chore(deps): update helm release argo-cd to v9

Merge pull request 'chore(deps): update helm release argo-cd to v8.6.4' (#19 ) from renovate/argo-cd-8.x into master
Reviewed-on: #19
2025-10-24 12:02:04 +00:00 · 2025-10-21 06:31:39 +00:00 · 2025-10-21 06:31:07 +00:00 · 2025-10-21 06:28:42 +00:00 · 2025-10-21 17:21:52 +11:00 · 2025-10-21 06:20:41 +00:00
210 changed files with 2451 additions and 1652 deletions
--- a/.gitea/workflows/renovate.yaml
+++ b/.gitea/workflows/renovate.yaml
@@ -0,0 +1,27 @@
+name: renovate
+
+on:
+  workflow_dispatch: # allows the workflow to be run manually when desired
+    branches:
+      - main
+  schedule: # runs this workflow at the scheduled time (uses UTC, adjust for your timezone)
+    - cron: "0 12 * * *"
+  push: # runs this workflow when pushes to the main branch are made
+    branches:
+      - master
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    container: ghcr.io/renovatebot/renovate:latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Run Renovate CLI
+        run: |
+          renovate
+        env:
+#          LOG_LEVEL: "debug"
+          RENOVATE_CONFIG_FILE: ${{ gitea.workspace }}/.renovate/config.js
+          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+          GITHUB_COM_TOKEN: ${{ secrets.GH_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.sensitive.yml
+*.sensitive.yaml
--- a/.renovate/config.js
+++ b/.renovate/config.js
@@ -0,0 +1,13 @@
+module.exports = {
+	platform: 'gitea',
+	endpoint: 'https://code.spamasaurus.com/api/v1/', // set this to the url of your gitea instance
+	gitAuthor: 'Renovate Bot <gitea.danny@spamasaurus.com>', // set the email address to whatever email your gave this user in your gitea
+	username: 'srv.renovate',
+	autodiscover: true,
+	onboardingConfig: {
+		$schema: 'https://docs.renovatebot.com/renovate-schema.json',
+		extends: ['config:recommended'],
+	},
+	optimizeForDisabled: true,
+	persistRepoData: true,
+};
--- a/README.md
+++ b/README.md
@@ -1,63 +1,46 @@
-# Kubernetes.K3s.installLog
-*3 VM's provisioned with Ubuntu Server 22.04*
-<details><summary>additional lvm configuration</summary>
+# GitOps repository

+### 1) Harvester Hyperconverged Infrastructure
+[...]  
+
+Configure Harvester HCI nodes through cloud-init (requires node reboot):
 ```shell
-pvdisplay
-pvcreate /dev/sdb
-vgdisplay
-vgcreate longhorn-vg /dev/sdb
-lvdisplay
-lvcreate -l 100%FREE -n longhorn-lv longhorn-vg
-ls /dev/mapper
-mkfs.ext4 /dev/mapper/longhorn--vg-longhorn--lv
-#! add "UUID=<uuid> /mnt/blockstorage ext4 defaults 0 0" to /etc/fstab
-mkdir /mnt/blockstorage
-mount -a
+kubectl apply -f system/Harvester/cloudinit-disable-nic-offloading.yaml
 ```

-</details>
+### 2) Persistent storage

-## K3s cluster
-On first node (replace `<floating ip>` with the correct value):
+#### 2.1) CSI plugin for SMB (CIFS):
 ```shell
-curl -sfL https://get.k3s.io | sh -s - server --cluster-init --disable local-storage,servicelb --tls-san <floating ip>
-cat /var/lib/rancher/k3s/server/token
-kubectl config view --raw
-```
-Install kube-vip (replace `<interface name>` and `<floating ip>` with the correct values):
-```shell
-ctr image pull ghcr.io/kube-vip/kube-vip:latest
-cat << EOF > /var/lib/rancher/k3s/server/manifests/kube-vip.yml
-$(curl https://kube-vip.io/manifests/rbac.yaml)
---
-$(ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:latest vip /kube-vip manifest daemonset --interface <interface name> --address <floating ip> --inCluster --taint --controlplane --services --arp --leaderElection)
-EOF
-```
-On subsequent nodes (replace `<floating ip>` and `<value from master>` with the correct values):
-```shell
-curl -sfL https://get.k3s.io | K3S_URL=https://<floating ip>:6443 K3S_TOKEN=<value from master> sh -s - server --disable local-storage,servicelb
+kubectl apply -f storage/csi-driver-smb/application-csi-driver-smb.yaml
 ```

-### 0) Configure automatic updates
-Install Rancher's [System Upgrade Controller](https://rancher.com/docs/k3s/latest/en/upgrades/automated/):
-```shell
-kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/latest/download/system-upgrade-controller.yaml
-```
-Apply a [server (master node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Server.yml) ~~and [agent (worker node)](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/system/UpgradeController/plan-Agent.yml)~~ plan:
-```shell
-kubectl apply -f system/UpgradeController/plan-Server.yml # -f system/UpgradeController/plan-Agent.yml
-```
+#### 2.2) Harvester CSI plugin
+See [Harvester CSI Driver](https://docs.harvesterhci.io/v1.5/rancher/csi-driver)

-### 1) Secret management
-*Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases)
-
-##### 1.1) Install Helm Chart
-See [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets#helm-chart):
+### 3) GitOps
+##### 3.1) Install Helm Chart
+See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started):
 ```shell
-helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
+helm repo add argo https://argoproj.github.io/argo-helm
 helm repo update
-helm install sealed-secrets-controller -n kube-system sealed-secrets/sealed-secrets
+helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml
+```
+Retrieve initial password:
+```shell
+kubectl get secret -n argocd argocd-initial-admin-secret -oyaml | yq e '.data.password | @base64d'
+```
+Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
+
+##### 3.1) Adopt through GitOps
+```shell
+kubectl apply -f system/ArgoCD/application-argo-cd.yaml
+```
+
+### 4) Secret management
+*Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases)
+```shell
+kubectl apply -f system/SealedSecrets/application-sealed-secrets-controller.yaml
 ```

 Retrieve public/private keys (*store these on a **secure** location!*):
@@ -65,182 +48,72 @@ Retrieve public/private keys (*store these on a **secure** location!*):
 kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > BitnamiSealedSecrets.masterkey.yml
 ```

-### 2) Persistent storage
-
-#### 2.1) `storageClass` for SMB (CIFS):
-See https://github.com/kubernetes-csi/csi-driver-smb:
-```shell
-curl -skSL https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/deploy/install-driver.sh | bash -s master --
-```
-Store credentials in `secret`:
-```shell
-kubectl apply -f storage/csi-driver-smb/sealedSecret-CSIdriverSMB.yml
-```
-
-#### 2.2) `flexVolume` for SMB (CIFS):
-```shell
-curl -Ls https://github.com/juliohm1978/kubernetes-cifs-volumedriver/blob/master/install.yaml -o storage/flexVolSMB/daemonSet-flexVolSMB.yml
-```
-Override drivername to something more sensible (see [storage/flexVolSMB/daemonSet-flexVolSMB.yml](https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog/src/branch/master/storage/flexVolSMB/daemonSet-flexVolSMB.yml))
-```yaml
-spec:
-  template:
-    spec:
-      containers:
-        - image: juliohm/kubernetes-cifs-volumedriver-installer:2.0
-          ...
-          env:
-            - name: VENDOR
-              value: mount
-            - name: DRIVER
-              value: smb
-          ...
-```
-Perform installation:
-```shell
-kubectl apply -f storage/flexVolSMB/daemonSet-flexVolSMB.yml
-```
-Wait for installation to complete (check logs of all installer-pods), then pause `daemonSet`:
-```shell
-kubectl patch daemonset juliohm-cifs-volumedriver-installer -p '{"spec": {"template": {"spec": {"nodeSelector": {"intentionally-paused": ""}}}}}'
-```
-Store credentials in `secret`:
-```shell
-kubectl apply -f storage/flexVolSMB/sealedSecret-flexVolSMB.yml
-```
-
-#### 2.3) `storageClass` for distributed block storage:
-See [Longhorn Helm Chart](https://longhorn.io/):
-```shell
-helm repo add longhorn https://charts.longhorn.io && helm repo update
-helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace --values=storage/Longhorn/chart-values.yml
-```
-
-Log on to the web interface and delete the default disks on each node (mounted at `/var/lib/longhorn`) and replace them with new disks mounted at `/mnt/blockstorage`.
-
-Add additional `storageClass` with backup schedule:
-***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
-```yaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: longhorn-dailybackup
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "3"
-  staleReplicaTimeout: "2880"
-  fromBackup: ""
-  recurringJobs: '[{"name":"backup", "task":"backup", "cron":"0 0 * * *", "retain":14}]'
-```
-Then make this the new default `storageClass`:
-```shell
-kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
-#kubectl delete storageclass longhorn
-```
-
-### 3) Ingress Controller
-Reconfigure default Traefik configuration:
-See [Traefik 2.x Helm Chart](https://github.com/traefik/traefik-helm-chart) and [HelmChartConfig](https://docs.k3s.io/helm)
-```shell
-kubectl apply -f ingress/Traefik2.x/helmchartconfig-traefik.yaml
-```
-
-### 4) GitOps
-##### 4.1) Install Helm Chart
-See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started):
-```shell
-helm repo add argo https://argoproj.github.io/argo-helm
-helm repo update
-helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml
-```
-
-Retrieve initial password:
-```shell
-kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d; echo
-```
-Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
-
-Create ArgoCD applicationset
-```shell
-kubectl apply -f system/ArgoCD/applicationset-homelab.yml
-```
 ### 5) Services
-##### 5.1) [Argus]()    <small>(release management)</small>
+##### 5.1) [Gitea](https://gitea.io/)    <small>(git repository)</small>
+*Required for all other workloads*  
 ```shell
-kubectl apply -f services/Argus
+kubectl apply -f services/Gitea/application-gitea.yaml
 ```
-##### 5.2) [Authelia]()    <small>(single sign-on))</small>
+
+##### 5.2) [Argus]()    <small>(release management)</small>
 ```shell
-kubectl apply -f services/Authelia
+kubectl apply -f services/Argus/application-argus.yaml
 ```
-##### 5.3) [Vaultwarden](https://github.com/dani-garcia/vaultwarden)    <small>(password manager)</small>
-*Requires [mount.cifs](https://linux.die.net/man/8/mount.cifs)' option `nobrl`*
+##### 5.3) [Authelia]()    <small>(single sign-on))</small>
 ```shell
-kubectl apply -f services/Vaultwarden
+kubectl apply -f services/Authelia/application-authelia.yaml
 ```
-##### 5.4) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
+##### 5.4) [Vaultwarden](https://github.com/dani-garcia/vaultwarden)    <small>(password manager)</small>
 ```shell
-kubectl apply -f services/DDclient
+kubectl apply -f services/Vaultwarden/application-vaultwarden.yaml
 ```
-##### 5.5) [Gitea](https://gitea.io/)    <small>(git repository)</small>
+##### 5.5) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
 ```shell
-kubectl apply -f services/Gitea
+kubectl apply -f services/DDclient/application-ddclient.yaml
 ```
 ##### 5.6) [Gotify](https://gotify.net/)    <small>(notifications)</small>
 ```shell
-kubectl apply -f services/Gotify
+kubectl apply -f services/Gotify/application-gotify.yaml
 ```
-##### 5.7) [Guacamole](https://guacamole.apache.org/doc/gug/guacamole-docker.html)    <small>(remote desktop gateway)</small>
-*Requires specifying a `uid` & `gid` in both the `securityContext` of the db container and the `persistentVolume`*
+##### 5.7) [Webtop](#)    <small>(remote desktop)</small>
 ```shell
-kubectl apply -f services/Guacamole
+kubectl apply -f services/Webtop/application-webtop.yaml
 ```
-Wait for the included containers to start, then perform the following commands to initialize the database:
-```shell
-kubectl exec -n guacamole -i guacamole-<pod-id> --container guacamole -- /opt/guacamole/bin/initdb.sh --postgresql > initdb.sql
-kubectl exec -n guacamole -i guacamole-<pod-id> --container db -- psql -Uguacamole -f - < initdb.sql
-kubectl rollout restart deployment -n guacamole guacamole
-```
-
 ##### 5.8) [Lighttpd](https://www.lighttpd.net/)    <small>(webserver)</small>
-*Serves various semi-containerized websites; respective webcontent is stored on fileshare*
 ```shell
-kubectl apply -f services/Lighttpd/configMap-Lighttpd.yml
-kubectl apply -f services/Lighttpd/deploy-Lighttpd.yml
+kubectl apply -f services/Lighttpd/application-lighttpd.yaml
 ```
-##### 5.9) PVR `namespace`    <small>(automated media management)</small>
-*Containers use shared resources to be able to interact with downloaded files*
-```shell
-kubectl create secret generic --type=mount/smb smb-secret --from-literal=username=<<omitted>> --from-literal=password=<<omitted>> -n pvr
-kubectl apply -f services/PVR/persistentVolumeClaim-PVR.yml
-kubectl apply -f services/PVR/storageClass-PVR.yml
+##### 5.9) PVR toolsuite    <small>(automated media management)</small>
+*API-keys whitelisted in ingressroutes*:  
+```yaml
+spec:
+  routes:
+  - match: Host(`<fqdn>`) && (Headers(`X-Api-Key`, `<secret>`) || Query(`apikey`, `<secret>`))
+    [...]
 ```
-###### 5.9.1) [Plex](https://www.plex.tv/)    <small>(media library)</small>
-*Due to usage of symlinks, partially incompatible with SMB-share-backed storage*
+###### 5.9.1) [Jellyfin](#)    <small>(media library)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Plex.yml
+kubectl apply -f services/PVR/Jellyfin/application-jellyfin.yaml
 ```
-After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
+###### 5.9.2) [Jellyseerr](https://sonarr.tv/)    <small>(media requests management)</small>
 ```shell
-kubectl get endpoints Plex -n PVR
+kubectl apply -f services/PVR/Jellyseerr/application-jellyseerr.yaml
 ```
-Browse to the respective IP address (http://<nodeipaddress>:32440/web) and follow instructions.
-###### 5.9.2) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
+###### 5.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Prowlarr.yml
+kubectl apply -f services/PVR/Prowlarr/application-prowlarr.yaml
 ```
-###### 5.9.3) [Radarr](https://radarr.video/)    <small>(movie management)</small>
+###### 5.9.4) [Radarr](https://radarr.video/)    <small>(movie management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Radarr.yml
+kubectl apply -f services/PVR/Radarr/application-radarr.yaml
 ```
-###### 5.9.4) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
+###### 5.9.5) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-SABnzbd.yml
+kubectl apply -f services/PVR/SABnzbd/application-sabnzbd.yaml
 ```
-###### 5.9.5) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
+###### 5.9.6) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
 ```shell
-kubectl apply -f services/PVR/deploy-Sonarr.yml
+kubectl apply -f services/PVR/Sonarr/application-sonarr.yaml
 ```

 ### 6) Miscellaneous
@@ -261,15 +134,12 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
  or

      kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
-* Delete namespaces stuck in `Terminating` state:
-  *First* check whether there are any resources still present; preventing the namespace from being deleted:
+* Memory-leak liveness probe:

-      kubectl api-resources --verbs=list --namespaced -o name \
-        | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>

-  Any resources returned should be deleted first (worth mentioning: if you get an error `error: unable to retrieve the complete list of server APIs`, you should check `kubectl get apiservice` for any apiservice with a status of `False`)
-  If there are no resources left in the namespace, and it is still stuck *terminating*, the following commands remove the blocking finalizer (this is a last resort, you are bypassing protections put in place to prevent zombie processes):
-
-      kubectl get namespace <namespace> -o json | jq -j '.spec.finalizers=null' > tmp.json
-      kubectl replace --raw "/api/v1/namespaces/<namespace>/finalize" -f ./tmp.json
-      rm ./tmp.json
+      livenessProbe:
+        exec:
+          command:
+            - sh
+            - -c
+            - test $(cat /proc/1/smaps | grep -i pss |  awk '{Total+=$2} END {print int(Total/1024)}') -le <limit>
--- a/ingress/Traefik2.x/helmchartconfig-traefik.yaml
+++ b/ingress/Traefik2.x/helmchartconfig-traefik.yaml
@@ -5,11 +5,14 @@ metadata:
  namespace: kube-system
 spec:
  valuesContent: |-
+    core:
+      defaultRuleSyntax: v2
    additionalArguments:
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"
-    certResolvers:
+    certificatesResolvers:
      default:
+        acme:
          email: letsencrypt.org.danny@spamasaurus.com
          storage: /data/acme.json
          dnsChallenge:
@@ -66,8 +69,8 @@ spec:
                    stsSeconds: 315360000
                    stsIncludeSubdomains: true
                    stsPreload: true
-                compression:
-                  compress: {}
+                # compression:
+                #   compress: {}
            tls:
              options:
                defaults:
@@ -76,6 +79,7 @@ spec:
                  curvePreferences:
                    - secp521r1
                    - secp384r1
+                    - secp256r1
                  cipherSuites:
                    - TLS_AES_128_GCM_SHA256
                    - TLS_AES_256_GCM_SHA384
@@ -123,8 +127,11 @@ spec:
      storageClass: longhorn
    ports:
      web:
-        redirectTo:
-          port: websecure
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
      websecure:
        forwardedHeaders:
          insecure: true
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,12 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["config:recommended"],
+    "dependencyDashboard": true,
+    "dependencyDashboardTitle": "Renovate Dashboard",
+    "assignees": ["djpbessems"],
+    "configMigration": true,
+    "prHourlyLimit": 0,
+    "argocd": {
+        "managerFilePatterns": ["/\\.yaml$/"]
+    }
+}
--- a/services/Argus/application-argus.yaml
+++ b/services/Argus/application-argus.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argus
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: argus
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Argus
+    targetRevision: HEAD
--- a/services/Argus/deployment-argus.yml
+++ b/services/Argus/deployment-argus.yml
@@ -18,21 +18,21 @@ spec:
      serviceAccountName: argus
      containers:
      - name: argus
-        image: releaseargus/argus:0.18.0
+        image: releaseargus/argus:0.21.0
        args:
        - -config.file=/app/config/config.yml
        ports:
          - name: web
            containerPort: 8080
        volumeMounts:
-        - name: flexvolsmb-argus-config
+        - name: csismb-argus-config
          mountPath: /app/config
-        - name: flexvolsmb-argus-data
+        - name: csismb-argus-data
          mountPath: /app/data
      volumes:
-      - name: flexvolsmb-argus-config
+      - name: csismb-argus-config
        persistentVolumeClaim:
-          claimName: flexvolsmb-argus-config
-      - name: flexvolsmb-argus-data
+          claimName: csismb-argus-config
+      - name: csismb-argus-data
        persistentVolumeClaim:
-          claimName: flexvolsmb-argus-data
+          claimName: csismb-argus-data
--- a/services/Argus/ingressroute-argus.yml
+++ b/services/Argus/ingressroute-argus.yml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: argus
@@ -15,4 +15,4 @@ spec:
    middlewares:
      - name: 2fa-authentication@file
      - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
--- a/services/Argus/persistentvolume-argus-config.yml
+++ b/services/Argus/persistentvolume-argus-config.yml
@@ -1,19 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/config
--- a/services/Argus/persistentvolume-argus-data.yml
+++ b/services/Argus/persistentvolume-argus-data.yml
@@ -1,19 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/data
--- a/services/Argus/persistentvolume-csismb-argus-config.yaml
+++ b/services/Argus/persistentvolume-csismb-argus-config.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus
--- a/services/Argus/persistentvolume-csismb-argus-data.yaml
+++ b/services/Argus/persistentvolume-csismb-argus-data.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus
--- a/services/Argus/persistentvolumeclaim-csismb-argus-config.yaml
+++ b/services/Argus/persistentvolumeclaim-csismb-argus-config.yaml
@@ -1,13 +1,12 @@
---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-data
+  name: csismb-argus-config
  namespace: argus
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
+  storageClassName: csismb-argus-config
  resources:
    requests:
      storage: 1Gi
--- a/services/Argus/persistentvolumeclaim-csismb-argus-data.yaml
+++ b/services/Argus/persistentvolumeclaim-csismb-argus-data.yaml
@@ -1,13 +1,12 @@
---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-config
+  name: csismb-argus-data
  namespace: argus
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
+  storageClassName: csismb-argus-data
  resources:
    requests:
      storage: 1Gi
--- a/services/Argus/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Argus/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: argus
-spec:
-  encryptedData:
-    password: AgAs9RV1K8QyPLGXXc0+RBOqY3VKNMa4No51KIOv9keZJavJFSzQPcuaWXqpl0fVI9zYXLyIHdyRbXL0GrvYlWboR1VPskFNcp7MnCkzRpawgo4QfE9Q+WDI4yZg4eK/8XGejAjCQU/KsFU8dVWHuHG1/W8kV2dOvKIhX6FTirKMDedVDmdgojAPMGM8+smPfC8+yBs5O4+IZtGKOe8mEH2c/3dYu6GK5q9N6czBYMuj1E0b+8fHjlWjh6fe5DDCUGUXqY2BZCxMSKOZReUbWEdPNU6MtdTHNglVhRMo//6mlA2VVkAlB9uaCdGmCMs/VJ3pS8NEeTd86zukyoY+j3JHvRrHuxGVEoKqnFE9pEgO/UB4SyuVVWbNQ4+QXdyDTHgmArvd+MfRvtdj9Kkc18CWKXyRTj41lKG+C/vBM0ATt+hk4QvacEt65kZ+fY6TZHYJq6JluuDrwQmDKcuv44uL6t9/aGpzfGTx4OnZqxC/qvX0V4GhkRzwLLxMhqZa1ZbqgRXLHero10f4JvD/usmJcHZP1hgohUXbSlOqNSWIQk0weaZjTabT1xBxXjVzDBywnzcmixmJsOuuZuvYrbrsKaHNC6gcvZArj/no9Rv5V4mVihRfGuxJs++GCAfq3FdseuMCCvLe306henvSftvSjNNodc+JFJaTf3m4PknSYH9uEkV2CXGm2obRUpUNBUiJd9Icr/ug4jOzNmZNOlOC
-    username: AgCHpKikNpk3UAHuBA62jZSTdiVatTI8Qnmiu6LGhZYraks2h9gOtgjg6mukxXcy6IO6LKVr68DaxOfvYE4LdFQdrq0SI2syzofc4n+FCXn6f2HlBVhqOFGrVE9qUE36lKHJEFccvkirzhgpy2M8OX6KtwywTBvsVujzla5OXR19vgNao9jTzsOL98wQfU1TYyaBw9y45kyCB7x8PQNw78GmeWJ5KLVNXN/yHowE8Qmlvh86QV58NuTKC1rVbSqh3VnjnZuz/BSUUDV4GitZLqWKSZ5hZyPWC9DZXzUI85d8+BfHJ7hrPhBd7ehUpbpFQfIQQA1VNAZvOEXU5EClmd6iQ3fWrYo6hOxYZkiE/qcNkSLXmbWYBixq6s7RLJwHlxVNQt9J11XM5DY9OlA7XhPa9zo8FRrYDwkjQGahgA/AzwvIKpOBbVfCMSl+crm3jjQthEL3DN/6ZowYq5NXG9n6rhvOxTjvmqx9FP3RT5OyPFkXGCrTJ8JqPgxyp/Vy6si9bjiqzwJtXY6ZeyCFLW9mOdQmn2vgFxviDM8pxaBmOJFdbJNuiHV5Tc6iM9YBi3n3hTV/tbiMmKeVQSKydm5ZGsgD4/CJT4oDFynjhWObvYPLphb/hccM6m6c7Hf/i9FI1LOCk1cBRbyXRV9Cds92OljAx3YnaumyZ5eRgdROdAbcqqhjR48k/UCsY5tUv+LktyuzVqA=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: argus
-    type: mount/smb
--- a/services/Argus/sealedsecret-smb-credentials.yaml
+++ b/services/Argus/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: argus
+spec:
+  encryptedData:
+    password: AgB8gU7Lj+Pn5B/oC8HtyKnKUzSvB7NRvxJOC2UmKjt3hj3pcRmfKrEh2khkcfSksb6x3f4ttIxYV2uFsXJfL4Wvi6zhsgvfgUHT12oD1/fuxD0LvHCm9otlGp8yyiQu5mPrFBdsGJswreBY53sD0UUdgu2riAlX0ESm+xKhzDJ6eSM8/Iz9Dq4GIhivLZ3OcZJw9hbgbelICIgvuxJZ3bWLfakPdeNDQUoayZuG3Z4GW0KPiqOMyaWz1/rljMHFaZHnFaszgKobwzPihsWWAnXEWmn54fwVBqfe/jNIo8CBvjlZGnMzinaS5lKTHObEVIG+F0XRI5VNFPa89NbsGKN71HJMFYU729lzdl58yy6B/5K789JRtxWUi/8I/7H8kLZWzUhUOqAcmLpVHKWnkH0Ub4MLtDyAaTJam5HqTtsvPDMW3+njiC+8vxC3n0X7q7pzAQQzM5JPZ7G/On6irFKe4LryfrphHiCB/gyJlLpBMXUqKJ4MvzUQU8G8e8W3OLMbtPl0O6oFuFxD8bUA4gdkoPO04bxlLvRmxlmavkbA0vFi60L6eyIOq5yzxvuEd7tzyD7SEO49hb8zW/LS/+H/PE/fCVT6crn+UbNOhgyaHR8pxlNpy6Z4PAti3mG8ZOtKVD0mx6fm8BCPHfWVFyC5YO6kNI285o4uuqsQI+SSZ+zkxwlFwvLcp1RdfJZFLUNyrQm3mlvMUY9xjZANlCHZ
+    username: AgB67La0V5HRLzZ1RqR0Y0nufYKq3z0SK/go4AQ0aaZwQEE/mIy0c6xhdkwup7ava4PzTyOavEEQoluhojOcrVTz9qKUHoMQHcnhS3NagBc/QCeA+2rL15qw9ZUn5+sSU4OhM3UNCTy2jF1kMoXr2cdCi9pALRdAXPLhrccPoaItmWkA4bMRIe3on78BQUOlhF+zJjcMciPlDo+9ywY8ArShMHj5YlRgWQ6uOJmIH5FFp2BcXKP5d0gALoVQ4/Ek4zIkk4YubtO1C0sqfbvkTW+oxeymUSLd2PddGyF18iohfrgje6PQAvvtkDBX2hUuVcp8h2oFj2JkeZld4neOYpDFbdKwe1aGep24GxbYIt24j+iFfs8txqXhQQsHJWJmwHNB2798gPvjIxPC+G90V4/drsjr7KiAgdWKUaqU5JMDVo2HTSplyWpS1LZIGQmloafWiAXvTWQVIEg2044TXQIq2X7k3npbHU/KcWmlMqR1546QawsZAnohWaOIskqEBkG7nXx/eeYk7LVppP2TqdRtt+VfuvptXgfFhkOB2wUSOwqWH7OkQu/k3jtPR0FVJni+Hc1/+fKfuStwvEX+/1bdjZuS8DUGelOb1d/pXrHw+KypfzXcOoDaO31hJMQOEalXZc2GNJleAvLAxv34s8fFWKWvnEXqwYIaNwRPvX64GtencJwyFo/rdO/HH7gVIhA2DCDQwB0=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: argus
+    type: Opaque
--- a/services/Authelia/application-authelia.yaml
+++ b/services/Authelia/application-authelia.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authelia
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: authelia
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Authelia
+    targetRevision: HEAD
--- a/services/Authelia/deployment-authelia.yaml
+++ b/services/Authelia/deployment-authelia.yaml
@@ -29,7 +29,7 @@ spec:
          - name: web
            containerPort: 9091
        volumeMounts:
-        - name: flexvolsmb-authelia-conf
+        - name: csismb-authelia-conf
          mountPath: /config
      - name: redis
        image: redis:7-alpine
@@ -43,12 +43,12 @@ spec:
          - name: redis
            containerPort: 6379
        volumeMounts:
-        - name: flexvolsmb-authelia-redis
+        - name: csismb-authelia-redis
          mountPath: /data
      volumes:
-      - name: flexvolsmb-authelia-conf
+      - name: csismb-authelia-conf
        persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-conf
-      - name: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-conf
+      - name: csismb-authelia-redis
        persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-redis
--- a/services/Authelia/ingressroute-authelia.yaml
+++ b/services/Authelia/ingressroute-authelia.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: authelia
@@ -14,4 +14,4 @@ spec:
      port: 9091
    middlewares:
      - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
--- a/services/Authelia/persistentvolume-csismb-authelia-conf.yaml
+++ b/services/Authelia/persistentvolume-csismb-authelia-conf.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-conf
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-conf
+  mountOptions:
+    - dir_mode=0600
+    - file_mode=0600
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#conf
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/conf
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia
--- a/services/Authelia/persistentvolume-csismb-authelia-redis.yaml
+++ b/services/Authelia/persistentvolume-csismb-authelia-redis.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-redis
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-redis
+  mountOptions:
+    - dir_mode=0700
+    - file_mode=0700
+    - uid=999
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#redis
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/redis
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia
--- a/services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml
+++ b/services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-conf
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/conf
--- a/services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml
+++ b/services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-redis
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/redis
--- a/services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-conf.yaml
+++ b/services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-conf.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-conf
+  name: csismb-authelia-conf
  namespace: authelia
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
+  storageClassName: csismb-authelia-conf
  resources:
    requests:
      storage: 1Gi
--- a/services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-redis.yaml
+++ b/services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-redis.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-redis
+  name: csismb-authelia-redis
  namespace: authelia
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
+  storageClassName: csismb-authelia-redis
  resources:
    requests:
      storage: 1Gi
--- a/services/Authelia/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Authelia/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: authelia
-spec:
-  encryptedData:
-    password: AgC/GDJHhqeyFSWsJ8Ie3tt9ppAe3Ns6tt29rieMKcJrQ71sn47MFEow9SOJJVNSjzUWukDg8tRrkq3CdB63jz7NO6CWKNy++nlSU0adDtuwioNUov3a9bnhzgdjjM/ZzpO/pz7j/utGFO1bkPWn4bU/tGoRYM1TsjP1t9m2qL/Me9LigLtafG8LTd/JKNHdyvii1CNcWkZoxKTocy+YdB3hA+0KZClxaQ2O5KPZMl6AoxJGWcuOVpvqQ831Epkl4f+uJp+YtMZbu+poB+hxhuhFZZH9Sx1sn20mZd8M2Kc863oJjzpZPAR5I9faMmDyEqBvJmdS9C9dZrpIdeDZFm25QYIGgu3ZNk+LItuWSoW8kZGsEefsINV6rqAOQmysfvq5aPkYe90RHvaf6Nf0F4wYq1fEiEoSnLPH+J0ToUSIPxMftBcXimTm/HtkUJCg2+rDb+EHp9ahjGaJBp45vd8hOKSF50GA2X8e4UlvbR6QBib6G//F7Pf6OBgsVxSvKQmlSsrBJRo3hxm7G7iLWd5lCmk0jbgRFWJvEnQMk/FqYoc/fcodpGtzEM0I6jL4Kpi1DnRnIgHQTWtU3LVF9aym2H1ExhZfhu0I2F56VQsQcg3vUVOBOwF+XjlrBaAEAEMcbBuigUbvqiSfpUHMQJSsIjtnkAEUs0/19iNCNNSvmjENr5Ml+88iqYQmg9hY11s4LbrsXa5t8q2TgTBrfPVw
-    username: AgCORI9b0L6FSdB+yDY6VEq77p9CFcwnpZ7nb0M1bz7tVNluYQSB69Y6dLTDCCVx2KdOXyU/QOdb0z8mzEywtC9R4Kzm4+SkTRHgrKOTmxXF3qW5VZDe0UlbSbJUUb3YdC9k2HPPoUvg45woGv1LGXFHgYTxbG+U1lxU8LDoMKfBQ3+GaeUUjI2bx33kyHKztyQizd+b2eSkoSHwRCHiBWZMNYa3zEvY6+07ytKJtaOhGhVsdt04blw4jUMym2sHOBCf95pAzI9gJH2RcuQBQI+ZXci0VeMPvmY3B6T+MruH+1Goy+/HoZOjI2Keu1Jk/Ppg/1FyB9VGX6A2YMyismk8LKWKG0/RNBfWn8RcDVlpgAcjDeX2PdYY17E/gZz2NLnIctBJ/dc93QjrAp/ZfLXBakCA3d0LKLFjUbpKwgaST5wnKif+UjqasDyjVkEG7jK5lGk3fmRCDyPgyxzqkUOSeCHQjDUa07AqKm56qfz/Wr9gm94VC1GiQ39F5/LAnAa2+qAQyJ+RVCBkXmt33sDSvelmXKmh9rIBCvsIxwUSkprpf76HcReRjaRv/9CyuPaskjYAkwOX6/NQPDQVHgKYtvoUhm4OnJ4amrsK2tPco1HC9xPGFIhrqoWeyfiUc1ui8IjxO5geV4hAWSUi5J/H3XBXsFpQt6ZqbemTnQyorTGd0asNP/6OTBtMcIgaPMmZi7F1Olo=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: authelia
-    type: mount/smb
--- a/services/Authelia/sealedsecret-smb-credentials.yaml
+++ b/services/Authelia/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: authelia
+spec:
+  encryptedData:
+    password: AgBFKV//U1Pd9HlRAIk1Mv4iQBs5A3Z2ixe5RqglCAmpeG5AgS1h4pIuZSN6tEPAj7lKkkFt0LkSQIlSIBiU+Rqw2ziRwQuntIOy2IRmGMRyHA6f7AdFM21HHI0eS7ND0yamlYV0RPidyn7TzYhAmAoECsFzU64COBYZcZygVquOklw5zTH6MlXzTC6L7l4FtbQa1mvuIgGT5p0jXarSAAODOPm7O1c+g1aRvqWDSz1LI5wq4c5kSXdNlgH6+ZNLiYNKUx5HfqujCsd5wHW/hou0JpliiLFsADW0YXssLgb1zkCG++FdO+Pt/kDVStj4yFcSg7h2Ym0U3kmKx0H0mH7Qz91N5hV61Cc3Yh1ngyVS1bmW4xvlEy+yefYwvqWjWcoQHtBWqXJvNOcBkigo6+fd16YhHwRVp4REipjd7E5EXqVdKFkwFznLK4lm9LmCFT++WT5v4zJNia/AkXsAZwld7T6oR0uZ5aaXjnGh6ah5QRstAs3fDaJBObPPUOdBgxQ5mutp3AZkrWJnX534YRLtWkTrVftCo8hxbsVqA+h5deGKuBPPCGtkBbdk3ytrMmZ3sSw4ZZO76Y9aEK8eG/N+i7NOi1DM5KwMknURR2c5WMlbAABkUswLlB/ChnUcWhsJ2ooS64kcGGAAoqr81fxy7EKK9KzBEqzQq7dXZg0U8786xD4yQQyy2FercGY5g2HAsqripRbvCCNkMihTjA7d
+    username: AgACSLitw/XzwlDjsVTrwSEUigBO9NGtYTxK6oSpkuervaZW3K5t1O9CUNm3BfOUTaz/yZDnu+LtgXbVMIKp/SM6ivmCzxPO/4Ph+UD5m3mogGl0fV1agfN80VOsxbpZHwXmTGwws9jY4jFjFHRroNgfYtpwp0f7NYiuYCg0c0+9xrm3WURKcMoUwfm01Ut7aSld24xLgePYtiS0YzbhYg0bDo6sSGUWOgyxJxRiMaqCu5JNyQl5byJGUuOgJB1J/ccsZwu47WdercWiEcSQgd1SZpBJzvzIaTpyaafAd/L/uX7cXJW3RBAyzwO4mq5hdiYXzRG12FKJB+HSaYOEJatM5WFZTNLtLR+S+6vrOIA8KnPeOF7HQUupVolYGH/Aq/Kc0o33iHi58GyFIJUnY70HwJpTgF1e35Hbhip83vjQEXcB1Ly7sSbGT7UbMUYjyVSHRXoNg5QY4YXIkWm3qTiWr+ws1JYX3jpkRswYsk5mIvTneF2grGgdcNJG4XBKJVVn8BLTsW0wC/BAA1thIn0cLgCN3tgT9bgu/r518TMxa8hOdLsNuCJqVr6CLEWuoFqB9QswS/4gYwUZgLlbD2FW1mynLq7USi+hDt8sPjrZKQYmGhLDdlTNEF6YBOX4xDmXYvc26cE33QYyAU3+8lpRTIHX1l0OfjQ6tHprvgZbMi4hkDtdZgW4PgvE8wLdr2NpBO8CEv4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: authelia
+    type: Opaque
--- a/services/Authelia/service-authelia.yaml
+++ b/services/Authelia/service-authelia.yaml
@@ -4,6 +4,7 @@ metadata:
  name: authelia
  namespace: authelia
 spec:
+  #externalTrafficPolicy: Local
  ports:
    - protocol: TCP
      name: web
--- a/services/DDclient/application-ddclient.yaml
+++ b/services/DDclient/application-ddclient.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ddclient
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: ddclient
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/DDclient
+    targetRevision: HEAD
--- a/services/DDclient/deployment-DDclient.yml
+++ b/services/DDclient/deployment-DDclient.yml
@@ -20,8 +20,8 @@ spec:
        image: linuxserver/ddclient
        volumeMounts:
        - mountPath: /config
-          name: flexvolsmb-ddclient-config
+          name: csismb-ddclient-config
      volumes:
-      - name: flexvolsmb-ddclient-config
+      - name: csismb-ddclient-config
        persistentVolumeClaim:
-          claimName: flexvolsmb-ddclient-config
+          claimName: csismb-ddclient-config
--- a/services/DDclient/persistentVolume-DDclient.yml
+++ b/services/DDclient/persistentVolume-DDclient.yml
@@ -1,19 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-ddclient-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/ddclient/config
--- a/services/DDclient/persistentvolume-csismb-ddclient-config.yaml
+++ b/services/DDclient/persistentvolume-csismb-ddclient-config.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ddclient-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ddclient-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ddclient#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ddclient/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus
--- a/services/DDclient/persistentvolumeclaim-csismb-ddclient-config.yaml
+++ b/services/DDclient/persistentvolumeclaim-csismb-ddclient-config.yaml
@@ -1,13 +1,12 @@
---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-ddclient-config
+  name: csismb-ddclient-config
  namespace: ddclient
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
+  storageClassName: csismb-ddclient-config
  resources:
    requests:
      storage: 1Gi
--- a/services/DDclient/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/DDclient/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ddclient
-spec:
-  encryptedData:
-    password: AgC8YpHe7iZjSbAit7fxn2+JSSoZWZEyktda/agtNTubuwm2n2ZUAQ2QLBPkotkBNJMwAJMJ+LM27EbRGplDkEFfYvIRu3vJk+tj4eSPSlsJ/5csosSafU93cDe1y1Ifj2DCm2ad1CkSy3dc7L+xggIxY301LgIZMMZK5nZi4j4cyP3/Z5H7NSQ4NvkNT/UDiQ0HtLyFfwOArWgRtfS3+BEfKKzlNuRIbK2GgNb0O95VkLVXhNv5mqd6SDsaOfVZ4/ZMGWjp4PNdS4NIuPQ6wvuOnY+6+FVNr0wpWWdbvDk1SvKMc/GRVwxtW6xNFuL294jrUgJgo5QAcC/kQ9+6AVN49obx75XsoztB4zglvFhMxgD3UDoDmBKzMD/35VLtxYwvL/KC3lgwgFZv8gCIh35yWSLOsEN0R8WSeUlKKqiKaYT57cbg1tZAaug3ButQkacJfxu3ebCXU7xkNEdYAsYLI9Hay33gVMHmiGzF8KVgfl2yO7Qfm+vswZVmLPQxOxHdvKciO3v/+bgLoBc7OHbIME2IRjWNu8zM3fUW+2k34duC0KVUxdDgCXOFyLV8WvaBUld6IXViBx5CU9OpAlJvka0pz/9ehlzRCx6qZ55vhPjeEUA1Y6zPCMYQY8ZikB6Xti7md4a+qWYgAmvekMSB7fSrd1JyWzKgSp0LB0ihflIQDTVS2sE6RwerFf0Qs8vJOzaOs0i4mS1V19Yz10Gj
-    username: AgBwnjfl03RuFpBuCMP5E5a+UfVow+tJ7kLVgoZlFC2qrOHZ4R0C4nwLZyKmSjKXVCJ202jqmkWo5Y1uSJIKohIS04U+PS9f1zaLXJthJUnEFlszyF+/UHamuePpT7rn3+woDPYqrHhEmKYAScWNUeX/LRvFekbRWROY0ZFiXq9Oi5Yr5wDOJC0iRGKOs6zMn0xvkdOEtiBLH0Usn6yT3VWov5e+XJO7uWbhozMvx3Cypqrf/zBOYBAZw9nxpA8ccNko0mTlTgWTQfvQScP6zVQQWeXGR/w6kSraLU0EqGI7v1f99s9k77AOcUFYEBLwjYHUEQsUqjWgD5fXa+6zVuNtWxAgYmJIdIztWx/3jKtWGy35nlovVIiF+RZFF+CbGZzlBEYhcW/ngZnK4B5MCvwAUz1YCrIiF+nQPGrHLPQ6H4xYiwMGaQa0CkJfWAgi2agljTFQUJW1JF19MNYFUxChz0IrUb/SKZ7mr1LGuTP/9b5PqdaqGSVIaiwDVfWDJoClM6kMg06E5hOcYvTnrbxBkl5966q81Qhj6OqKaXXtd4GG5FDTVLiw+TwPjqC1YREFE8/DDJIe0r2GbZOVQit3VCH4gZfx2FSSseoR8WZNvHw9r8mRZ1C/0Ruxr7Ed/3uhPlwNYqBYNuLKDlSu3m0trvq/Eo163X1aBSN64VMoiXUn53zgOClcs9/PgfjTXwZXe/2w1rs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ddclient
-    type: mount/smb
--- a/services/DDclient/sealedsecret-smb-credentials.yaml
+++ b/services/DDclient/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ddclient
+spec:
+  encryptedData:
+    password: AgB2+te1+XyMsfrWSl7iEmz0O9dV0h/CrzroddfZ8cvFpP0ObGx2Lkn3nvBu2U0/aMpXtl7CV6dARmHtAV4HjoeNTtNFVtnipa6aoQYtzxLSOP/oMJQdPnXNUKxd2LyK+vKpSQy8AXR/zh3dcMJxoxfS7H/Uc/f66ogRP4gSK0JohArjnYZexlIxF3jHEZf2iHp+gGXA5ju8lO1vLl4CknnnH7Z6f1/PDrN95tePv4lXnZe2D7Yb+4Aw7Fo2QtdpsmToEoIdS96X2cBHG5iSsDdeZ7JSL1LzcWWGtt0fbhQQAamPMcNvKv0R1MZgg3A3du6Yk64Fj6s5ngo8XbTk1rgRa2Tv3ODuNvrJrtTN3QGQjI5hgqrivQB5hR7hOt4IXyc2EX0stMlZSvoelrTJsK+Xuh9fyvr6K4nA/QzgiYCAAJQT6XdxN8p1VzSENwjo0EwNQ8OyDY/nUMy7assx0vGYiJj1KbzW0dG/RERBLoC2RlxQcTFSvvwjZG/itV8ffoKdrbsz9p6nJVhh15WvrfV5csBcDAr8r0h2XjoJLUpJF+p9u56UKcS9qAgtSHYbCah9jOFbjFlcPWCrvnUqMV7nU3iwSMYM6q8OW48LnEmHHSwKSMp2auo6o36lt6hge73DGMGxTrHQHn/RLXVdGFsGBviMD54clusBmeOhFU1mQfXWDpgIb3+cwESyMrkpeSqwWqW8ztGj3ovmdbo1NlJa
+    username: AgCIqggFRQB1jLa1I/W8Q5fZNMQyLKSLmx3UjMwr6MNsWgmIcs9xGs14tA3GkhiMpa5QScYWIGLKjX4Z00m+oZjc0WXHDUHmgFA/Bda9Bim5HpTlMYvPGFNMn222zArVD2s/Yhc3Sgcllx/1aGvhHNhlvHVxPXXuLzxwomAL9XyARQ2k9haqC9OUxssSbj5c2l0FDLmEw9+GGuomYJ0FtQkCdv7vp3AXwNUHrfJhXDJAGPuVH554q9y66E27d4DJlnuWEKBP9v3fj/rNAMBANyZStJ4XXQykSpJzzWFM0vYSpiYf9aQJIv4SuNVS58hEVMv8roPBpbcMFL0WCZ8RwMyaNrOWPHROC83BXoLBt9N2k+a2E3B+K9btm1QsqIXaNwPrQBG+adB1OWBIuYU4KStETb5LyZDhdah3KrUL5BLYFmsdYll5KOMPGZJiduK6A443ekQD1mEB2XW/PMjsd1CEqzohu9dip4FjXoW3IOlzVgArMOXBboU6SX7TY9jQ1Xr/GwwXP8esHp8+ct13f6Xqq0nnscDvsiMaw6SiX3N1dJ7ouNTQ64AjND81X5QaRU3+BuniKUAJtwdHFXdrtjpIbZtHDipVXVRJDwLs05O0hTsuLa1vTb7FTAdc+4ezNZHbfbq59W3gvcomue4zCT7NkvBW9agN4Z/+JV1glRjKo2D8uPK1gXbi3JAJeU18WsaZ5CVc5y8=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ddclient
+    type: Opaque
--- a/services/Gitea/application-gitea.yaml
+++ b/services/Gitea/application-gitea.yaml
@@ -8,16 +8,27 @@ spec:
    server: https://kubernetes.default.svc
    namespace: gitea
  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
  sources:
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+#    path: services/Gitea/manifests
+#    targetRevision: HEAD
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gitea/manifests
+    targetRevision: master
  - repoURL: https://dl.gitea.com/charts/
    chart: gitea
-    targetRevision: 10.6.0
+    # targetRevision: 11.0.0
+    targetRevision: 12.4.0
    helm:
      valueFiles:
      - $values/services/Gitea/values.yaml
-  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
-    targetRevision: master
-    ref: values
-#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
 #    targetRevision: master
 #    ref: values
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values
--- a/services/Gitea/manifests/persistentvolume-csismb-gitea-cache.yaml
+++ b/services/Gitea/manifests/persistentvolume-csismb-gitea-cache.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-cache
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-cache
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#cache
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/cache
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea
--- a/services/Gitea/manifests/persistentvolume-csismb-gitea-data.yaml
+++ b/services/Gitea/manifests/persistentvolume-csismb-gitea-data.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-data
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea
--- a/services/PVR/Radarr/persistentvolumeclaim-flexvolsmb-radarr-config.yaml
+++ b/services/PVR/Radarr/persistentvolumeclaim-flexvolsmb-radarr-config.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-radarr-config
-  namespace: pvr
+  name: csismb-gitea-cache
+  namespace: gitea
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-radarr-config
+  storageClassName: csismb-gitea-cache
  resources:
    requests:
      storage: 1Gi
--- a/services/Gitea/manifests/persistentvolumeclaim-csismb-gitea-data.yaml
+++ b/services/Gitea/manifests/persistentvolumeclaim-csismb-gitea-data.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-syncthing-data
-  namespace: syncthing
+  name: csismb-gitea-data
+  namespace: gitea
 spec:
  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: csismb-gitea-data
  resources:
    requests:
      storage: 5Gi
--- a/services/Gitea/manifests/sealedsecret-gitea-admin-secret.yaml
+++ b/services/Gitea/manifests/sealedsecret-gitea-admin-secret.yaml
--- a/services/Gitea/manifests/sealedsecret-smb-credentials.yaml
+++ b/services/Gitea/manifests/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gitea
+spec:
+  encryptedData:
+    password: AgA2STKBdZL5heP7usLfB0fcgR8VzAljmt0VbBkRtF6Kw0rOMJ9o64CDDXgjm8ZGdjIbAkBGklf/EUs7YD+RtCM+vSyPP+UB8ZQe9EtgsnPvL2wIHe0zgMYzrxd6n1LYiKzgBnq1lbXUaMcBZM3V2C7REZqeIEEXAs3g408k64JBtGdqGhlxfNq/Mj4M1HNvGSK1extVnqw170oK76e1COcTiTj6fNPRgTq+s41zHwATdgBbqR89mnVxbuguQui/ymqsBLE5+pZX3pR6eABwdzyhJ+RRjINKY8QM+ku0im5oHhqlfZyOJlXh/dcXeGcx8QKm5KbDdto9pOfQz/D3P7oIAJF0mhD04DXRDdGoZQnYrnz24zy+xq8bldXZ6tnpoSdJd9VqWozNJJZFFQJb2IlGU/izp42H72vFNcVeMp22esc8NzUHsUtTyFr38Y4SnPdJ3Tblwd7/3O9SvI1DaFDBTKm7nNekGCycBm9pJvC06eq5SU5DggW6ChZmhSfgDRqIHGoP9Sp57QRIrd6/IJwUwSjQaueyVpEod0ClgTo8uhSkJmMvExQnnBYT96y/NkqTnK5z2nVZfRPw4+ZcM3oOB2xyi2eMU1YLivy5DAML0E7NZ0V37/LvxIH4ppV8iRq+BcVOjggyLDNpV9veYTza5p8zLdufNrrcDRIrNx3orWiIs8r0swjnjzncmpQfYvosW/YTb19wxgE9zUPZZ60d
+    username: AgCVJ8IrRrZ4R98Yjs/K9Zj5SWE9kpQWYB2DBGTMulhEKA+KuFjGJL/P1/3Nkq8HXzfGehTXhIovwPeNbZh39SPrPFAk68IMpJff9PYbQEh2OVPlihDE875Fr7YLZzpRU4uUG8ZlbSIGSFji6MaD2oGSKd0JVm4+ojuHan3DUlbpAAg/++hLofhAucpQZITdLEQ2qLuHZ4Efob94lHWImfp+NmarIUZLxSq/NBHbBFvPRm/vRPKRVmJslA6YQzVpChtMNQqGpHuDV6soQsfNHqLaifpwKxuGHljuMXkBmeZ0Sim8A5Vlf+rYwQLAnPW1K6tUiH8Umz3049vtRIHIy8EYcPm6pSXNFRjQhP2Gy8FKafV7jPBk/IOKnSvEO0N7jj4guomYPkiAvLAE/m9dPg5d06nZ4PQKkma2dPcifXMdaXPS4txYF/neWkEyujtOHAPWixxvGKB6SoGQEep81nbiK1MmQxk14NgsICHqB0H8+KowajZ8t3ao5ZtGQG3PWDSCvYaaZjZ48ATq0/8GsnAZABqlw5JKRZHfBjLEfFyFGZup3EG4W5Z5xDQD/YGUeuSwg+/7vLIQ94A4lwhDnfkWk2XUTJ94y3xVUEEyXMlxV75b+5uCMUNP+Cdbb5QTWXyg/ca3DTViv1rfvjhXeu9TPmu9GESvNLfSech0Rg+HNlIhYjtDUIpbJqdeja0aNXNuiJrJ9Dc=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gitea
+    type: Opaque
--- a/services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml
+++ b/services/Gitea/supportingfiles/configmap-gitea-actions-act-runner-config.yaml
@@ -0,0 +1,31 @@
+# Source: gitea-actions/templates/config-act-runner.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitea-actions-act-runner-config
+  namespace: gitea
+  labels:
+    helm.sh/chart: gitea-actions-0.1.0
+    app: gitea-actions
+    app.kubernetes.io/name: gitea-actions
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+    app.kubernetes.io/managed-by: Helm
+data:
+  config.yaml: |
+    log:
+      level: debug
+    cache:
+      enabled: true
+    container:
+      options: >
+        --add-host=docker:host-gateway
+        -v /dev/kvm:/dev/kvm
+        -v /var/run/docker.sock:/var/run/docker.sock
+      privileged: true
+      valid_volumes:
+        - /dev/kvm
+        - /var/run/docker.sock
+    runner:
+      capacity: 2
--- a/services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml
+++ b/services/Gitea/supportingfiles/persistentvolume-csismb-gitea-act.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-act
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-act
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=strict
+    - iocharset=utf8
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#act
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/act
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea
--- a/services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml
+++ b/services/Gitea/supportingfiles/persistentvolumeclaim-csismb-gitea-act.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-gitea-act
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-gitea-act
+  resources:
+    requests:
+      storage: 5Gi
--- a/services/Gitea/supportingfiles/sealedsecret-gitea-actions-registration-token.yaml
+++ b/services/Gitea/supportingfiles/sealedsecret-gitea-actions-registration-token.yaml
@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: gitea-actions-registration-token
+  namespace: gitea
+spec:
+  encryptedData:
+    token: AgCfSO12i+bhMyaQo8esgDhnxc61L5VUGnT+L6q3rdfAco/pgKk6ZKS/p5+oTCu24VIGWnKq91IsvMxPTECfHmy6Z2ah8C8HNUCeOIupzz7QMSkGJuF3Gj0dB92bGQC34nGSmtl+Z0EXxfjZobaYmO2gZGHA2Y6FEf45bgb6wE3uxkv48RsWLDN0gW/FbQw837hcHxjx7Ivf5dpZu5Th3bTalKmEyoIlh7RCzsF8IV/I0V9ztJPeBpTRjUAYryVs8JgqrCW5DQQqAeSTRxccdb4Ldj22XsSOzKMXxsWbIOCqJ1arFZF+fhw3ITEnlDAn2N7Hl5keb/D9lleFcQe293f5+g/sfttVeR0G3a6lGrG0OzY2c5+1pH/Dlt+BfVWcdadV1HGqig+ZrAGQmz4XgUlcFhSuTBw+8pjyECsV+ueysi6DuPDiKh03ienc1dZY53yBo+e6QfV9Z0aIEsHheqasbIn1uh9StwqygTO/i7En3aJSBySuuHT3AMmBwKELsHyNQEgtIFocMjDJxOsxIj/3HYDdBzkEFoyx491hZSnV1ceJxN5BcgYMENJ6D/B5i+Srfyzk7AUD4fcuiyrV5ZWnnuHjOG57UlLXIUWBdeXdy2CS9+POltHuq5kGkku71UEJ/MLuZOHM+Iy/AASErsds9roZ1cBf2n4FpUXe+LwGb+RbvrLl1HETW2XnbsFMleiOx2wicvDsQ8CDSv9RVmxVE6TepHSrrDd2Aq+6PjCfkTpcUVhZYQ8s
+  template:
+    metadata:
+      creationTimestamp: null
+      name: gitea-actions-registration-token
+      namespace: gitea
+    type: Opaque
--- a/services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml
+++ b/services/Gitea/supportingfiles/statefulset-gitea-actions-act-runner.yaml
@@ -0,0 +1,96 @@
+# Source: gitea-actions/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: gitea-actions-act-runner
+    app.kubernetes.io/name: gitea-actions-act-runner
+    app.kubernetes.io/instance: gitea-actions
+    app.kubernetes.io/version: "1.24.2-rootless"
+    version: "1.24.2-rootless"
+  annotations:
+  name: gitea-actions-act-runner
+  namespace: gitea
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: gitea-actions-act-runner
+      app.kubernetes.io/instance: gitea-actions
+  template:
+    metadata:
+      annotations:
+        checksum/config: ad47af25f4f7946653b7371987b3a1aeda98d837c5c0c36a47c133c0fe0503c0
+      labels:
+        app: gitea-actions-act-runner
+        app.kubernetes.io/name: gitea-actions-act-runner
+        app.kubernetes.io/instance: gitea-actions
+        app.kubernetes.io/version: "1.24.2-rootless"
+        version: "1.24.2-rootless"
+    spec:
+      initContainers:
+        - name: init-gitea
+          image: "busybox:1.37.0"
+          command:
+            - sh
+            - -c
+            - |
+              while ! nc -z code.spamasaurus.com 443; do
+                sleep 5
+              done
+      containers:
+        - name: act-runner
+          image: "gitea/act_runner:0.2.12"
+          imagePullPolicy: IfNotPresent
+          command: ["sh", "-c", "while ! nc -z 127.0.0.1 2375 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- run.sh"]
+          workingDir: /data
+          env:
+            - name: DOCKER_HOST
+              value: tcp://127.0.0.1:2375
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "gitea-actions-registration-token"
+                  key: "token"
+            - name: GITEA_INSTANCE_URL
+              value: https://code.spamasaurus.com
+            - name: CONFIG_FILE
+              value: /actrunner/config.yaml
+          resources:
+            {}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /dev/kvm
+              name: dev-kvm
+            - mountPath: /actrunner/config.yaml
+              name: act-runner-config
+              subPath: config.yaml
+            - mountPath: /data
+              name: data-act-runner
+        - name: dind
+          image: "docker:28.3.2-dind"
+          imagePullPolicy: IfNotPresent
+          args:
+            - dockerd
+            - --host=tcp://127.0.0.1:2375
+            - --host=unix:///var/run/docker.sock
+          env:
+            - name: DOCKER_TLS_VERIFY
+              value: ""
+          securityContext:
+            privileged: true
+          resources:
+            {}
+      volumes:
+        - name: dev-kvm
+          hostPath:
+            path: /dev/kvm
+            type: CharDevice
+        - name: act-runner-config
+          configMap:
+            name: gitea-actions-act-runner-config
+        - name: data-act-runner
+          persistentVolumeClaim:
+            claimName: csismb-gitea-act
--- a/services/Gitea/values.yaml
+++ b/services/Gitea/values.yaml
@@ -1,10 +1,10 @@
-actions:
-  enabled: true
-  provisioning:
-    enabled: true
-    annotations:
-      argocd.argoproj.io/hook: PostSync
-      argocd.argoproj.io/hook-delete-policy: HookSucceeded
+#actions:
+#  enabled: true
+#  provisioning:
+#    enabled: true
+#    annotations:
+#      argocd.argoproj.io/hook: PostSync
+#      argocd.argoproj.io/hook-delete-policy: HookSucceeded
 gitea:
  admin:
    existingSecret: gitea-admin-secret
@@ -13,12 +13,12 @@ gitea:
    APP_NAME: "code.spamasaurus.com"
    database:
      DB_TYPE: sqlite3
-    session:
-      PROVIDER: memory
-    cache:
-      ADAPTER: memory
-    queue:
-      TYPE: level
+#    session:
+#      PROVIDER: memory
+#    cache:
+#      ADAPTER: memory
+#    queue:
+#      TYPE: level
    server:
      APP_DATA_PATH: /data/gitea
      OFFLINE_MODE: true
@@ -35,12 +35,25 @@ ingress:
        - path: /
          pathType: Prefix
 persistence:
-  storageClass: smb-csi
+  create: false
+  claimName: csismb-gitea-data
+  storageClass: csismb-gitea-data
 postgresql:
  enabled: false
 postgresql-ha:
  enabled: false
-redis-cluster:
+valkey:
+  enabled: true
+  image:
+    repository: bitnamilegacy/valkey
+  global:
+    security:
+      allowInsecureImages: true
+  primary:
+    persistence:
+      existingClaim: csismb-gitea-cache
+      storageClass: "-"
+valkey-cluster:
  enabled: false
 strategy:
  type: Recreate
--- a/services/Gotify/application-gotify.yaml
+++ b/services/Gotify/application-gotify.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: gotify
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gotify
+    targetRevision: HEAD
--- a/services/Gotify/deployment-gotify.yaml
+++ b/services/Gotify/deployment-gotify.yaml
@@ -23,8 +23,8 @@ spec:
            containerPort: 80
        volumeMounts:
        - mountPath: /app/data
-          name: flexvolsmb-gotify-data
+          name: csismb-gotify-data
      volumes:
-      - name: flexvolsmb-gotify-data
+      - name: csismb-gotify-data
        persistentVolumeClaim:
-          claimName: flexvolsmb-gotify-data
+          claimName: csismb-gotify-data
--- a/services/Gotify/ingressroute-gotify.yaml
+++ b/services/Gotify/ingressroute-gotify.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: gotify
@@ -14,4 +14,4 @@ spec:
      port: 80
    middlewares:
      - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
--- a/services/Gotify/persistentvolume-csismb-gotify-data.yaml
+++ b/services/Gotify/persistentvolume-csismb-gotify-data.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gotify-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gotify-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gotify#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gotify/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gotify
--- a/services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml
+++ b/services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gotify-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/gotify/data
--- a/services/Gotify/persistentvolumeclaim-flexvolsmb-gotify-data.yaml
+++ b/services/Gotify/persistentvolumeclaim-flexvolsmb-gotify-data.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-gotify-data
+  name: csismb-gotify-data
  namespace: gotify
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
+  storageClassName: csismb-gotify-data
  resources:
    requests:
      storage: 1Gi
--- a/services/Gotify/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Gotify/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: gotify
-spec:
-  encryptedData:
-    password: AgCbVh6VlH65jVBXiCQ0Ak3+XI1AyCaTykxDzi6F/4FFnXl5jRmJAGank50t5kt9GLpIqNPdx0ZKxlDgOVEiFjDf6J14jkYMrOP39oYcqDfg6ZHmLAvM1/LzjAnd0pR3C7rDc8TCOUGSjw+j1PjOoqkS0oYPsB7xTBkappF/e8JcmVO6DZwdZDyHMEAd/DgGE+BZNbPC1JPUv4D9l/lSAri7WIMhh9dhcvvvV+KJ/YuAksxLY4ruomtwDmYXNHh3X6BZMbOXwgxmzGU6wtOqxCWC2IcMEMPG5/AaH2A3oXLqMwIcVD+WOb2zHI7dCtDdRVTblh4gqylmm0iCLsFfhztj+1/EPGL4fpiqXgjPs0EjKY1bFndNiKw3d3zK58Id8aHnJWXcdrIuNm0sJlXIt8k6vSZTKcT5WiDeKBgqubCh90MZbixThRTGhZ99CuznvukbCGm0ukL+/s7y+8zN7hRwIQFnUrGFFha951t8SU8JTc56vKhJ+cf036ka3y2fz6zVMFfxp4K5S8RiQ3RS5jWdzmby5KGZvh70WGrbXrWWuEeVlCF1TU3nrzLW2g+eKCn5cRVU8oN2CvWPRIDJQsNNGf5rCc4Zhy7ikjwBWIFg13YjdXL5dXyCHRBwllyZqqlYAvpxxSKexClMip2cvLQ4gTP9saO77+gAYbBKz/x7/xW6ZWH1WqspYTi6K+5zBsgQ+rVuz04sfLp2iRObs+Zp
-    username: AgAoVIGIHXhuW3vITMT24TGVNBKhxHvVqCqNLJwShqA0xqWLfd7DE7YXOe6/RV7bcBIeQOYxNCPDmMhild4tAx9Rd4PLV1c6NQdOUYqiRbIuWS32R74g4njL+7eBkfi8aGZUXm0dLBy1jFNHEUd+XssWIbQDsbu8fbRD1ENgmocc0dAmfDTuiqvZ9hIAZFEOjmjw3PIEgJw1FXFTWOUIc287MEk5kJ+7oYzdA52qBt6nrfGapFCvy1cSmiKhhY1WYEEn6Rd0/XWlMd09YH8rDkt9gkvP3omfVMzJ4WUuFaDlfz4WnWdOSy+XGc39xOsC6zFC9FA0t3FGzyvyucmroabnUI51LGLRQ5LUgmAhTfSliZFZ+nXWa7sSs2N2CtCSJExG3mgZ7js2s53mHM8XkcCYJfsaNuGkVDCzJI/536/3mB7xe292h4DJmOu3JO4cRIivu8Uxva4j+KvByfhnHdhiZUERgJKtljc+32Yg1f6Z37GYbUBjnzmgm/+b5JMpAgEeu+KaTU9QK2WgwlY5pTLle/Q6oyrqB9EsodhosuQvi/mbq0ZwrxCkcrp+IZKJdauFyEuLhO4WEi7zdxFlAAA1bGfepkJC2kV540o7Yy6CfOM22E5XPBlGhCraGVjYvdUfyFxI9bR8HyUv7DjT/oaJmkm13KNsJNn+K72I7YjZDgiqCXsChzdVv7BkySw3glvwXMTCIrs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: gotify
-    type: mount/smb
--- a/services/Gotify/sealedsecret-smb-credentials.yaml
+++ b/services/Gotify/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gotify
+spec:
+  encryptedData:
+    password: AgBn2ViZ3H1mko/y2yOi0MvU1GKwx7F0+QB0QBDuCxg9MuF/EZGDZN6kRxBjuLk5vDBEpinKiBCKpWU/xPonW34m7Vr9tqCinjZOtnEupy6rvnouWg5J/Wee0Xztn5cPf++8adIvv6cOO2boEIbMyUNyaZ7B0tQZ3Z/sG+LOHGp3emew7mFa4r7m1UvjLzeCcCvFVe2qIfJdwjYZH5zJ8pZ9ARJLNR4T/TgBZz6hOeMn2PzkUs+3fX8B6dRn/cMerBLJumy5Rj3QpfIOpsWMraVZdz0qC9DvfijjphmKAeKPqM/Yz/rLIvESy+JpdWfZM214U/Dm80oJRioWytgTgYPEi+KOJy/N/dZlKch1ocMQg/QCYPAcaTJ+aY1hvqA8O9Te6BpPZrCIRtI9jmWXUhsBsZnTFGx7YVznk6lC3j2Ry3Z7IO31ZmhGfMoMwyK8m4zR9342eMdkBfBcDpxyU2YiZzkHnj9S+CxaYLSf8X9KL4yOeHvZWXXxYoM13eI+qiUY6QXf1ucCtRwtL0RyIiGMR+UB9Xi5tPmRqrH1IqRhAiCDJ5f7GCWsJ6xuqbNpB+hyhNZceCEzQ8JdT0WFb3GZxv6PAvtG7YhVDR5MQL9uXxGSzxxgGOupnYh4TXUzjD7plLmh1W0UafZ6tEASiPhAgfFbEzjdwEGMHD6UjT8J9rwGUpTMWdmmsIEsZLAnXGPCBGkDI/F7ctdTyTRivrmA
+    username: AgBPbShedVwwz+BUdMGGdXiOMEEYhGw56MlQSXQnR/PyCIn2L+lvyxXgzPoryovJiFcdc91Fs0R6z3bgTpPfx0MdQLgHp6DBwwzcfw0Y3ZLTDPlbLAYjpS+bozqDEuWJJp95xGVBgFW8zyploHUqfY8/+D4KVnoK9eNvTjpIzwWsmYV+vxzhuZAV302SjnSCwsb/S3NkQ8FneHocY76ynQegtcgiI5x0qBOUL3lbf3mtuGrh7EPQxJAL5+w07YKRKNj5bY7fuJTG7yiw55NFFYvUaihrQOpVia4OUDoPjyE/nMG/SlCIoiPlHiket/6TU/7jV9zDGwxclaj3iQdzpwIq3chw070KGvx7eO6U/VwlUAPElcpdJKVNh02aOsS1TM80EVHXIhMA7UXqOj1HS7e4RtZ7M2zKIhcIJjDBgJMQ6+EjQ4JbPD/dxogB6nFCthddastyHm4wl2faxPa3NBKSIEFljuZgayoHzeFHlt9SueLIB55pHq8Cplc4pshLkEgobpVl+9pt35EzTEA53JQhz9SCie2IuTHwRRFt8kfZOZtKhIAo2auli/YVvapyP9MO31+pivmWcHFFCbOzTBc1sCuznV9LDNYPHd169LJEbhaX4zqt8lfQyiQBEHwp8d2323rY3+byp7437fBCtEXgJOsOx5RVQ/G0SoD8pNMFE+wmXAeV9gV+G8HGeYWQyFTFA5rb6RU=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gotify
+    type: Opaque
--- a/services/Guacamole/application-guacamole.yaml
+++ b/services/Guacamole/application-guacamole.yaml
@@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: guacamole
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: guacamole
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    path: services/Guacamole
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
--- a/services/Guacamole/deployment-guacamole.yaml
+++ b/services/Guacamole/deployment-guacamole.yaml
@@ -18,31 +18,54 @@ spec:
      hostname: guacamole
      containers:
      - name: guacamole
-        image: guacamole/guacamole:1.5.5
+        image: guacamole/guacamole:1.6.0
        env:
+        - name: BAN_ENABLED
+          value: 'false'
+        - name: TOTP_ENABLED
+          value: 'true'
        - name: GUACD_HOSTNAME
          value: 'guacamole.guacamole.svc.cluster.local'
        - name: POSTGRESQL_HOSTNAME
          value: 'guacamole.guacamole.svc.cluster.local'
        - name: GUACAMOLE_HOME
          value: '/etc/guacamole'
-        envFrom:
-        - secretRef:
+        - name: POSTGRESQL_DATABASE
+          valueFrom:
+            secretKeyRef:
              name: guacamole-db-secret
+              key: POSTGRES_DATABASE
+        - name: POSTGRESQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: guacamole-db-secret
+              key: POSTGRES_PASSWORD
+        - name: POSTGRESQL_USER
+          valueFrom:
+            secretKeyRef:
+              name: guacamole-db-secret
+              key: POSTGRES_USER
        volumeMounts:
-        - name: flexvolsmb-guacamole-home
+        - name: csismb-guacamole-home
          mountPath: /etc/guacamole
        ports:
          - name: ui
            containerPort: 8080
+        livenessProbe:
+          httpGet:
+            port: ui
+            path: /guacamole
      - name: guacd
-        image: guacamole/guacd:1.5.5
+        image: guacamole/guacd:1.6.0
        env:
        - name: GUACD_LOG_LEVEL
          value: 'debug'
        ports:
          - name: proxy
            containerPort: 4822
+        livenessProbe:
+          tcpSocket:
+            port: 4822
      - name: db
        image: postgres:16-alpine
        securityContext:
@@ -55,15 +78,18 @@ spec:
        - secretRef:
            name: guacamole-db-secret
        volumeMounts:
-        - name: flexvolsmb-guacamole-db
+        - name: csismb-guacamole-db
          mountPath: /var/lib/postgresql/data
        ports:
          - name: db
            containerPort: 5432
+        livenessProbe:
+          exec:
+            command: ["pg_isready" ,"-U" ,"$POSTGRES_USER", "-d" ,"$POSTGRES_DATABASE"]
      volumes:
-      - name: flexvolsmb-guacamole-db
+      - name: csismb-guacamole-db
        persistentVolumeClaim:
-          claimName: flexvolsmb-guacamole-db
-      - name: flexvolsmb-guacamole-home
+          claimName: csismb-guacamole-db
+      - name: csismb-guacamole-home
        persistentVolumeClaim:
-          claimName: flexvolsmb-guacamole-home
+          claimName: csismb-guacamole-home
--- a/services/Guacamole/ingressroute-guacamole.yaml
+++ b/services/Guacamole/ingressroute-guacamole.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: guacamole
@@ -15,4 +15,3 @@ spec:
    middlewares:
      - name: prepend-path-guacamole
      - name: security-headers@file
-      - name: compression@file
--- a/services/Guacamole/middleware-guacamole.yaml
+++ b/services/Guacamole/middleware-guacamole.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: prepend-path-guacamole
--- a/services/Guacamole/persistentVolume-Guacamole.yml
+++ b/services/Guacamole/persistentVolume-Guacamole.yml
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-guacamole-db
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-db
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/guacamole/db
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-guacamole-home
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-home
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/guacamole/home
--- a/services/Guacamole/persistentVolumeClaim-Guacamole.yml
+++ b/services/Guacamole/persistentVolumeClaim-Guacamole.yml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-guacamole-db
-  namespace: guacamole
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-db
-  resources:
-    requests:
-      storage: 1Gi
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-guacamole-home
-  namespace: guacamole
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-guacamole-home
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Guacamole/persistentvolume-csismb-guacamole-db.yaml
+++ b/services/Guacamole/persistentvolume-csismb-guacamole-db.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-guacamole-db
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-guacamole-db
+  mountOptions:
+    - dir_mode=0700
+    - file_mode=0700
+    - uid=70
+    - gid=70
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#guacamole#db
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: guacamole/db
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: guacamole
--- a/services/Guacamole/persistentvolume-csismb-guacamole-home.yaml
+++ b/services/Guacamole/persistentvolume-csismb-guacamole-home.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-guacamole-home
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-guacamole-home
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#guacamole#home
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: guacamole/home
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: guacamole
--- a/services/Guacamole/persistentvolumeclaim-csismb-guacamole-db.yaml
+++ b/services/Guacamole/persistentvolumeclaim-csismb-guacamole-db.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-guacamole-db
+  namespace: guacamole
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-guacamole-db
+  resources:
+    requests:
+      storage: 1Gi
--- a/services/Guacamole/persistentvolumeclaim-csismb-guacamole-home.yaml
+++ b/services/Guacamole/persistentvolumeclaim-csismb-guacamole-home.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-guacamole-home
+  namespace: guacamole
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-guacamole-home
+  resources:
+    requests:
+      storage: 1Gi
--- a/services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Guacamole/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: guacamole
-spec:
-  encryptedData:
-    password: AgA5Rj3gn3X5ITztEpXBzECP5GUHAQVY/KnDQYxJFXocY55x4i6ggTjRllXAstQhh6vkGNV0TGuuATV34/6qvt3UzTZoajicQ5cJ1nU2SiYMQWuZh7BoTDv6osua19jsS39gnJUGDvrVWNZ6sKPXK+B/2cBkqh6JKQWHYzJUy4iqJ6ZCKLOaEVSVibX+U5UAhKJ2KPH5jIxV/asO/PtjtC6saYWOPXyMCgjFwcVOs843/sagVJB46bkK8Ud8842vE8UrZtESxNY5d/TYZkWqQs/4OR14ceBtVr3AhmTy371LDzI8zkFxATfUSjBJ8nlmTy+SMjD5B8tgU3j/qKw0fmVRIcgYybd6H7WtdeQm+eKRx9fuHnYAqEGIkIm+zZ0tGYVRXsZ4dFIe3SZ7/Q1vylOSnPV1g3o4ofSQj/kMME4Rtczis6qJNsYZEbB55alKtQJZx+i86bYyqRlZvzamYzZUqfrMECkOlsqKOvQ0ZSRZxqBFR4hwxoRNs9THe02qMjpjKiqjAZrfn2GpuavKoEdUqwhcQOGdYBN7LNPcRdTxulE9d5jTwmZ+9hBdWLxP/tMcO72XlVQm9w59UXtA/FogN5d5e5B5Wu7qfodcmCToQ9O9BUCCeHl94U98IjzutSAOMbbaRp3XRbSEawpVyxIF4N7LVxm40VhlvZDScASkxyHENwIPAdP1ZWUGt0MTLOXFQ7rEwhdJrj2yszsnE9FP
-    username: AgBzKCegpgyL2EkamKd2VejVzroRz0fcVFnZ/9RuvYYSq2IyhJj4mbE0CUyGAX1mB48HsacloVMVTvFwDCoPRmsjR1qddiCWUaye9/wYsUYrYhEv+o+3IWFHIdzPN8ArF8B9DwcvAtamAx8BOf7Zx3UTbRYyrM8/2114VRVmtEcBpR7BUp+Djt4O2rJFPeDgHIkg3ljcg3hWdi3QO2NM8nvszn8rQCXBAKDJ1oQqFkUoXO+L6RBPmONVEjX5WN+noalf4C1ZSJNrLg0cCI4/2rpvt9LOkFlchI4h3c4xIj9mqkzj+d9FN0M55yfrAS6PbHXmd1GdoLqAbl8F0SV3kmm9SnCvxPQZOZTTkEs4zVrRYSgSt1s7I5t9Ng+/5kIXi6qN7YGtfvSbRGzFUO+39qRhtdpPvF3dpfFnGRFPdylrP5x067JKVywC/9gaHcVvlHHAwbFKnYh2lnDrmzwL3VqpVyxfxY7ksruUWrFGWhZKEfbw1m2d0oVO3fozgx+IxwGlnw1Lo1q2DFFY5zt47kRKC91cJBTGHZT8LUsyS8+WJpXRsrDQvp96gNgPs1+hQOJWl9g/HAyv2kbVnkRDPekOSzLwfDW4PAqwZ2NehUSP0G7jDZgLXTOFa5U+tZ0HBF0ENy5Ln2O7qlRqcX4tWXFUlffX7G/MRNof6HqYtU2ydo0iJSyvBbqe4hx2PHXOK3fYd/I8HAU=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: guacamole
-    type: mount/smb
--- a/services/Guacamole/sealedsecret-guacamole-db-secret.yaml
+++ b/services/Guacamole/sealedsecret-guacamole-db-secret.yaml
@@ -6,14 +6,10 @@ metadata:
  namespace: guacamole
 spec:
  encryptedData:
-    POSTGRES_DATABASE: AgA0C44YvrKsG2WUUm5+7tqX8RRtMquYLbFa4iUZHSHZs/ZCWy+JGw+O3Ig/hGrPPOGglGVMvqfDRVeERuCz9jQND7jBP5Oe5pROwFbt0ekB1QKm3BLWKJKoIj2ltSWtNUcWARwAbNk/8uclRFv1De3vfEGRPBnsOhVjToT3Qph36nGQgeHCybvDw6Xgf8A8I2F8RGCnGtxqWIr4eZKHVEPHBPxoxHPz/xit9vNfgw+yK3n630PNqp+Bu4o1N7DDiurD+MIV/RvzAP1Jhqg7n6U5tvTAFfEF8yUfQd/LNdZAkiYcTnYG4JwK133kuNZIRIdvP6E5S+3xQocsEKNY4ZDGgw6KWQchXEOOp+i7mOjGhXcF4bryp5Z2bi4iOvQ55Cwr90GiWCsZ1g9J3vDkRH+1D2UiSMDQy0aFhnKEBoLbumoN411sa0oxefGqJbNpn8pe3VO0mI9k0mXCvsTLDf1/RA5a1YwuRo/6Q6ZMd/VxZ9FimllmC2WYl0bdaJ6A7NFv8WfrsR4phM/Hj1nTtTvkbmDq0zAVcRrnKOIYT+To2TYtnpwdGjrMuIdIgjbwo8o2Pn0zvrwe0azV8TKlsS8F8PHkhUZtkfdniEJ+6FVAlhmNgCqcpuqdYWT6qwpXX0ZlfzbWS7Nt1ZvYH6/IOHq7p5djgddr6bn35WY6iq4hdpbJrg7UYF+CANUAMCLQEGT92UI45J9JJWU=
-    POSTGRES_PASSWORD: AgBFg6OidnqhbEKtnMxChooiuK3G/X/fwhJ832aSVL4T2p07C/1UPRtIImVrZA63prgvSLq1iqJKGTtw6GwEcEP7s++HbHjDMyKScvKJMpLhckY7YHl4gEQxXNZkWobmKwliaHlXYLRVrVCqCT4q4WflAvslUGwzND/twEm1t2AP+6ybuzZbfuNTvrbcK70iuOlNm+ld4m2Ldisz4ZkQG4zVXP40ORgQvONo/eLfEhLEGxQFukB61oq221jQkoqTHZLKf9hMU75afzb9zvN9pm4tM6a6WkPMBCAOTBZgs57nzOjrddgHhXB7aW0oAFoF5miiiQxZ3SIBuaxaokvVD1+L+ZKGpTjPOT0Dznv9TOp0+FKSsX31UQId+4yLwMUHNLWGqxsrqBbaNkdrscWcDcdrzh24t2tIkPCUI3ArXhIS5F9Fxu1aRKY5Wg89g9koknFpvlX9TvYniQm3X+ngtgWYJNCXkJ/v18zuYcydr3hQiYMOpXRAw3wD7iKziEG0vPQU3StG1xjbvPkRX/h1zFyy3SR9YaXtm2c2fj5WwiW7dfRWfhuLaRnSBafC1tzOD4D4fCGKnJsAO8jepX5KMK9gUcJ/aLdjXSAZE/D+oMviMPjI58iRJAiwAS8Un2+4mGLB8JNQ/YFnSBwCkdPl8QLO8TeN1MdDuZPgSdrVC2XUKpbRWVkJXp6dh0yPjQlibhyHWZsZYXraZhg=
-    POSTGRES_USER: AgBmOoEkV1YDYXrLVMQayXMnQjgc3v0kO1YHIJyDRICaa6gboAxjaiLDXY06Y2gCsQbuaBuZA6Njck9KxO/D631D4vKeELkhU3dlz8XxhhByjqafjnbeaJ+UIc2uzghOoDHt1g2dwYijxLmtfWbxjVxTipSl4ssIa12oHiAY7fW1DGZ7OCQqtMsdw9Yz0KJeJohILSTRWz2e36BUNcqMNuUnDSOVYD/LncctaqoULUujdzlyyvGQ5CEvlaihZGEX4xcJi4rHSHa99igNdMlbpiLjkL5ni5CEE5q9vYSw3iWW76vNoEI2CresVaxkeZqVEG3OdZ2GxmEyDnf7cPu0cPWluMEeSPE/APjk+Cl6HrniuqXFhS4SGaNYSwOS8F4pe90wATv8QF1X60zS20FuDUikY8PwMJl6RDlHJm/TmHsCG1gJYSaA3OikDYQNUsTa0Q/02AY6PnsbxDLCsU4r5FcPMhKkcpS2C2/9/o7icyTN8agXqQQSWIhTdKe7DGUbrUskInuvEFEt+LhOPSlVs5kERIUxBHIR1J5R58u0BPKvV7GUUR+6I/PQ985QoAhrfg29jORz/PzmgFVyEa111iWik73Lqj1bPDpBYat+R2hbxEPJSkvXxsWPzZ/1PG2KuFvStvgi7QMI9bkalVk25AQX6FhmZrWVenhkveZzkVwwCNWfGaekoJVVN22umVN8P6IYgXa3yTIL3iA=
-    POSTGRESQL_DATABASE: AgADX6LYJTMPmR9H2ucCoKUQQ9Us6vbUrnBeUH+o57/WVDeWPbVnp4wYw3lBIaXUSWhGhL8o3zW/4VYgD3CJa9UT0t8Dz8ounq0ZgmMebF54cqOAoktUb0gY9MGZfM8M5QIMg+biZjNhC9MfBNcVca1Vkjaq1eun2uqWv0ILmg0+/3XroG9vhhHHMDrwairIKHksCx11q0sHEZjBIZMekORUBNVjgEEfi2L1Ysrqa0CKNK2qHSIRJHtZ9grsKt1RtI3XlWChz4rb0+9wtaGkyhAdXZMPSUbIrgXHTW1w6aAEaFKSckqYEj9xCaGLMtzPnt/xyj70c22spP9w2+hpQnO7gCxLWjpEQo1H6n+CbDm2AgbmCPWYngIBARarcIrUtXbNk3SfEI+RWx+q6edl47X0fqa9SlPkWQQOgO0cBtsx4A3JZ+1ZPpLtDCSa6zAdr2Vx10A21cpwrD3GcH7o6YTwEavepO1oIKhqLApApDZwfzOu0MBQTawSMw3VAaaIgTV/gG8iGtB8RZNLq8wuqK9amUGSEdO8Rrq2nCw0p0fJeNY8EhlWzW/s7agEijlUaeznMsPja8Er+IqCz+Z37l7h2VVFjeXjyqXZdAUd7RDDRwznpuIysAo7IfSrhbteoAf3AxCTYUSp1It4uqwXeZcZ1TnbyAadMXlGG/T9OZo2SxMVKY61rZfCZh1C5AAYe1+etSVUUTbl6bc=
-    POSTGRESQL_PASSWORD: AgBgpVWC4oiyTIVF4j4ayJqsGePICGvp/3+ouqzEIQNe+TKk4GZ/coNI0Gm8u90ERjCQHUMvR8M6F9pAMkQ4ccvhGL9IogkDY1ygpU+wNunfbePt8uNKfEoKVW9kU067Ufa2XfB6+YVO5CUO1Nhq4s/rf7DWeh4m5pYenR2YatJS0zmBjkC0ljiDotLxqaVIrO141SrpGZMRhh2hhsA7WnvpYVqwVt02Wwv+qXyMuzyIiUQAi28N5uKY/Ylhyplo/4FyIJ+zKutBYT5IKuwUrMkqovLO7u1Zqck3bR3AB/7M0MF4vscGy7UpNTu/ozbcLwC+pS6npUbeVxcay6HtvlkXSbjdLvBIZ7pXlMiqvBQ8jSDMpeIFrH9orwwW6xjHSUBq5s22b2ifJGSODBr2OGufhp8SgvBk/5Z6zYS2ju6HhUfT1DQR9hpilovO9rsqQhHOOddhxg6iF/61SSFsCPgE4lcTOYduX0uRfBRC4lrlhiw2E1MyUxtpY8KDxwlk1g5E5NzMiIh6wNqvkJfvgUkJVoVs4P5l14edYiFFhwSkcNVHNJdmsJQ5Y9CeiRddRgumUFkj532RgTtaCwcVcrEpZtNMXpyvoRtmqnAb46S3TEhIzGm4EZRD8ms9D4qNbM/6o1F1MwchwCkE3qhaim1pdo3fH+ADO/onPaYcLF/GZuKD7ni6k52Fz45QSWkTAyhN9qiKq0rVUEo=
-    POSTGRESQL_USER: AgBv6Vvdei4lzImz9J3d3UgtfK9S/8r8fkmpBn4gHF1l9QvJKK8whJluP2a4Y7QgunXAhe4TzLOHBiqTjMeR618NDDFtOH+fJWLmnFRvgS5M0vHrD+xCopC37gQmeV7tPXGgdJo4cBLWvz6SJvCrSBSj05/2GgnocDZ7Sn4sPZuflhhdb61A6KxEiF+Rtx3hzQtDortVlJFgH28hzLDktDhyMElw2pFoKf6NYK5/nGr4OPBz3cgrtaziBfLd/uZbReFp4gjHd1Are8k1IMUqUYTnohiM1gbTg568t9Hjrzuiz0MlzIJvdPgE4iUksf5mV2rJ8FyWxIvKAI93iOQFSSIeEsy8IUzChJDcsUq1gMVzpXDBgu1tmtwQoXNpaUlcKoMVV6Zc3JBL5T1kKk5ppyXj3vXCMkvqlqPb32J96qV430jEgNp7Fyqvx7rfq/U+sXnGdPgcg1HBvPZmExq8iwb0pp3qjMpzyFp7mVYXqGIJFAY6ZqLU88o3Zscbmws+Nn9w2fBXRAHC+/1XPn0nqDBI7dyhQVLy2cpkX0rRBd05bks3WoPUlqxr9jCWRmeIxYSBguPNcaxPWDLUofcC7OroucUCfgqr0jzPaPiAwmB/Tnj5L0SNIs7APRArzrznxeZA1cOCu6dbsHe9tDUcuoUa53zBpRxYcDUTTJ43Y6NX4QA0ui+HsJQAV4k/smneVY2iDx9Iug3R+4s=
+    POSTGRES_DATABASE: AgBg7zRQJoXeQZm0cXuc1FvSaN7WLWvKf/DcWWKD/YmviQEWuwxl/ZL3h9o7OTCMUegYLwYYm7t6CXPXvZ+KQqUQlXaMuxFtx03qdLlVSHJxlzi6Wh7Hhsk1c5/vQZdB2NFxMhcpPxq787F8PmiAyYPDXk7jBbS60ujFbG2X8YQt0zp2zXFFtpPsirbwNePi8fqHPZjlCpqMtgM9ZmdZhClS2kVNM9oynfdB/nTIdF8cuoTxfd0GbjQXODtRdqrB9PBQQSEGghEbwwNJiMzyU9fpPEKtYREwEKgYGJTQWz1oPU2x3zQuX/alp1B+/iWc+v1aqtwd0ZHVG7EnYlQ8sKOXj8wWoN8yO4XqoCbGce5bhrtC5UuQANhnKZByQQNsPf+6Px8SyGcHvlVdngnviP3HvQTggsZPrqHy0rd3t0z7NImoFQa09hP9aD9J/AY7NFadDKHkWfL+jNC79HBWPz6kBMqPj04jloTBF6BAmrvbYvdwkoDQ0cOXMpVTOc5BL7E6kUSkXp5l5SiMkdjUdNYEwSJPk09VzjAayalJoDlANk7j2kgmAOLlAqWs/+Ade2/8Fu/5iImOHVYG5pD3fmJVfjj2RJx8+juY8mfuEVvB3m7kMI77vDmnq8rF1clT2EmoyCsK3vwm2nD4WpMqi3qlZMwFkxlRvpOwt8sBy/Vl1yLMyVSqlVedTXGctZ4jHpHcQqm2dMqVSKI=
+    POSTGRES_PASSWORD: AgCFIob2Vnq6DyqhRcJN8jZMUwH+5XCU2aIz4pCtXJkeOs21jdhYWhUMvBjGLmpEMZVObWqQ75p6lB8s9VYbbcsWgTpVTlbmgs17lVpSrOV43XdwWRX33pSRie0pDRAOwQowSgN1nW145q6oJpeP+oE5Zr30Vx/j6WSllG9Yu4437p5fHqdLdAPKDXgFrVYUnxY3FZfITVC0DEmPkmVZZ/2wM6U5Ws1fmFC6clp/S7xPTxKfBPfWcUyhKNpBYPcbYLVvXmCj6MCZaTWdsDIdEw7Di5L9SYrvsfjtGHu92df/kv2cBpogi5yLZasXRW9UH6ENBcBjpl00cNvKBzbHRjljwdWe8454CfTrpTjrb3F3ag5hyQj2qbbyyvPbsn3T/A1U38o38crmMEvjCl9cYeVjGa7FrFtJaJa1SRThLWeUZefudRoOec9eyvfWVp4P4LdxQQpKhWsGhPJCVQqdWcumpXR3VLCztsc1yMI+R6+THtyCmZl0Dw57VSpsv+Gtky/Y5Rcf58HAXrtov8vmtWiUAWYo3CgWDOPohd51qXsR+6ZPOBoabclPvyE2Rmdbk4W7FRq3Ad2ZjhmtdsJOF5G7Hq8PflNDhUCOK6RDYZk4kEOUEx5LOAN+dRpOWLO3Vvr8VRFKjeyt59cjPidApbjMayt294hKEANUTdLFXMZ0KiguZQrx+fC2Yb82/NZ62VpdzuKlWPTAEYI=
+    POSTGRES_USER: AgCvkA4bTKbDY0B1mkLA5K+BjzXFOBnaKOnagTZGrKUYJrScPA/zcw8RjQqMbdq8cRWrY5y+Et1vcchJwR0Me4Zkfqo762r03W/ohFdlah+hoHIdjvXDIgPu4uSLOdRSDd+zRbd9j0BD2Q7GbA+XhmUlbstsHmgDwJc5T0ONqOPRAJkYpR83uVe8z8zqBUsJRLU61KIqMchw0R22GgC5gmyb0Du3kZOuHZPeGdztZhHTAmFot0z4DyQH8IUfkRWJQdTYuAjeDjWpoBGtTkldCTHSZ97pNpEbocNe86aEIl3xAvP+3agDEqjln+TMZUKDATk9dOtXvqBxxhceSKBbAqdOm/nLM90MckDX9H/CxFwSUQJh2xZiquLGGMecrIX8R40lNzmh2eXVa/bhBhkouwGs1/Hg33lAvcDajGLuSRsI/aVPgIthpipCilWRWWLTZ0QdLjtTqxDOprOlNHTST0W34XelGAb8O2yB65VpM21If+i74MdtuxNRTMspvQ8mtIzQe53xR59KSxX6Z2rZ3uETqXB3Cpvfs79hw5sh1FaMWAY7Egf7Z8mgMg3YzqHWgByXeHwzp6/Nl754pkAyQ+1SmlRpS6PGH0c811zy/ycBgIHPNDm7glSoZoA6h6aNz2Q2O/plxxzeshJ5cRx+DsAmSBGcpPsWwCaIYzMxg69Ah2BJqD+7Ky8d4CyfEp8gKWfO8OFyqzyPOjw=
  template:
-    data: null
    metadata:
      creationTimestamp: null
      labels:
--- a/services/Guacamole/sealedsecret-smb-credentials.yaml
+++ b/services/Guacamole/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: guacamole
+spec:
+  encryptedData:
+    password: AgBs08sIFvUZdSmpszzpWZB68ByIU+K3h9atIvo3Zq4f44LIQwDEi4r4W58fUCIOzt1bW3aWJua5gWm0iK9KoCpRoqPo9mJkjS+HRBC3I8ukAmLitGYs8t3HiuwSAdzYdqPch6BbQySMiyEB7JymczjtnFeR5DdxFJBwN3rC6ai2GFh2HfJl93Va8tEd7F6Zg3ZzRYlKxPOO/bJaE6FqS+W9Lo042h5lmGEh8NpOBL23D1MJ43bGutshZp4jWVoygTYpw9N62FoBX439I7aquxVLRyE97dG3JHYyRs+k9n7jgs6SJytw6jJdFO/qUEGVS6xOQR57jaGBZyeBKkg00PXXS8selJqF8S9/2pjlEEqtBSDVPNmnvN2nrFqVidqWfhB4SiJr3jtROOvXjpbg1+C+uGFVFPM7Ux/y8tOTkiTJZs9jXJyiS7CqlPqM9sswrLvBXEqdzeL7Gr2pm+5GRC9gJ86qa7df2xVRVZv5A1jhfmyQwC1H3Myc4HVjRLCGxmvNGu7K+0RLYpUS27AY4o6bY9EAJ6/fsrbavIZzxYnZJ8vx7BYgwPzD/tmsSrANUHZ5iWtLwh2HWI/RPKuZKG+AYrwVP8/4qnLMtu49CifjrXjwNFPz39iRdqU38+JSRA2eGemsrTVVC3SZue4wnel9R5fSIup20EnvosgXDK3MxU705R2guYRFNEYYJzFtufJHQl2W1KHeZNjN7pj2zgli
+    username: AgAOO3vS+I+bKW6xbz1Vc9c7p+xzHgTm3qg3NSPvGtZ6p6SH5ZBgk+nBb4IlhJ3NHvf53OUo/JVdooWgJqriCLibeyW3QtUsT2IbG4mL4VJ79UtDKqDARLMdJzZdXxbpBA1tvNK6Biz1T2yZOGSsw2BoGEkTECz151V+P55BeWxgY20JHY2h29A3NP8UXD2Y3dyfi1Z9U9AenS6SKxlDQiW6dPJdj4khbEnGezuKuvmjrr/r0i4ZiK46DlbBMDsuhwXxZoDmPKoEbtWuUMpBu1+qw4O7m9ddGTkW/R+u2mBXHplswL1hXHTj29YWih4UIaKMDtf4BRIqbKU9brl+27dKD6t66/GLdV8qoUDRcBPGuPzEJl3Fxc6sWQcUXr+HthGEbWtyETx4t8qpOXAEIBxwoqsV+u1zZth7AthrtZCyBUy0MQ0xZQcI6KdpzeIlwNTMioK49P6HhEcn5imvTNJ1LsVCnVZwz1LOwZQ7EoN6xL4IQdcXKJUdcWNWf/uczjA2rYYWVnTaxaO5uDauZJqDfLGqGy2pnWHxaonjS053jZRw/6MWV5XNrfA/XwrmxXdAGSZGa3Y/vKGB0C87osZOC9WyTAWmxUagcJr+xK6Qu0UWttl84cImtXRQea+qW7tQ/Akk1ZvIhQxs9haPtMMKBt/nwQRHLJuKf+F/EAWOanx7/yBYGHQtx1wo5ru4AmR5OLJwQhY=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: guacamole
+    type: Opaque
--- a/services/Guacamole/service-guacamole.yaml
+++ b/services/Guacamole/service-guacamole.yaml
--- a/services/HeadLamp/sealedsecret-headlamp-kubeconfig.yaml
+++ b/services/HeadLamp/sealedsecret-headlamp-kubeconfig.yaml
@@ -1,15 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: headlamp-kubeconfig
-  namespace: headlamp
-spec:
-  encryptedData:
-    kubeconfig: AgBeAP7vtPNm+FBdLPRDkV/k7Uy3mR/eC3Repuvyw5uEKZdBGqzLwInaBcySSiLFUTRfc/csDFxHgviFh9jyGJPCBlEZpHBStz3BrTc33ehwTYTDPf7P1bvPZlWLomnFdEkh16Wn6In4YZnMcpMDxswY/LHQheHeEIAp2YnkZRvd9aJJbQbLYK1Dl90xRjHq0gqTl4QZX9BMzGZE3iUr08suTOY84b8V8Y+mrzy9DvbU7S7SusPpiX7HZ0Ty1IQEDHXPDAyIX6VnPqPCxx2p+/Dce1Io8Ql1CB5So/g/3+VcMlQEKUKt2bReFKslrv9veuvg5N4ZGlTlOu7uU/Q44AgbjB9jYvJrmHclt9dnYSIICP3x3MuNVsQ4CxOtIRG2KDJdzCnYFv16tBHc4zL3WABonmLzzuQoBFYqx/JxWfIr2U+nvbqKMm3yfFi4fvsp7Wcgu76Vak0ndBo+HwkzDWHxYNQOZO/LwEfQcoetHzlzpzzoS1Qw9JKjIlTt4Yc/7OOE6luKv18ZI/MXx4bfZ31HwkJ1P/4hnmsBwNVWLFtfGi1bmpc7Ahv0EnZuLjmxH2APnDKVvpZOMWxQ0M4zHAQLonh5/pyhEWpqJzdpfroOa+yACKr8PiBKXDlaFYD35NgHNt0LDyQTlDXRCxUnGed9pTVx4pTMDYRlzZoc5j/Q8QmhshJGePcoO0m2WXb+1O0p/k/gkU9mTz64swexDD/40gyl+YZwD4K2LOAIMHvEitv2J+3ou2QQMHcxNILJVGT1mor4bqw9W1stwzv68c05eJC0LP0f545f06AmlaFxfKLHSeds78Yxbg75lgTpknuBcnyMGtqAyhDA5h3acXhZdRFqpuxBswfmQ9S5BU8svtC79FOd86m/oOyKM5fqf1kKoG7eqgB0AYyEe9vAwZTPKuIE7dL6q9UZP0fUhu9a9g5vp7JPJStNdAqLeIDNFJpGiupb1W6pk4k1KQi6XUS8xfNVBQtFLvdty85fkDP2pnY89tznGGbimcblNsFFUx58wuu2gY9zIFk4N1gk2j5ZAym6PdeBToqQB9R/IyPwUP5o3IEn8afqZL9wTkZZjuwo5l1PsvPm5U6d2CQ9IFgnvc4v6NMWGOsri0TSnw23PAJJw6bhaU5ClK908HZDEUT2vQ86tFoNbU28451XKTgDa027PELRirlL+NpVYPwoRNDhTn+/kMMYNkYLlhUVIl2AGhoJYakvDClstmZuuMpDNeTwgqK5POlEltC9/enWvD77YdvnNZXQqkvDHcZcCRVur4cZNhtrvsdimfLj9I3DS6UdMvwxx9rCP4IoykwtTw2kMlvMwalESegtJQ2Vw6E6GqJDszUGNbLxFIwB27BTqOv4msxzJeVTNQgzdgcidg0pvipW88YYTScTD9G2Uec1Qe2FCKYLUlLVjEYCveQxx40RS2fOEwASKs0btFLb83TKBqw5GOImLHTDpLBnaetyHTI6Qa88+c0eRd2Z5Lqjr0ZVCMUtX5/0v4+zr5V5BRSRJNPpIM3gm8w/FcAV1QDRL4wlBtlKBuUyGnOI24nJbs9WlnE1HscrvzsWklOnhEtlzfWHlWLF7pgM3WmEy0lIFrQf+Ef7yubYOfg6w8eoD+NAEcM3dQUafe8Yo8V0j+GWzr9+utCxVDPzuOY1yGuA513x0+bc5yk39XSqLwetqkYxUyBmMWFuZYs8Llw+qIPRA34+m6ZzqPHD93rYpPOBRyo33djB7PV7QkxZz3DPYi1a/+Xu+ZNocFRtxw5YvNh/b4BW07A1mDzjqvH2QKjetGRjTj+8Kzb7GLKo7ZPz2oESJwAiV6ftDldt3a9R4zUh/RE05nKUgpOwanrkUyNUary3nAFXUjU7AtDKMRPU8I9y1UZiiYNod+Lvkj/ihYjgGDbhRHqSugrbKZ0jOALSx6YiZ7isKSSwFRJzZD821AB/3hWa1QlWuCpNkyc5bq/6IxeKOLFJnHhq706HwEChzpGc3swOa4clkS05OFgNvQjhnL5Rbny9oAEeXBvtLJtO0VBt5pN5zC3ZHs+w9cKLSsE4/OBTsDhaxJ2LDRmg2EGs4sPjNnJ2RABUnseELAR6tL2X5OkltzkvnJSEvansTkzi5WqWvkRf5orUATik9NR86e8k+O196ajv7GJvdueLQ9V/tMRbCEST7ry4OXssLQhZQEBU6OJsceGPd0ICtY4Bc9f2P2JFhov7ybLgMI/8aULYlyOseoGUn7ySidT9zosjEPo6ioBZYZomJSW9FPgSSZ6W+j/gCZLWxLW5mzywbl1vb4Q5dt9cDfxG3S+2TfVrUJWDOGc7cxYFdGaeHYLkGndUVLyNnlH7dQ/U3A/6iikX9TbhV+cY6qq16in5jZNDyprm13k85L+5ScyD4U3y1kniHFPKQDJt56pOaLz5cfQseeCV9qau4zbjZT1QGLWSYs58tp7ViABMqufbyv4civOm4pRRPu5RVjdY/rY7iM8ZypXnnPcSDrPZH7UcnniRPqGS7G83WyAquiyVJVahueUScmtxMQy62vkDUoisj1aOxC97WTUcBiJQKqWoTRT7HFcVl9XxZc8O8WtIIcS7/KzIaGzM25s3+vM7fRiguv0cEMV0ikE18/Zt+UT9J86AoGhnlcD8R92d3wuisM5pkNd6fv9jwQnNaULRwjhQCbRo4JGc2CxluWoKhkwpfyCxBzm8bNq2e1XhWl9WfiWsmKZyWCH3JIE7G2MnO8C6gqRJfd4idXLe9vv9F/duzm2uy6xvivP61NR7dCyn988lwtFrdOKx2dvX3PlOV852/XO1hv32W2FIh6Z32sIN8JjDqJvy/9Wu5JHng2Le79P2Zcf6db5I2hQejOtZkx1914bHO6Aro9Csj6s2VJ1YuhI4GalZYTjo5l9r6Da5J7uDpWl9uKBToFW/e3x6nMFpzARsEQc3jYixtX6gPSh4Q8VueUJAaZmpW3i8DdkkvBOHtzVAHzN+8xXTYMK8RTo6qGDiUkA6XE4apY8POp3F35mbiCKdHGZakVnHYJAyK4LUl+2oRW9JzcJNzWkggNi+DLwEjzdg1dpKGMtDSVaXl4IfPgU4QAhja7FVNyKfdXsXGV3uqxuWfju07hol5I2DFHgFHRQEPIlnlyWabYAMBUca6VVZDEDhR8aeVSLbeFw2ERXhlq2QMOpgOrPPDsT0x9YP3X6YuBzgl+dvgbO8GGLJhLEBPq9BKshTP1sKaykS4cxlO+uC59+pO/fhXe6+SKMYbAlvGMBILLv/l82gQ4P6YwAsPEEnh+pEEJ09sRwDyl8/evcORvqdYYKO/ROCtdCBxp8u9TzdhY4uUUdKbscWhnTjwSUD4sEC8H+BKpJstWwSdeYGCdCNF79F/2VgPzq+L39INqS5TUSo6d4ZH8oPxX3kfU/HUYAtPp7ign0hIvVXkqaqYJRHeEEEk+SqUHaYY5wZLBwbAcxk+AvsrDThCEYlFVQhONJ1Miodhi3bHeSK6lehlLsMgxj+j3MaM9iohhxk45GuwsqRzu+EfyaemiEEFVxI2q5IEnfjR1xfc5Lg4SmYQQpeuUaxZ463xBxNhiBKlNA2JFQwTbaCa2HLsp060ysVZGiOq6yKFBrVRMAuRNxp1/A/Ies5nvGhD7lCA0mSDpy8j+TTCFUn2T0U1ChkYn/y+X1t4pPPtKIcy2aGkFdY/reOSBU0yfaM0iFrj0D1Rf1JDIBtCnYM12uOi2h+7GAJQLWbAbnTz6aHCF9vGlXB6krC0BF8fp/Snn1BQqKjChjqW3IXBazMK8zT5ouds+mxxIidN8smDoOqytT941TgGV9RGPQuCNePTX86fhh981PS2gKUBSGBPfaKMFpVSGDxypAdQi/irsjEbQn0ugKWvzxNVopS/ImcXGYVu5w3PZocs/mpv2k2h/vka2N/SF39E9DS6fMTX0SwATBuAdwsQpWeQd2Hd1eZeVSDNUn5Jqud4jmJH/Mp21sfEEzoGgmZl5+T1JaK4EsG+yldVIPpEcsde/ecc6xPvluVfxd5cKWKg1vTxuTRVzX8I3f6dTq0c+/VRnQn+QEhEpLXutR+4XT/wh1obdBHJ0/h+9Fo2QlUz6Hni6iI3DrAqJjCsz8xBfZXCF2LSekQTO/ZiIrHe4CAnGOueWV8Vg2ASiqhEUs0g7UP/aInxkvmY4byfwSgF3OhBzt69xIzyY1NjQxPRo3Gn+Ma5NiZEawjdtCNLw9oHTHIFil9d2K9CiZ/pBMfZslJ+86xLDIOKikMRb84ANwcOSbgEu+Bpgf2MfMS2Fqt8K37uhFJQ0eTQeCLY6u6J6AKhX+9oKg7uMsnDudZsd5mKe7+JcaXyuz77NiJDtWcA1VHfb3h33vlZiUCb9cO7+8Bmtgm4eXbsafaINWFgUVEXpy9gqpopBUOO32mG07trMG8SwNZItCtqSD8J6tp4zNHZHo8IDq4dqGBlSHafnlCA3MLZrXtfOW18zwEnmC+uncQhByIOW260sLkSL1AsA/vz9083P1LVyZVt1v/SWHKDkWHOir9cAVsGBpYu+u4EUmg+DAdv+gnb25yf2f4a+OaDHWV42N/oqn4tmNhF3SlrocKawLd1qnMSCUCXgbTC1A7A/2ifZUTUF3Cxg2RCOULmp5fScNjfPoTqHsf0Y9IMltn9gDOAlofXY8=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: headlamp-kubeconfig
-      namespace: headlamp
-    type: Opaque
--- a/services/HeadLamp/sealedsecret-oidc.yaml
+++ b/services/HeadLamp/sealedsecret-oidc.yaml
@@ -1,18 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: oidc
-  namespace: headlamp
-spec:
-  encryptedData:
-    OIDC_CLIENT_ID: AgBXJgPrEI44ACJJ3S0+/Atic7ckP0tfVAfPtl5iNcgj+6PL8h1Xh/hzjZbYEiebG1FzSH50K977ijMdEHDFmagYSR5Ju1VpAHJyjtRZbysm8IbFV2g/8aBV88HwdXD8fZhY+PmXKNkSNFGqb6+E31NgetEjsZNjMgS0cM/YfCXwrVPMaR8QawjszyfOLUh4Z+D0QqH2Mb6d6vBaBgNgikUUgixFn+f1S4A66qUxGGzZKVIIa+f6Eo3gQDuo+4bi6/criaMoB8foSkXgWqRIiiVGzp7NcXT1mmWTwjosVexhKGSBiNDJFiWMgtc3Sti7Jp44fvYGdDHddiBsIBFB1uv19rGYLhq/4qpGQiT06Dq28n0+ehBfxsZZQ2nLDRjXciTgG354enMJO58ol6Dqk6zKjTWx6YwHAIdh0kuQ9atT4TsdAL8BR4qkdYuIRUmlhCUj9Ywh76GIdbnPWQfWHap4bjP7KVxFRw0Ke467TFoU4iO9TmVhF0LvS4g45fTXKV/j1R8yU7cA+TFEDGvQLixOdeJrICmn+WRJTHuCtvI5E1W5yJAstSEdkZTt7PSUAq76o6uUT18OJYZdGzaG3j118xVcFAM/GsEgQ0M4CyExTraJcl2NegrhcjXokJHyz7Nm8Fm9+x/++jDMYq0rWaPYRaPcYKYDsvF0t9vzY3JyigtoiPIR9KIjNSiLWQKKGyGgLOwCI2gTXA==
-    OIDC_CLIENT_SECRET: AgBrX+mUYkAAyyP1T4iLYDZkx0aIyWUSf5781/ZYQsh0gOtoTuZZ/l6q61wDxxYY5xJqtzYTSa0QOmIORyhusODDokVkCGlx06GyTP6As46m6GqmwGp57vanF6YiSL9he97E8Sarr+v4EOrhGtUejLH2TCFJsXV3CzQvQiAWXxHMZxRIOBkzpbqFJ9dez2n22N49j6qd5sTNskv13HNJruKEsYJM/m/vWuVVe1Rf3cIFdChUNt0Wv9Xir1waXe4QTAYKkzYrPjeDB+xIe8xGms7tqEQxKVP/SmYaQG3rPSIAu55zLdLMcbIFSVBensVr1Fcx9Jb00OB5JPZuKEftQMRR3NTIBcJNAIvlxFbv6uM7xbXOOrRZ3YG68I4/e8mxRx6o56z/IeNd83FH8aiEIfMdKhZAAmKlrMnv0F2wSQk4JxAL31uzcNtZR9HhfDpZRxzFNe6P8Msjv4kEri9jOE6qAwyXsigT5D9dI/7Kzni3NfGf411z4hkqedE9EF2RTRS4LtUFCPHqJ+HcuLYDeU91a2XhAjWUYXML0okjFu/W1ZR3xvyngZJLbdRuturCyLvql9cfQwwvabYc6miV7LBAgIJASqNx4GpN2aFH5s9sAor3Jh7Gva3DVZxklhORl0Ajt+5/Kk2LmofvmiTWL9Jx1gEgV4ND/VXg73uDX2boqwZ1dpf4pJhVitkoh1AOGoRtzznfPF3JAfzCPvp1tmJNBx77MAOs1taBfbR6OGk58w==
-    OIDC_ISSUER_URL: AgAuwDryEOuf4o/Pj88FaRyCeX1MW3sJK7V9U0Tpm6K1k1y88n6jurzwU0oXP/l+6Wt5e/Us8vjc8FpKiUa5RHo+EeZUsXDFBdmLoiJ9PdUiemj7CTJbs/Vd6a0f5yTTa7+dBbB3/h17f8QhFyMoVxZkU9VsDea3rvouf8dK9vbv7JcvSCnMdqeo5ShN+ZJz9S2JN1ATB3Rlp9FPjwwg9lPHjXN/OBVO16KE1Mws0ecxICfgOUwueis2qqWA3qJRUjjUMFV4Gg3y2JaLVcNWh3HvxZgKDd1YpoDklx3e3V/Ja+XODM9mPKrYypRKLrR8zF2bYJvPGaH0+oavQzFBsYKso0cQ1xbnnQX4xtJRKaw99IxWh4gjT0e7cJWIxcpF1W6inW88igRzHluJVWnpmrtmLKrFtFtJ8ALs1XX762OoPFN+SnylGjScHYUEL9P40zpAYrH0r2/b7K2P2LbAtvMBDU8EJwQkzbkUBuO470I9b2KEgY+gIL+hKbDtPZuxC4nQMx7eHMMWZVvxjzPmpIX7knBPLrDZG9bWZzJBNyA9We4pwJDh6qxHR/15OpcCQRoPM2ZPSOgaDTFZ08ISvNLdQGy1gCDAEXq3Cu9rK4Lo8Ixmor+cYQJM5yplrSHX8S70FmSwGvTSizabJM4suX8s0Q/gfS6IkQpCxOy0EHpTysCYrIGnHKJXuiFo5PZKz4fJ+AryNfPQeQgT+iUTSA9aDKE9RY2QRAcYRLFF
-    OIDC_SCOPES: AgCKdxns6u+wOUE1uwbSc9JzvYZBc2H+Rljeu83xVMuNN2XaaFlkc6GxKnOs9S+ikm7TFRo0DtPMdHOCEQjgOHrAUzsR+quC6KJ9LeCVEiEjsZec8hYAZLoeL/k8dZu+9W2K/cmsinqi8wspIb0mj/zZ+3AsYhoxYOkTFUtFvYC6cgkqwDfNZK7xzJBmUor5DVDVer3VoHdvqCph9RvFT4tHbNSm0B90rz1OBU62aFI3IGcTgMpEwpqu9KQ3M6Ie2zIZyIeBeWuJTcFzvLl4KWxK7XtEGQfuIKbJqHKArtA90W2vvwuJlDoa4lB1uASUHqe9cIfWxzSPApjwZ5a1PoSmJDpbzblt8W7akrz9WJzXXDnKG3R2OZGM/eDkwCa8LWa8xGSpe7JVHfcZS3bWE4noDXneBb0wAdHgs2vGy5b6L8IeKcI79sohWcz53pJBlIZ/uaK8T2QXeG/Woe0SO7Q+2C7Rnc62Cq5H/I+Rij5s61qbfb4r1vU8mtXtimoku5PYGUPJC+3DwHAOda/BssTqT/C68o4Rsj0RmdMiEy4kvPknTAJck+RwsJkNE/47mn+RYLpbK5mp2+wqMeNDD/STxmgf9yLOcvLkKQTEgaW0TnpbAEed1tC8dUHtTtIimKJ51Z53f/+FcxIFYYvweDXLOe3/n+cRCmVO0LU44//flA9d/iQ4dzMj40awEIqBJhhGOtoU1n6RNZITJb127Pqx68LXLg==
-  template:
-    metadata:
-      creationTimestamp: null
-      name: oidc
-      namespace: headlamp
-    type: Opaque
--- a/services/HeadLamp/values.yml
+++ b/services/HeadLamp/values.yml
@@ -1,35 +0,0 @@
-config:
-#  baseURL: dashboard.spamasaurus.com
-  extraArgs:
-  - -enable-dynamic-clusters
-  - -kubeconfig=/home/headlamp/kubeconfig
-  oidc:
-    secret:
-      create: false
-    externalSecret:
-      enabled: true
-      name: oidc
-
-volumeMounts:
-  - mountPath: /home/headlamp
-    name: headlamp-kubeconfig
-
-volumes:
-  - name: headlamp-kubeconfig
-    secret:
-      secretName: headlamp-kubeconfig
-
-#persistentVolumeClaim:
-#  enabled: true
-#  size: 1Gi
-#  storageClass: smb-csi
-
-ingress:
-  enabled: true
-  annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file
-  hosts:
-    - host: dashboard.spamasaurus.com
-      paths:
-        - path: /
-          type: Prefix
--- a/services/LdapWrapper/_namespace-ldapwrapper.yaml
+++ b/services/LdapWrapper/_namespace-ldapwrapper.yaml
--- a/services/LdapWrapper/application-ldapwrapper.yaml
+++ b/services/LdapWrapper/application-ldapwrapper.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ldapwrapper
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ldapwrapper
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/LdapWrapper
+    targetRevision: HEAD
--- a/services/LdapWrapper/deployment-ldapwrapper.yaml
+++ b/services/LdapWrapper/deployment-ldapwrapper.yaml
@@ -31,8 +31,8 @@ spec:
          name: ldap
        volumeMounts:
        - mountPath: /app/.cache
-          name: longhorn-ldapwrapper-cache
+          name: csismb-ldapwrapper-cache
      volumes:
-      - name: longhorn-ldapwrapper-cache
+      - name: csismb-ldapwrapper-cache
        persistentVolumeClaim:
-          claimName: longhorn-ldapwrapper-cache
+          claimName: csismb-ldapwrapper-cache
--- a/services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml
+++ b/services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ldapwrapper-cache
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ldapwrapper-cache
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ldapwrapper#cache
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ldapwrapper/cache
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: ldapwrapper
--- a/services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml
+++ b/services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml
@@ -1,13 +1,12 @@
---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-ldapwrapper-cache
+  name: csismb-ldapwrapper-cache
  namespace: ldapwrapper
 spec:
  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: csismb-ldapwrapper-cache
  resources:
    requests:
      storage: 1Gi
--- a/services/LdapWrapper/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/LdapWrapper/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ldapwrapper
-spec:
-  encryptedData:
-    password: AgAd6z2kg+6+B2dgmywZ3iJ/jqM36I4utd7CUE3w5QSJ19DrbkruppftsYczGycOT9TQju9dM1knWAxA/3Axu9WvX9RjcfdJgWJFtP07PuEKcuhh23QhE7hD+SruixrLWTKeDGa+w4XmDvmjXlUA5rVUwyvx8zIWWn2SC2sbK43Gm0lCgGaFzCINNK3Z3OfKeOiehIKtWdIAfaNgeLMK2HWkwNhQ3DVtgtLqz1O/Y/rJRNase9o3yObVGN1HhzxwdC7fp/B2HLYujCQy9b0JuZhWLXczJJEw/oX8kPvtxLAKUi4TaOp1TefE92X28lBCAqXGYfA0dEWeF9qRmyPH/yOdBN3MFI82G8Ac5rRcmG/RkwEY9aUDlSYiyU+fiiSzKAzhufZSk/disH71sO2l4DohqWa1IvFKmh4qa1caQ/GuthU3eP0pPmru9sqFdUagECd6Uh+18pv5FVFSWyaXQjXAXG/rBvygcEjA1pniIIvmAZGQwgpRZcuFVjQkx6bHbU2112ExfgbCTYKbDD1ocJ6ukQuObeSBv1Q5h9ARiRRjWJSNzQKWrtOBk5wzErZnHrY7u7/R0Bdg1zvT6luTW4goJGFvXkSQT8JUcp14cBfLu6PmaFYON3+Uw9vT99Tal7bco3aqgLEB03VVN0uXpT8vua9vbU9W302nwKTl+f4v7S5ZMqA3PmrKSnIaLmn1cwOaFUuax/KyGFLuB4o5WkAV
-    username: AgAet+Fs6g0L/TC46Rz7L8vh0LuYWug+nz4McOQXlEDn/F+1PdwYDXLwd/9j+G2xBTybQde6ENPNS1Gpav7AoqY8CFIpb0sCkCeQD/gPzZmSWotUl+d8KJkfgqvKATbFVgH/CVHCgsWn8nU9A7q6vpoLioX1Pg/4p4s39Dja7fwHij0l1//cSumfnu2dIkBaIr0uOVTAZoMZhwYjnYnVXSlA9INDtaw/B0jkr80F2/d/VY9lheQKV6EpypCvevKp+ZJHp/XliFXlas8o4KVA4pQcDr9iQVQAt5ywrdJcTDVVFOSZkFuZDHSorEWzPQYgnqqrAqYVmQQUyAme3fwLZ/u5dDpPSY7YDrO80fzwnr2KF5XU3V2JMnR4Gka7hc08Psq5ayveqQpH1CbHg8peS/d27Ks21N4AXPIDsH11ejpJdvIUifYX0WoytUnukyT4ChOqfGOOEw2e/oF3LzIC4jco2df3uipuYXxEFgj9j8zpfyGkCbqmLIqh1imVNLmAIzhZX9rnf9jaU+wi8DpANPzrcWMtrpLuWKoCSNRMW2yViMfoVpLzPQcHyn36U4GmYToq1NHRl4tkcPMsPARErmtdTTqrSHyViyoPKY7/1MW8/fA5pJuMeXAic9MZiM1r7LbsNpJwGfaXDBhurXEgMna23C8fVjbTUL16y2R1FQEjQ+/qaFNhwcyPxDoPL/ir7EVJXo3ezF0=
-  template:
-    data: null
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ldapwrapper
-    type: mount/smb
--- a/services/LdapWrapper/sealedsecret-smb-credentials.yaml
+++ b/services/LdapWrapper/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ldapwrapper
+spec:
+  encryptedData:
+    password: AgBc2k0pHG/YT8gHBugDzpAreGsVlDLQJeQnGEn6lzk97Gv1F2RSBy5pASx6WgMX1P/OU4+MPD1QkAIHRQowUTXH2/YDsEKUO/8n93kXnWRr3LOc0hjKGeHCUWdyzre8fU07g4+6dcKopNRGY53nCBNTSQG0DOQOiyCzkEgGDQYLFLk6cnN0B2n2sYRgkNJQCRXUbjKIWaNc8xbmzMrWb+qCBarP75J0c42249K0cpVS/u8txpmWOOtPfngIRh6wV+r5/3W7CwXuNBSUHa+Sm18j/guvIIloN2m5nHY/jXFopekIr02lHv4ANO24EZ1N4V4Uo9TvVV/agNGAU9nK0a0ebZ8W4wjvhiKwMiBOHWp55E3+oA8mP4C9ZC1hkhgbyBi9rK/9ZhVvoB+Q1rl+FD8bdbMcuTYDU9lt799MOThpbR1ti9gj3hO4Yz/GACN7rCJhpb+MIQywrdpRlO2eME1ssVKSmedEAVp/efLfNgfNhlLDl0rZ/I4vwwiQ5JBNsrNwKIoIhneC98ouRJdrZUWFWU0p95dbActr3qmAZQNJbfJ+UktPWSWxd+HW7LqvmYB1A0BT628GLBM5SvXWx0+ye7MLS/t8hJM/cqtOtdwdzoTZZfZv2dCnDQ0WtsZfXAdnigitA7UES3TzapIgdim3d6ujvnOY0OfJcKKSsKh7GQw451dKWUzTWafkciWoaWRBZnTmEgt6zz0Be0hQCfJm
+    username: AgAMIlu1M5O+fL3DJvdgSHkLpp8QDYXada4cFGTOGREY/1VonKhnmCDvgchsDzZY4DFiXn/nRxljlc8PalZsDmZ+6CZCmnJpMVSehrDw0gUigLgf0fFccJ8Sqk/kb3RTfZUYu906xUVHCQg7XeVaNyOaVZVfxB/SpPV33Y41nt4rjlwwIs+haQA1HoJLekANsR8YTDJABa/PFj/+oX2WS3OHXJvRtCeSSmPR3WJWJXQYQQewakMNqOuGTRjXSvHw95XJPnyYJiwHL8b+fdZRKxPpJwhRvKNmj+reosJkKeaq/M6cERLixJo8RpFATNAnv8BcKMbslMRQB+cn5HlfX5afMS8E1k/nPHa/3uSjNCuFoc1w4t9FjNMjfQrvDMxTIaJ78py0eZHznBO9uGdr1gDwZHzgcLJSFKL2aH8AdGTivRk7qKegCcWvFxtujGUWyXNnCV/6S1n9V4gvk62tnxNMbC5alCo8cAehJfJMyQrozyWH3mtnn7a61brPh+LVMeSne6dl6RRctQY7ZG0ypH7r1UxQczvkwuafVFvY+EfuKRM95SV41wo8Nyunb1MpXte77QLFpBnDxs/td14/i8QDJMjHIw0dItmtEbvPOaLMiyIk6kIGYRksyVwAQOHdEJISUJPnF8wcCeC3gpbXukSpgmQFQeyGsMgiRPlKYGFRq1nk8gIDMtUn5k1cZsMPX9G43vBGU4M=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ldapwrapper
+    type: Opaque
--- a/services/LdapWrapper/service-ldapwrapper.yaml
+++ b/services/LdapWrapper/service-ldapwrapper.yaml
--- a/services/Lighttpd/application-lighttpd.yaml
+++ b/services/Lighttpd/application-lighttpd.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lighttpd
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: lighttpd
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Lighttpd
+    targetRevision: HEAD
--- a/services/Lighttpd/deployment-lighttpd.yaml
+++ b/services/Lighttpd/deployment-lighttpd.yaml
@@ -30,9 +30,7 @@ spec:
          subPath: .htpasswd
        - name: configmap-lighttpd-vhosts
          mountPath: /etc/lighttpd/vhosts.d
-        - name: flexvolsmb-lighttpd-data
-          mountPath: /data/scripts
-        - name: flexvolsmb-lighttpd-websites
+        - name: csismb-lighttpd-websites
          mountPath: /var/www/
      volumes:
      - name: configmap-lighttpd-conf
@@ -41,9 +39,6 @@ spec:
      - name: configmap-lighttpd-vhosts
        configMap:
          name: configmap-lighttpd-vhosts
-      - name: flexvolsmb-lighttpd-data
+      - name: csismb-lighttpd-websites
        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-data
-      - name: flexvolsmb-lighttpd-websites
-        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-websites
+          claimName: csismb-lighttpd-websites
--- a/services/Lighttpd/ingressroute-lighttpd.yaml
+++ b/services/Lighttpd/ingressroute-lighttpd.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: lighttpd
@@ -14,4 +14,4 @@ spec:
      port: 8080
    middlewares:
    - name: security-headers@file
-    - name: compression@file
+    # - name: compression@file
--- a/services/Lighttpd/persistentvolume-csismb-lighttpd-websites.yaml
+++ b/services/Lighttpd/persistentvolume-csismb-lighttpd-websites.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-lighttpd-websites
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-lighttpd-websites
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#lighttpd#websites
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: lighttpd/websites
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: lighttpd
--- a/services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml
+++ b/services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/data
--- a/services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml
+++ b/services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-websites
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/websites
--- a/services/Lighttpd/persistentvolumeclaim-csismb-lighttpd-websites.yaml
+++ b/services/Lighttpd/persistentvolumeclaim-csismb-lighttpd-websites.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-lighttpd-data
+  name: csismb-lighttpd-websites
  namespace: lighttpd
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
+  storageClassName: csismb-lighttpd-websites
  resources:
    requests:
      storage: 1Gi
--- a/services/Lighttpd/persistentvolumeclaim-flexvolsmb-lighttpd-websites.yaml
+++ b/services/Lighttpd/persistentvolumeclaim-flexvolsmb-lighttpd-websites.yaml
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-lighttpd-websites
-  namespace: lighttpd
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  resources:
-    requests:
-      storage: 1Gi
--- a/services/Lighttpd/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Lighttpd/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: lighttpd
-spec:
-  encryptedData:
-    password: AgAc9UFx4rs5SmuntY7dUxf80geDlDc/zn9SaGWu4Z5n9aWJZZWlrAAq081fTeb4jjiR3bjdlKqgwLkKiIgkYlp1nBgfLsLo5rE49c8eo+s0x+0L2gVj9ArqHWD5hw76evnD73AU3zuQGNoHg7x7iUmyCtBk9kLDQTXWsLkSnb0HLB7knOqQjK8C1uC4eTdjQRLmhevQAl/oxiDZ8lf/xkj7GH3o0Gp6DKiGetnKYsaJJGPeImdAQzHMlH7F0ypQGMeyWU9zh4ro8a8G+Sxorjz45ws/ORpN6jWifnDX0xshVjsVM/hD98xui7thsf++B8JxZK0i+sls0zpgtJvKyzJJytOXknPNMyqG+S5QN94iFfoCnP1ZgBGdEJVI7c+RXFekenXSNgrCqjCEHy+L09AjTXOwrtPfQovhw7ai7lAsE6f4N5uU8XbYdbqh6jG442ZowWyl0vpVa1Ea93Fy205vxoncasAiO0UT0UcMxekZ5jzeJU8crxieCtck7Z65GsHWuoWLSH2PX43k1JSKMG5zbZNvOszjR58fXHdj/HjXug9K5hHJekNk0A4+iAY/SwdzxaTCKbQgly4HTHX2JqBHMXRDYGm15qns/R5O48XcEs7aEWWVDvYyeiDrSM0il/29kMNb+vwzaPOdSwfb5GShZcirRWQgAdPdEM36Z6O1h+EoeazO6/Hj+JYf+DcX8/5DuC1nTkhQj9NFmoLzrHtc
-    username: AgDW9pYxGa/I0NBjXWcqcHZY2ZSY9IUd/sOyg40e6T5wPSioUgWqn3tf3EzNqUVJsSJndKWZnagXZGMafkYS3WYOsrIiSR4jyAtHc7t7D9TGw8dEzXeP8UF+ICCpd3YzD7856+Xov9pmXziHS1gT5hqywdFEruoiR9gtbrdEqG0PHFt96Bcve5JillbFWh2VsRBe4gMKoRfjGHd69voGsqkn3H4VwHITRWixNploRXOyq1+hO49Ka+Rs4TbQvXWTVAyqYZEWWKC9W0S8CN3mhzBDg+JNHSzsd1BqQNQ+lJ9S12gaTphWH5v+IUSlCWsIGDjwC5oKTzy5IYcw5V/DcfMl8/vYexb2dB4nQo0vJb1Ip+HPrBSl3HvV/Vz7Tq2fXN0h7QvyUjeEsTQaMrYe47AuMBCiNcmUY5z1KwNMfNjXSYbJEqLZ25ABj2xNq2GefZhWcBOl3zkQExgGfrmfh8eSzThMkfY8NpWho9DfitD44a9B9J2hGn5H/eUKbEJXLYs8JKXXBfSYZQJS7ac/ub/iPDfefSPPXeJFPBZIwnSP/khp9D/6/4tVQyT1XijJBrD2FkcX6nE5fcrnVmJtGEv6YBkOSyszJqtTBjXbHQuNnyCc2R//ybPev+CIyGvD2uZwN5b/8nKbABweLPRKpRJlM2v4e1N/Y70hxSOIN5iFd7FSG/8QV0U8Jm6ZI7xkoHAAitu8A2U=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: lighttpd
-    type: mount/smb
--- a/services/Lighttpd/sealedsecret-smb-credentials.yaml
+++ b/services/Lighttpd/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: lighttpd
+spec:
+  encryptedData:
+    password: AgCVf7upjlA1IEYq6QwaF3UTbqgd+Hw7910Zy1GKI99ii+StJmv/8U5AdN17ceEQVfkGpTgdgZ+crL72HKjkAWaEXKJDatHvvE2nbE1WjDcLke87Fff4aZAXrQQFi3Vxj6lcGlUlWnDME+Rer7XlGLZGuP5N4z9C+uXurWaEHa8NO/zC92H/UGuNbIZUeQaMIYe9yVuAQ7/S8GSjdWORepbK3k35b4nH9uuDqIt03eoPz9H1ngYH/vqT9L094srGeNTuuAgHpPua+8+QR62ZjBPxIU71bWu3FKZjqzKYuv5pPCm41No0kWU/+odsEDzzdOr2WKnEIxpbedli4FzoSXcTkCIEgUtOjqsxHuulP8hroy3C8h2Pi30OtxMGAocF06y51A1SXcawmP5toqHYqq0r1hj0VIqJBisOxrDJiad577au6lB7BIJ9go8pU+Sk7XLpNenUhOZ0nyjVv6ziZLZYAcETPVPZIypP8EoNNfFUUy3OCx/cX8Bcxg0U5owOMsnf/U0Bh5Bn2oR0Hnf7ry/EFIlYzYVxNGOYZlOIc2RJSW4SO06ly4cJfyG/nkmvtvvY54caivygh+nCKiX/nEoNnNH/HoGBU+OsGmnAc/4QEC/S1mHKYedSuTmz3SllkM4VOgBi0W/sZPLquO4JNMtxyUu93lRLjsDVTBEAeaAjI3axb19z+HGuiBzH/ydg81YMd3fv24xgi+FX8OiZoZaJ
+    username: AgBQKX7gfhaqhYGrOTZVKVEv3BcQlYHQ9hPUW38iaKCPQL5DBbye3oMkXgt6EE4rJAXF2XkZyPp/mbJY8hkqSoLxyCTakf3FJjLfcPx3q3VbS8k1kgkCeolm9iJHMhrGKhwXhi6di0ETY4olESDLeCkO91pQCTfKaoN8M7dYFW6AOuWkPy90fo6ehgo4V0ylTazTOnPdQi0+topJRPrpGvDlkE09Gc4CYivEb6G1nFSZq/fVCG8QqmUbo/y6jjURzy3DeYR7abmasWYwig/GoOAY7WkPJYCw9uCBJrgkcKlbjuUTCjFXb4fIF6Q6PLjHWo2sRTjwGgBSt3LwNNzFTC2uoX7sO1LhJPognkXS/WRAXg4TWmZ+8hOIE+LM7sHrEramanrxMzTMx7HHRFT+pD++/BrYBGr0J1Po/IDb0cyaREkDukGGKFH9cABxVUTHKw583YNSMEY1FcDuslcohafVVN12uCykKo7ls/xOGjxwNnBtei64vbG77WcsCuRbPIMpLbneB8TShQAGJjDNuX6qRaT88hRN+kTwdy1wdGT5y6x/KcfY9BGl65dnR74TlonuIvWRaPnqwScHTJnMrBZubaKEoNnb8WL7Pd+f4M/W/s8DgAqpmSuILisg7wQZJ91CoZVAWvCX9cNHQ8eDmtVIaMZeZlkNCwIdJiJLC9iAB54ANDVeMjkLJ/4p44fOGWATbxoZgek=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: lighttpd
+    type: Opaque
--- a/services/Memos/application-memos.yaml
+++ b/services/Memos/application-memos.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memos
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: memos
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Memos
+    targetRevision: HEAD
--- a/services/Memos/deployment-memos.yaml
+++ b/services/Memos/deployment-memos.yaml
@@ -17,7 +17,8 @@ spec:
    spec:
      containers:
      - name: app
-        image: neosmemo/memos:stable
+        image: neosmemo/memos:0.25
+        imagePullPolicy: Always
        env:
          - name: MEMOS_PORT
            value: '5230'
@@ -26,8 +27,8 @@ spec:
            containerPort: 5230
        volumeMounts:
        - mountPath: /var/opt/memos
-          name: flexvolsmb-memos-data
+          name: csismb-memos-data
      volumes:
-      - name: flexvolsmb-memos-data
+      - name: csismb-memos-data
        persistentVolumeClaim:
-          claimName: flexvolsmb-memos-data
+          claimName: csismb-memos-data
--- a/services/Memos/ingressroute-memos.yaml
+++ b/services/Memos/ingressroute-memos.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: memos
@@ -14,4 +14,4 @@ spec:
      port: 5230
    middlewares:
      - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
--- a/services/Memos/persistentvolume-csismb-memos-data.yaml
+++ b/services/Memos/persistentvolume-csismb-memos-data.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-memos-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-memos-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1001
+    - gid=1001
+    - nobrl
+    - cache=strict
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#memos#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: memos/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: memos
--- a/services/Memos/persistentvolume-flexvolsmb-memos-data.yaml
+++ b/services/Memos/persistentvolume-flexvolsmb-memos-data.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-memos-data
-  namespace: memos
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/memos/data
--- a/services/Memos/persistentvolumeclaim-flexvolsmb-memos-data.yaml
+++ b/services/Memos/persistentvolumeclaim-flexvolsmb-memos-data.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-memos-data
+  name: csismb-memos-data
  namespace: memos
 spec:
  accessModes:
    - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
+  storageClassName: csismb-memos-data
  resources:
    requests:
      storage: 1Gi
--- a/services/Memos/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/Memos/sealedsecret-flexvolsmb-credentials.yaml
@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: memos
-spec:
-  encryptedData:
-    password: AgBeEaCDaKwgafALNYq/ykvhoYtC9N+1D+DN37HrwpGEEbw8cXKBdmO7cV3hRL/uT9FvvCh3g0fq7a0xozjZiFDxzUM5V+pY37ENvoDBepbdAktwCXFhXmarSHVuLH0q8j8eS3OFYUR2Xdh6eivhpeYEqs0kC8G9VaplHWFGLJQBDKDKg3pfhlPu9E9FX7uspYHKazMfS6L0x9bxJl/hktl33Mh+kEprMcppYocdI3SNoR3OGvbwiZIpLG/ihavviybmzsRofUT8/s27ACX6URym7KCy/+Sq0hx4e5qCN30rYl2HkdKZmY91YPunnT+UmHuH30Vj52uFNV/ySd3P+G9hRE2BVNFvaZ5Mu4BA5Ei+F2l8xJar9NJ0mi2VYbIjWarQmvcaywfHR1TsQ5lmhSxHuJhx4tllTKcDHBl1wTWkRRWIjWWvRdjcCwNpAKGiKvbExxI715JgmFn/4wOvlX7UkRBUr3QAhVzNHVbd8mexlotqTIaPVXEjJ79Oc61yAU5Q1ZFLzpeDbI/Rz1egjBXsAW0V4ojA6TDKiyBEs9g3WoTjI3Ziwn31Rmg1r0/Vc2uJERcMU0i+Chh49duyurL3K6AKBfm7NHh6bwABUnYtb2BQj+CBK8Bkm3XWfLo8ul4hZarYwg2nE/tY2ZVIS1Jc7XpiZAhpBqF4Drz46lKY5Pi45atMmZt6rGAdx3LbZdk87DMqMnEdzX+PXLWSBQQJ
-    username: AgAJdgjk+DU8EhLKSHE/H3i4D/lwrzzmi5SqCc5XT6aMFnZ7hAtdubd6qH2QfpvS0EpjHn0C4WeT6JdUAvB4w5Ee3MPRmxrUlt4zfOjXtv7mrnrOaEunlczKxOJDZp+J8NsBb3fgzCfoZilAi9uewffDJ6YXxSwNTgBpx1JGB7c7QDxvYh3L0whqQN87hrw9ZObFVSTUztTQQH7QgDIBRUTH+1YkMHftkzKLdvwRdcKrQ3NYIqbcQFsFlelTVWQYfQ8WteR7k1H4QABe3oeCnm7OD3dwQbbuksd+sA5i4lsYHIPVQW46hcxhRk46ONTyB5HeSfSITE//p2XU3PLYoKWjvUC71vJkFtT4eFE50hoSdGZW7CsNJnnFGMXobhhtvPWJ4TdzM8bRNGHpmxxigTIKM/GNuhckuUNcHlFTYdqEglJpBAWpaDcgIiqaDV9S/AajSk8jwBNG7OQYNmJUiLe1ZyZR2JSVyFszCzJe9/I8k1RK5HEbBYpRd46oZS+qgD4/4t3P/9fF7I7IlMNjBdBDb4HGs9lMdnNQyXYaelMmPWrbw8FOSfV1QggKkcE4j2D2j60AmljLxVadnr0r1oB+NPsCDmo24BYhjMgSZY79vDcRK+sy9475A+UE7ACJYKdYHkh0tyriSn/Dnp/XXfr7dIi78dAd4q6DfTuLOgfKTe6MORktxgTvWKe+dcOXZGGKik9DLk8=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: memos
-    type: mount/smb
--- a/services/Memos/sealedsecret-smb-credentials.yaml
+++ b/services/Memos/sealedsecret-smb-credentials.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: memos
+spec:
+  encryptedData:
+    password: AgBp0xmRNTIUJ8c50lsNFa4SsT3HjJ5tMTR5QdCZBVlGDiYl7ZlL7nX7VMyR2aZf5awEh4fnSd145kj2NxIhrPVi0rdviH4BsmybNLf6WJzEKG6wQnJvD8d74RHsKV9NDkuOixld8qBwMBEo3WkfOPn2VYMYZrBM7H+7DGBiXcXOUG5vZ8W+au5FePluWGNsaJYEvOiyESla/jLYraKYFDq2mIl8kZdvVY9U5vc+ITa7ktgp0irtjm8wzv8M2/AY/FKk7PNZjE2vYQXYzhTSPZDzizDLRvvun/83yCvVLrHCLG7mcTyHB+6bDITSF5XSymxkAbU9MN455PLDzBcZJyH1QRO3Yi6dFY1vXA9q1vaboanxkInFaMQW/IZsR+GExVAGc+MZ9Q8kIT6tKVu6vw3PSCVUOlkbIJGdH8WPsdASTYpdusnt2NW9idjqc1bLXdCBqh3aMzwKTiD6wpA1kAWdCVpxkDdMZFg/E9sQJTqjD5XCRh0SvHOlrd2ZteHqyYLPYx1tkCDpN33b0K24XatftReKHlYnXum+RympNLYWs6cUyeegAAfauvrI4wqEhkB1oXvri1wRqAVKxo21hqf9Z0vPd0azkJ5+BA34QG0nfUskgNkvyJwNL7iwKgFasU+YziVHh21ZP8RxNRwzmNNcvcR/WiLrz7rfA05Pok/+q/7YLr5+QsxFbgemwXKbOUvARjHxi6tpqEoDp4r4jHG8
+    username: AgB3UU+q37U0s3SPnnb1YtIgxPIPGaogzc7L199wtqUHY1QJ0Z+yHegbtE0TU+c+RhpjGO41ntVnQiW5+V777G2Zs43ehJQmChSf6AXRtLTVeSRTzztlB3tACZfzglrU07LaGWkigAszLtTwJLkt9yFADewGlPEzY9EGSe3xFReA4TRIpqlNLlDwPBx/eI5TqehXtYkPQN4/+xsA2iWjJrVj8MxPvvQaj9Alhxfs51QYXmg/i2sC15+CG5ndSWhouvmzdqAYyb/L2JvqTcJludrMT4r3UhEAbfG1YLvPoigpkF1pVY3+hz1c1kb6YgmxBwGe/w/Ys6wjJIa1aESkf0xTTpfr6bys96T0VvI1GlC3WhU0jJJ42VjuSqfdwqFrLwCyoZNMB5MLmQLe5XrBz3bQ7DOA2MBdTSU0Pbd21hMxTnNtGsOa0rycm4u0o3mV3mwYQCzhIiMHZHfIQe1ULNwA3/c6yTRtWIClYFgVcPEgfwKBdVBM+hWEHCuol2XjHPXHdWeqCYr5fjjF8ain3LcDYJoiwXXtC6+G8s1u+LGX6pXlWNpWrUQMK8Ps1lC+5QxaJZFafHCTxcYbFRaQ5Zp92wfkfbfkqXc9W0KzkxeCIdkWRZgCcSac32oobcarjIlgF6tvnQ67NsGT9xV9vZkBs+eI7uCT/ohtwm7gNdmq5t0RPE0ScgWxqf+NgiCqlc5gpOTmsic=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: memos
+    type: Opaque
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Renovate Bot	853523ba8b	chore(deps): update helm release argo-cd to v9	2025-10-24 12:02:04 +00:00
Danny Bessems	2c7381150c	Merge pull request 'chore(deps): update helm release argo-cd to v8.6.4' (#19 ) from renovate/argo-cd-8.x into master All checks were successful renovate / renovate (push) Successful in 4m7s Details Reviewed-on: #19	2025-10-21 06:31:39 +00:00
Danny Bessems	157607f8a6	Merge branch 'master' into renovate/argo-cd-8.x	2025-10-21 06:31:07 +00:00
Danny Bessems	627fe35556	Merge pull request 'chore(deps): update helm release csi-driver-smb to v1.19.1' (#21 ) from renovate/csi-driver-smb-1.x into master All checks were successful renovate / renovate (push) Successful in 1m48s Details Reviewed-on: #21	2025-10-21 06:28:42 +00:00
Danny Bessems	ea7d28d98b	Wizarr++ All checks were successful renovate / renovate (push) Successful in 2m30s Details	2025-10-21 17:21:52 +11:00
Danny Bessems	78081b6e1d	Merge pull request 'chore(deps): update helm release gitea to v12.4.0' (#20 ) from renovate/gitea-12.x into master Some checks failed renovate / renovate (push) Has been cancelled Details Reviewed-on: #20	2025-10-21 06:20:41 +00:00
Renovate Bot	f409f41aca	chore(deps): update helm release argo-cd to v8.6.4	2025-10-17 12:02:24 +00:00
Renovate Bot	976e0d64d3	chore(deps): update helm release csi-driver-smb to v1.19.1	2025-10-14 12:02:38 +00:00
Renovate Bot	81563e5313	chore(deps): update helm release gitea to v12.4.0	2025-10-07 12:02:35 +00:00
Danny Bessems	10261025a5	Merge pull request 'chore(deps): update helm release argo-cd to v8.5.7' (#18 ) from renovate/argo-cd-8.x into master All checks were successful renovate / renovate (push) Successful in 2m29s Details Reviewed-on: #18	2025-09-30 02:22:24 +00:00
Renovate Bot	bf56417c57	chore(deps): update helm release argo-cd to v8.5.7	2025-09-29 12:21:30 +00:00
Danny Bessems	cb9c274542	Rebase Gitea Valkey container image All checks were successful renovate / renovate (push) Successful in 2m31s Details	2025-09-25 20:50:18 +10:00
Danny Bessems	a66f41b7c8	Merge pull request 'chore(deps): update helm release argo-cd to v8.5.6' (#17 ) from renovate/argo-cd-8.x into master All checks were successful renovate / renovate (push) Successful in 3m29s Details Reviewed-on: #17	2025-09-23 14:43:52 +00:00
Danny Bessems	d2e96761bc	Merge pull request 'chore(deps): update ghcr.io/fallenbagel/jellyseerr/jellyseerr-chart docker tag to v2.7.0' (#16 ) from renovate/ghcr.io-fallenbagel-jellyseerr-jellyseerr-chart-2.x into master Some checks failed renovate / renovate (push) Has been cancelled Details Reviewed-on: #16	2025-09-23 14:43:38 +00:00
Renovate Bot	fd533a53e2	chore(deps): update ghcr.io/fallenbagel/jellyseerr/jellyseerr-chart docker tag to v2.7.0	2025-09-23 12:01:17 +00:00
Renovate Bot	d4865ead6c	chore(deps): update helm release argo-cd to v8.5.6	2025-09-23 12:00:59 +00:00
Danny Bessems	c01c151654	Merge pull request 'chore(deps): update helm release sealed-secrets to v2.17.7' (#12 ) from renovate/sealed-secrets-2.x into master All checks were successful renovate / renovate (push) Successful in 53s Details Reviewed-on: #12	2025-09-22 02:50:46 +00:00
Renovate Bot	b90ef3a1d2	chore(deps): update helm release sealed-secrets to v2.17.7	2025-09-22 02:47:16 +00:00
Danny Bessems	58026303b4	Upgrade ArgoCD All checks were successful renovate / renovate (push) Successful in 3m34s Details	2025-09-22 12:43:40 +10:00
Danny Bessems	3d2d202ca6	Merge pull request 'chore(deps): update helm release gitea to v12.3.0' (#15 ) from renovate/gitea-12.x into master All checks were successful renovate / renovate (push) Successful in 2m35s Details Reviewed-on: #15 Reviewed-by: Danny Bessems <djpbessems@[...]>	2025-09-21 04:40:55 +00:00
Renovate Bot	3a5f68c308	chore(deps): update helm release gitea to v12.3.0	2025-09-20 12:00:58 +00:00
Danny Bessems	d919abc6e7	Upgrade Gitea All checks were successful renovate / renovate (push) Successful in 1m3s Details	2025-09-17 10:59:51 +10:00
Danny Bessems	2181a3ca92	Rebase Gitea act-runner #2 All checks were successful renovate / renovate (push) Successful in 1m31s Details	2025-09-17 10:53:19 +10:00
Danny Bessems	f3390656b2	Mount docker socket in action containers All checks were successful renovate / renovate (push) Successful in 4m50s Details	2025-09-04 12:32:28 +10:00
Danny Bessems	7263270012	Remove Webtop Some checks failed renovate / renovate (push) Has been cancelled Details	2025-09-04 12:29:50 +10:00
Danny Bessems	938e839785	Readd Guacamole #4 All checks were successful renovate / renovate (push) Successful in 3m19s Details	2025-09-03 20:01:10 +10:00
Danny Bessems	ab81f33312	Readd Guacamole #3 All checks were successful renovate / renovate (push) Successful in 3m17s Details	2025-09-03 19:48:42 +10:00
Danny Bessems	3cae084b8a	Readd Guacamole #2 All checks were successful renovate / renovate (push) Successful in 3m23s Details	2025-09-03 19:41:44 +10:00
Danny Bessems	f11827fe56	Rebase Guacamole smb volumes #2 All checks were successful renovate / renovate (push) Successful in 7m21s Details	2025-09-01 23:11:14 +10:00
Danny Bessems	708b882a80	Rebase Guacamole smb volumes All checks were successful renovate / renovate (push) Successful in 3m20s Details	2025-09-01 21:53:12 +10:00
Danny Bessems	271288b255	Readd Guacamole All checks were successful renovate / renovate (push) Successful in 10m15s Details	2025-09-01 02:33:15 +00:00
Danny Bessems	04eaf23ef3	Update services/Memos/deployment-memos.yaml All checks were successful renovate / renovate (push) Successful in 6m15s Details	2025-08-29 05:25:36 +00:00
Danny Bessems	db45c5517a	Merge branch 'lab-k8s' of https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog Some checks failed renovate / renovate (push) Failing after 7m18s Details	2025-08-22 21:50:28 +10:00
Danny Bessems	f437caf21c	chore: Disable Renovate debug logging All checks were successful renovate / renovate (push) Successful in 7m44s Details	2025-08-22 21:11:47 +10:00
Danny Bessems	41168f300a	chore: Configure Renovate w/ Github access token Some checks failed renovate / renovate (push) Has been cancelled Details	2025-08-22 21:10:37 +10:00
Danny Bessems	5fba8c75ae	Merge pull request 'chore(deps): update helm release sealed-secrets to v2.17.4' (#3 ) from renovate/sealed-secrets-2.x into master All checks were successful renovate / renovate (push) Successful in 1m16s Details Reviewed-on: #3	2025-08-22 11:08:44 +00:00
Renovate Bot	40d211b1f0	chore(deps): update helm release sealed-secrets to v2.17.4	2025-08-22 11:06:27 +00:00
Danny Bessems	e232158638	chore: Initial attempt at Renovate workflow All checks were successful renovate / renovate (push) Successful in 4m27s Details	2025-08-22 21:02:27 +10:00
Danny Bessems	422b72fe11	Housekeeping	2025-08-15 14:36:03 +10:00
Danny Bessems	9420bd5b65	Replace Guacamole with Webtop	2025-08-12 12:19:01 +10:00
Danny Bessems	60fe729971	Rebase Gitea act-runner	2025-07-28 12:35:13 +10:00
Danny Bessems	d8ae256d96	Fix values key/value hierarchy	2025-07-17 22:09:16 +10:00
Danny Bessems	85fe6ab0d1	Revert Jellyfin smb mount attribute	2025-07-17 19:20:05 +10:00
Danny Bessems	e804e2f429	Change smb mount attributes #4	2025-07-17 13:47:46 +10:00
Danny Bessems	cd13556033	Housekeeping	2025-07-17 13:43:26 +10:00
Danny Bessems	f5641761e8	Change smb mount attributes #3	2025-07-17 12:43:37 +10:00
Danny Bessems	3e9242332f	Housekeeping	2025-07-17 11:46:51 +10:00
Danny Bessems	6a3617b98b	Rebase Gitea cache volume	2025-07-17 11:45:59 +10:00
Danny Bessems	c0956bfd5e	Enable persistent session cache	2025-07-17 11:28:47 +10:00
Danny Bessems	7ca68d4bd2	Change smb mount attributes #2	2025-07-17 11:21:46 +10:00
Danny Bessems	a36cc8e096	Change smb mount attributes	2025-07-17 11:05:55 +10:00
Danny Bessems	f4cf0d19b0	Housekeeping	2025-07-10 13:07:11 +10:00
Danny Bessems	a09b612b87	Delete services/PVR/SABnzbd/ingressroute-sabnzbd-apikey.sensitive.yaml	2025-07-10 00:41:00 +00:00
Danny Bessems	aeba919dbf	Add apikey ingressroutes	2025-07-10 10:39:34 +10:00
Danny Bessems	11b95c4020	Rebase SABnzbd smb volumes #5	2025-07-10 10:29:40 +10:00
Danny Bessems	a543709c97	Rebase SABnzbd smb volumes #4	2025-07-10 10:27:46 +10:00
Danny Bessems	ac026251ca	Rebase SABnzbd smb volumes #3	2025-07-10 10:26:30 +10:00
Danny Bessems	602e636e4d	Rebase SABnzbd smb volumes #2	2025-07-10 10:23:08 +10:00
Danny Bessems	4122bd0603	Rebase SABnzbd smb volumes	2025-07-10 10:18:37 +10:00
Danny Bessems	0d6fc4f4a1	Rebase Radarr smb volumes #3	2025-07-09 20:16:31 +10:00
Danny Bessems	06cb457456	Rebase Sonarr smb volumes	2025-07-09 20:12:07 +10:00
Danny Bessems	65b35b1e78	Rebase Radarr smb volumes #2	2025-07-09 19:41:18 +10:00
Danny Bessems	abbc07a1a2	Rebase Radarr smb volumes	2025-07-09 19:36:40 +10:00
Danny Bessems	151af491c5	Rebase Prowlarr smb volume #3	2025-07-09 19:21:34 +10:00
Danny Bessems	420a1da277	Rebase Prowlarr smb volume #2	2025-07-09 13:39:28 +10:00
Danny Bessems	54f4b27717	Rebase Prowlarr smb volume	2025-07-09 13:37:39 +10:00
Danny Bessems	0d695d673b	Rebase Jellyseerr smb volume	2025-07-09 13:25:44 +10:00
Danny Bessems	39894c043b	Rebase Memos smb volume	2025-07-09 13:18:31 +10:00
Danny Bessems	cb6387265f	Rebase Lighttpd smb volume #2	2025-07-09 13:11:31 +10:00
Danny Bessems	3246f2f5e5	Rebase Lighttpd smb volume	2025-07-09 13:09:50 +10:00
Danny Bessems	1c8c55f3f1	Removed Headlamp	2025-07-09 13:04:26 +10:00
Danny Bessems	672ab00687	Rebase Gotify smb volume	2025-07-09 13:01:38 +10:00
Danny Bessems	b6d3848365	Rebase DDclient smb volume	2025-07-09 12:56:37 +10:00
Danny Bessems	77cf4c9729	Rebase Argus smb volumes	2025-07-09 12:49:16 +10:00
Danny Bessems	dd0737d5a7	Rebase Authelia smb volumes #2	2025-07-09 12:39:12 +10:00
Danny Bessems	fd55bd98d0	Rebase Authelia smb volumes	2025-07-09 12:38:20 +10:00
Danny Bessems	0608ec8936	Rebase LdapWrapper smb volume #2	2025-07-09 12:26:57 +10:00
Danny Bessems	31a1b2b403	Enable LdapWrapper auto-sync	2025-07-09 12:24:41 +10:00
Danny Bessems	bea3d3822f	Rebase LdapWrapper smb volume	2025-07-09 12:22:35 +10:00
Danny Bessems	f46a77a31c	Disable Gitea valkey/valkey-cluster	2025-07-09 11:14:15 +10:00
Danny Bessems	062f80fe03	Remove Gitea action runner related values	2025-07-09 11:07:40 +10:00
Danny Bessems	b49a3bf570	Rebase Gitea smb volume #5	2025-07-09 10:35:28 +10:00
Danny Bessems	9dc2f06ed8	Add Gitea custom manifests	2025-07-09 10:33:23 +10:00
Danny Bessems	e79e1d9b2f	Rebase Gitea smb volume #4	2025-07-09 10:22:57 +10:00
Danny Bessems	2a72ae033f	Rebase Gitea smb volume #3	2025-07-09 10:13:38 +10:00
Danny Bessems	aea22d8170	Rebase Gitea smb volume #2	2025-07-08 21:27:38 +10:00
Danny Bessems	f68023b22c	Rebase Gitea smb volume	2025-07-08 21:20:32 +10:00
Danny Bessems	85615694b1	Rebase Vaultwarden smb volume	2025-07-08 20:52:59 +10:00
Danny Bessems	dd92793d98	Added csi-driver-smb storage provider; Added sealed-secrets	2025-07-08 20:42:24 +10:00
Danny Bessems	d27dd9dbed	Reconfigure Jellyfin smb volume	2025-07-08 16:03:01 +10:00
Danny Bessems	17f228560e	Rebase Jellyfin smb volumes #2	2025-07-08 15:58:47 +10:00
Danny Bessems	aeaa0da2f0	Rebase Jellyfin smb volumes	2025-07-08 15:51:02 +10:00
Danny Bessems	09d4209513	Merge branch 'master' of https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog	2025-07-08 12:10:54 +10:00
Danny Bessems	1ca9b325ab	Added csi-driver-smb application (helm chart)	2025-07-08 12:10:40 +10:00
Danny Bessems	17144dd8f7	Add system/SealedSecrets/values.yaml	2025-07-07 00:48:36 +00:00
Danny Bessems	367c30da54	Update system/ArgoCD/application-argo-cd.yaml	2025-07-05 01:30:12 +00:00
Danny Bessems	07df06fb8f	Update system/ArgoCD/application-argo-cd.yaml	2025-07-05 01:27:17 +00:00
Danny Bessems	9e974b2508	Update system/ArgoCD/values.yaml	2025-07-04 07:28:30 +00:00
Danny Bessems	8d645e1089	Pterodactyl--	2025-06-16 09:28:25 +10:00
Danny Bessems	30ada6e0f2	Pterodactyl++	2025-06-07 13:21:56 +10:00
Danny Bessems	a09a513977	Increase Minecraft resource requests	2025-05-24 18:11:25 +10:00
Danny Bessems	d0fe364416	Upgrade Minecraft chart version	2025-05-24 18:00:20 +10:00
Danny Bessems	d1174c4ca7	Unpin Minecraft server version	2025-05-24 17:58:28 +10:00
Danny Bessems	cf6bc7bcce	Reconfigure LdapWrapper PV/PVC	2025-05-23 14:44:24 +10:00
Danny Bessems	32a58b7a17	Reconfigure Jellyseerr PV/PVC #4	2025-05-22 21:47:45 +10:00
Danny Bessems	ffcc42f525	Reconfigure Jellyseerr PV/PVC #3	2025-05-22 21:44:09 +10:00
Danny Bessems	510504a3e9	Reconfigure Jellyseerr application	2025-05-22 21:40:41 +10:00
Danny Bessems	19763bee7d	Reconfigure Jellyseerr PV/PVC #2	2025-05-22 21:24:50 +10:00
Danny Bessems	c3107be5d0	Reconfigure Jellyseerr PV/PVC	2025-05-22 21:22:16 +10:00
Danny Bessems	e158fb6a7d	Reconfigure Jellyfin config pv/pvc;Fix sealedsecret namespace	2025-05-22 14:58:50 +10:00
Danny Bessems	64e626efdf	Temporarily revert Jellyfin config PV/PVC	2025-05-22 14:04:48 +10:00
Danny Bessems	e814402f23	Reconfigure Jellyfin config pv/pvc	2025-05-22 12:30:20 +10:00
Danny Bessems	8c5fc26f27	Pin minecraft server version (fix syntax)	2025-05-21 20:52:08 +10:00
Danny Bessems	c8744d2ecc	Pin minecraft server version	2025-05-21 20:49:04 +10:00
Danny Bessems	4ea33540bd	Upgrade kube-vip	2025-05-19 15:34:44 +10:00
Danny Bessems	bb790668dc	Reconfigure flexvolsmb pv/pvc's;Jellyfin++;Jellyseerr++;Plex--	2025-05-19 15:20:28 +10:00
Danny Bessems	92e0a08565	Update ingress/Traefik2.x/helmchartconfig-traefik.yaml	2025-05-16 00:47:57 +00:00
Danny Bessems	bb2d591898	Update services/PVR/Jellyfin/values.yaml	2025-05-14 06:16:08 +00:00
Danny Bessems	be01b17266	Update services/PVR/Jellyfin/values.yaml	2025-05-14 06:02:19 +00:00
Danny Bessems	17a557432f	Update services/PVR/Jellyfin/values.yaml	2025-05-14 05:17:07 +00:00
Danny Bessems	489033cf14	Update services/PVR/Jellyfin/values.yaml	2025-05-14 05:16:42 +00:00
Danny Bessems	b43b848692	Update services/PVR/Jellyseerr/application-jellyseerr.yaml	2025-05-13 11:30:54 +00:00
Danny Bessems	e5f5e27133	Add services/PVR/Jellyseerr/values.yaml	2025-05-13 11:17:38 +00:00
Danny Bessems	f18350d890	Add services/PVR/Jellyseerr/application-jellyseer.yaml	2025-05-13 11:09:31 +00:00
Danny Bessems	4a48c0469b	Update services/PVR/Jellyfin/values.yaml	2025-05-13 09:07:46 +00:00
Danny Bessems	0b252584f4	Update services/PVR/Jellyfin/values.yaml	2025-05-13 09:05:44 +00:00
Danny Bessems	093252609e	Add services/PVR/Jellyfin/values.yaml	2025-05-13 09:02:21 +00:00
Danny Bessems	b123f1b824	Update services/PVR/Jellyfin/manifests/pvc-jellyfin.yaml	2025-05-13 08:40:41 +00:00
Danny Bessems	146b032d61	Add services/PVR/Jellyfin/manifests/pvc-jellyfin.yaml	2025-05-13 08:23:35 +00:00
Danny Bessems	97bb460333	Update services/PVR/Jellyfin/application-jellyfin.yaml	2025-05-13 08:13:44 +00:00
Danny Bessems	f8abcb4129	Update services/PVR/Jellyfin/application-jellyfin.yaml	2025-05-13 02:14:21 +00:00
Danny Bessems	5fa2bda698	Update services/PVR/Jellyfin/application-jellyfin.yaml	2025-05-13 02:10:18 +00:00
Danny Bessems	ec4008740e	Update services/PVR/Jellyfin/application-jellyfin.yaml	2025-05-13 02:08:58 +00:00
Danny Bessems	0ffc5b13a2	Add services/PVR/Jellyfin/application-jellyfin.yaml	2025-05-13 02:07:11 +00:00
Danny Bessems	9508ac4185	Rebase Headlamp helm chart	2025-04-28 21:06:17 +10:00
Danny Bessems	6d144ffa39	Reconfigure Vaultwarden storage	2025-04-28 20:34:57 +10:00
Danny Bessems	a7e9dcaeb0	Reconfigure Memos storage #2	2025-04-28 20:32:56 +10:00
Danny Bessems	8f874b09d7	Reconfigure Memos storage	2025-04-28 20:31:36 +10:00
Danny Bessems	818825f13c	Reconfigure Lighttpd storage	2025-04-28 20:28:06 +10:00
Danny Bessems	4d680ef046	Reconfigure Guacamole storage	2025-04-28 20:21:35 +10:00
Danny Bessems	fed1b92628	Reconfigure Gotify storage	2025-04-28 20:19:51 +10:00
Danny Bessems	43bb1cae89	Reconfigure DDclient storage	2025-04-28 20:15:27 +10:00
Danny Bessems	1819e45341	Revert Authelia proxy configuration	2025-04-28 20:13:25 +10:00
Danny Bessems	797089e868	Reconfigure Authelia storage	2025-04-28 20:11:32 +10:00
Danny Bessems	21dafc8d59	Reconfigure Argus storage	2025-04-28 20:06:00 +10:00
Danny Bessems	1313409e85	Reconfigure Minecraft loadbalancer	2025-03-31 19:27:29 +11:00
Danny Bessems	c98ecd0d7a	Disable middleware compression	2025-03-28 12:34:25 +11:00
Danny Bessems	24431e3ce4	Adopt kube-vip	2025-03-28 12:17:18 +11:00
Danny Bessems	ef3d1bac57	Migrate Traefik config	2025-03-28 11:51:48 +11:00
Danny Bessems	36e4aa4ff1	Dawarich--	2025-03-28 11:13:19 +11:00
Danny Bessems	73038ac019	Reconfigure Memos	2025-03-21 11:15:23 +11:00
Danny Bessems	e1c449c0c4	Update ArgoCD	2025-03-21 11:11:24 +11:00
Danny Bessems	dc280c06ea	Documentation	2025-03-21 10:57:22 +11:00
Danny Bessems	0cf244959d	Update Gitea	2025-03-21 10:54:56 +11:00
Danny Bessems	94ec6be3ac	Fix liveness probe endpoint	2025-02-18 19:47:02 +11:00
Danny Bessems	6432c07eb3	Add liveness probes to Guacamole containers	2025-02-18 17:18:06 +11:00
Danny Bessems	b0b7e5d102	Syncthing--;TraefikCertsDumper--;Pinned Memos	2025-02-12 22:40:57 +11:00
Danny Bessems	ad81a889ff	Adopt Argus in gitops	2025-02-12 22:21:05 +11:00
Danny Bessems	9c0199bfa2	Update Vaultwarden	2025-02-12 21:57:34 +11:00
Danny Bessems	9ea7472ddb	Fix chart name	2025-02-12 21:09:06 +11:00
Danny Bessems	b44768c042	Adopt ArgoCD in gitops	2025-02-12 21:08:13 +11:00
Danny Bessems	cc53be7f7c	Dawarich++	2025-02-11 13:19:25 +11:00
Danny Bessems	3000d8152f	Adopt Authelia,DDclient,Gotify,Guacamole,Vaultwarden into gitops	2025-02-08 10:09:26 +11:00
Danny Bessems	82ed32b874	Adopt Longhorn in gitops	2025-02-08 09:59:37 +11:00
Danny Bessems	ee40f4a350	Rename application folder	2025-02-06 09:55:39 +11:00
Danny Bessems	8aed060596	Rename values file	2025-02-06 09:53:14 +11:00