chore(deps): update docker.gitea.com/gitea docker tag to v1.24.5

.gitea/workflows/renovate.yaml

@@ -0,0 +1,27 @@
+name: renovate
+
+on:
+  workflow_dispatch: # allows the workflow to be run manually when desired
+    branches:
+      - main
+  schedule: # runs this workflow at the scheduled time (uses UTC, adjust for your timezone)
+    - cron: "0 12 * * *"
+  push: # runs this workflow when pushes to the main branch are made
+    branches:
+      - master
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container: ghcr.io/renovatebot/renovate:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run Renovate CLI
+        run: |
+          renovate
+        env:
+          LOG_LEVEL: "debug"
+          RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/.renovate/config.js
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          #GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }} # optional

.gitignore

@@ -1 +1,2 @@
 *.sensitive.yml
+*.sensitive.yaml

.renovate/config.js

@@ -0,0 +1,13 @@
+module.exports = {
+	platform: 'gitea',
+	endpoint: 'https://code.spamasaurus.com/api/v1/', // set this to the url of your gitea instance
+	gitAuthor: 'Renovate Bot <gitea.danny@spamasaurus.com>', // set the email address to whatever email your gave this user in your gitea
+	username: 'srv.renovate',
+	autodiscover: true,
+	onboardingConfig: {
+		$schema: 'https://docs.renovatebot.com/renovate-schema.json',
+		extends: ['config:recommended'],
+	},
+	optimizeForDisabled: true,
+	persistRepoData: true,
+};

README.md

@@ -1,63 +1,46 @@
-# Kubernetes.K3s.installLog
-*3 VM's provisioned with Ubuntu Server 22.04*
-<details><summary>additional lvm configuration</summary>
+# GitOps repository
 
+### 1) Harvester Hyperconverged Infrastructure
+[...]  
+
+Configure Harvester HCI nodes through cloud-init (requires node reboot):
 ```shell
-pvdisplay
-pvcreate /dev/sdb
-vgdisplay
-vgcreate longhorn-vg /dev/sdb
-lvdisplay
-lvcreate -l 100%FREE -n longhorn-lv longhorn-vg
-ls /dev/mapper
-mkfs.ext4 /dev/mapper/longhorn--vg-longhorn--lv
-#! add "UUID=<uuid> /mnt/blockstorage ext4 defaults 0 0" to /etc/fstab
-mkdir /mnt/blockstorage
-mount -a
+kubectl apply -f system/Harvester/cloudinit-disable-nic-offloading.yaml
 ```
 
-</details>
+### 2) Persistent storage
 
-## K3s cluster
-On first node (replace `<floating ip>` with the correct value):
+#### 2.1) CSI plugin for SMB (CIFS):
 ```shell
-curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,servicelb --tls-san <floating ip>
-cat /var/lib/rancher/k3s/server/token
-kubectl config view --raw
-```
-Install kube-vip (replace `<interface name>` and `<floating ip>` with the correct values):
-```shell
-ctr image pull ghcr.io/kube-vip/kube-vip:latest
-cat << EOF > /var/lib/rancher/k3s/server/manifests/kube-vip.yml
-$(curl https://kube-vip.io/manifests/rbac.yaml)
----
-$(ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface <interface name> --address <floating ip> --inCluster --taint --controlplane --services --arp --leaderElection)
-EOF
-```
-On subsequent nodes (replace `<floating ip>` and `<value from master>` with the correct values):
-```shell
-curl -sfL https://get.k3s.io | K3S_URL=https://<floating ip>:6443 K3S_TOKEN=<value from master> sh -s - server --disable local-storage,servicelb
+kubectl apply -f storage/csi-driver-smb/application-csi-driver-smb.yaml
 ```
 
-### 0) Configure automatic updates
-Install Rancher's [System Upgrade Controller](https://rancher.com/docs/k3s/latest/en/upgrades/automated/):
-```shell
-kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
-```
-Apply a [server (master node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Server.yml) ~~and [agent (worker node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Agent.yml)~~ plan:
-```shell
-kubectl apply -f system/UpgradeController/plan-Server.yml # -f system/UpgradeController/plan-Agent.yml
-```
+#### 2.2) Harvester CSI plugin
+See [Harvester CSI Driver](https://docs.harvesterhci.io/v1.5/rancher/csi-driver)
 
-### 1) Secret management
-*Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases)
-
-##### 1.1) Install Helm Chart
-See [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets#helm-chart):
+### 3) GitOps
+##### 3.1) Install Helm Chart
+See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started):
 ```shell
-helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+helm repo add argo https://argoproj.github.io/argo-helm
 helm repo update
-helm install sealed-secrets-controller -n kube-system sealed-secrets/sealed-secrets
+helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml
+```
+Retrieve initial password:
+```shell
+kubectl get secret -n argocd argocd-initial-admin-secret -oyaml | yq e '.data.password | @base64d'
+```
+Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
+
+##### 3.1) Adopt through GitOps
+```shell
+kubectl apply -f system/ArgoCD/application-argo-cd.yaml
+```
+
+### 4) Secret management
+*Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases)
+```shell
+kubectl apply -f system/SealedSecrets/application-sealed-secrets-controller.yaml
 ```
 
 Retrieve public/private keys (*store these on a **secure** location!*):
@@ -65,182 +48,72 @@ Retrieve public/private keys (*store these on a **secure** location!*):
 kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > BitnamiSealedSecrets.masterkey.yml
 ```
 
-### 2) Persistent storage
-
-#### 2.1) `storageClass` for SMB (CIFS):
-See https://github.com/kubernetes-csi/csi-driver-smb:
-```shell
-curl -skSL https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/deploy/install-driver.sh | bash -s master --
-```
-Store credentials in `secret`:
-```shell
-kubectl apply -f storage/csi-driver-smb/sealedSecret-CSIdriverSMB.yml
-```
-
-#### 2.2) `flexVolume` for SMB (CIFS):
-```shell
-curl -Ls https://github.com/juliohm1978/kubernetes-cifs-volumedriver/blob/master/install.yaml -o storage/flexVolSMB/daemonSet-flexVolSMB.yml
-```
-Override drivername to something more sensible (see [storage/flexVolSMB/daemonSet-flexVolSMB.yml](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/storage/flexVolSMB/daemonSet-flexVolSMB.yml))
-```yaml
-spec:
-  template:
-    spec:
-      containers:
-        - image: juliohm/kubernetes-cifs-volumedriver-installer:2.0
-          ...
-          env:
-            - name: VENDOR
-              value: mount
-            - name: DRIVER
-              value: smb
-          ...
-```
-Perform installation:
-```shell
-kubectl apply -f storage/flexVolSMB/daemonSet-flexVolSMB.yml
-```
-Wait for installation to complete (check logs of all installer-pods), then pause `daemonSet`:
-```shell
-kubectl patch daemonset juliohm-cifs-volumedriver-installer -p '{"spec": {"template": {"spec": {"nodeSelector": {"intentionally-paused": ""}}}}}'
-```
-Store credentials in `secret`:
-```shell
-kubectl apply -f storage/flexVolSMB/sealedSecret-flexVolSMB.yml
-```
-
-#### 2.3) `storageClass` for distributed block storage:
-See [Longhorn Helm Chart](https://longhorn.io/):
-```shell
-helm repo add longhorn https://charts.longhorn.io && helm repo update
-helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace --values=storage/Longhorn/chart-values.yml
-```
-
-Log on to the web interface and delete the default disks on each node (mounted at `/var/lib/longhorn`) and replace them with new disks mounted at `/mnt/blockstorage`.
-
-Add additional `storageClass` with backup schedule:
-***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
-```yaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: longhorn-dailybackup
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "3"
-  staleReplicaTimeout: "2880"
-  fromBackup: ""
-  recurringJobs: '[{"name":"backup", "task":"backup", "cron":"0 0 * * *", "retain":14}]'
-```
-Then make this the new default `storageClass`:
-```shell
-kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
-#kubectl delete storageclass longhorn
-```
-
-### 3) Ingress Controller
-Reconfigure default Traefik configuration:
-See [Traefik 2.x Helm Chart](https://github.com/traefik/traefik-helm-chart) and [HelmChartConfig](https://docs.k3s.io/helm)
-```shell
-kubectl apply -f ingress/Traefik2.x/helmchartconfig-traefik.yaml
-```
-
-### 4) GitOps
-##### 4.1) Install Helm Chart
-See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started):
-```shell
-helm repo add argo https://argoproj.github.io/argo-helm
-helm repo update
-helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml
-```
-
-Retrieve initial password:
-```shell
-kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d; echo
-```
-Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
-
-Create ArgoCD applicationset
-```shell
-kubectl apply -f system/ArgoCD/applicationset-homelab.yml
-```
 ### 5) Services
-##### 5.1) [Argus]()    <small>(release management)</small>
+##### 5.1) [Gitea](https://gitea.io/)    <small>(git repository)</small>
+*Required for all other workloads*  
 ```shell
-kubectl apply -f services/Argus
+kubectl apply -f services/Gitea/application-gitea.yaml
 ```
-##### 5.2) [Authelia]()    <small>(single sign-on))</small>
+
+##### 5.2) [Argus]()    <small>(release management)</small>
 ```shell
-kubectl apply -f services/Authelia
+kubectl apply -f services/Argus/application-argus.yaml
 ```
-##### 5.3) [Vaultwarden](https://github.com/dani-garcia/vaultwarden)    <small>(password manager)</small>
-*Requires [mount.cifs](https://linux.die.net/man/8/mount.cifs)' option `nobrl`*
+##### 5.3) [Authelia]()    <small>(single sign-on))</small>
 ```shell
-kubectl apply -f services/Vaultwarden
+kubectl apply -f services/Authelia/application-authelia.yaml
 ```
-##### 5.4) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
+##### 5.4) [Vaultwarden](https://github.com/dani-garcia/vaultwarden)    <small>(password manager)</small>
 ```shell
-kubectl apply -f services/DDclient
+kubectl apply -f services/Vaultwarden/application-vaultwarden.yaml
 ```
-##### 5.5) [Gitea](https://gitea.io/)    <small>(git repository)</small>
+##### 5.5) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
 ```shell
-kubectl apply -f services/Gitea
+kubectl apply -f services/DDclient/application-ddclient.yaml
 ```
 ##### 5.6) [Gotify](https://gotify.net/)    <small>(notifications)</small>
 ```shell
-kubectl apply -f services/Gotify
+kubectl apply -f services/Gotify/application-gotify.yaml
 ```
-##### 5.7) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html)    <small>(remote desktop gateway)</small>
-*Requires specifying a `uid` & `gid` in both the `securityContext` of the db container and the `persistentVolume`*
+##### 5.7) [Webtop](#)    <small>(remote desktop)</small>
 ```shell
-kubectl apply -f services/Guacamole
+kubectl apply -f services/Webtop/application-webtop.yaml
 ```
-Wait for the included containers to start, then perform the following commands to initialize the database:
-```shell
-kubectl exec -n guacamole -i guacamole-<pod-id> --container guacamole -- /opt/guacamole/bin/initdb.sh --postgresql > initdb.sql
-kubectl exec -n guacamole -i guacamole-<pod-id> --container db -- psql -Uguacamole -f - < initdb.sql
-kubectl rollout restart deployment -n guacamole guacamole
-```
-
 ##### 5.8) [Lighttpd](https://www.lighttpd.net/)    <small>(webserver)</small>
-*Serves various semi-containerized websites; respective webcontent is stored on fileshare*
 ```shell
-kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
-kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
+kubectl apply -f services/Lighttpd/application-lighttpd.yaml
 ```
-##### 5.9) PVR `namespace`    <small>(automated media management)</small>
-*Containers use shared resources to be able to interact with downloaded files*
-```shell
-kubectl create secret generic --type=mount/smb smb-secret --from-literal=username=<<omitted>> --from-literal=password=<<omitted>> -n pvr
-kubectl apply -f services/PVR/persistentVolumeClaim-PVR.yml
-kubectl apply -f services/PVR/storageClass-PVR.yml
+##### 5.9) PVR toolsuite    <small>(automated media management)</small>
+*API-keys whitelisted in ingressroutes*:  
+```yaml
+spec:
+  routes:
+  - match: Host(`<fqdn>`) && (Headers(`X-Api-Key`, `<secret>`) || Query(`apikey`, `<secret>`))
+    [...]
 ```
-###### 5.9.1) [Plex](https://www.plex.tv/)    <small>(media library)</small>
-*Due to usage of symlinks, partially incompatible with SMB-share-backed storage*
+###### 5.9.1) [Jellyfin](#)    <small>(media library)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Plex.yml
+kubectl apply -f services/PVR/Jellyfin/application-jellyfin.yaml
 ```
-After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
+###### 5.9.2) [Jellyseerr](https://sonarr.tv/)    <small>(media requests management)</small>
 ```shell
-kubectl get endpoints Plex -n PVR
+kubectl apply -f services/PVR/Jellyseerr/application-jellyseerr.yaml
 ```
-Browse to the respective IP address (http://<nodeipaddress>:32440/web) and follow instructions.
-###### 5.9.2) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
+###### 5.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Prowlarr.yml
+kubectl apply -f services/PVR/Prowlarr/application-prowlarr.yaml
 ```
-###### 5.9.3) [Radarr](https://radarr.video/)    <small>(movie management)</small>
+###### 5.9.4) [Radarr](https://radarr.video/)    <small>(movie management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Radarr.yml
+kubectl apply -f services/PVR/Radarr/application-radarr.yaml
 ```
-###### 5.9.4) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
+###### 5.9.5) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-SABnzbd.yml
+kubectl apply -f services/PVR/SABnzbd/application-sabnzbd.yaml
 ```
-###### 5.9.5) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
+###### 5.9.6) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Sonarr.yml
+kubectl apply -f services/PVR/Sonarr/application-sonarr.yaml
 ```
 
 ### 6) Miscellaneous
@@ -261,15 +134,12 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
   or
 
       kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
-* Delete namespaces stuck in `Terminating` state:
-  *First* check whether there are any resources still present; preventing the namespace from being deleted:
+* Memory-leak liveness probe:
 
-      kubectl api-resources --verbs=list --namespaced -o name \
-        | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
 
-  Any resources returned should be deleted first (worth mentioning: if you get an error `error: unable to retrieve the complete list of server APIs`, you should check `kubectl get apiservice` for any apiservice with a status of `False`)
-  If there are no resources left in the namespace, and it is still stuck *terminating*, the following commands remove the blocking finalizer (this is a last resort, you are bypassing protections put in place to prevent zombie processes):
-
-      kubectl get namespace <namespace> -o json | jq -j '.spec.finalizers=null' > tmp.json
-      kubectl replace --raw "/api/v1/namespaces/<namespace>/finalize" -f ./tmp.json
-      rm ./tmp.json
+      livenessProbe:
+        exec:
+          command:
+            - sh
+            - -c
+            - test $(cat /proc/1/smaps | grep -i pss |  awk '{Total+=$2} END {print int(Total/1024)}') -le <limit>

ingress/Traefik2.x/helmchartconfig-traefik.yaml

@@ -5,11 +5,14 @@ metadata:
   namespace: kube-system
 spec:
   valuesContent: |-
+    core:
+      defaultRuleSyntax: v2
     additionalArguments:
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
-    certResolvers:
+    certificatesResolvers:
       default:
+        acme:
           email: letsencrypt.org.danny@spamasaurus.com
           storage: /data/acme.json
           dnsChallenge:
@@ -66,8 +69,8 @@ spec:
                     stsSeconds: 315360000
                     stsIncludeSubdomains: true
                     stsPreload: true
-                compression:
-                  compress: {}
+                # compression:
+                #   compress: {}
             tls:
               options:
                 defaults:
@@ -76,6 +79,7 @@ spec:
                   curvePreferences:
                     - secp521r1
                     - secp384r1
+                    - secp256r1
                   cipherSuites:
                     - TLS_AES_128_GCM_SHA256
                     - TLS_AES_256_GCM_SHA384
@@ -123,8 +127,11 @@ spec:
       storageClass: longhorn
     ports:
       web:
-        redirectTo:
-          port: websecure
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
       websecure:
         forwardedHeaders:
           insecure: true

renovate.json

@@ -0,0 +1,12 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["config:recommended"],
+    "dependencyDashboard": true,
+    "dependencyDashboardTitle": "Renovate Dashboard",
+    "assignees": ["djpbessems"],
+    "configMigration": true,
+    "prHourlyLimit": 0,
+    "argocd": {
+        "managerFilePatterns": ["/\\.yaml$/"]
+    }
+}

services/Argus/application-argus.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argus
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: argus
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Argus
+    targetRevision: HEAD

services/Argus/deployment-argus.yml

@@ -18,21 +18,21 @@ spec:
       serviceAccountName: argus
       containers:
       - name: argus
-        image: releaseargus/argus:0.18.0
+        image: releaseargus/argus:0.21.0
         args:
         - -config.file=/app/config/config.yml
         ports:
           - name: web
             containerPort: 8080
         volumeMounts:
-        - name: flexvolsmb-argus-config
+        - name: csismb-argus-config
           mountPath: /app/config
-        - name: flexvolsmb-argus-data
+        - name: csismb-argus-data
           mountPath: /app/data
       volumes:
-      - name: flexvolsmb-argus-config
+      - name: csismb-argus-config
         persistentVolumeClaim:
-          claimName: flexvolsmb-argus-config
-      - name: flexvolsmb-argus-data
+          claimName: csismb-argus-config
+      - name: csismb-argus-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-argus-data
+          claimName: csismb-argus-data

services/Argus/ingressroute-argus.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: argus
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Argus/persistentvolume-argus-config.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/config

services/Argus/persistentvolume-argus-data.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/data

services/Argus/persistentvolume-csismb-argus-config.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/Argus/persistentvolume-csismb-argus-data.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/Argus/persistentvolumeclaim-csismb-argus-config.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-data
+  name: csismb-argus-config
   namespace: argus
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
+  storageClassName: csismb-argus-config
   resources:
     requests:
       storage: 1Gi

services/Argus/persistentvolumeclaim-csismb-argus-data.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-config
+  name: csismb-argus-data
   namespace: argus
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
+  storageClassName: csismb-argus-data
   resources:
     requests:
       storage: 1Gi

services/Argus/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: argus
-spec:
-  encryptedData:
-    password: AgAs9RV1K8QyPLGXXc0+RBOqY3VKNMa4No51KIOv9keZJavJFSzQPcuaWXqpl0fVI9zYXLyIHdyRbXL0GrvYlWboR1VPskFNcp7MnCkzRpawgo4QfE9Q+WDI4yZg4eK/8XGejAjCQU/KsFU8dVWHuHG1/W8kV2dOvKIhX6FTirKMDedVDmdgojAPMGM8+smPfC8+yBs5O4+IZtGKOe8mEH2c/3dYu6GK5q9N6czBYMuj1E0b+8fHjlWjh6fe5DDCUGUXqY2BZCxMSKOZReUbWEdPNU6MtdTHNglVhRMo//6mlA2VVkAlB9uaCdGmCMs/VJ3pS8NEeTd86zukyoY+j3JHvRrHuxGVEoKqnFE9pEgO/UB4SyuVVWbNQ4+QXdyDTHgmArvd+MfRvtdj9Kkc18CWKXyRTj41lKG+C/vBM0ATt+hk4QvacEt65kZ+fY6TZHYJq6JluuDrwQmDKcuv44uL6t9/aGpzfGTx4OnZqxC/qvX0V4GhkRzwLLxMhqZa1ZbqgRXLHero10f4JvD/usmJcHZP1hgohUXbSlOqNSWIQk0weaZjTabT1xBxXjVzDBywnzcmixmJsOuuZuvYrbrsKaHNC6gcvZArj/no9Rv5V4mVihRfGuxJs++GCAfq3FdseuMCCvLe306henvSftvSjNNodc+JFJaTf3m4PknSYH9uEkV2CXGm2obRUpUNBUiJd9Icr/ug4jOzNmZNOlOC
-    username: AgCHpKikNpk3UAHuBA62jZSTdiVatTI8Qnmiu6LGhZYraks2h9gOtgjg6mukxXcy6IO6LKVr68DaxOfvYE4LdFQdrq0SI2syzofc4n+FCXn6f2HlBVhqOFGrVE9qUE36lKHJEFccvkirzhgpy2M8OX6KtwywTBvsVujzla5OXR19vgNao9jTzsOL98wQfU1TYyaBw9y45kyCB7x8PQNw78GmeWJ5KLVNXN/yHowE8Qmlvh86QV58NuTKC1rVbSqh3VnjnZuz/BSUUDV4GitZLqWKSZ5hZyPWC9DZXzUI85d8+BfHJ7hrPhBd7ehUpbpFQfIQQA1VNAZvOEXU5EClmd6iQ3fWrYo6hOxYZkiE/qcNkSLXmbWYBixq6s7RLJwHlxVNQt9J11XM5DY9OlA7XhPa9zo8FRrYDwkjQGahgA/AzwvIKpOBbVfCMSl+crm3jjQthEL3DN/6ZowYq5NXG9n6rhvOxTjvmqx9FP3RT5OyPFkXGCrTJ8JqPgxyp/Vy6si9bjiqzwJtXY6ZeyCFLW9mOdQmn2vgFxviDM8pxaBmOJFdbJNuiHV5Tc6iM9YBi3n3hTV/tbiMmKeVQSKydm5ZGsgD4/CJT4oDFynjhWObvYPLphb/hccM6m6c7Hf/i9FI1LOCk1cBRbyXRV9Cds92OljAx3YnaumyZ5eRgdROdAbcqqhjR48k/UCsY5tUv+LktyuzVqA=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: argus
-    type: mount/smb

services/Argus/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: argus
+spec:
+  encryptedData:
+    password: AgB8gU7Lj+Pn5B/oC8HtyKnKUzSvB7NRvxJOC2UmKjt3hj3pcRmfKrEh2khkcfSksb6x3f4ttIxYV2uFsXJfL4Wvi6zhsgvfgUHT12oD1/fuxD0LvHCm9otlGp8yyiQu5mPrFBdsGJswreBY53sD0UUdgu2riAlX0ESm+xKhzDJ6eSM8/Iz9Dq4GIhivLZ3OcZJw9hbgbelICIgvuxJZ3bWLfakPdeNDQUoayZuG3Z4GW0KPiqOMyaWz1/rljMHFaZHnFaszgKobwzPihsWWAnXEWmn54fwVBqfe/jNIo8CBvjlZGnMzinaS5lKTHObEVIG+F0XRI5VNFPa89NbsGKN71HJMFYU729lzdl58yy6B/5K789JRtxWUi/8I/7H8kLZWzUhUOqAcmLpVHKWnkH0Ub4MLtDyAaTJam5HqTtsvPDMW3+njiC+8vxC3n0X7q7pzAQQzM5JPZ7G/On6irFKe4LryfrphHiCB/gyJlLpBMXUqKJ4MvzUQU8G8e8W3OLMbtPl0O6oFuFxD8bUA4gdkoPO04bxlLvRmxlmavkbA0vFi60L6eyIOq5yzxvuEd7tzyD7SEO49hb8zW/LS/+H/PE/fCVT6crn+UbNOhgyaHR8pxlNpy6Z4PAti3mG8ZOtKVD0mx6fm8BCPHfWVFyC5YO6kNI285o4uuqsQI+SSZ+zkxwlFwvLcp1RdfJZFLUNyrQm3mlvMUY9xjZANlCHZ
+    username: AgB67La0V5HRLzZ1RqR0Y0nufYKq3z0SK/go4AQ0aaZwQEE/mIy0c6xhdkwup7ava4PzTyOavEEQoluhojOcrVTz9qKUHoMQHcnhS3NagBc/QCeA+2rL15qw9ZUn5+sSU4OhM3UNCTy2jF1kMoXr2cdCi9pALRdAXPLhrccPoaItmWkA4bMRIe3on78BQUOlhF+zJjcMciPlDo+9ywY8ArShMHj5YlRgWQ6uOJmIH5FFp2BcXKP5d0gALoVQ4/Ek4zIkk4YubtO1C0sqfbvkTW+oxeymUSLd2PddGyF18iohfrgje6PQAvvtkDBX2hUuVcp8h2oFj2JkeZld4neOYpDFbdKwe1aGep24GxbYIt24j+iFfs8txqXhQQsHJWJmwHNB2798gPvjIxPC+G90V4/drsjr7KiAgdWKUaqU5JMDVo2HTSplyWpS1LZIGQmloafWiAXvTWQVIEg2044TXQIq2X7k3npbHU/KcWmlMqR1546QawsZAnohWaOIskqEBkG7nXx/eeYk7LVppP2TqdRtt+VfuvptXgfFhkOB2wUSOwqWH7OkQu/k3jtPR0FVJni+Hc1/+fKfuStwvEX+/1bdjZuS8DUGelOb1d/pXrHw+KypfzXcOoDaO31hJMQOEalXZc2GNJleAvLAxv34s8fFWKWvnEXqwYIaNwRPvX64GtencJwyFo/rdO/HH7gVIhA2DCDQwB0=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: argus
+    type: Opaque

services/Authelia/application-authelia.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authelia
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: authelia
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Authelia
+    targetRevision: HEAD

services/Authelia/deployment-authelia.yaml

@@ -29,7 +29,7 @@ spec:
           - name: web
             containerPort: 9091
         volumeMounts:
-        - name: flexvolsmb-authelia-conf
+        - name: csismb-authelia-conf
           mountPath: /config
       - name: redis
         image: redis:7-alpine
@@ -43,12 +43,12 @@ spec:
           - name: redis
             containerPort: 6379
         volumeMounts:
-        - name: flexvolsmb-authelia-redis
+        - name: csismb-authelia-redis
           mountPath: /data
       volumes:
-      - name: flexvolsmb-authelia-conf
+      - name: csismb-authelia-conf
         persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-conf
-      - name: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-conf
+      - name: csismb-authelia-redis
         persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-redis

services/Authelia/ingressroute-authelia.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: authelia
@@ -14,4 +14,4 @@ spec:
       port: 9091
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Authelia/persistentvolume-csismb-authelia-conf.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-conf
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-conf
+  mountOptions:
+    - dir_mode=0600
+    - file_mode=0600
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#conf
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/conf
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia

services/Authelia/persistentvolume-csismb-authelia-redis.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-redis
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-redis
+  mountOptions:
+    - dir_mode=0700
+    - file_mode=0700
+    - uid=999
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#redis
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/redis
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia

services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-conf
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/conf

services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-redis
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/redis

services/Authelia/persistentvolumeclaim-csismb-authelia-conf.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-conf
+  name: csismb-authelia-conf
   namespace: authelia
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
+  storageClassName: csismb-authelia-conf
   resources:
     requests:
       storage: 1Gi

services/Authelia/persistentvolumeclaim-csismb-authelia-redis.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-redis
+  name: csismb-authelia-redis
   namespace: authelia
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
+  storageClassName: csismb-authelia-redis
   resources:
     requests:
       storage: 1Gi

services/Authelia/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: authelia
-spec:
-  encryptedData:
-    password: AgC/GDJHhqeyFSWsJ8Ie3tt9ppAe3Ns6tt29rieMKcJrQ71sn47MFEow9SOJJVNSjzUWukDg8tRrkq3CdB63jz7NO6CWKNy++nlSU0adDtuwioNUov3a9bnhzgdjjM/ZzpO/pz7j/utGFO1bkPWn4bU/tGoRYM1TsjP1t9m2qL/Me9LigLtafG8LTd/JKNHdyvii1CNcWkZoxKTocy+YdB3hA+0KZClxaQ2O5KPZMl6AoxJGWcuOVpvqQ831Epkl4f+uJp+YtMZbu+poB+hxhuhFZZH9Sx1sn20mZd8M2Kc863oJjzpZPAR5I9faMmDyEqBvJmdS9C9dZrpIdeDZFm25QYIGgu3ZNk+LItuWSoW8kZGsEefsINV6rqAOQmysfvq5aPkYe90RHvaf6Nf0F4wYq1fEiEoSnLPH+J0ToUSIPxMftBcXimTm/HtkUJCg2+rDb+EHp9ahjGaJBp45vd8hOKSF50GA2X8e4UlvbR6QBib6G//F7Pf6OBgsVxSvKQmlSsrBJRo3hxm7G7iLWd5lCmk0jbgRFWJvEnQMk/FqYoc/fcodpGtzEM0I6jL4Kpi1DnRnIgHQTWtU3LVF9aym2H1ExhZfhu0I2F56VQsQcg3vUVOBOwF+XjlrBaAEAEMcbBuigUbvqiSfpUHMQJSsIjtnkAEUs0/19iNCNNSvmjENr5Ml+88iqYQmg9hY11s4LbrsXa5t8q2TgTBrfPVw
-    username: AgCORI9b0L6FSdB+yDY6VEq77p9CFcwnpZ7nb0M1bz7tVNluYQSB69Y6dLTDCCVx2KdOXyU/QOdb0z8mzEywtC9R4Kzm4+SkTRHgrKOTmxXF3qW5VZDe0UlbSbJUUb3YdC9k2HPPoUvg45woGv1LGXFHgYTxbG+U1lxU8LDoMKfBQ3+GaeUUjI2bx33kyHKztyQizd+b2eSkoSHwRCHiBWZMNYa3zEvY6+07ytKJtaOhGhVsdt04blw4jUMym2sHOBCf95pAzI9gJH2RcuQBQI+ZXci0VeMPvmY3B6T+MruH+1Goy+/HoZOjI2Keu1Jk/Ppg/1FyB9VGX6A2YMyismk8LKWKG0/RNBfWn8RcDVlpgAcjDeX2PdYY17E/gZz2NLnIctBJ/dc93QjrAp/ZfLXBakCA3d0LKLFjUbpKwgaST5wnKif+UjqasDyjVkEG7jK5lGk3fmRCDyPgyxzqkUOSeCHQjDUa07AqKm56qfz/Wr9gm94VC1GiQ39F5/LAnAa2+qAQyJ+RVCBkXmt33sDSvelmXKmh9rIBCvsIxwUSkprpf76HcReRjaRv/9CyuPaskjYAkwOX6/NQPDQVHgKYtvoUhm4OnJ4amrsK2tPco1HC9xPGFIhrqoWeyfiUc1ui8IjxO5geV4hAWSUi5J/H3XBXsFpQt6ZqbemTnQyorTGd0asNP/6OTBtMcIgaPMmZi7F1Olo=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: authelia
-    type: mount/smb

services/Authelia/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: authelia
+spec:
+  encryptedData:
+    password: AgBFKV//U1Pd9HlRAIk1Mv4iQBs5A3Z2ixe5RqglCAmpeG5AgS1h4pIuZSN6tEPAj7lKkkFt0LkSQIlSIBiU+Rqw2ziRwQuntIOy2IRmGMRyHA6f7AdFM21HHI0eS7ND0yamlYV0RPidyn7TzYhAmAoECsFzU64COBYZcZygVquOklw5zTH6MlXzTC6L7l4FtbQa1mvuIgGT5p0jXarSAAODOPm7O1c+g1aRvqWDSz1LI5wq4c5kSXdNlgH6+ZNLiYNKUx5HfqujCsd5wHW/hou0JpliiLFsADW0YXssLgb1zkCG++FdO+Pt/kDVStj4yFcSg7h2Ym0U3kmKx0H0mH7Qz91N5hV61Cc3Yh1ngyVS1bmW4xvlEy+yefYwvqWjWcoQHtBWqXJvNOcBkigo6+fd16YhHwRVp4REipjd7E5EXqVdKFkwFznLK4lm9LmCFT++WT5v4zJNia/AkXsAZwld7T6oR0uZ5aaXjnGh6ah5QRstAs3fDaJBObPPUOdBgxQ5mutp3AZkrWJnX534YRLtWkTrVftCo8hxbsVqA+h5deGKuBPPCGtkBbdk3ytrMmZ3sSw4ZZO76Y9aEK8eG/N+i7NOi1DM5KwMknURR2c5WMlbAABkUswLlB/ChnUcWhsJ2ooS64kcGGAAoqr81fxy7EKK9KzBEqzQq7dXZg0U8786xD4yQQyy2FercGY5g2HAsqripRbvCCNkMihTjA7d
+    username: AgACSLitw/XzwlDjsVTrwSEUigBO9NGtYTxK6oSpkuervaZW3K5t1O9CUNm3BfOUTaz/yZDnu+LtgXbVMIKp/SM6ivmCzxPO/4Ph+UD5m3mogGl0fV1agfN80VOsxbpZHwXmTGwws9jY4jFjFHRroNgfYtpwp0f7NYiuYCg0c0+9xrm3WURKcMoUwfm01Ut7aSld24xLgePYtiS0YzbhYg0bDo6sSGUWOgyxJxRiMaqCu5JNyQl5byJGUuOgJB1J/ccsZwu47WdercWiEcSQgd1SZpBJzvzIaTpyaafAd/L/uX7cXJW3RBAyzwO4mq5hdiYXzRG12FKJB+HSaYOEJatM5WFZTNLtLR+S+6vrOIA8KnPeOF7HQUupVolYGH/Aq/Kc0o33iHi58GyFIJUnY70HwJpTgF1e35Hbhip83vjQEXcB1Ly7sSbGT7UbMUYjyVSHRXoNg5QY4YXIkWm3qTiWr+ws1JYX3jpkRswYsk5mIvTneF2grGgdcNJG4XBKJVVn8BLTsW0wC/BAA1thIn0cLgCN3tgT9bgu/r518TMxa8hOdLsNuCJqVr6CLEWuoFqB9QswS/4gYwUZgLlbD2FW1mynLq7USi+hDt8sPjrZKQYmGhLDdlTNEF6YBOX4xDmXYvc26cE33QYyAU3+8lpRTIHX1l0OfjQ6tHprvgZbMi4hkDtdZgW4PgvE8wLdr2NpBO8CEv4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: authelia
+    type: Opaque

services/Authelia/service-authelia.yaml

@@ -4,6 +4,7 @@ metadata:
   name: authelia
   namespace: authelia
 spec:
+  #externalTrafficPolicy: Local
   ports:
     - protocol: TCP
       name: web

services/DDclient/application-ddclient.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ddclient
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: ddclient
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/DDclient
+    targetRevision: HEAD

services/DDclient/deployment-DDclient.yml

@@ -20,8 +20,8 @@ spec:
         image: linuxserver/ddclient
         volumeMounts:
         - mountPath: /config
-          name: flexvolsmb-ddclient-config
+          name: csismb-ddclient-config
       volumes:
-      - name: flexvolsmb-ddclient-config
+      - name: csismb-ddclient-config
         persistentVolumeClaim:
-          claimName: flexvolsmb-ddclient-config
+          claimName: csismb-ddclient-config

services/DDclient/persistentVolume-DDclient.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-ddclient-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/ddclient/config

services/DDclient/persistentvolume-csismb-ddclient-config.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ddclient-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ddclient-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ddclient#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ddclient/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/DDclient/persistentvolumeclaim-csismb-ddclient-config.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-ddclient-config
+  name: csismb-ddclient-config
   namespace: ddclient
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
+  storageClassName: csismb-ddclient-config
   resources:
     requests:
       storage: 1Gi

services/DDclient/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ddclient
-spec:
-  encryptedData:
-    password: AgC8YpHe7iZjSbAit7fxn2+JSSoZWZEyktda/agtNTubuwm2n2ZUAQ2QLBPkotkBNJMwAJMJ+LM27EbRGplDkEFfYvIRu3vJk+tj4eSPSlsJ/5csosSafU93cDe1y1Ifj2DCm2ad1CkSy3dc7L+xggIxY301LgIZMMZK5nZi4j4cyP3/Z5H7NSQ4NvkNT/UDiQ0HtLyFfwOArWgRtfS3+BEfKKzlNuRIbK2GgNb0O95VkLVXhNv5mqd6SDsaOfVZ4/ZMGWjp4PNdS4NIuPQ6wvuOnY+6+FVNr0wpWWdbvDk1SvKMc/GRVwxtW6xNFuL294jrUgJgo5QAcC/kQ9+6AVN49obx75XsoztB4zglvFhMxgD3UDoDmBKzMD/35VLtxYwvL/KC3lgwgFZv8gCIh35yWSLOsEN0R8WSeUlKKqiKaYT57cbg1tZAaug3ButQkacJfxu3ebCXU7xkNEdYAsYLI9Hay33gVMHmiGzF8KVgfl2yO7Qfm+vswZVmLPQxOxHdvKciO3v/+bgLoBc7OHbIME2IRjWNu8zM3fUW+2k34duC0KVUxdDgCXOFyLV8WvaBUld6IXViBx5CU9OpAlJvka0pz/9ehlzRCx6qZ55vhPjeEUA1Y6zPCMYQY8ZikB6Xti7md4a+qWYgAmvekMSB7fSrd1JyWzKgSp0LB0ihflIQDTVS2sE6RwerFf0Qs8vJOzaOs0i4mS1V19Yz10Gj
-    username: AgBwnjfl03RuFpBuCMP5E5a+UfVow+tJ7kLVgoZlFC2qrOHZ4R0C4nwLZyKmSjKXVCJ202jqmkWo5Y1uSJIKohIS04U+PS9f1zaLXJthJUnEFlszyF+/UHamuePpT7rn3+woDPYqrHhEmKYAScWNUeX/LRvFekbRWROY0ZFiXq9Oi5Yr5wDOJC0iRGKOs6zMn0xvkdOEtiBLH0Usn6yT3VWov5e+XJO7uWbhozMvx3Cypqrf/zBOYBAZw9nxpA8ccNko0mTlTgWTQfvQScP6zVQQWeXGR/w6kSraLU0EqGI7v1f99s9k77AOcUFYEBLwjYHUEQsUqjWgD5fXa+6zVuNtWxAgYmJIdIztWx/3jKtWGy35nlovVIiF+RZFF+CbGZzlBEYhcW/ngZnK4B5MCvwAUz1YCrIiF+nQPGrHLPQ6H4xYiwMGaQa0CkJfWAgi2agljTFQUJW1JF19MNYFUxChz0IrUb/SKZ7mr1LGuTP/9b5PqdaqGSVIaiwDVfWDJoClM6kMg06E5hOcYvTnrbxBkl5966q81Qhj6OqKaXXtd4GG5FDTVLiw+TwPjqC1YREFE8/DDJIe0r2GbZOVQit3VCH4gZfx2FSSseoR8WZNvHw9r8mRZ1C/0Ruxr7Ed/3uhPlwNYqBYNuLKDlSu3m0trvq/Eo163X1aBSN64VMoiXUn53zgOClcs9/PgfjTXwZXe/2w1rs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ddclient
-    type: mount/smb

services/DDclient/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ddclient
+spec:
+  encryptedData:
+    password: AgB2+te1+XyMsfrWSl7iEmz0O9dV0h/CrzroddfZ8cvFpP0ObGx2Lkn3nvBu2U0/aMpXtl7CV6dARmHtAV4HjoeNTtNFVtnipa6aoQYtzxLSOP/oMJQdPnXNUKxd2LyK+vKpSQy8AXR/zh3dcMJxoxfS7H/Uc/f66ogRP4gSK0JohArjnYZexlIxF3jHEZf2iHp+gGXA5ju8lO1vLl4CknnnH7Z6f1/PDrN95tePv4lXnZe2D7Yb+4Aw7Fo2QtdpsmToEoIdS96X2cBHG5iSsDdeZ7JSL1LzcWWGtt0fbhQQAamPMcNvKv0R1MZgg3A3du6Yk64Fj6s5ngo8XbTk1rgRa2Tv3ODuNvrJrtTN3QGQjI5hgqrivQB5hR7hOt4IXyc2EX0stMlZSvoelrTJsK+Xuh9fyvr6K4nA/QzgiYCAAJQT6XdxN8p1VzSENwjo0EwNQ8OyDY/nUMy7assx0vGYiJj1KbzW0dG/RERBLoC2RlxQcTFSvvwjZG/itV8ffoKdrbsz9p6nJVhh15WvrfV5csBcDAr8r0h2XjoJLUpJF+p9u56UKcS9qAgtSHYbCah9jOFbjFlcPWCrvnUqMV7nU3iwSMYM6q8OW48LnEmHHSwKSMp2auo6o36lt6hge73DGMGxTrHQHn/RLXVdGFsGBviMD54clusBmeOhFU1mQfXWDpgIb3+cwESyMrkpeSqwWqW8ztGj3ovmdbo1NlJa
+    username: AgCIqggFRQB1jLa1I/W8Q5fZNMQyLKSLmx3UjMwr6MNsWgmIcs9xGs14tA3GkhiMpa5QScYWIGLKjX4Z00m+oZjc0WXHDUHmgFA/Bda9Bim5HpTlMYvPGFNMn222zArVD2s/Yhc3Sgcllx/1aGvhHNhlvHVxPXXuLzxwomAL9XyARQ2k9haqC9OUxssSbj5c2l0FDLmEw9+GGuomYJ0FtQkCdv7vp3AXwNUHrfJhXDJAGPuVH554q9y66E27d4DJlnuWEKBP9v3fj/rNAMBANyZStJ4XXQykSpJzzWFM0vYSpiYf9aQJIv4SuNVS58hEVMv8roPBpbcMFL0WCZ8RwMyaNrOWPHROC83BXoLBt9N2k+a2E3B+K9btm1QsqIXaNwPrQBG+adB1OWBIuYU4KStETb5LyZDhdah3KrUL5BLYFmsdYll5KOMPGZJiduK6A443ekQD1mEB2XW/PMjsd1CEqzohu9dip4FjXoW3IOlzVgArMOXBboU6SX7TY9jQ1Xr/GwwXP8esHp8+ct13f6Xqq0nnscDvsiMaw6SiX3N1dJ7ouNTQ64AjND81X5QaRU3+BuniKUAJtwdHFXdrtjpIbZtHDipVXVRJDwLs05O0hTsuLa1vTb7FTAdc+4ezNZHbfbq59W3gvcomue4zCT7NkvBW9agN4Z/+JV1glRjKo2D8uPK1gXbi3JAJeU18WsaZ5CVc5y8=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ddclient
+    type: Opaque

services/Gitea/application-gitea.yaml

@@ -8,16 +8,27 @@ spec:
     server: https://kubernetes.default.svc
     namespace: gitea
   project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
   sources:
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+#    path: services/Gitea/manifests
+#    targetRevision: HEAD
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gitea/manifests
+    targetRevision: master
   - repoURL: https://dl.gitea.com/charts/
     chart: gitea
-    targetRevision: 10.6.0
+    # targetRevision: 11.0.0
+    targetRevision: 12.1.1
     helm:
       valueFiles:
       - $values/services/Gitea/values.yaml
-  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
-    targetRevision: master
-    ref: values
-#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
 #    targetRevision: master
 #    ref: values
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values

services/Gitea/manifests/persistentvolume-csismb-gitea-cache.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-cache
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-cache
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#cache
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/cache
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea

services/Gitea/manifests/persistentvolume-csismb-gitea-data.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-data
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea

services/Gitea/manifests/persistentvolumeclaim-csismb-gitea-cache.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-radarr-config
-  namespace: pvr
+  name: csismb-gitea-cache
+  namespace: gitea
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-radarr-config
+  storageClassName: csismb-gitea-cache
   resources:
     requests:
       storage: 1Gi

services/Gitea/manifests/persistentvolumeclaim-csismb-gitea-data.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-gitea-data
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-gitea-data
+  resources:
+    requests:
+      storage: 5Gi

services/Gitea/manifests/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gitea
+spec:
+  encryptedData:
+    password: AgA2STKBdZL5heP7usLfB0fcgR8VzAljmt0VbBkRtF6Kw0rOMJ9o64CDDXgjm8ZGdjIbAkBGklf/EUs7YD+RtCM+vSyPP+UB8ZQe9EtgsnPvL2wIHe0zgMYzrxd6n1LYiKzgBnq1lbXUaMcBZM3V2C7REZqeIEEXAs3g408k64JBtGdqGhlxfNq/Mj4M1HNvGSK1extVnqw170oK76e1COcTiTj6fNPRgTq+s41zHwATdgBbqR89mnVxbuguQui/ymqsBLE5+pZX3pR6eABwdzyhJ+RRjINKY8QM+ku0im5oHhqlfZyOJlXh/dcXeGcx8QKm5KbDdto9pOfQz/D3P7oIAJF0mhD04DXRDdGoZQnYrnz24zy+xq8bldXZ6tnpoSdJd9VqWozNJJZFFQJb2IlGU/izp42H72vFNcVeMp22esc8NzUHsUtTyFr38Y4SnPdJ3Tblwd7/3O9SvI1DaFDBTKm7nNekGCycBm9pJvC06eq5SU5DggW6ChZmhSfgDRqIHGoP9Sp57QRIrd6/IJwUwSjQaueyVpEod0ClgTo8uhSkJmMvExQnnBYT96y/NkqTnK5z2nVZfRPw4+ZcM3oOB2xyi2eMU1YLivy5DAML0E7NZ0V37/LvxIH4ppV8iRq+BcVOjggyLDNpV9veYTza5p8zLdufNrrcDRIrNx3orWiIs8r0swjnjzncmpQfYvosW/YTb19wxgE9zUPZZ60d
+    username: AgCVJ8IrRrZ4R98Yjs/K9Zj5SWE9kpQWYB2DBGTMulhEKA+KuFjGJL/P1/3Nkq8HXzfGehTXhIovwPeNbZh39SPrPFAk68IMpJff9PYbQEh2OVPlihDE875Fr7YLZzpRU4uUG8ZlbSIGSFji6MaD2oGSKd0JVm4+ojuHan3DUlbpAAg/++hLofhAucpQZITdLEQ2qLuHZ4Efob94lHWImfp+NmarIUZLxSq/NBHbBFvPRm/vRPKRVmJslA6YQzVpChtMNQqGpHuDV6soQsfNHqLaifpwKxuGHljuMXkBmeZ0Sim8A5Vlf+rYwQLAnPW1K6tUiH8Umz3049vtRIHIy8EYcPm6pSXNFRjQhP2Gy8FKafV7jPBk/IOKnSvEO0N7jj4guomYPkiAvLAE/m9dPg5d06nZ4PQKkma2dPcifXMdaXPS4txYF/neWkEyujtOHAPWixxvGKB6SoGQEep81nbiK1MmQxk14NgsICHqB0H8+KowajZ8t3ao5ZtGQG3PWDSCvYaaZjZ48ATq0/8GsnAZABqlw5JKRZHfBjLEfFyFGZup3EG4W5Z5xDQD/YGUeuSwg+/7vLIQ94A4lwhDnfkWk2XUTJ94y3xVUEEyXMlxV75b+5uCMUNP+Cdbb5QTWXyg/ca3DTViv1rfvjhXeu9TPmu9GESvNLfSech0Rg+HNlIhYjtDUIpbJqdeja0aNXNuiJrJ9Dc=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gitea
+    type: Opaque

services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml

@@ -0,0 +1,29 @@
+# Source: gitea-actions/templates/config-act-runner.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-actions-act-runner-config
+  namespace: gitea
+  labels:
+    helm.sh/chart: gitea-actions-0.1.0
+    app: gitea-actions
+    app.kubernetes.io/name: gitea-actions
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+    app.kubernetes.io/managed-by: Helm
+data:
+  config.yaml: |
+    log:
+      level: debug
+    cache:
+      enabled: true
+    container:
+      options: >
+        --add-host=docker:host-gateway
+        -v /dev/kvm:/dev/kvm
+      privileged: true
+      valid_volumes:
+        - /dev/kvm
+    runner:
+      capacity: 2

services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-act
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-act
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#act
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/act
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea

services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-gitea-act
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-gitea-act
+  resources:
+    requests:
+      storage: 5Gi

services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml

@@ -0,0 +1,96 @@
+# Source: gitea-actions/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: gitea-actions-act-runner
+    app.kubernetes.io/name: gitea-actions-act-runner
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+  annotations:
+  name: gitea-actions-act-runner
+  namespace: gitea
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gitea-actions-act-runner
+      app.kubernetes.io/instance: gitea-actions
+  template:
+    metadata:
+      annotations:
+        checksum/config: ad47af25f4f7946653b7371987b3a1aeda98d837c5c0c36a47c133c0fe0503c0
+      labels:
+        app: gitea-actions-act-runner
+        app.kubernetes.io/name: gitea-actions-act-runner
+        app.kubernetes.io/instance: gitea-actions
+        app.kubernetes.io/version: "1.24.2-rootless"
+        version: "1.24.2-rootless"
+    spec:
+      initContainers:
+        - name: init-gitea
+          image: "busybox:1.37.0"
+          command:
+            - sh
+            - -c
+            - |
+              while ! nc -z code.spamasaurus.com 443; do
+                sleep 5
+              done
+      containers:
+        - name: act-runner
+          image: "gitea/act_runner:0.2.12"
+          imagePullPolicy: IfNotPresent
+          command: ["sh", "-c", "while ! nc -z 127.0.0.1 2375 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+          workingDir: /data
+          env:
+            - name: DOCKER_HOST
+              value: tcp://127.0.0.1:2375
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "gitea-actions-registration-token"
+                  key: "token"
+            - name: GITEA_INSTANCE_URL
+              value: https://code.spamasaurus.com
+            - name: CONFIG_FILE
+              value: /actrunner/config.yaml
+          resources:
+            {}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /actrunner/config.yaml
+              name: act-runner-config
+              subPath: config.yaml
+            - mountPath: /data
+              name: data-act-runner
+        - name: dind
+          image: "docker:28.3.2-dind"
+          imagePullPolicy: IfNotPresent
+          args:
+            - dockerd
+            - --host=tcp://127.0.0.1:2375
+            - --host=unix:///var/run/docker.sock
+          env:
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+          securityContext:
+            privileged: true
+          resources:
+            {}
+      volumes:
+        - name: dev-kvm
+          hostPath:
+            path: /dev/kvm
+            type: CharDevice
+        - name: act-runner-config
+          configMap:
+            name: gitea-actions-act-runner-config
+        - name: data-act-runner
+          persistentVolumeClaim:
+            claimName: csismb-gitea-act

services/Gitea/supportingfiles/values.yaml

@@ -0,0 +1,41 @@
+enabled: true
+
+statefulset:
+  actRunner:
+    repository: gitea/act_runner
+    tag: 0.2.12
+  dind:
+    repository: docker
+    # tag: 25.0.2-dind
+    tag: 28.3.2-dind
+
+  persistence:
+    size: 1Gi
+
+init:
+  image:
+    repository: busybox
+    tag: "1.37.0"
+
+provisioning:
+  enabled: false
+
+  publish:
+    repository: bitnami/kubectl
+    # tag: 1.29.0
+    tag: 1.33.3
+
+existingSecret: "gitea-actions-registration-token"
+existingSecretKey: "token"
+
+giteaRootURL: "https://code.spamasaurus.com"
+
+persistence:
+  create: false
+  claimName: csismb-gitea-act
+  storageClass: csismb-gitea-act
+
+image:
+  registry: "docker.gitea.com"
+  repository: gitea
+  tag: "1.24.5-rootless"

services/Gitea/values.yaml

@@ -1,10 +1,10 @@
-actions:
-  enabled: true
-  provisioning:
-    enabled: true
-    annotations:
-      argocd.argoproj.io/hook: PostSync
-      argocd.argoproj.io/hook-delete-policy: HookSucceeded
+#actions:
+#  enabled: true
+#  provisioning:
+#    enabled: true
+#    annotations:
+#      argocd.argoproj.io/hook: PostSync
+#      argocd.argoproj.io/hook-delete-policy: HookSucceeded
 gitea:
   admin:
     existingSecret: gitea-admin-secret
@@ -13,12 +13,12 @@ gitea:
     APP_NAME: "code.spamasaurus.com"
     database:
       DB_TYPE: sqlite3
-    session:
-      PROVIDER: memory
-    cache:
-      ADAPTER: memory
-    queue:
-      TYPE: level
+#    session:
+#      PROVIDER: memory
+#    cache:
+#      ADAPTER: memory
+#    queue:
+#      TYPE: level
     server:
       APP_DATA_PATH: /data/gitea
       OFFLINE_MODE: true
@@ -35,12 +35,20 @@ ingress:
         - path: /
           pathType: Prefix
 persistence:
-  storageClass: smb-csi
+  create: false
+  claimName: csismb-gitea-data
+  storageClass: csismb-gitea-data
 postgresql:
   enabled: false
 postgresql-ha:
   enabled: false
-redis-cluster:
+valkey:
+  enabled: true
+  primary:
+    persistence:
+      existingClaim: csismb-gitea-cache
+      storageClass: "-"
+valkey-cluster:
   enabled: false
 strategy:
   type: Recreate

services/Gotify/application-gotify.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: gotify
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gotify
+    targetRevision: HEAD

services/Gotify/deployment-gotify.yaml

@@ -23,8 +23,8 @@ spec:
             containerPort: 80
         volumeMounts:
         - mountPath: /app/data
-          name: flexvolsmb-gotify-data
+          name: csismb-gotify-data
       volumes:
-      - name: flexvolsmb-gotify-data
+      - name: csismb-gotify-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-gotify-data
+          claimName: csismb-gotify-data

services/Gotify/ingressroute-gotify.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: gotify
@@ -14,4 +14,4 @@ spec:
       port: 80
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Gotify/persistentvolume-csismb-gotify-data.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gotify-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gotify-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gotify#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gotify/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gotify

services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gotify-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/gotify/data

services/Gotify/persistentvolumeclaim-csismb-gotify-data.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-gotify-data
+  name: csismb-gotify-data
   namespace: gotify
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
+  storageClassName: csismb-gotify-data
   resources:
     requests:
       storage: 1Gi

services/Gotify/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: gotify
-spec:
-  encryptedData:
-    password: AgCbVh6VlH65jVBXiCQ0Ak3+XI1AyCaTykxDzi6F/4FFnXl5jRmJAGank50t5kt9GLpIqNPdx0ZKxlDgOVEiFjDf6J14jkYMrOP39oYcqDfg6ZHmLAvM1/LzjAnd0pR3C7rDc8TCOUGSjw+j1PjOoqkS0oYPsB7xTBkappF/e8JcmVO6DZwdZDyHMEAd/DgGE+BZNbPC1JPUv4D9l/lSAri7WIMhh9dhcvvvV+KJ/YuAksxLY4ruomtwDmYXNHh3X6BZMbOXwgxmzGU6wtOqxCWC2IcMEMPG5/AaH2A3oXLqMwIcVD+WOb2zHI7dCtDdRVTblh4gqylmm0iCLsFfhztj+1/EPGL4fpiqXgjPs0EjKY1bFndNiKw3d3zK58Id8aHnJWXcdrIuNm0sJlXIt8k6vSZTKcT5WiDeKBgqubCh90MZbixThRTGhZ99CuznvukbCGm0ukL+/s7y+8zN7hRwIQFnUrGFFha951t8SU8JTc56vKhJ+cf036ka3y2fz6zVMFfxp4K5S8RiQ3RS5jWdzmby5KGZvh70WGrbXrWWuEeVlCF1TU3nrzLW2g+eKCn5cRVU8oN2CvWPRIDJQsNNGf5rCc4Zhy7ikjwBWIFg13YjdXL5dXyCHRBwllyZqqlYAvpxxSKexClMip2cvLQ4gTP9saO77+gAYbBKz/x7/xW6ZWH1WqspYTi6K+5zBsgQ+rVuz04sfLp2iRObs+Zp
-    username: AgAoVIGIHXhuW3vITMT24TGVNBKhxHvVqCqNLJwShqA0xqWLfd7DE7YXOe6/RV7bcBIeQOYxNCPDmMhild4tAx9Rd4PLV1c6NQdOUYqiRbIuWS32R74g4njL+7eBkfi8aGZUXm0dLBy1jFNHEUd+XssWIbQDsbu8fbRD1ENgmocc0dAmfDTuiqvZ9hIAZFEOjmjw3PIEgJw1FXFTWOUIc287MEk5kJ+7oYzdA52qBt6nrfGapFCvy1cSmiKhhY1WYEEn6Rd0/XWlMd09YH8rDkt9gkvP3omfVMzJ4WUuFaDlfz4WnWdOSy+XGc39xOsC6zFC9FA0t3FGzyvyucmroabnUI51LGLRQ5LUgmAhTfSliZFZ+nXWa7sSs2N2CtCSJExG3mgZ7js2s53mHM8XkcCYJfsaNuGkVDCzJI/536/3mB7xe292h4DJmOu3JO4cRIivu8Uxva4j+KvByfhnHdhiZUERgJKtljc+32Yg1f6Z37GYbUBjnzmgm/+b5JMpAgEeu+KaTU9QK2WgwlY5pTLle/Q6oyrqB9EsodhosuQvi/mbq0ZwrxCkcrp+IZKJdauFyEuLhO4WEi7zdxFlAAA1bGfepkJC2kV540o7Yy6CfOM22E5XPBlGhCraGVjYvdUfyFxI9bR8HyUv7DjT/oaJmkm13KNsJNn+K72I7YjZDgiqCXsChzdVv7BkySw3glvwXMTCIrs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: gotify
-    type: mount/smb

services/Gotify/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gotify
+spec:
+  encryptedData:
+    password: AgBn2ViZ3H1mko/y2yOi0MvU1GKwx7F0+QB0QBDuCxg9MuF/EZGDZN6kRxBjuLk5vDBEpinKiBCKpWU/xPonW34m7Vr9tqCinjZOtnEupy6rvnouWg5J/Wee0Xztn5cPf++8adIvv6cOO2boEIbMyUNyaZ7B0tQZ3Z/sG+LOHGp3emew7mFa4r7m1UvjLzeCcCvFVe2qIfJdwjYZH5zJ8pZ9ARJLNR4T/TgBZz6hOeMn2PzkUs+3fX8B6dRn/cMerBLJumy5Rj3QpfIOpsWMraVZdz0qC9DvfijjphmKAeKPqM/Yz/rLIvESy+JpdWfZM214U/Dm80oJRioWytgTgYPEi+KOJy/N/dZlKch1ocMQg/QCYPAcaTJ+aY1hvqA8O9Te6BpPZrCIRtI9jmWXUhsBsZnTFGx7YVznk6lC3j2Ry3Z7IO31ZmhGfMoMwyK8m4zR9342eMdkBfBcDpxyU2YiZzkHnj9S+CxaYLSf8X9KL4yOeHvZWXXxYoM13eI+qiUY6QXf1ucCtRwtL0RyIiGMR+UB9Xi5tPmRqrH1IqRhAiCDJ5f7GCWsJ6xuqbNpB+hyhNZceCEzQ8JdT0WFb3GZxv6PAvtG7YhVDR5MQL9uXxGSzxxgGOupnYh4TXUzjD7plLmh1W0UafZ6tEASiPhAgfFbEzjdwEGMHD6UjT8J9rwGUpTMWdmmsIEsZLAnXGPCBGkDI/F7ctdTyTRivrmA
+    username: AgBPbShedVwwz+BUdMGGdXiOMEEYhGw56MlQSXQnR/PyCIn2L+lvyxXgzPoryovJiFcdc91Fs0R6z3bgTpPfx0MdQLgHp6DBwwzcfw0Y3ZLTDPlbLAYjpS+bozqDEuWJJp95xGVBgFW8zyploHUqfY8/+D4KVnoK9eNvTjpIzwWsmYV+vxzhuZAV302SjnSCwsb/S3NkQ8FneHocY76ynQegtcgiI5x0qBOUL3lbf3mtuGrh7EPQxJAL5+w07YKRKNj5bY7fuJTG7yiw55NFFYvUaihrQOpVia4OUDoPjyE/nMG/SlCIoiPlHiket/6TU/7jV9zDGwxclaj3iQdzpwIq3chw070KGvx7eO6U/VwlUAPElcpdJKVNh02aOsS1TM80EVHXIhMA7UXqOj1HS7e4RtZ7M2zKIhcIJjDBgJMQ6+EjQ4JbPD/dxogB6nFCthddastyHm4wl2faxPa3NBKSIEFljuZgayoHzeFHlt9SueLIB55pHq8Cplc4pshLkEgobpVl+9pt35EzTEA53JQhz9SCie2IuTHwRRFt8kfZOZtKhIAo2auli/YVvapyP9MO31+pivmWcHFFCbOzTBc1sCuznV9LDNYPHd169LJEbhaX4zqt8lfQyiQBEHwp8d2323rY3+byp7437fBCtEXgJOsOx5RVQ/G0SoD8pNMFE+wmXAeV9gV+G8HGeYWQyFTFA5rb6RU=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gotify
+    type: Opaque

services/Guacamole/deployment-Guacamole.yml

@@ -1,69 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: guacamole
-  namespace: guacamole
-  labels:
-    app: guacamole
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: guacamole
-  template:
-    metadata:
-      labels:
-        app: guacamole
-    spec:
-      hostname: guacamole
-      containers:
-      - name: guacamole
-        image: guacamole/guacamole:1.5.5
-        env:
-        - name: GUACD_HOSTNAME
-          value: 'guacamole.guacamole.svc.cluster.local'
-        - name: POSTGRESQL_HOSTNAME
-          value: 'guacamole.guacamole.svc.cluster.local'
-        - name: GUACAMOLE_HOME
-          value: '/etc/guacamole'
-        envFrom:
-        - secretRef:
-            name: guacamole-db-secret
-        volumeMounts:
-        - name: flexvolsmb-guacamole-home
-          mountPath: /etc/guacamole
-        ports:
-          - name: ui
-            containerPort: 8080
-      - name: guacd
-        image: guacamole/guacd:1.5.5
-        env:
-        - name: GUACD_LOG_LEVEL
-          value: 'debug'
-        ports:
-          - name: proxy
-            containerPort: 4822
-      - name: db
-        image: postgres:16-alpine
-        securityContext:
-          runAsUser: 70
-          runAsGroup: 70
-        env:
-        - name: PGDATA
-          value: /var/lib/postgresql/data/pgdata
-        envFrom:
-        - secretRef:
-            name: guacamole-db-secret
-        volumeMounts:
-        - name: flexvolsmb-guacamole-db
-          mountPath: /var/lib/postgresql/data
-        ports:
-          - name: db
-            containerPort: 5432
-      volumes:
-      - name: flexvolsmb-guacamole-db
-        persistentVolumeClaim:
-          claimName: flexvolsmb-guacamole-db
-      - name: flexvolsmb-guacamole-home
-        persistentVolumeClaim:
-          claimName: flexvolsmb-guacamole-home

services/Guacamole/ingressRoute-Guacamole.yml

@@ -1,18 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: guacamole
-  namespace: guacamole
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`remote.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: guacamole
-      port: 8080
-    middlewares:
-      - name: prepend-path-guacamole
-      - name: security-headers@file
-      - name: compression@file

services/Guacamole/middleware-Guacamole.yml

@@ -1,8 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: prepend-path-guacamole
-  namespace: guacamole
-spec:
-  addPrefix:
-    prefix: /guacamole

services/Guacamole/persistentVolume-Guacamole.yml

@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-guacamole-db
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-db
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/guacamole/db
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-guacamole-home
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-home
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/guacamole/home

services/Guacamole/persistentVolumeClaim-Guacamole.yml

@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-guacamole-db
-  namespace: guacamole
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-db
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-guacamole-home
-  namespace: guacamole
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-home
-  resources:
-    requests:
-      storage: 1Gi

services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: guacamole
-spec:
-  encryptedData:
-    password: AgA5Rj3gn3X5ITztEpXBzECP5GUHAQVY/KnDQYxJFXocY55x4i6ggTjRllXAstQhh6vkGNV0TGuuATV34/6qvt3UzTZoajicQ5cJ1nU2SiYMQWuZh7BoTDv6osua19jsS39gnJUGDvrVWNZ6sKPXK+B/2cBkqh6JKQWHYzJUy4iqJ6ZCKLOaEVSVibX+U5UAhKJ2KPH5jIxV/asO/PtjtC6saYWOPXyMCgjFwcVOs843/sagVJB46bkK8Ud8842vE8UrZtESxNY5d/TYZkWqQs/4OR14ceBtVr3AhmTy371LDzI8zkFxATfUSjBJ8nlmTy+SMjD5B8tgU3j/qKw0fmVRIcgYybd6H7WtdeQm+eKRx9fuHnYAqEGIkIm+zZ0tGYVRXsZ4dFIe3SZ7/Q1vylOSnPV1g3o4ofSQj/kMME4Rtczis6qJNsYZEbB55alKtQJZx+i86bYyqRlZvzamYzZUqfrMECkOlsqKOvQ0ZSRZxqBFR4hwxoRNs9THe02qMjpjKiqjAZrfn2GpuavKoEdUqwhcQOGdYBN7LNPcRdTxulE9d5jTwmZ+9hBdWLxP/tMcO72XlVQm9w59UXtA/FogN5d5e5B5Wu7qfodcmCToQ9O9BUCCeHl94U98IjzutSAOMbbaRp3XRbSEawpVyxIF4N7LVxm40VhlvZDScASkxyHENwIPAdP1ZWUGt0MTLOXFQ7rEwhdJrj2yszsnE9FP
-    username: AgBzKCegpgyL2EkamKd2VejVzroRz0fcVFnZ/9RuvYYSq2IyhJj4mbE0CUyGAX1mB48HsacloVMVTvFwDCoPRmsjR1qddiCWUaye9/wYsUYrYhEv+o+3IWFHIdzPN8ArF8B9DwcvAtamAx8BOf7Zx3UTbRYyrM8/2114VRVmtEcBpR7BUp+Djt4O2rJFPeDgHIkg3ljcg3hWdi3QO2NM8nvszn8rQCXBAKDJ1oQqFkUoXO+L6RBPmONVEjX5WN+noalf4C1ZSJNrLg0cCI4/2rpvt9LOkFlchI4h3c4xIj9mqkzj+d9FN0M55yfrAS6PbHXmd1GdoLqAbl8F0SV3kmm9SnCvxPQZOZTTkEs4zVrRYSgSt1s7I5t9Ng+/5kIXi6qN7YGtfvSbRGzFUO+39qRhtdpPvF3dpfFnGRFPdylrP5x067JKVywC/9gaHcVvlHHAwbFKnYh2lnDrmzwL3VqpVyxfxY7ksruUWrFGWhZKEfbw1m2d0oVO3fozgx+IxwGlnw1Lo1q2DFFY5zt47kRKC91cJBTGHZT8LUsyS8+WJpXRsrDQvp96gNgPs1+hQOJWl9g/HAyv2kbVnkRDPekOSzLwfDW4PAqwZ2NehUSP0G7jDZgLXTOFa5U+tZ0HBF0ENy5Ln2O7qlRqcX4tWXFUlffX7G/MRNof6HqYtU2ydo0iJSyvBbqe4hx2PHXOK3fYd/I8HAU=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: guacamole
-    type: mount/smb

services/Guacamole/sealedsecret-guacamole-db-secret.yaml

@@ -1,23 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: guacamole-db-secret
-  namespace: guacamole
-spec:
-  encryptedData:
-    POSTGRES_DATABASE: AgA0C44YvrKsG2WUUm5+7tqX8RRtMquYLbFa4iUZHSHZs/ZCWy+JGw+O3Ig/hGrPPOGglGVMvqfDRVeERuCz9jQND7jBP5Oe5pROwFbt0ekB1QKm3BLWKJKoIj2ltSWtNUcWARwAbNk/8uclRFv1De3vfEGRPBnsOhVjToT3Qph36nGQgeHCybvDw6Xgf8A8I2F8RGCnGtxqWIr4eZKHVEPHBPxoxHPz/xit9vNfgw+yK3n630PNqp+Bu4o1N7DDiurD+MIV/RvzAP1Jhqg7n6U5tvTAFfEF8yUfQd/LNdZAkiYcTnYG4JwK133kuNZIRIdvP6E5S+3xQocsEKNY4ZDGgw6KWQchXEOOp+i7mOjGhXcF4bryp5Z2bi4iOvQ55Cwr90GiWCsZ1g9J3vDkRH+1D2UiSMDQy0aFhnKEBoLbumoN411sa0oxefGqJbNpn8pe3VO0mI9k0mXCvsTLDf1/RA5a1YwuRo/6Q6ZMd/VxZ9FimllmC2WYl0bdaJ6A7NFv8WfrsR4phM/Hj1nTtTvkbmDq0zAVcRrnKOIYT+To2TYtnpwdGjrMuIdIgjbwo8o2Pn0zvrwe0azV8TKlsS8F8PHkhUZtkfdniEJ+6FVAlhmNgCqcpuqdYWT6qwpXX0ZlfzbWS7Nt1ZvYH6/IOHq7p5djgddr6bn35WY6iq4hdpbJrg7UYF+CANUAMCLQEGT92UI45J9JJWU=
-    POSTGRES_PASSWORD: AgBFg6OidnqhbEKtnMxChooiuK3G/X/fwhJ832aSVL4T2p07C/1UPRtIImVrZA63prgvSLq1iqJKGTtw6GwEcEP7s++HbHjDMyKScvKJMpLhckY7YHl4gEQxXNZkWobmKwliaHlXYLRVrVCqCT4q4WflAvslUGwzND/twEm1t2AP+6ybuzZbfuNTvrbcK70iuOlNm+ld4m2Ldisz4ZkQG4zVXP40ORgQvONo/eLfEhLEGxQFukB61oq221jQkoqTHZLKf9hMU75afzb9zvN9pm4tM6a6WkPMBCAOTBZgs57nzOjrddgHhXB7aW0oAFoF5miiiQxZ3SIBuaxaokvVD1+L+ZKGpTjPOT0Dznv9TOp0+FKSsX31UQId+4yLwMUHNLWGqxsrqBbaNkdrscWcDcdrzh24t2tIkPCUI3ArXhIS5F9Fxu1aRKY5Wg89g9koknFpvlX9TvYniQm3X+ngtgWYJNCXkJ/v18zuYcydr3hQiYMOpXRAw3wD7iKziEG0vPQU3StG1xjbvPkRX/h1zFyy3SR9YaXtm2c2fj5WwiW7dfRWfhuLaRnSBafC1tzOD4D4fCGKnJsAO8jepX5KMK9gUcJ/aLdjXSAZE/D+oMviMPjI58iRJAiwAS8Un2+4mGLB8JNQ/YFnSBwCkdPl8QLO8TeN1MdDuZPgSdrVC2XUKpbRWVkJXp6dh0yPjQlibhyHWZsZYXraZhg=
-    POSTGRES_USER: AgBmOoEkV1YDYXrLVMQayXMnQjgc3v0kO1YHIJyDRICaa6gboAxjaiLDXY06Y2gCsQbuaBuZA6Njck9KxO/D631D4vKeELkhU3dlz8XxhhByjqafjnbeaJ+UIc2uzghOoDHt1g2dwYijxLmtfWbxjVxTipSl4ssIa12oHiAY7fW1DGZ7OCQqtMsdw9Yz0KJeJohILSTRWz2e36BUNcqMNuUnDSOVYD/LncctaqoULUujdzlyyvGQ5CEvlaihZGEX4xcJi4rHSHa99igNdMlbpiLjkL5ni5CEE5q9vYSw3iWW76vNoEI2CresVaxkeZqVEG3OdZ2GxmEyDnf7cPu0cPWluMEeSPE/APjk+Cl6HrniuqXFhS4SGaNYSwOS8F4pe90wATv8QF1X60zS20FuDUikY8PwMJl6RDlHJm/TmHsCG1gJYSaA3OikDYQNUsTa0Q/02AY6PnsbxDLCsU4r5FcPMhKkcpS2C2/9/o7icyTN8agXqQQSWIhTdKe7DGUbrUskInuvEFEt+LhOPSlVs5kERIUxBHIR1J5R58u0BPKvV7GUUR+6I/PQ985QoAhrfg29jORz/PzmgFVyEa111iWik73Lqj1bPDpBYat+R2hbxEPJSkvXxsWPzZ/1PG2KuFvStvgi7QMI9bkalVk25AQX6FhmZrWVenhkveZzkVwwCNWfGaekoJVVN22umVN8P6IYgXa3yTIL3iA=
-    POSTGRESQL_DATABASE: AgADX6LYJTMPmR9H2ucCoKUQQ9Us6vbUrnBeUH+o57/WVDeWPbVnp4wYw3lBIaXUSWhGhL8o3zW/4VYgD3CJa9UT0t8Dz8ounq0ZgmMebF54cqOAoktUb0gY9MGZfM8M5QIMg+biZjNhC9MfBNcVca1Vkjaq1eun2uqWv0ILmg0+/3XroG9vhhHHMDrwairIKHksCx11q0sHEZjBIZMekORUBNVjgEEfi2L1Ysrqa0CKNK2qHSIRJHtZ9grsKt1RtI3XlWChz4rb0+9wtaGkyhAdXZMPSUbIrgXHTW1w6aAEaFKSckqYEj9xCaGLMtzPnt/xyj70c22spP9w2+hpQnO7gCxLWjpEQo1H6n+CbDm2AgbmCPWYngIBARarcIrUtXbNk3SfEI+RWx+q6edl47X0fqa9SlPkWQQOgO0cBtsx4A3JZ+1ZPpLtDCSa6zAdr2Vx10A21cpwrD3GcH7o6YTwEavepO1oIKhqLApApDZwfzOu0MBQTawSMw3VAaaIgTV/gG8iGtB8RZNLq8wuqK9amUGSEdO8Rrq2nCw0p0fJeNY8EhlWzW/s7agEijlUaeznMsPja8Er+IqCz+Z37l7h2VVFjeXjyqXZdAUd7RDDRwznpuIysAo7IfSrhbteoAf3AxCTYUSp1It4uqwXeZcZ1TnbyAadMXlGG/T9OZo2SxMVKY61rZfCZh1C5AAYe1+etSVUUTbl6bc=
-    POSTGRESQL_PASSWORD: AgBgpVWC4oiyTIVF4j4ayJqsGePICGvp/3+ouqzEIQNe+TKk4GZ/coNI0Gm8u90ERjCQHUMvR8M6F9pAMkQ4ccvhGL9IogkDY1ygpU+wNunfbePt8uNKfEoKVW9kU067Ufa2XfB6+YVO5CUO1Nhq4s/rf7DWeh4m5pYenR2YatJS0zmBjkC0ljiDotLxqaVIrO141SrpGZMRhh2hhsA7WnvpYVqwVt02Wwv+qXyMuzyIiUQAi28N5uKY/Ylhyplo/4FyIJ+zKutBYT5IKuwUrMkqovLO7u1Zqck3bR3AB/7M0MF4vscGy7UpNTu/ozbcLwC+pS6npUbeVxcay6HtvlkXSbjdLvBIZ7pXlMiqvBQ8jSDMpeIFrH9orwwW6xjHSUBq5s22b2ifJGSODBr2OGufhp8SgvBk/5Z6zYS2ju6HhUfT1DQR9hpilovO9rsqQhHOOddhxg6iF/61SSFsCPgE4lcTOYduX0uRfBRC4lrlhiw2E1MyUxtpY8KDxwlk1g5E5NzMiIh6wNqvkJfvgUkJVoVs4P5l14edYiFFhwSkcNVHNJdmsJQ5Y9CeiRddRgumUFkj532RgTtaCwcVcrEpZtNMXpyvoRtmqnAb46S3TEhIzGm4EZRD8ms9D4qNbM/6o1F1MwchwCkE3qhaim1pdo3fH+ADO/onPaYcLF/GZuKD7ni6k52Fz45QSWkTAyhN9qiKq0rVUEo=
-    POSTGRESQL_USER: AgBv6Vvdei4lzImz9J3d3UgtfK9S/8r8fkmpBn4gHF1l9QvJKK8whJluP2a4Y7QgunXAhe4TzLOHBiqTjMeR618NDDFtOH+fJWLmnFRvgS5M0vHrD+xCopC37gQmeV7tPXGgdJo4cBLWvz6SJvCrSBSj05/2GgnocDZ7Sn4sPZuflhhdb61A6KxEiF+Rtx3hzQtDortVlJFgH28hzLDktDhyMElw2pFoKf6NYK5/nGr4OPBz3cgrtaziBfLd/uZbReFp4gjHd1Are8k1IMUqUYTnohiM1gbTg568t9Hjrzuiz0MlzIJvdPgE4iUksf5mV2rJ8FyWxIvKAI93iOQFSSIeEsy8IUzChJDcsUq1gMVzpXDBgu1tmtwQoXNpaUlcKoMVV6Zc3JBL5T1kKk5ppyXj3vXCMkvqlqPb32J96qV430jEgNp7Fyqvx7rfq/U+sXnGdPgcg1HBvPZmExq8iwb0pp3qjMpzyFp7mVYXqGIJFAY6ZqLU88o3Zscbmws+Nn9w2fBXRAHC+/1XPn0nqDBI7dyhQVLy2cpkX0rRBd05bks3WoPUlqxr9jCWRmeIxYSBguPNcaxPWDLUofcC7OroucUCfgqr0jzPaPiAwmB/Tnj5L0SNIs7APRArzrznxeZA1cOCu6dbsHe9tDUcuoUa53zBpRxYcDUTTJ43Y6NX4QA0ui+HsJQAV4k/smneVY2iDx9Iug3R+4s=
-  template:
-    data: null
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: guacamole
-      name: guacamole-db-secret
-      namespace: guacamole
-    type: Opaque

services/Guacamole/service-Guacamole.yml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: guacamole
-  namespace: guacamole
-spec:
-  ports:
-    - protocol: TCP
-      name: ui
-      port: 8080
-    - protocol: TCP
-      name: proxy
-      port: 4822
-    - protocol: TCP
-      name: db
-      port: 5432
-  selector:
-    app: guacamole

services/LdapWrapper/application-ldapwrapper.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ldapwrapper
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ldapwrapper
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/LdapWrapper
+    targetRevision: HEAD

services/LdapWrapper/deployment-ldapwrapper.yaml

@@ -31,8 +31,8 @@ spec:
           name: ldap
         volumeMounts:
         - mountPath: /app/.cache
-          name: longhorn-ldapwrapper-cache
+          name: csismb-ldapwrapper-cache
       volumes:
-      - name: longhorn-ldapwrapper-cache
+      - name: csismb-ldapwrapper-cache
         persistentVolumeClaim:
-          claimName: longhorn-ldapwrapper-cache
+          claimName: csismb-ldapwrapper-cache

services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ldapwrapper-cache
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ldapwrapper-cache
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ldapwrapper#cache
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ldapwrapper/cache
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: ldapwrapper

services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-ldapwrapper-cache
+  name: csismb-ldapwrapper-cache
   namespace: ldapwrapper
 spec:
   accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: csismb-ldapwrapper-cache
   resources:
     requests:
       storage: 1Gi

services/LdapWrapper/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ldapwrapper
-spec:
-  encryptedData:
-    password: AgAd6z2kg+6+B2dgmywZ3iJ/jqM36I4utd7CUE3w5QSJ19DrbkruppftsYczGycOT9TQju9dM1knWAxA/3Axu9WvX9RjcfdJgWJFtP07PuEKcuhh23QhE7hD+SruixrLWTKeDGa+w4XmDvmjXlUA5rVUwyvx8zIWWn2SC2sbK43Gm0lCgGaFzCINNK3Z3OfKeOiehIKtWdIAfaNgeLMK2HWkwNhQ3DVtgtLqz1O/Y/rJRNase9o3yObVGN1HhzxwdC7fp/B2HLYujCQy9b0JuZhWLXczJJEw/oX8kPvtxLAKUi4TaOp1TefE92X28lBCAqXGYfA0dEWeF9qRmyPH/yOdBN3MFI82G8Ac5rRcmG/RkwEY9aUDlSYiyU+fiiSzKAzhufZSk/disH71sO2l4DohqWa1IvFKmh4qa1caQ/GuthU3eP0pPmru9sqFdUagECd6Uh+18pv5FVFSWyaXQjXAXG/rBvygcEjA1pniIIvmAZGQwgpRZcuFVjQkx6bHbU2112ExfgbCTYKbDD1ocJ6ukQuObeSBv1Q5h9ARiRRjWJSNzQKWrtOBk5wzErZnHrY7u7/R0Bdg1zvT6luTW4goJGFvXkSQT8JUcp14cBfLu6PmaFYON3+Uw9vT99Tal7bco3aqgLEB03VVN0uXpT8vua9vbU9W302nwKTl+f4v7S5ZMqA3PmrKSnIaLmn1cwOaFUuax/KyGFLuB4o5WkAV
-    username: AgAet+Fs6g0L/TC46Rz7L8vh0LuYWug+nz4McOQXlEDn/F+1PdwYDXLwd/9j+G2xBTybQde6ENPNS1Gpav7AoqY8CFIpb0sCkCeQD/gPzZmSWotUl+d8KJkfgqvKATbFVgH/CVHCgsWn8nU9A7q6vpoLioX1Pg/4p4s39Dja7fwHij0l1//cSumfnu2dIkBaIr0uOVTAZoMZhwYjnYnVXSlA9INDtaw/B0jkr80F2/d/VY9lheQKV6EpypCvevKp+ZJHp/XliFXlas8o4KVA4pQcDr9iQVQAt5ywrdJcTDVVFOSZkFuZDHSorEWzPQYgnqqrAqYVmQQUyAme3fwLZ/u5dDpPSY7YDrO80fzwnr2KF5XU3V2JMnR4Gka7hc08Psq5ayveqQpH1CbHg8peS/d27Ks21N4AXPIDsH11ejpJdvIUifYX0WoytUnukyT4ChOqfGOOEw2e/oF3LzIC4jco2df3uipuYXxEFgj9j8zpfyGkCbqmLIqh1imVNLmAIzhZX9rnf9jaU+wi8DpANPzrcWMtrpLuWKoCSNRMW2yViMfoVpLzPQcHyn36U4GmYToq1NHRl4tkcPMsPARErmtdTTqrSHyViyoPKY7/1MW8/fA5pJuMeXAic9MZiM1r7LbsNpJwGfaXDBhurXEgMna23C8fVjbTUL16y2R1FQEjQ+/qaFNhwcyPxDoPL/ir7EVJXo3ezF0=
-  template:
-    data: null
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ldapwrapper
-    type: mount/smb

services/LdapWrapper/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ldapwrapper
+spec:
+  encryptedData:
+    password: AgBc2k0pHG/YT8gHBugDzpAreGsVlDLQJeQnGEn6lzk97Gv1F2RSBy5pASx6WgMX1P/OU4+MPD1QkAIHRQowUTXH2/YDsEKUO/8n93kXnWRr3LOc0hjKGeHCUWdyzre8fU07g4+6dcKopNRGY53nCBNTSQG0DOQOiyCzkEgGDQYLFLk6cnN0B2n2sYRgkNJQCRXUbjKIWaNc8xbmzMrWb+qCBarP75J0c42249K0cpVS/u8txpmWOOtPfngIRh6wV+r5/3W7CwXuNBSUHa+Sm18j/guvIIloN2m5nHY/jXFopekIr02lHv4ANO24EZ1N4V4Uo9TvVV/agNGAU9nK0a0ebZ8W4wjvhiKwMiBOHWp55E3+oA8mP4C9ZC1hkhgbyBi9rK/9ZhVvoB+Q1rl+FD8bdbMcuTYDU9lt799MOThpbR1ti9gj3hO4Yz/GACN7rCJhpb+MIQywrdpRlO2eME1ssVKSmedEAVp/efLfNgfNhlLDl0rZ/I4vwwiQ5JBNsrNwKIoIhneC98ouRJdrZUWFWU0p95dbActr3qmAZQNJbfJ+UktPWSWxd+HW7LqvmYB1A0BT628GLBM5SvXWx0+ye7MLS/t8hJM/cqtOtdwdzoTZZfZv2dCnDQ0WtsZfXAdnigitA7UES3TzapIgdim3d6ujvnOY0OfJcKKSsKh7GQw451dKWUzTWafkciWoaWRBZnTmEgt6zz0Be0hQCfJm
+    username: AgAMIlu1M5O+fL3DJvdgSHkLpp8QDYXada4cFGTOGREY/1VonKhnmCDvgchsDzZY4DFiXn/nRxljlc8PalZsDmZ+6CZCmnJpMVSehrDw0gUigLgf0fFccJ8Sqk/kb3RTfZUYu906xUVHCQg7XeVaNyOaVZVfxB/SpPV33Y41nt4rjlwwIs+haQA1HoJLekANsR8YTDJABa/PFj/+oX2WS3OHXJvRtCeSSmPR3WJWJXQYQQewakMNqOuGTRjXSvHw95XJPnyYJiwHL8b+fdZRKxPpJwhRvKNmj+reosJkKeaq/M6cERLixJo8RpFATNAnv8BcKMbslMRQB+cn5HlfX5afMS8E1k/nPHa/3uSjNCuFoc1w4t9FjNMjfQrvDMxTIaJ78py0eZHznBO9uGdr1gDwZHzgcLJSFKL2aH8AdGTivRk7qKegCcWvFxtujGUWyXNnCV/6S1n9V4gvk62tnxNMbC5alCo8cAehJfJMyQrozyWH3mtnn7a61brPh+LVMeSne6dl6RRctQY7ZG0ypH7r1UxQczvkwuafVFvY+EfuKRM95SV41wo8Nyunb1MpXte77QLFpBnDxs/td14/i8QDJMjHIw0dItmtEbvPOaLMiyIk6kIGYRksyVwAQOHdEJISUJPnF8wcCeC3gpbXukSpgmQFQeyGsMgiRPlKYGFRq1nk8gIDMtUn5k1cZsMPX9G43vBGU4M=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ldapwrapper
+    type: Opaque

services/Lighttpd/application-lighttpd.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lighttpd
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: lighttpd
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Lighttpd
+    targetRevision: HEAD

services/Lighttpd/deployment-lighttpd.yaml

@@ -30,9 +30,7 @@ spec:
           subPath: .htpasswd
         - name: configmap-lighttpd-vhosts
           mountPath: /etc/lighttpd/vhosts.d
-        - name: flexvolsmb-lighttpd-data
-          mountPath: /data/scripts
-        - name: flexvolsmb-lighttpd-websites
+        - name: csismb-lighttpd-websites
           mountPath: /var/www/
       volumes:
       - name: configmap-lighttpd-conf
@@ -41,9 +39,6 @@ spec:
       - name: configmap-lighttpd-vhosts
         configMap:
           name: configmap-lighttpd-vhosts
-      - name: flexvolsmb-lighttpd-data
+      - name: csismb-lighttpd-websites
         persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-data
-      - name: flexvolsmb-lighttpd-websites
-        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-websites
+          claimName: csismb-lighttpd-websites

services/Lighttpd/ingressroute-lighttpd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: lighttpd
@@ -14,4 +14,4 @@ spec:
       port: 8080
     middlewares:
     - name: security-headers@file
-    - name: compression@file
+    # - name: compression@file

services/Lighttpd/persistentvolume-csismb-lighttpd-websites.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-lighttpd-websites
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-lighttpd-websites
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#lighttpd#websites
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: lighttpd/websites
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: lighttpd

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/data

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-websites
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/websites

services/Lighttpd/persistentvolumeclaim-csismb-lighttpd-websites.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-lighttpd-data
+  name: csismb-lighttpd-websites
   namespace: lighttpd
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
+  storageClassName: csismb-lighttpd-websites
   resources:
     requests:
       storage: 1Gi

services/Lighttpd/persistentvolumeclaim-flexvolsmb-lighttpd-websites.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-lighttpd-websites
-  namespace: lighttpd
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  resources:
-    requests:
-      storage: 1Gi

services/Lighttpd/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: lighttpd
-spec:
-  encryptedData:
-    password: AgAc9UFx4rs5SmuntY7dUxf80geDlDc/zn9SaGWu4Z5n9aWJZZWlrAAq081fTeb4jjiR3bjdlKqgwLkKiIgkYlp1nBgfLsLo5rE49c8eo+s0x+0L2gVj9ArqHWD5hw76evnD73AU3zuQGNoHg7x7iUmyCtBk9kLDQTXWsLkSnb0HLB7knOqQjK8C1uC4eTdjQRLmhevQAl/oxiDZ8lf/xkj7GH3o0Gp6DKiGetnKYsaJJGPeImdAQzHMlH7F0ypQGMeyWU9zh4ro8a8G+Sxorjz45ws/ORpN6jWifnDX0xshVjsVM/hD98xui7thsf++B8JxZK0i+sls0zpgtJvKyzJJytOXknPNMyqG+S5QN94iFfoCnP1ZgBGdEJVI7c+RXFekenXSNgrCqjCEHy+L09AjTXOwrtPfQovhw7ai7lAsE6f4N5uU8XbYdbqh6jG442ZowWyl0vpVa1Ea93Fy205vxoncasAiO0UT0UcMxekZ5jzeJU8crxieCtck7Z65GsHWuoWLSH2PX43k1JSKMG5zbZNvOszjR58fXHdj/HjXug9K5hHJekNk0A4+iAY/SwdzxaTCKbQgly4HTHX2JqBHMXRDYGm15qns/R5O48XcEs7aEWWVDvYyeiDrSM0il/29kMNb+vwzaPOdSwfb5GShZcirRWQgAdPdEM36Z6O1h+EoeazO6/Hj+JYf+DcX8/5DuC1nTkhQj9NFmoLzrHtc
-    username: AgDW9pYxGa/I0NBjXWcqcHZY2ZSY9IUd/sOyg40e6T5wPSioUgWqn3tf3EzNqUVJsSJndKWZnagXZGMafkYS3WYOsrIiSR4jyAtHc7t7D9TGw8dEzXeP8UF+ICCpd3YzD7856+Xov9pmXziHS1gT5hqywdFEruoiR9gtbrdEqG0PHFt96Bcve5JillbFWh2VsRBe4gMKoRfjGHd69voGsqkn3H4VwHITRWixNploRXOyq1+hO49Ka+Rs4TbQvXWTVAyqYZEWWKC9W0S8CN3mhzBDg+JNHSzsd1BqQNQ+lJ9S12gaTphWH5v+IUSlCWsIGDjwC5oKTzy5IYcw5V/DcfMl8/vYexb2dB4nQo0vJb1Ip+HPrBSl3HvV/Vz7Tq2fXN0h7QvyUjeEsTQaMrYe47AuMBCiNcmUY5z1KwNMfNjXSYbJEqLZ25ABj2xNq2GefZhWcBOl3zkQExgGfrmfh8eSzThMkfY8NpWho9DfitD44a9B9J2hGn5H/eUKbEJXLYs8JKXXBfSYZQJS7ac/ub/iPDfefSPPXeJFPBZIwnSP/khp9D/6/4tVQyT1XijJBrD2FkcX6nE5fcrnVmJtGEv6YBkOSyszJqtTBjXbHQuNnyCc2R//ybPev+CIyGvD2uZwN5b/8nKbABweLPRKpRJlM2v4e1N/Y70hxSOIN5iFd7FSG/8QV0U8Jm6ZI7xkoHAAitu8A2U=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: lighttpd
-    type: mount/smb

services/Lighttpd/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: lighttpd
+spec:
+  encryptedData:
+    password: AgCVf7upjlA1IEYq6QwaF3UTbqgd+Hw7910Zy1GKI99ii+StJmv/8U5AdN17ceEQVfkGpTgdgZ+crL72HKjkAWaEXKJDatHvvE2nbE1WjDcLke87Fff4aZAXrQQFi3Vxj6lcGlUlWnDME+Rer7XlGLZGuP5N4z9C+uXurWaEHa8NO/zC92H/UGuNbIZUeQaMIYe9yVuAQ7/S8GSjdWORepbK3k35b4nH9uuDqIt03eoPz9H1ngYH/vqT9L094srGeNTuuAgHpPua+8+QR62ZjBPxIU71bWu3FKZjqzKYuv5pPCm41No0kWU/+odsEDzzdOr2WKnEIxpbedli4FzoSXcTkCIEgUtOjqsxHuulP8hroy3C8h2Pi30OtxMGAocF06y51A1SXcawmP5toqHYqq0r1hj0VIqJBisOxrDJiad577au6lB7BIJ9go8pU+Sk7XLpNenUhOZ0nyjVv6ziZLZYAcETPVPZIypP8EoNNfFUUy3OCx/cX8Bcxg0U5owOMsnf/U0Bh5Bn2oR0Hnf7ry/EFIlYzYVxNGOYZlOIc2RJSW4SO06ly4cJfyG/nkmvtvvY54caivygh+nCKiX/nEoNnNH/HoGBU+OsGmnAc/4QEC/S1mHKYedSuTmz3SllkM4VOgBi0W/sZPLquO4JNMtxyUu93lRLjsDVTBEAeaAjI3axb19z+HGuiBzH/ydg81YMd3fv24xgi+FX8OiZoZaJ
+    username: AgBQKX7gfhaqhYGrOTZVKVEv3BcQlYHQ9hPUW38iaKCPQL5DBbye3oMkXgt6EE4rJAXF2XkZyPp/mbJY8hkqSoLxyCTakf3FJjLfcPx3q3VbS8k1kgkCeolm9iJHMhrGKhwXhi6di0ETY4olESDLeCkO91pQCTfKaoN8M7dYFW6AOuWkPy90fo6ehgo4V0ylTazTOnPdQi0+topJRPrpGvDlkE09Gc4CYivEb6G1nFSZq/fVCG8QqmUbo/y6jjURzy3DeYR7abmasWYwig/GoOAY7WkPJYCw9uCBJrgkcKlbjuUTCjFXb4fIF6Q6PLjHWo2sRTjwGgBSt3LwNNzFTC2uoX7sO1LhJPognkXS/WRAXg4TWmZ+8hOIE+LM7sHrEramanrxMzTMx7HHRFT+pD++/BrYBGr0J1Po/IDb0cyaREkDukGGKFH9cABxVUTHKw583YNSMEY1FcDuslcohafVVN12uCykKo7ls/xOGjxwNnBtei64vbG77WcsCuRbPIMpLbneB8TShQAGJjDNuX6qRaT88hRN+kTwdy1wdGT5y6x/KcfY9BGl65dnR74TlonuIvWRaPnqwScHTJnMrBZubaKEoNnb8WL7Pd+f4M/W/s8DgAqpmSuILisg7wQZJ91CoZVAWvCX9cNHQ8eDmtVIaMZeZlkNCwIdJiJLC9iAB54ANDVeMjkLJ/4p44fOGWATbxoZgek=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: lighttpd
+    type: Opaque

services/Memos/application-memos.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memos
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: memos
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Memos
+    targetRevision: HEAD

services/Memos/deployment-memos.yaml

@@ -17,7 +17,8 @@ spec:
     spec:
       containers:
       - name: app
-        image: neosmemo/memos:stable
+        image: neosmemo/memos:0.24
+        imagePullPolicy: Always
         env:
           - name: MEMOS_PORT
             value: '5230'
@@ -26,8 +27,8 @@ spec:
             containerPort: 5230
         volumeMounts:
         - mountPath: /var/opt/memos
-          name: flexvolsmb-memos-data
+          name: csismb-memos-data
       volumes:
-      - name: flexvolsmb-memos-data
+      - name: csismb-memos-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-memos-data
+          claimName: csismb-memos-data

services/Memos/ingressroute-memos.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: memos
@@ -14,4 +14,4 @@ spec:
       port: 5230
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Memos/persistentvolume-csismb-memos-data.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-memos-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-memos-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1001
+    - gid=1001
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#memos#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: memos/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: memos

services/Memos/persistentvolume-flexvolsmb-memos-data.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-memos-data
-  namespace: memos
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/memos/data

services/Memos/persistentvolumeclaim-csismb-memos-data.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-memos-data
+  name: csismb-memos-data
   namespace: memos
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
+  storageClassName: csismb-memos-data
   resources:
     requests:
       storage: 1Gi

services/Memos/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: memos
-spec:
-  encryptedData:
-    password: AgBeEaCDaKwgafALNYq/ykvhoYtC9N+1D+DN37HrwpGEEbw8cXKBdmO7cV3hRL/uT9FvvCh3g0fq7a0xozjZiFDxzUM5V+pY37ENvoDBepbdAktwCXFhXmarSHVuLH0q8j8eS3OFYUR2Xdh6eivhpeYEqs0kC8G9VaplHWFGLJQBDKDKg3pfhlPu9E9FX7uspYHKazMfS6L0x9bxJl/hktl33Mh+kEprMcppYocdI3SNoR3OGvbwiZIpLG/ihavviybmzsRofUT8/s27ACX6URym7KCy/+Sq0hx4e5qCN30rYl2HkdKZmY91YPunnT+UmHuH30Vj52uFNV/ySd3P+G9hRE2BVNFvaZ5Mu4BA5Ei+F2l8xJar9NJ0mi2VYbIjWarQmvcaywfHR1TsQ5lmhSxHuJhx4tllTKcDHBl1wTWkRRWIjWWvRdjcCwNpAKGiKvbExxI715JgmFn/4wOvlX7UkRBUr3QAhVzNHVbd8mexlotqTIaPVXEjJ79Oc61yAU5Q1ZFLzpeDbI/Rz1egjBXsAW0V4ojA6TDKiyBEs9g3WoTjI3Ziwn31Rmg1r0/Vc2uJERcMU0i+Chh49duyurL3K6AKBfm7NHh6bwABUnYtb2BQj+CBK8Bkm3XWfLo8ul4hZarYwg2nE/tY2ZVIS1Jc7XpiZAhpBqF4Drz46lKY5Pi45atMmZt6rGAdx3LbZdk87DMqMnEdzX+PXLWSBQQJ
-    username: AgAJdgjk+DU8EhLKSHE/H3i4D/lwrzzmi5SqCc5XT6aMFnZ7hAtdubd6qH2QfpvS0EpjHn0C4WeT6JdUAvB4w5Ee3MPRmxrUlt4zfOjXtv7mrnrOaEunlczKxOJDZp+J8NsBb3fgzCfoZilAi9uewffDJ6YXxSwNTgBpx1JGB7c7QDxvYh3L0whqQN87hrw9ZObFVSTUztTQQH7QgDIBRUTH+1YkMHftkzKLdvwRdcKrQ3NYIqbcQFsFlelTVWQYfQ8WteR7k1H4QABe3oeCnm7OD3dwQbbuksd+sA5i4lsYHIPVQW46hcxhRk46ONTyB5HeSfSITE//p2XU3PLYoKWjvUC71vJkFtT4eFE50hoSdGZW7CsNJnnFGMXobhhtvPWJ4TdzM8bRNGHpmxxigTIKM/GNuhckuUNcHlFTYdqEglJpBAWpaDcgIiqaDV9S/AajSk8jwBNG7OQYNmJUiLe1ZyZR2JSVyFszCzJe9/I8k1RK5HEbBYpRd46oZS+qgD4/4t3P/9fF7I7IlMNjBdBDb4HGs9lMdnNQyXYaelMmPWrbw8FOSfV1QggKkcE4j2D2j60AmljLxVadnr0r1oB+NPsCDmo24BYhjMgSZY79vDcRK+sy9475A+UE7ACJYKdYHkh0tyriSn/Dnp/XXfr7dIi78dAd4q6DfTuLOgfKTe6MORktxgTvWKe+dcOXZGGKik9DLk8=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: memos
-    type: mount/smb

services/Memos/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: memos
+spec:
+  encryptedData:
+    password: AgBp0xmRNTIUJ8c50lsNFa4SsT3HjJ5tMTR5QdCZBVlGDiYl7ZlL7nX7VMyR2aZf5awEh4fnSd145kj2NxIhrPVi0rdviH4BsmybNLf6WJzEKG6wQnJvD8d74RHsKV9NDkuOixld8qBwMBEo3WkfOPn2VYMYZrBM7H+7DGBiXcXOUG5vZ8W+au5FePluWGNsaJYEvOiyESla/jLYraKYFDq2mIl8kZdvVY9U5vc+ITa7ktgp0irtjm8wzv8M2/AY/FKk7PNZjE2vYQXYzhTSPZDzizDLRvvun/83yCvVLrHCLG7mcTyHB+6bDITSF5XSymxkAbU9MN455PLDzBcZJyH1QRO3Yi6dFY1vXA9q1vaboanxkInFaMQW/IZsR+GExVAGc+MZ9Q8kIT6tKVu6vw3PSCVUOlkbIJGdH8WPsdASTYpdusnt2NW9idjqc1bLXdCBqh3aMzwKTiD6wpA1kAWdCVpxkDdMZFg/E9sQJTqjD5XCRh0SvHOlrd2ZteHqyYLPYx1tkCDpN33b0K24XatftReKHlYnXum+RympNLYWs6cUyeegAAfauvrI4wqEhkB1oXvri1wRqAVKxo21hqf9Z0vPd0azkJ5+BA34QG0nfUskgNkvyJwNL7iwKgFasU+YziVHh21ZP8RxNRwzmNNcvcR/WiLrz7rfA05Pok/+q/7YLr5+QsxFbgemwXKbOUvARjHxi6tpqEoDp4r4jHG8
+    username: AgB3UU+q37U0s3SPnnb1YtIgxPIPGaogzc7L199wtqUHY1QJ0Z+yHegbtE0TU+c+RhpjGO41ntVnQiW5+V777G2Zs43ehJQmChSf6AXRtLTVeSRTzztlB3tACZfzglrU07LaGWkigAszLtTwJLkt9yFADewGlPEzY9EGSe3xFReA4TRIpqlNLlDwPBx/eI5TqehXtYkPQN4/+xsA2iWjJrVj8MxPvvQaj9Alhxfs51QYXmg/i2sC15+CG5ndSWhouvmzdqAYyb/L2JvqTcJludrMT4r3UhEAbfG1YLvPoigpkF1pVY3+hz1c1kb6YgmxBwGe/w/Ys6wjJIa1aESkf0xTTpfr6bys96T0VvI1GlC3WhU0jJJ42VjuSqfdwqFrLwCyoZNMB5MLmQLe5XrBz3bQ7DOA2MBdTSU0Pbd21hMxTnNtGsOa0rycm4u0o3mV3mwYQCzhIiMHZHfIQe1ULNwA3/c6yTRtWIClYFgVcPEgfwKBdVBM+hWEHCuol2XjHPXHdWeqCYr5fjjF8ain3LcDYJoiwXXtC6+G8s1u+LGX6pXlWNpWrUQMK8Ps1lC+5QxaJZFafHCTxcYbFRaQ5Zp92wfkfbfkqXc9W0KzkxeCIdkWRZgCcSac32oobcarjIlgF6tvnQ67NsGT9xV9vZkBs+eI7uCT/ohtwm7gNdmq5t0RPE0ScgWxqf+NgiCqlc5gpOTmsic=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: memos
+    type: Opaque

services/Minecraft/values.yaml

@@ -1,22 +0,0 @@
-minecraftServer:
-  eula: "true"
-  serverName: Clydebank Rd Survival
-
-  serviceType: LoadBalancer
-  loadBalancerIP: 192.168.154.240
-
-  cheats: true
-
-  ops: "2533274801327950"
-
-persistence:
-  storageClass: "smb-csi"
-  dataDir:
-    enabled: true
-    Size: 1Gi
-    accessModes:
-      - ReadWriteOnce
-
-extraEnv:
-  ENABLE_ROLLING_LOGS: true
-  OVERRIDE_SERVER_PROPERTIES: true

services/PVR/Jellyfin/application-jellyfin.yaml

@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyfin
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyfin
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyfin/manifests
+    targetRevision: HEAD
+  - repoURL: https://jellyfin.github.io/jellyfin-helm
+    chart: jellyfin
+    targetRevision: 2.3.0
+    helm:
+      valueFiles:
+      - $values/services/PVR/Jellyfin/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-config.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+    - nobrl
+#    - cache=strict
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: jellyfin/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-movies.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-movies
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-movies
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+#    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#movies
+    volumeAttributes:
+      source: //192.168.154.195/Public
+      subDir: Video's/Films
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-series.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-series
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-series
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+#    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#series
+    volumeAttributes:
+      source: //192.168.154.195/Public
+      subDir: Video's/Series
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-config.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-config
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-config

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-movies.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-movies

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-series.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-series
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-series

services/PVR/Jellyfin/manifests/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: jellyfin
+spec:
+  encryptedData:
+    password: AgAKjCGM2YuuGiRc2ix7Hh3f71QfBH16jrU6i3WFH1ypVWwpkIsiiV1SGYfxUMuweW0xByl+54DvtWEpI9dJglvZpDgfdP4Br4jrzeF0if5eAnQA1nC2CXYAps49Do2YKR8umudp7J+Januugh8lRNz2RQUcDV0vtPWZJGOLTUK8ha4pL87IhQeGojW9eBc+iAL5pypWIyCsKJ0y8eq4JP6ZpO12XtNggcqa/QVdJrKAVJZnEjIHMO+g5mblNmrM+xjLQhsynHZE+88tPjpAFSpsymhT+841dd7yQqWN4WlSuVkPiDEKJHrSV/q+BQliVHXzWupdYJ2NXQn1R0Xzaw7IROEvk1Dhob4sQaYhI4m1hX0uD2ldYnY2KHY0FFMXJz+rIN/yNSokk+P8/Uh6qtslHfCHfanGtIZrAN2HZz83Q0CJu6YIzSgn1K05NDvXSJ2oRRs3RgootVXYiwm7snrDyAm1nLZ07fxP0omq5ZN1G5HzCZhYV6JCeF1MSejI89oK9cbmqJJFOcOVjs8PBFlFhFJrcsWJjx9z1e9GhNJKBj4xp7rX+nU+kXBqxlp2ZbliUJd8jlFKsihWj4T02ppekFwZee7ryLVhOllvd1QKwFKotwuhQVSJCiHFflKvwvcmqJ0nUv+L7COxPhFJHrmsCNmRH06hYIWoLYu61R+1U/ZY5BRXeWeClYKdAZOjahH5e+4f68kEUiGpb7tOWgNC
+    username: AgA/L2pauimeaL9iM9ng0HK9biOqQojt07f1eFLu2P6s/KrCFIAp7ItfMIPRjb9W/QLcAPmaEnHTweMejw9c2cybewlDrr+UlqRUZbCsKoIjh9AkrRthJAIv01u+KLGNrCpzsNeGdGc3QaBS1wE/DiYEN3tvgfcc6o/9wen9bGSaN/jJ1bfHfDIdO1Ccuo+92oIYxQbfl7M1Cm+9K8/LCOdNdT6vZr9+3LfnE1h7Qd8cSRg1Oo82X49Qo7b6HLofz7Y9YN3syxLjnVKZu4LHpmVWPsA1OXDaK70g90gnfLdk5qT264Snp+74NTszKTa+Eyceuw4Ztqf0KoraFrWMG+dpTnQ2NAsFfIw5rp7Wh45xMpOU7GWlaWu9PtD4mYGFBOsNlJllfBzabPE8SL/nB0AAq8PPrt2qIpshMBi+DA53bVZ0+pG+bL6bBGboWDnebrzXYjX8x3iQcg433BcvxIS/AAYBRIlrReaoYuvh1+qETDv3gcQzH5S4g4s4cXAQuvLaEHGHHZbh9Y37cr6SN/RsTv8L8ZEYprDf37sFJPx+JPDAXwhxvjl8i1a7ehAr3uSTrqg0AfPqdhC4ZrPN5QMGXGdhxzInsEzG3IRW1Xpey3ioD4coreywm2xZ4iMTtAL9RXAYbFAhRCPPpe+5hnsNZbNTIlFwyPldaLwZC8CGkqA4AJx+4FUFes5pbg0jgQoPNGDlgLo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: jellyfin
+    type: Opaque