZOMWxQ0M4zHAQLonh5/pyhEWpqJzdpfroOa+yACKr8PiBKXDlaFYD35NgHNt0LDyQTlDXRCxUnGed9pTVx4pTMDYRlzZoc5j/Q8QmhshJGePcoO0m2WXb+1O0p/k/gkU9mTz64swexDD/40gyl+YZwD4K2LOAIMHvEitv2J+3ou2QQMHcxNILJVGT1mor4bqw9W1stwzv68c05eJC0LP0f545f06AmlaFxfKLHSeds78Yxbg75lgTpknuBcnyMGtqAyhDA5h3acXhZdRFqpuxBswfmQ9S5BU8svtC79FOd86m/oOyKM5fqf1kKoG7eqgB0AYyEe9vAwZTPKuIE7dL6q9UZP0fUhu9a9g5vp7JPJStNdAqLeIDNFJpGiupb1W6pk4k1KQi6XUS8xfNVBQtFLvdty85fkDP2pnY89tznGGbimcblNsFFUx58wuu2gY9zIFk4N1gk2j5ZAym6PdeBToqQB9R/IyPwUP5o3IEn8afqZL9wTkZZjuwo5l1PsvPm5U6d2CQ9IFgnvc4v6NMWGOsri0TSnw23PAJJw6bhaU5ClK908HZDEUT2vQ86tFoNbU28451XKTgDa027PELRirlL+NpVYPwoRNDhTn+/kMMYNkYLlhUVIl2AGhoJYakvDClstmZuuMpDNeTwgqK5POlEltC9/enWvD77YdvnNZXQqkvDHcZcCRVur4cZNhtrvsdimfLj9I3DS6UdMvwxx9rCP4IoykwtTw2kMlvMwalESegtJQ2Vw6E6GqJDszUGNbLxFIwB27BTqOv4msxzJeVTNQgzdgcidg0pvipW88YYTScTD9G2Uec1Qe2FCKYLUlLVjEYCveQxx40RS2fOEwASKs0btFLb83TKBqw5GOImLHTDpLBnaetyHTI6Qa88+c0eRd2Z5Lqjr0ZVCMUtX5/0v4+zr5V5BRSRJNPpIM3gm8w/FcAV1QDRL4wlBtlKBuUyGnOI24nJbs9WlnE1HscrvzsWklOnhEtlzfWHlWLF7pgM3WmEy0lIFrQf+Ef7yubYOfg6w8eoD+NAEcM3dQUafe8Yo8V0j+GWzr9+utCxVDPzuOY1yGuA513x0+bc5yk39XSqLwetqkYxUyBmMWFuZYs8Llw+qIPRA34+m6ZzqPHD93rYpPOBRyo33djB7PV7QkxZz3DPYi1a/+Xu+ZNocFRtxw5YvNh/b4BW07A1mDzjqvH2QKjetGRjTj+8Kzb7GLKo7ZPz2oESJwAiV6ftDldt3a9R4zUh/RE05nKUgpOwanrkUyNUary3nAFXUjU7AtDKMRPU8I9y1UZiiYNod+Lvkj/ihYjgGDbhRHqSugrbKZ0jOALSx6YiZ7isKSSwFRJzZD821AB/3hWa1QlWuCpNkyc5bq/6IxeKOLFJnHhq706HwEChzpGc3swOa4clkS05OFgNvQjhnL5Rbny9oAEeXBvtLJtO0VBt5pN5zC3ZHs+w9cKLSsE4/OBTsDhaxJ2LDRmg2EGs4sPjNnJ2RABUnseELAR6tL2X5OkltzkvnJSEvansTkzi5WqWvkRf5orUATik9NR86e8k+O196ajv7GJvdueLQ9V/tMRbCEST7ry4OXssLQhZQEBU6OJsceGPd0ICtY4Bc9f2P2JFhov7ybLgMI/8aULYlyOseoGUn7ySidT9zosjEPo6ioBZYZomJSW9FPgSSZ6W+j/gCZLWxLW5mzywbl1vb4Q5dt9cDfxG3S+2TfVrUJWDOGc7cxYFdGaeHYLkGndUVLyNnlH7dQ/U3A/6iikX9TbhV+cY6qq16in5jZNDyprm13k85L+5ScyD4U3y1kniHFPKQDJt56pOaLz5cfQseeCV9qau4zbjZT1QGLWSYs58tp7ViABMqufbyv4civOm4pRRPu5RVjdY/rY7iM8ZypXnnPcSDrPZH7UcnniRPqGS7G83WyAquiyVJVahueUScmtxMQy62vkDUoisj1aOxC97WTUcBiJQKqWoTRT7HFcVl9XxZc8O8WtIIcS7/KzIaGzM25s3+vM7fRiguv0cEMV0ikE18/Zt+UT9J86AoGhnlcD8R92d3wuisM5pkNd6fv9jwQnNaULRwjhQCbRo4JGc2CxluWoKhkwpfyCxBzm8bNq2e1XhWl9WfiWsmKZyWCH3JIE7G2MnO8C6gqRJfd4idXLe9vv9F/duzm2uy6xvivP61NR7dCyn988lwtFrdOKx2dvX3PlOV852/XO1hv32W2FIh6Z32sIN8JjDqJvy/9Wu5JHng2Le79P2Zcf6db5I2hQejOtZkx1914bHO6Aro9Csj6s2VJ1YuhI4GalZYTjo5l9r6Da5J7uDpWl9uKBToFW/e3x6nMFpzARsEQc3jYixtX6gPSh4Q8VueUJAaZmpW3i8DdkkvBOHtzVAHzN+8xXTYMK8RTo6qGDiUkA6XE4apY8POp3F35mbiCKdHGZakVnHYJAyK4LUl+2oRW9JzcJNzWkggNi+DLwEjzdg1dpKGMtDSVaXl4IfPgU4QAhja7FVNyKfdXsXGV3uqxuWfju07hol5I2DFHgFHRQEPIlnlyWabYAMBUca6VVZDEDhR8aeVSLbeFw2ERXhlq2QMOpgOrPPDsT0x9YP3X6YuBzgl+dvgbO8GGLJhLEBPq9BKshTP1sKaykS4cxlO+uC59+pO/fhXe6+SKMYbAlvGMBILLv/l82gQ4P6YwAsPEEnh+pEEJ09sRwDyl8/evcORvqdYYKO/ROCtdCBxp8u9TzdhY4uUUdKbscWhnTjwSUD4sEC8H+BKpJstWwSdeYGCdCNF79F/2VgPzq+L39INqS5TUSo6d4ZH8oPxX3kfU/HUYAtPp7ign0hIvVXkqaqYJRHeEEEk+SqUHaYY5wZLBwbAcxk+AvsrDThCEYlFVQhONJ1Miodhi3bHeSK6lehlLsMgxj+j3MaM9iohhxk45GuwsqRzu+EfyaemiEEFVxI2q5IEnfjR1xfc5Lg4SmYQQpeuUaxZ463xBxNhiBKlNA2JFQwTbaCa2HLsp060ysVZGiOq6yKFBrVRMAuRNxp1/A/Ies5nvGhD7lCA0mSDpy8j+TTCFUn2T0U1ChkYn/y+X1t4pPPtKIcy2aGkFdY/reOSBU0yfaM0iFrj0D1Rf1JDIBtCnYM12uOi2h+7GAJQLWbAbnTz6aHCF9vGlXB6krC0BF8fp/Snn1BQqKjChjqW3IXBazMK8zT5ouds+mxxIidN8smDoOqytT941TgGV9RGPQuCNePTX86fhh981PS2gKUBSGBPfaKMFpVSGDxypAdQi/irsjEbQn0ugKWvzxNVopS/ImcXGYVu5w3PZocs/mpv2k2h/vka2N/SF39E9DS6fMTX0SwATBuAdwsQpWeQd2Hd1eZeVSDNUn5Jqud4jmJH/Mp21sfEEzoGgmZl5+T1JaK4EsG+yldVIPpEcsde/ecc6xPvluVfxd5cKWKg1vTxuTRVzX8I3f6dTq0c+/VRnQn+QEhEpLXutR+4XT/wh1obdBHJ0/h+9Fo2QlUz6Hni6iI3DrAqJjCsz8xBfZXCF2LSekQTO/ZiIrHe4CAnGOueWV8Vg2ASiqhEUs0g7UP/aInxkvmY4byfwSgF3OhBzt69xIzyY1NjQxPRo3Gn+Ma5NiZEawjdtCNLw9oHTHIFil9d2K9CiZ/pBMfZslJ+86xLDIOKikMRb84ANwcOSbgEu+Bpgf2MfMS2Fqt8K37uhFJQ0eTQeCLY6u6J6AKhX+9oKg7uMsnDudZsd5mKe7+JcaXyuz77NiJDtWcA1VHfb3h33vlZiUCb9cO7+8Bmtgm4eXbsafaINWFgUVEXpy9gqpopBUOO32mG07trMG8SwNZItCtqSD8J6tp4zNHZHo8IDq4dqGBlSHafnlCA3MLZrXtfOW18zwEnmC+uncQhByIOW260sLkSL1AsA/vz9083P1LVyZVt1v/SWHKDkWHOir9cAVsGBpYu+u4EUmg+DAdv+gnb25yf2f4a+OaDHWV42N/oqn4tmNhF3SlrocKawLd1qnMSCUCXgbTC1A7A/2ifZUTUF3Cxg2RCOULmp5fScNjfPoTqHsf0Y9IMltn9gDOAlofXY8=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: headlamp-kubeconfig
+      namespace: headlamp
+    type: Opaque

services/Headlamp/sealedsecret-oidc.yaml

@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: oidc
+  namespace: headlamp
+spec:
+  encryptedData:
+    OIDC_CLIENT_ID: AgBXJgPrEI44ACJJ3S0+/Atic7ckP0tfVAfPtl5iNcgj+6PL8h1Xh/hzjZbYEiebG1FzSH50K977ijMdEHDFmagYSR5Ju1VpAHJyjtRZbysm8IbFV2g/8aBV88HwdXD8fZhY+PmXKNkSNFGqb6+E31NgetEjsZNjMgS0cM/YfCXwrVPMaR8QawjszyfOLUh4Z+D0QqH2Mb6d6vBaBgNgikUUgixFn+f1S4A66qUxGGzZKVIIa+f6Eo3gQDuo+4bi6/criaMoB8foSkXgWqRIiiVGzp7NcXT1mmWTwjosVexhKGSBiNDJFiWMgtc3Sti7Jp44fvYGdDHddiBsIBFB1uv19rGYLhq/4qpGQiT06Dq28n0+ehBfxsZZQ2nLDRjXciTgG354enMJO58ol6Dqk6zKjTWx6YwHAIdh0kuQ9atT4TsdAL8BR4qkdYuIRUmlhCUj9Ywh76GIdbnPWQfWHap4bjP7KVxFRw0Ke467TFoU4iO9TmVhF0LvS4g45fTXKV/j1R8yU7cA+TFEDGvQLixOdeJrICmn+WRJTHuCtvI5E1W5yJAstSEdkZTt7PSUAq76o6uUT18OJYZdGzaG3j118xVcFAM/GsEgQ0M4CyExTraJcl2NegrhcjXokJHyz7Nm8Fm9+x/++jDMYq0rWaPYRaPcYKYDsvF0t9vzY3JyigtoiPIR9KIjNSiLWQKKGyGgLOwCI2gTXA==
+    OIDC_CLIENT_SECRET: AgBrX+mUYkAAyyP1T4iLYDZkx0aIyWUSf5781/ZYQsh0gOtoTuZZ/l6q61wDxxYY5xJqtzYTSa0QOmIORyhusODDokVkCGlx06GyTP6As46m6GqmwGp57vanF6YiSL9he97E8Sarr+v4EOrhGtUejLH2TCFJsXV3CzQvQiAWXxHMZxRIOBkzpbqFJ9dez2n22N49j6qd5sTNskv13HNJruKEsYJM/m/vWuVVe1Rf3cIFdChUNt0Wv9Xir1waXe4QTAYKkzYrPjeDB+xIe8xGms7tqEQxKVP/SmYaQG3rPSIAu55zLdLMcbIFSVBensVr1Fcx9Jb00OB5JPZuKEftQMRR3NTIBcJNAIvlxFbv6uM7xbXOOrRZ3YG68I4/e8mxRx6o56z/IeNd83FH8aiEIfMdKhZAAmKlrMnv0F2wSQk4JxAL31uzcNtZR9HhfDpZRxzFNe6P8Msjv4kEri9jOE6qAwyXsigT5D9dI/7Kzni3NfGf411z4hkqedE9EF2RTRS4LtUFCPHqJ+HcuLYDeU91a2XhAjWUYXML0okjFu/W1ZR3xvyngZJLbdRuturCyLvql9cfQwwvabYc6miV7LBAgIJASqNx4GpN2aFH5s9sAor3Jh7Gva3DVZxklhORl0Ajt+5/Kk2LmofvmiTWL9Jx1gEgV4ND/VXg73uDX2boqwZ1dpf4pJhVitkoh1AOGoRtzznfPF3JAfzCPvp1tmJNBx77MAOs1taBfbR6OGk58w==
+    OIDC_ISSUER_URL: AgAuwDryEOuf4o/Pj88FaRyCeX1MW3sJK7V9U0Tpm6K1k1y88n6jurzwU0oXP/l+6Wt5e/Us8vjc8FpKiUa5RHo+EeZUsXDFBdmLoiJ9PdUiemj7CTJbs/Vd6a0f5yTTa7+dBbB3/h17f8QhFyMoVxZkU9VsDea3rvouf8dK9vbv7JcvSCnMdqeo5ShN+ZJz9S2JN1ATB3Rlp9FPjwwg9lPHjXN/OBVO16KE1Mws0ecxICfgOUwueis2qqWA3qJRUjjUMFV4Gg3y2JaLVcNWh3HvxZgKDd1YpoDklx3e3V/Ja+XODM9mPKrYypRKLrR8zF2bYJvPGaH0+oavQzFBsYKso0cQ1xbnnQX4xtJRKaw99IxWh4gjT0e7cJWIxcpF1W6inW88igRzHluJVWnpmrtmLKrFtFtJ8ALs1XX762OoPFN+SnylGjScHYUEL9P40zpAYrH0r2/b7K2P2LbAtvMBDU8EJwQkzbkUBuO470I9b2KEgY+gIL+hKbDtPZuxC4nQMx7eHMMWZVvxjzPmpIX7knBPLrDZG9bWZzJBNyA9We4pwJDh6qxHR/15OpcCQRoPM2ZPSOgaDTFZ08ISvNLdQGy1gCDAEXq3Cu9rK4Lo8Ixmor+cYQJM5yplrSHX8S70FmSwGvTSizabJM4suX8s0Q/gfS6IkQpCxOy0EHpTysCYrIGnHKJXuiFo5PZKz4fJ+AryNfPQeQgT+iUTSA9aDKE9RY2QRAcYRLFF
+    OIDC_SCOPES: AgCKdxns6u+wOUE1uwbSc9JzvYZBc2H+Rljeu83xVMuNN2XaaFlkc6GxKnOs9S+ikm7TFRo0DtPMdHOCEQjgOHrAUzsR+quC6KJ9LeCVEiEjsZec8hYAZLoeL/k8dZu+9W2K/cmsinqi8wspIb0mj/zZ+3AsYhoxYOkTFUtFvYC6cgkqwDfNZK7xzJBmUor5DVDVer3VoHdvqCph9RvFT4tHbNSm0B90rz1OBU62aFI3IGcTgMpEwpqu9KQ3M6Ie2zIZyIeBeWuJTcFzvLl4KWxK7XtEGQfuIKbJqHKArtA90W2vvwuJlDoa4lB1uASUHqe9cIfWxzSPApjwZ5a1PoSmJDpbzblt8W7akrz9WJzXXDnKG3R2OZGM/eDkwCa8LWa8xGSpe7JVHfcZS3bWE4noDXneBb0wAdHgs2vGy5b6L8IeKcI79sohWcz53pJBlIZ/uaK8T2QXeG/Woe0SO7Q+2C7Rnc62Cq5H/I+Rij5s61qbfb4r1vU8mtXtimoku5PYGUPJC+3DwHAOda/BssTqT/C68o4Rsj0RmdMiEy4kvPknTAJck+RwsJkNE/47mn+RYLpbK5mp2+wqMeNDD/STxmgf9yLOcvLkKQTEgaW0TnpbAEed1tC8dUHtTtIimKJ51Z53f/+FcxIFYYvweDXLOe3/n+cRCmVO0LU44//flA9d/iQ4dzMj40awEIqBJhhGOtoU1n6RNZITJb127Pqx68LXLg==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: oidc
+      namespace: headlamp
+    type: Opaque

services/Headlamp/values.yaml

@@ -0,0 +1,35 @@
+config:
+#  baseURL: dashboard.spamasaurus.com
+  extraArgs:
+  - -enable-dynamic-clusters
+  - -kubeconfig=/home/headlamp/kubeconfig
+  oidc:
+    secret:
+      create: false
+    externalSecret:
+      enabled: true
+      name: oidc
+
+volumeMounts:
+  - mountPath: /home/headlamp
+    name: headlamp-kubeconfig
+
+volumes:
+  - name: headlamp-kubeconfig
+    secret:
+      secretName: headlamp-kubeconfig
+
+#persistentVolumeClaim:
+#  enabled: true
+#  size: 1Gi
+#  storageClass: smb-csi
+
+ingress:
+  enabled: true
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file
+  hosts:
+    - host: dashboard.spamasaurus.com
+      paths:
+        - path: /
+          type: Prefix

services/LdapWrapper/application-ldapwrapper.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ldapwrapper
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ldapwrapper
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/LdapWrapper
+    targetRevision: HEAD
+#   - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#     path: services/LdapWrapper
+#     targetRevision: master

services/LdapWrapper/deployment-ldapwrapper.yaml

@@ -31,8 +31,8 @@ spec:
           name: ldap
         volumeMounts:
         - mountPath: /app/.cache
-          name: longhorn-ldapwrapper-cache
+          name: flexvolsmb-ldapwrapper-cache
       volumes:
-      - name: longhorn-ldapwrapper-cache
+      - name: flexvolsmb-ldapwrapper-cache
         persistentVolumeClaim:
-          claimName: longhorn-ldapwrapper-cache
+          claimName: flexvolsmb-ldapwrapper-cache

services/LdapWrapper/persistentvolume-flexvolsmb-ldapwrapper-cache.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-ldapwrapper-cache
+  namespace: ldapwrapper
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-ldapwrapper-cache
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none,nobrl
+      server: 192.168.154.195
+      share: /K3s.Volumes/ldapwrapper/cache

services/LdapWrapper/persistentvolumeclaim-flexvolsmb-ldapwrapper-cache.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-ldapwrapper-cache
+  name: flexvolsmb-ldapwrapper-cache
   namespace: ldapwrapper
 spec:
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
-  storageClassName: longhorn
+  storageClassName: flexvolsmb-ldapwrapper-cache
   resources:
     requests:
       storage: 1Gi

services/Lighttpd/application-lighttpd.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lighttpd
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: lighttpd
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Lighttpd
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Lighttpd/deployment-lighttpd.yaml

@@ -30,8 +30,6 @@ spec:
           subPath: .htpasswd
         - name: configmap-lighttpd-vhosts
           mountPath: /etc/lighttpd/vhosts.d
-        - name: flexvolsmb-lighttpd-data
-          mountPath: /data/scripts
         - name: flexvolsmb-lighttpd-websites
           mountPath: /var/www/
       volumes:
@@ -41,9 +39,6 @@ spec:
       - name: configmap-lighttpd-vhosts
         configMap:
           name: configmap-lighttpd-vhosts
-      - name: flexvolsmb-lighttpd-data
-        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-data
       - name: flexvolsmb-lighttpd-websites
         persistentVolumeClaim:
           claimName: flexvolsmb-lighttpd-websites

services/Lighttpd/ingressroute-lighttpd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: lighttpd
@@ -14,4 +14,4 @@ spec:
       port: 8080
     middlewares:
     - name: security-headers@file
-    - name: compression@file
+    # - name: compression@file

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/data

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/lighttpd/websites

services/Memos/application-memos.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memos
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: memos
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Memos
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Memos/deployment-memos.yaml

@@ -17,7 +17,8 @@ spec:
     spec:
       containers:
       - name: app
-        image: neosmemo/memos:stable
+        image: neosmemo/memos:0.24
+        imagePullPolicy: Always
         env:
           - name: MEMOS_PORT
             value: '5230'

services/Memos/ingressroute-memos.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: memos
@@ -14,4 +14,4 @@ spec:
       port: 5230
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Memos/persistentvolume-flexvolsmb-memos-data.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/memos/data

services/Minecraft/application-minecraft-bedrock.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: minecraft-bedrock
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: minecraft
+  project: default
+  sources:
+  - repoURL: https://itzg.github.io/minecraft-server-charts/
+    chart: minecraft-bedrock
+    targetRevision: 2.8.4
+    helm:
+      valueFiles:
+      - $values/services/Minecraft/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values

services/Minecraft/values.yaml

@@ -1,21 +1,29 @@
 minecraftServer:
+  # version: 1.21.73.01
+
   eula: "true"
-  serverName: Clydebank Rd Minecraft
+  serverName: Clydebank Rd Survival
 
   serviceType: LoadBalancer
-  loadBalancerIP: 192.168.154.240
+  loadBalancerIP: 192.168.154.241
 
-  ops: 2533274801327950
+  cheats: true
+
+  ops: "2533274801327950"
 
 persistence:
   storageClass: "smb-csi"
   dataDir:
-    # Set this to false if you don't care to persist state between restarts.
     enabled: true
     Size: 1Gi
     accessModes:
       - ReadWriteOnce
 
+resources:
+  requests:
+    memory: 1024Mi
+    cpu: 500m
+
 extraEnv:
   ENABLE_ROLLING_LOGS: true
   OVERRIDE_SERVER_PROPERTIES: true

services/PVR/Jellyfin/application-jellyfin.yaml

@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyfin
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyfin
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyfin/manifests
+    targetRevision: HEAD
+  - repoURL: https://jellyfin.github.io/jellyfin-helm
+    chart: jellyfin
+    targetRevision: 2.3.0
+    helm:
+      valueFiles:
+      - $values/services/PVR/Jellyfin/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-config.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-config
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /K3s.Volumes/jellyfin/config

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-movies.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-movies
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Films

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-series.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-series
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-series
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Series

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-config
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-movies.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-movies
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-series.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-series
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-series
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/sealedsecret-flexvolsmb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: jellyfin
+spec:
+  encryptedData:
+    password: AgCSzsJlQR2jIMsm7R9goGzziFCEb9quF+tvfXN3dKqWo/zviB4eU5CZ243bEX71eygU+1K7NpcPMF3yD1OB/QBsEKL1Lr62IcHeAHEnsySa2twfLR2wIINXm2kR946HRlmMkroUiJMAdDYCuYnXPxWRewmotvNL1ODK7Yu4rtaZbMjYrV/PDz8I6xIWmpTlsOOI7oj25ZngxS0W8OPMNn83yDR4zgsX2CenNygOfCXdYzJJcMv2Ubue/LxUt3z+RLQznu3/2h8bElauxlJC6QCHXTbjzOX3iFVbFFzn65a8NJIaPysFu+Fi68VdFzwTSq+/ITlun20/zFlW4x177hSdYgUh7pMZpcOMqOPyeT/8Jonxx3wa9CUr1JGnlRukwrfrL6Doyh04FJiftUiLVYDsqCgrLRqaTQ1+90NRFZGhaKhYkSrKfWjNbupiPCTsRsRmVbrPaVCDK5q820l8Jyjhz6dBu0Fi0qXEL7ZbXF1+bdPwnIOgtPPUOJVtc0gYuLluHS6ODd7H8bKc0me5Vr5U0ME0iqhvbyJ6tpkJFpE9tMo4wIpYG3cKiIi1SgHZ7rOKRVfS72xbRhxnKmi1O64J2+jN94wEGIHX8LFppvtxi2WrsyHffQuawkGO4S4sSYVZjoCRMcs0P+jvPMorF7Q0/uecH6noaJIj4it8YoirO6LVUOQKwDg1OEOByeCI7rDFX740UZiX9aOH6osy0Z8e
+    username: AgDRZH7OydcXH1rw6/GAVv4qApl1klI1iTRVozT7OjNCAhTYTFUF5gPLmtfT/CCSY0ieywjhEC5bJkLZdilcayVfUyfVoPHOC9aLuajk48owwdVwWbe4sEWUT6ZncQrt6s4WuOp6PgWIegW9ycQHZE4pylbgUPh1H0vurDXGnLKQBn5n0zMiMGxAmnXYTTXn77pAuvTN/kim6JcqVylCUbWtetvR98ex33FsHsKS7SBhAS4IZ3vK0xh2iOPH5QfJLwPbIgaa1oYzhBrqAht1sdIY9rVW2WBFqqGDwwbSxnSuddWSXXUoeWY37Lo+qDL+Zqb4+Lk7MDuuTXK/St42BZtQToyihP4PPZjKbIpRFeBPHLDTs63CyPPy5u4ip+kR/aivwgOCbKv+SAqVXAFXk9T8h9drMSCr8oUMoIp5M27Pzs3Cqm68U2KaFPmt3nzbygYjr9H7tNjlpi5FWiCsgpRqNQ93/uJ7pTQZNGk5zjzf+RdJag3NbQejxzq8uDAc/dl01NLxdBfe+pK0x0qoi5o4V5/mPwM+X6u4aOyeFqbE9Uo/cSRxkBeRyO6aHMXRXsSyiYIobbReH0+L3OqiEPF2ddgYIN+dcM665qEWQ3iEy94+JhtL715k00z6UYE70aM4wuFksbkMl4NjPFW38uQM4UMLEOg87I4h+C8p2k94UK7tQ4x9ZSL2dgIFf/wkf5/Ob6HTIFM=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: jellyfin
+    type: mount/smb

services/PVR/Jellyfin/values.yaml

@@ -0,0 +1,47 @@
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: security-headers@file
+  hosts:
+    - host: player.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+securityContext:
+  capabilities:
+    add:
+      - "SYS_ADMIN"
+    drop:
+      - "ALL"
+  privileged: true
+
+volumes:
+  - name: flexvolsmb-jellyfin-movies
+    persistentVolumeClaim:
+      claimName: flexvolsmb-jellyfin-movies
+  - name: flexvolsmb-jellyfin-series
+    persistentVolumeClaim:
+      claimName: flexvolsmb-jellyfin-series
+  - name: igpu
+    hostPath:
+      path: /dev/dri
+
+volumeMounts:
+  - name: flexvolsmb-jellyfin-movies
+    mountPath: "/movies"
+  - name: flexvolsmb-jellyfin-series
+    mountPath: "/series"
+  - name: igpu
+    mountPath: /dev/dri
+
+# jellyfin: {}
+
+persistence:
+  config:
+    enabled: true
+    size: 5Gi
+    existingClaim: flexvolsmb-jellyfin-config
+  media:
+    enabled: false

services/PVR/Jellyseerr/application-jellyseerr.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyseerr
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyseerr
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyseerr/manifests
+    targetRevision: HEAD
+  - repoURL: ghcr.io/fallenbagel/jellyseerr
+    chart: jellyseerr-chart
+    targetRevision: 2.4.0
+    helm:
+      valueFiles:
+        - $values/services/PVR/Jellyseerr/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values

services/PVR/Jellyseerr/manifests/persistentvolume-flexvolsmb-jellyseerr-config.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyseerr-config
+  namespace: jellyseerr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyseerr-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none,nobrl
+      server: 192.168.154.195
+      share: /K3s.Volumes/jellyseerr/config

services/PVR/Jellyseerr/manifests/persistentvolumeclaim-flexvolsmb-jellyseerr-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyseerr-config
+  namespace: jellyseerr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyseerr-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyseerr/manifests/sealedsecret-flexvolsmb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: jellyseerr
+spec:
+  encryptedData:
+    password: AgAt3cqRtt1kYuX+F1XMrNpbSulwd+qyBQWsoPPgXQhRz3rWzemEqJwMXEYj0D9ow79p7W17ytePDnkgEZsVgXHdyiwYbMP9kfzDwoEanFyGeCwbcy90mp13xlX3dH/LpCNQcJcS5aVfaprMS6aHbVwmTCaeP2J0Kmr1eD/0o+poSAtsZn7ru2rfXIZz3bT5KqxWdR/op09ra8PvJpo3JC2h8RVV30UnXQ4+6J2wiZaIQ7vhqGjwKYKjOh6CAUzljFIflZ8a0kQSMPeuAmVQhG4cVqTe4BQ7JucB0eRdBumrYCxtbYW0wg/2YbTlAnPRm9jULpOo5UfKef0mlAW46uIHHABtQywu7RyZ0DUQ1R+4Qx/sp+qsYkeCgfwoYnh6jT/0O967D3CFFPtTrRnDr/R1vdB1h2BPRdmdo9kb90+25KFBlaX4aoA4lbQ1m6RrodU48OcAIVjqtREOXHruxQyS20LAamze3hEI16wT9pnuh+50T4ntCRF+WuuY6Oi+OLpNePWJTIICkFvc9fUCcx6eKz/KzvzqKGVSisQlPzoDJkdwOxTW4uvm2HgMCw8wBgzxkOPk6ru0jxphdSpQE2OSJr7w+15RIIf4O+ne0fBSg7KFxYsc8KvDjvFYnK/tGm00Sz3pHFdMmQPCAYAnUq5s8oimA5OF1EDhvWVgv4KNWr+pgzZPDaMjRxEQR+ZZhwsBDrEBBUQJlfe1msSs43Cn
+    username: AgCk+TrEHAVBFGuu3u7c+zNVagqYjcWj7mljnpSAhIibaFm8+/G44xbfiU5ks7hteWvJ6KInr8g+VAaot8ygICjI7jZoJW/rN8kwNZZVH6ddlQwczAxBukBVFQiZrjy3lN4OtfamKLCJsvBuw39OflVLjHqtfJuTTO5WLCeI9MiTkAP0ZQ/w8T2LrLRzqtmx7/Zxgw34zXYXsAfU+vsUA7QTiCCV6rvEO+P+TsK/opf7HRDqM2jIRRwPK5z9NwYV2MNEb+IO7fmDwwSbGHs135V8yST95VjkdU00m0AHq+Ry7VLjrUBwdqaj72Dn6of28vLtTNL84ck/I59j60Y0QEBQy+9oonP4Y18Bcsix2IbpYw7yklP8cD3dqbc+XufjpV3nwyF/QiJ3XpMtggSsnEvYgTsushLxxDHAS8n7MRufpxRsgZ2QdQIKNZXh+wnI8V3CXuQ9pIGK50QreO1o2BQ8CSfgsHLoyEbCxtPVvSY9/jaSxApOX9tRwyJyHUKadH5jc/EJeokQX7fWAPXwORAlWhU84hPyZtujI9iPLaxVT+2PdKMaE1qHjXZlpn5VySzmA6QOvOVjVHtbtYmI0XpMl/LdwMoLeJAOW2QgOqCLF8+4p/RiSRgUTZqdMzUkVYj3CeeDLfveq92m0nPtc12xc73y8nFf5S0Xhfvn/bu/0Jf9k0zp8jySdK7CCUWSk5/QjC2X/9g=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: jellyseerr
+    type: mount/smb

services/PVR/Jellyseerr/values.yaml

@@ -0,0 +1,15 @@
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  hosts:
+    - host: requests.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+config:
+  persistence:
+    name: flexvolsmb-jellyseerr-config
+    storageClass: flexvolsmb-jellyseerr-config
+    accessModes: ["ReadWriteMany"]
+    size: 1Gi

services/PVR/Plex/chart-values.yml

@@ -1,34 +0,0 @@
-image:
-  pullPolicy: Always
-
-ingress:
-  enabled: true
-  ingressClassName: traefik
-
-  url: media.pvr.spamasaurus.com
-
-pms:
-  configStorage: 20Gi
-
-  resources:
-    limits:
-      gpu.intel.com/i915: "1"
-    requests:
-      gpu.intel.com/i915: "1"
-
-extraVolumeMounts:
-  - name: flexvolsmb-pvr-movies
-    mountPath: /movies
-  - name: flexvolsmb-pvr-series
-    mountPath: /series
-
-extraVolumes:
-  - name: flexvolsmb-pvr-movies
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-movies
-  - name: flexvolsmb-pvr-series
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-series
-
-# extraEnv:
-#   PLEX_CLAIM: "claim-EzKU3rNVbWtc3qY_y7wq"

services/PVR/Prowlarr/ingressroute-prowlarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: prowlarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Prowlarr/persistentvolume-flexvolsmb-prowlarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/prowlarr/config

services/PVR/Radarr/ingressroute-radarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: radarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Radarr/persistentvolume-flexvolsmb-radarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/radarr/config

services/PVR/SABnzbd/ingressroute-sabnzbd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: sabnzbd
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/SABnzbd/persistentvolume-flexvolsmb-sabnzbd-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/sabnzbd/config

services/PVR/Sonarr/ingressroute-sonarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: sonarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Sonarr/persistentvolume-flexvolsmb-sonarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/sonarr/config

services/PVR/ingressRoute-PVR.yml.template

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: pvr-apikeys
@@ -7,35 +7,35 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+  - match: Host(`movies.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: radarr
       port: 7878
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+    #   - name: compression@file
-  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+  - match: Host(`index.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: prowlarr
       port: 9696
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+    #   - name: compression@file
-  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+  - match: Host(`download.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: sabnzbd
       port: 8080
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+    #   - name: compression@file
-  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+  - match: Host(`series.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: sonarr
       port: 8989
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+    #   - name: compression@file

services/PVR/persistentVolumeClaim-PVR.yml

@@ -1,65 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-pvr-movies
-  namespace: pvr
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-movies
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
-      server: 192.168.154.225
-      share: /Public/Video's/Films
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-pvr-movies
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-movies
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-pvr-series
-  namespace: pvr
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-series
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
-      server: 192.168.154.225
-      share: /Public/Video's/Series
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-pvr-series
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-series
-  resources:
-    requests:
-      storage: 1Gi

services/PVR/persistentvolume-flexvolsmb-pvr-movies.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-movies
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-movies
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Films

services/PVR/persistentvolume-flexvolsmb-pvr-series.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-series
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-series
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Series

services/PVR/persistentvolumeclaim-flexvolsmb-pvr-movies.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-lighttpd-data
+  name: flexvolsmb-pvr-movies
-  namespace: lighttpd
+  namespace: pvr
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
+  storageClassName: flexvolsmb-pvr-movies
   resources:
     requests:
       storage: 1Gi

services/PVR/persistentvolumeclaim-flexvolsmb-pvr-series.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pvr-series
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-series
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/persistentvolumeclaim-smb-pvr-volatile.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: smb-pvr-volatile
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: pvr
+  resources:
+    requests:
+      storage: 100Gi

services/PVR/storageclass-pvr.yaml

@@ -4,7 +4,7 @@ metadata:
   name: pvr
 provisioner: smb.csi.k8s.io
 parameters:
-  source: "//192.168.154.225/K3s.StorageClass/pvr"
+  source: "//192.168.154.195/K3s.StorageClass/pvr"
   csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
   csi.storage.k8s.io/node-stage-secret-namespace: "pvr"
 #  createSubDir: "true"  # optional: create a sub dir for new volume
@@ -17,16 +17,3 @@ mountOptions:
   - cache=none
   - uid=911
   - gid=911
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: smb-pvr-volatile
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: pvr
-  resources:
-    requests:
-      storage: 100Gi

services/Syncthing/_namespace-Syncthing.yml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: syncthing

services/Syncthing/deployment-Syncthing.yml

@@ -1,46 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: syncthing
-  name: syncthing
-  namespace: syncthing
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: syncthing
-  template:
-    metadata:
-      labels:
-        app: syncthing
-    spec:
-      hostname: syncthing
-      containers:
-      - image: bv11-cr01.bessems.eu/proxy/syncthing/syncthing
-        name: syncthing
-        args:
-        - --no-browser
-        - --no-default-folder
-        - --no-restart
-        ports:
-        - containerPort: 8384
-          name: web
-        - containerPort: 22000
-          name: tcp-file-xfer
-          protocol: TCP
-        - containerPort: 22000
-          name: quic-file-xfer
-          protocol: UDP
-        - containerPort: 21027
-          name: discovery
-          protocol: UDP
-        volumeMounts:
-        - mountPath: /var/syncthing
-          name: longhorn-syncthing-data
-      volumes:
-      - name: longhorn-syncthing-data
-        persistentVolumeClaim:
-          claimName: longhorn-syncthing-data

services/Syncthing/ingressRoute-Syncthing.yml

@@ -1,18 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: syncthing
-  namespace: syncthing
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`sync.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: syncthing
-      port: 8384
-    middlewares:
-    - name: 2fa-authentication@file
-    - name: security-headers@file
-    - name: compression@file

services/Syncthing/persistentVolumeClaim-Syncthing.yml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: longhorn-syncthing-data
-  namespace: syncthing
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
-  resources:
-    requests:
-      storage: 5Gi

services/Syncthing/service-Syncthing.yml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: syncthing
-  namespace: syncthing
-spec:
-  ports:
-    - protocol: TCP
-      name: web
-      port: 8384
-    - protocol: TCP
-      name: tcp-file-xfer
-      port: 22000
-    - protocol: UDP
-      name: quic-file-xfer
-      port: 22000
-    - protocol: UDP
-      name: discovery
-      port: 21027
-  selector:
-    app: syncthing

services/TraefikCertsDumper/deploy-TraefikCertsDumper.yml

@@ -1,105 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik-certs-dumper
-  labels:
-    app: traefik-certs-dumper
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik-certs-dumper
-  template:
-    metadata:
-      labels:
-        app: traefik-certs-dumper
-    spec:
-      containers:
-      - name: traefik-certs-dumper
-        image: bv11-cr01.bessems.eu/proxy/ldez/traefik-certs-dumper:latest-amd64
-        imagePullPolicy: Always
-        command: ['traefik-certs-dumper', 'file']
-        args: 
-        - --watch
-        - --version=v2
-        - --source=/data/source/acme.json
-        - --dest=/data/export/
-        - --domain-subdir
-        volumeMounts:
-        - mountPath: /data/source/acme.json
-          name: flexvolsmb-traefikcertsdumper-acmejson
-          subPath: acme.json
-          readOnly: true
-        - mountPath: /data/export
-          name: flexvolsmb-traefikcertsdumper-export
-      volumes:
-      - name: flexvolsmb-traefikcertsdumper-acmejson
-        persistentVolumeClaim:
-          claimName: flexvolsmb-traefikcertsdumper-acmejson
-      - name: flexvolsmb-traefikcertsdumper-export
-        persistentVolumeClaim:
-          claimName: flexvolsmb-traefikcertsdumper-export
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-traefikcertsdumper-acmejson
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-traefikcertsdumper-acmejson
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: smb-secret
-    options:
-      opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.11.225
-      share: /K3s.Volumes/traefik/data
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-traefikcertsdumper-acmejson
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-traefikcertsdumper-acmejson
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-traefikcertsdumper-export
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-traefikcertsdumper-export
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: smb-secret
-    options:
-      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.11.225
-      share: /K3s.Volumes/traefikcertsdumper/export
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-traefikcertsdumper-export
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-traefikcertsdumper-export
-  resources:
-    requests:
-      storage: 1Gi

services/Vaultwarden/application-vaultwarden.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vaultwarden
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: vaultwarden
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Vaultwarden
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Vaultwarden/deployment-vaultwarden.yaml

@@ -18,8 +18,7 @@ spec:
       serviceAccountName: vaultwarden
       containers:
       - name: vaultwarden
-        # image: bv11-cr01.bessems.eu/proxy/vaultwarden/server
+        image: vaultwarden/server:1.33.2
-        image: vaultwarden/server
         env:
         - name: ENABLE_DB_WAL
           value: "false"

services/Vaultwarden/ingressroute-vaultwarden.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: vaultwarden
@@ -14,7 +14,7 @@ spec:
       port: 8080
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
   - match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
     kind: Rule
     services:
@@ -22,4 +22,4 @@ spec:
       port: 3012
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Vaultwarden/persistentvolume-flexvolsmb-vaultwarden-data.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/vaultwarden/data

storage/Longhorn/application-longhorn.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: longhorn
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: longhorn-system
+  project: default
+  sources:
+  - repoURL: https://charts.longhorn.io
+    chart: longhorn
+    targetRevision: 1.8.0
+    helm:
+      valueFiles:
+      - $values/storage/Longhorn/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

storage/Longhorn/chart-values.yml

@@ -1,5 +0,0 @@
-defaultSettings:
-  defaultDataPath: /mnt/blockstorage/
-ingress:
-  enabled: true
-  host: storage.spamasaurus.com

storage/Longhorn/ingressRoute-Longhorn.yml

@@ -1,19 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: longhorn-dashboard
-  namespace: default
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`storage.spamasaurus.com`)
-      kind: Rule
-      services:
-        - name: longhorn-frontend
-          port: 80
-          namespace: longhorn-system
-      middlewares:
-        - name: 2fa-authentication@file
-        - name: security-headers@file
-        - name: compression@file

storage/Longhorn/values.yaml

@@ -0,0 +1,8 @@
+defaultSettings:
+  defaultDataPath: /mnt/blockstorage/
+ingress:
+  enabled: true
+  host: storage.spamasaurus.com
+  annotations:
+#    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file,security-headers@file,compression@file
+    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file,security-headers@file

storage/csi-driver-smb/sealedSecret-CSIdriverSMB.yml

@@ -1,25 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "smb-credentials",
-    "namespace": "default",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "smb-credentials",
-        "namespace": "default",
-        "creationTimestamp": null
-      },
-      "type": "Opaque",
-      "data": null
-    },
-    "encryptedData": {
-      "domain": "AgCFtOnYpGlu49+rxtdMcweWKvIOo+cRq2wbI+SkQft1cARN5msXCyepELkF79onzT6UtQg3ASNvzR81TZRPqLKibq/qeV3+TyeuTYQOsj8xahe0+pJmg3NZGa4CBhYSj5Es6UFBZ6m8EcOR08HTG3zkXRao5tdfUoKWzB5Ie9savYYUrCHBVCWW29oBoKMKujPxId51qB1yP1Rwa5rZE2+9mfscs+cp5WAyLFd5UjVIjSP13///U/VzFAYcMW/Sm+xmenxnYuzKD2xmAF7YLIsQaaKHv2gNcJuHluSna3YZrSebZoomXdpjWhB78a1pZvQSJkTrDX++E71Urqf9fsKUu6ekV/rfffRyzUFdnxwlJVB94c9ZRml82fJRdFtIYwvkSI/EFU18CjjJKfpuwG5HmL/1AKVSl5/NdaB+xGSlhi6QblIl/p97RZa3wt9l9LzhlCqT9EoDCNB45fOBSX5lpLPBDxOvlWrW4m3sKvwIdno8bKMPhO/m9yCooZZ8QX1zfakgfkCThsOQ1UCFWBiNqzFnTqPhz3Mg8GLTD4jREi10KONTGl+aFFSJ8Y51Ufen8YLA9DcgLypdn4UBelwBsu6qmg/CZbxb5QIPjE2NN5Ioz3R4Nyl2pX9EbyQGfw8umBn57sdFzbl58tbhp4YQn4vl0cFCwYxkJMqx4bd5Rz9Jvf1dCgKU5AXg60+LhZJMU8TLzAN6Qa5L",
-      "password": "AgA9rRVJ7uUGmwnla+Y7He2aFaAthEiLI72GyzLflzQCJWHtPukAon/1NseeJb0BqVqnc5APPgFeDZ7k0JQRlmlqWPLArKcrTcj0PdWaxrSioohZTMe5LoS7GlFpJrhfULMLKipaIMXaCXx/E8etkYOM6tcnjCxUh+KKdcpPfzH7U6i02tCA+IXcrBDO3jx78G1XAtbYYIgD7wsfXD5EeR5DcoPBOsaeYNiLvQQS5aiWaS0rqDUsv6EeL6dhUeBoAljisL8EMP6yb0XIvNXcYmYidSbbwrt2T6D0YtJ4ivsFuxvT7bkbnI3G7orAdw4EGYvhPBNII4T1QYBjCKP+F6fowDYoufUHR5lnD1wiaw6axrE8X//ekaVipVJbaTQhvtFtnMbKnjYtjL9F3K994HCIDlO6nzhCzm+UpQRk2lDqEL3xLmU6L6oUxpOI9VPunubNDY+CBK4dbzThDJ7ruW1fYv9jdn5h9LzkIoDTIebFy5hl5CSAT6YAjedeYi19cuUBRB9m8PhWMna6NUMeQSZila87SzagBAspCke5iufFFQxg6FyV7Kfm9+O9annY/PyvJXMQ87sto4d5qXyb5yIUpElrp2P1DzMuIHyhlKcjEQGG6TRbRHEmR9dquwsg8I7e0DZD8JcgPwRCqZDPJaS4f3loxyfqds5sp2Hgf2MusIZQn+8AgFLimR/EZ+zV3otGb3UdfDU8Zv5EoeFxBUxb",
-      "username": "AgCr48TUqDuqHyKLzZTrKqUawED+Ltb/NuA6nOSjb08TuVR7tOPzgga3IH+Y6fN16lzobcmylwh70kosXs0KKWFmpG7TsoNzWtB5hq1KJsvJNWAJNs6mO1n+40wyLE0aS/bo4dDFpFtUVe/n8DdDyH42FwsnnfNJbtEqzItOXaVO/TiDjFDy09SPblVSgFaK+i0A+jdIbqdBQH2bkPDM3WTn0iBLdXpaxAHqWyLDnLmg8dyU8kJfjUS17OylJZP2bm375exikKw+69h7hLbcuKhsFQnmY2Vffe+0D+ozpCO/8PBqv1dkA0FG8EuhqGCbX6dUxbOdhVzkHyK0a+N8bX45ORSlc+V49bzU7BrvzkmPz3j4Yg11ZZP9vXnRrUJgzD8Jp274dArb+3EF+JH5lNBl1RFbB6s0vrbHXOI5oNXxl+dv9ri+2JKE95DXbsN9uXeLnCh+UqBCmSWW4MfO8rHgM/HQL8k8IHwEBphsDjwthWzQz34b4yUSzh5hEJMMa74S2VFTJeITY8DsvNo+rvOjSxyc3XxkLNH6FmFmGgAfVcWHelm4JCY47Ua1IgztsQbeqXRQQVmxC/A9iqYamZuvkZBSYdN6EcRbFf/FXlmqWw4BQV1d4xHgakoY3O/zWAg/39nNH2bIm190EsLap4qAEShFGf5kvXqymXXpqWPIjIDTy11eGlF9N9OhuYbsP+U6XPwemhg="
-    }
-  }
-}

storage/csi-driver-smb/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: smb-credentials
+  namespace: default
+spec:
+  encryptedData:
+    password: AgCkOReg8deCpkzUQj+J6XjMKcHUXwzg5AM2Y68CrC1gNgWSWhVKONX5UruNemJ773ZmgRDdDbIwQUBanLUByMbo4y3/kVnwgJCOADD+ERo30ysbdei+SNIIgg55J8R8nU/H31GFWYdq8Ck3FPNvBXo9uMHyUzqopZm8iOV2YVNA0kx9J1uArpzzc1bx3ZA2sV1Rcg9FtLvPErd7WEn5xdosC2Jtxl8NpMFEU32CiKJVM0h4GjmT5uyEOEYeVBURqRB73QfwS7rIRGGCfV8Px6ByF+ADZQ++0Vdla+kWLfsbTW6qcnDv6rqTc8MtXCfYDC3eWKnNvVgI7aNyyWNntQ1qlgW4o3kBNJm33HEU8lxWtgbt8L+g6l/x/ECRsb2EDJWa15VkEJr2WyghkM9WrgL+C0sVwxjOSPcbiZyk2VLfKL02NN4sJ8GQxVW1AvE6MM+YrPD/9o6YaQkOjI6IbZThpDnGGM3n+VQvUB3mSBR1cC9DNjssbzZOJiMm11OfW3Pfw2blyCzO8swM0RN+pO1+8/63uFh6y3hzYuW/6XkHY1bp2EqBRvpaCsjiJfLg+zhPGKz0Lv7L6GzCaXolxWGrdkTiPVpTKvQl1rW5HhWEYz5W+djRZTSX0Kimu3sawI0riPvJyD+6ANHGvHnW8ioONuv3/TXuCs5As2f9V8PikR8jeEGr5YJQOwnXTXaVd/5Yg7ulVXltLnFZ2fa3jYkW
+    username: AgAUu6XbTsHoS33fRV9N31CxHildp0XrnrDkT3UuJQKIx8c/GmUy6LZK1/yWD4hwco0DY6BmDMUUXdJQQDE5aYLBADRq5EobwlyuBgHP2pAhncV750e+u0VhWsCg0AREjLJA4P9xN61Qpbw7w1Yfi6OBjFhzKw4e0YyG3D7EoA2Q9+0dQrkPf3ooLJBx6SE/NuVs7uTuKWi2hC+kuKp3WhgrTU9IG+r1UFOO2jPR9ZFtsHaIArDzgbYZ03dFAXuTFjFLLx519/vCMXKKOglUsTzzaZUb798u3zG1xic+nZIvt6OmjyB86QZ+mjRAElVRINZRUJEMPbWkP2frbN1caQnPvX28LGcRiP0wFM+tgJG/3tAu9T1kaYnLFx+g8wex/kYqI0xktFJb2aisEb32Dhr4S883gpvvEouxuY/Y1g0ZuKxuS7tL8SE3i8x6GBFGaqLx+Wp60G2LsHDDn1PRqZ/GRlPci6QnAwScMPRuHbZOkyQem5w7n5t+LkoYq/gQ/hI+kiyEJOT7XqgR0iCsGGqsLQrVuP1M4XaZQEMlXl8q/iw4N7B28XMDAvWKF02jPM1XsCXMi5ins20KjzHwriMZA0CR7LWyBQsp88phQ/JNqTkEYa+AMdL2zVrhKYao7GvbYs15i3dcuZR08Lof2QIkeLe96DVKb3z6cqqRkbCxlErmD2M8BKhS3TXcNRhSgMReFUqTUAU=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: default
+    type: Opaque

storage/csi-driver-smb/storageClass-SMB.yml.example

@@ -1,17 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: <name>
-provisioner: smb.csi.k8s.io
-parameters:
-  source: "//192.168.11.225/K3s.StorageClass/<name>"
-  csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
-  csi.storage.k8s.io/node-stage-secret-namespace: "default"
-  createSubDir: "true"  # optional: create a sub dir for new volume
-reclaimPolicy: Retain  # only retain is supported
-volumeBindingMode: Immediate
-mountOptions:
-  - dir_mode=0700
-  - file_mode=0700
-  - uid=1001
-  - gid=1001

storage/csi-driver-smb/storageclass-smb-csi.yaml

@@ -0,0 +1,23 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: smb-csi
+mountOptions:
+- dir_mode=0777
+- file_mode=0777
+- uid=1001
+- gid=1001
+- nobrl
+- noperm
+- mfsymlinks
+- cache=strict
+- noserverino
+parameters:
+  csi.storage.k8s.io/node-stage-secret-name: smb-credentials
+  csi.storage.k8s.io/node-stage-secret-namespace: default
+  csi.storage.k8s.io/provisioner-secret-name: smb-credentials
+  csi.storage.k8s.io/provisioner-secret-namespace: default
+  source: //192.168.154.195/K3s.StorageClass/smb-csi
+provisioner: smb.csi.k8s.io
+reclaimPolicy: Retain
+volumeBindingMode: Immediate

system/ArgoCD/application-argo-cd.yaml

@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-cd
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argo-cd
+  project: default
+  sources:
+  - repoURL: https://argoproj.github.io/argo-helm
+    chart: argo-cd
+    targetRevision: 8.1.2
+    helm:
+      valueFiles:
+      - $values/system/ArgoCD/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: lab-k8s
+    ref: values
+  # - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+  #   targetRevision: master
+  #   ref: values
+  syncPolicy:
+    automated: {}

system/ArgoCD/chart-values.yml

@@ -1,8 +0,0 @@
-configs:
-  params:
-    server.insecure: true
-global:
-  domain: gitops.spamasaurus.com
-server:
-  ingress:
-    enabled: true

system/ArgoCD/values.yaml

@@ -0,0 +1,10 @@
+configs:
+  params:
+    server.insecure: true
+global:
+  domain: gitops.lab.spamasaurus.com
+server:
+  ingress:
+    enabled: true
+    annotations:
+      traefik.ingress.kubernetes.io/router.middlewares: security-headers@file

system/kube-vip/application-kube-vip.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-vip
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: kube-system
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: system/kube-vip
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

system/kube-vip/daemonset-kube-vip-ds.yaml

@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/name: kube-vip-ds
+    app.kubernetes.io/version: v0.9.1
+  name: kube-vip-ds
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-vip-ds
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: kube-vip-ds
+        app.kubernetes.io/version: v0.9.1
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+      containers:
+      - args:
+        - manager
+        env:
+        - name: vip_arp
+          value: "true"
+        - name: port
+          value: "6443"
+        - name: vip_nodename
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: vip_interface
+          value: eth0
+        - name: vip_cidr
+          value: "32"
+        - name: dns_mode
+          value: first
+        - name: cp_enable
+          value: "true"
+        - name: cp_namespace
+          value: kube-system
+        - name: svc_enable
+          value: "true"
+        - name: svc_leasename
+          value: plndr-svcs-lock
+        - name: vip_leaderelection
+          value: "true"
+        - name: vip_leasename
+          value: plndr-cp-lock
+        - name: vip_leaseduration
+          value: "5"
+        - name: vip_renewdeadline
+          value: "3"
+        - name: vip_retryperiod
+          value: "1"
+        - name: address
+          value: 192.168.154.240
+        - name: prometheus_server
+          value: :2112
+        image: ghcr.io/kube-vip/kube-vip:v0.9.1
+        imagePullPolicy: IfNotPresent
+        name: kube-vip
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+      hostNetwork: true
+      serviceAccountName: kube-vip
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+  updateStrategy: {}