Delete services/PVR/SABnzbd/ingressroute-sabnzbd-apikey.sensitive.yaml

README.md

@@ -118,26 +118,6 @@ helm install longhorn longhorn/longhorn --namespace longhorn-system --create-nam
 
 Log on to the web interface and delete the default disks on each node (mounted at `/var/lib/longhorn`) and replace them with new disks mounted at `/mnt/blockstorage`.
 
-Add additional `storageClass` with backup schedule:
-***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
-```yaml
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: longhorn-dailybackup
-provisioner: driver.longhorn.io
-allowVolumeExpansion: true
-parameters:
-  numberOfReplicas: "3"
-  staleReplicaTimeout: "2880"
-  fromBackup: ""
-  recurringJobs: '[{"name":"backup", "task":"backup", "cron":"0 0 * * *", "retain":14}]'
-```
-Then make this the new default `storageClass`:
-```shell
-kubectl patch storageclass longhorn-dailybackup -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
-#kubectl delete storageclass longhorn
-```
 
 ### 3) Ingress Controller
 Reconfigure default Traefik configuration:
@@ -161,10 +141,6 @@ kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.pas
 ```
 Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
 
-Create ArgoCD applicationset
-```shell
-kubectl apply -f system/ArgoCD/applicationset-homelab.yml
-```
 ### 5) Services
 ##### 5.1) [Argus]()    <small>(release management)</small>
 ```shell
@@ -261,15 +237,4 @@ kubectl apply -f services/PVR/deploy-Sonarr.yml
   or
 
       kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
-* Delete namespaces stuck in `Terminating` state:
-  *First* check whether there are any resources still present; preventing the namespace from being deleted:
 
-      kubectl api-resources --verbs=list --namespaced -o name \
-        | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
-
-  Any resources returned should be deleted first (worth mentioning: if you get an error `error: unable to retrieve the complete list of server APIs`, you should check `kubectl get apiservice` for any apiservice with a status of `False`)
-  If there are no resources left in the namespace, and it is still stuck *terminating*, the following commands remove the blocking finalizer (this is a last resort, you are bypassing protections put in place to prevent zombie processes):
-
-      kubectl get namespace <namespace> -o json | jq -j '.spec.finalizers=null' > tmp.json
-      kubectl replace --raw "/api/v1/namespaces/<namespace>/finalize" -f ./tmp.json
-      rm ./tmp.json

ingress/Traefik2.x/helmchartconfig-traefik.yaml

@@ -5,19 +5,22 @@ metadata:
   namespace: kube-system
 spec:
   valuesContent: |-
+    core:
+      defaultRuleSyntax: v2
     additionalArguments:
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
-    certResolvers:
+    certificatesResolvers:
       default:
-        email: letsencrypt.org.danny@spamasaurus.com
-        storage: /data/acme.json
-        dnsChallenge:
-          provider: cloudflare
-          delayBeforeCheck: 5m0s
-          resolvers:
-          - 1.1.1.1:53
-          - 1.0.0.1:53
+        acme:
+          email: letsencrypt.org.danny@spamasaurus.com
+          storage: /data/acme.json
+          dnsChallenge:
+            provider: cloudflare
+            delayBeforeCheck: 5m0s
+            resolvers:
+            - 1.1.1.1:53
+            - 1.0.0.1:53
     deployment:
       initContainers:
         - name: volume-permissions
@@ -66,8 +69,8 @@ spec:
                     stsSeconds: 315360000
                     stsIncludeSubdomains: true
                     stsPreload: true
-                compression:
-                  compress: {}
+                # compression:
+                #   compress: {}
             tls:
               options:
                 defaults:
@@ -76,6 +79,7 @@ spec:
                   curvePreferences:
                     - secp521r1
                     - secp384r1
+                    - secp256r1
                   cipherSuites:
                     - TLS_AES_128_GCM_SHA256
                     - TLS_AES_256_GCM_SHA384
@@ -123,8 +127,11 @@ spec:
       storageClass: longhorn
     ports:
       web:
-        redirectTo:
-          port: websecure
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
       websecure:
         forwardedHeaders:
           insecure: true

services/Argus/application-argus.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argus
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: argus
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Argus
+    targetRevision: HEAD

services/Argus/deployment-argus.yml

@@ -18,21 +18,21 @@ spec:
       serviceAccountName: argus
       containers:
       - name: argus
-        image: releaseargus/argus:0.18.0
+        image: releaseargus/argus:0.21.0
         args:
         - -config.file=/app/config/config.yml
         ports:
           - name: web
             containerPort: 8080
         volumeMounts:
-        - name: flexvolsmb-argus-config
+        - name: csismb-argus-config
           mountPath: /app/config
-        - name: flexvolsmb-argus-data
+        - name: csismb-argus-data
           mountPath: /app/data
       volumes:
-      - name: flexvolsmb-argus-config
+      - name: csismb-argus-config
         persistentVolumeClaim:
-          claimName: flexvolsmb-argus-config
-      - name: flexvolsmb-argus-data
+          claimName: csismb-argus-config
+      - name: csismb-argus-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-argus-data
+          claimName: csismb-argus-data

services/Argus/ingressroute-argus.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: argus
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Argus/persistentvolume-argus-config.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/config

services/Argus/persistentvolume-argus-data.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-argus-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/argus/data

services/Argus/persistentvolume-csismb-argus-config.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/Argus/persistentvolume-csismb-argus-data.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-argus-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-argus-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#argus#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: argus/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/Argus/persistentvolumeclaim-csismb-argus-config.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-data
+  name: csismb-argus-config
   namespace: argus
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-argus-data
+  storageClassName: csismb-argus-config
   resources:
     requests:
       storage: 1Gi

services/Argus/persistentvolumeclaim-csismb-argus-data.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-argus-config
+  name: csismb-argus-data
   namespace: argus
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-argus-config
+  storageClassName: csismb-argus-data
   resources:
     requests:
       storage: 1Gi

services/Argus/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: argus
-spec:
-  encryptedData:
-    password: AgAs9RV1K8QyPLGXXc0+RBOqY3VKNMa4No51KIOv9keZJavJFSzQPcuaWXqpl0fVI9zYXLyIHdyRbXL0GrvYlWboR1VPskFNcp7MnCkzRpawgo4QfE9Q+WDI4yZg4eK/8XGejAjCQU/KsFU8dVWHuHG1/W8kV2dOvKIhX6FTirKMDedVDmdgojAPMGM8+smPfC8+yBs5O4+IZtGKOe8mEH2c/3dYu6GK5q9N6czBYMuj1E0b+8fHjlWjh6fe5DDCUGUXqY2BZCxMSKOZReUbWEdPNU6MtdTHNglVhRMo//6mlA2VVkAlB9uaCdGmCMs/VJ3pS8NEeTd86zukyoY+j3JHvRrHuxGVEoKqnFE9pEgO/UB4SyuVVWbNQ4+QXdyDTHgmArvd+MfRvtdj9Kkc18CWKXyRTj41lKG+C/vBM0ATt+hk4QvacEt65kZ+fY6TZHYJq6JluuDrwQmDKcuv44uL6t9/aGpzfGTx4OnZqxC/qvX0V4GhkRzwLLxMhqZa1ZbqgRXLHero10f4JvD/usmJcHZP1hgohUXbSlOqNSWIQk0weaZjTabT1xBxXjVzDBywnzcmixmJsOuuZuvYrbrsKaHNC6gcvZArj/no9Rv5V4mVihRfGuxJs++GCAfq3FdseuMCCvLe306henvSftvSjNNodc+JFJaTf3m4PknSYH9uEkV2CXGm2obRUpUNBUiJd9Icr/ug4jOzNmZNOlOC
-    username: AgCHpKikNpk3UAHuBA62jZSTdiVatTI8Qnmiu6LGhZYraks2h9gOtgjg6mukxXcy6IO6LKVr68DaxOfvYE4LdFQdrq0SI2syzofc4n+FCXn6f2HlBVhqOFGrVE9qUE36lKHJEFccvkirzhgpy2M8OX6KtwywTBvsVujzla5OXR19vgNao9jTzsOL98wQfU1TYyaBw9y45kyCB7x8PQNw78GmeWJ5KLVNXN/yHowE8Qmlvh86QV58NuTKC1rVbSqh3VnjnZuz/BSUUDV4GitZLqWKSZ5hZyPWC9DZXzUI85d8+BfHJ7hrPhBd7ehUpbpFQfIQQA1VNAZvOEXU5EClmd6iQ3fWrYo6hOxYZkiE/qcNkSLXmbWYBixq6s7RLJwHlxVNQt9J11XM5DY9OlA7XhPa9zo8FRrYDwkjQGahgA/AzwvIKpOBbVfCMSl+crm3jjQthEL3DN/6ZowYq5NXG9n6rhvOxTjvmqx9FP3RT5OyPFkXGCrTJ8JqPgxyp/Vy6si9bjiqzwJtXY6ZeyCFLW9mOdQmn2vgFxviDM8pxaBmOJFdbJNuiHV5Tc6iM9YBi3n3hTV/tbiMmKeVQSKydm5ZGsgD4/CJT4oDFynjhWObvYPLphb/hccM6m6c7Hf/i9FI1LOCk1cBRbyXRV9Cds92OljAx3YnaumyZ5eRgdROdAbcqqhjR48k/UCsY5tUv+LktyuzVqA=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: argus
-    type: mount/smb

services/Argus/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: argus
+spec:
+  encryptedData:
+    password: AgB8gU7Lj+Pn5B/oC8HtyKnKUzSvB7NRvxJOC2UmKjt3hj3pcRmfKrEh2khkcfSksb6x3f4ttIxYV2uFsXJfL4Wvi6zhsgvfgUHT12oD1/fuxD0LvHCm9otlGp8yyiQu5mPrFBdsGJswreBY53sD0UUdgu2riAlX0ESm+xKhzDJ6eSM8/Iz9Dq4GIhivLZ3OcZJw9hbgbelICIgvuxJZ3bWLfakPdeNDQUoayZuG3Z4GW0KPiqOMyaWz1/rljMHFaZHnFaszgKobwzPihsWWAnXEWmn54fwVBqfe/jNIo8CBvjlZGnMzinaS5lKTHObEVIG+F0XRI5VNFPa89NbsGKN71HJMFYU729lzdl58yy6B/5K789JRtxWUi/8I/7H8kLZWzUhUOqAcmLpVHKWnkH0Ub4MLtDyAaTJam5HqTtsvPDMW3+njiC+8vxC3n0X7q7pzAQQzM5JPZ7G/On6irFKe4LryfrphHiCB/gyJlLpBMXUqKJ4MvzUQU8G8e8W3OLMbtPl0O6oFuFxD8bUA4gdkoPO04bxlLvRmxlmavkbA0vFi60L6eyIOq5yzxvuEd7tzyD7SEO49hb8zW/LS/+H/PE/fCVT6crn+UbNOhgyaHR8pxlNpy6Z4PAti3mG8ZOtKVD0mx6fm8BCPHfWVFyC5YO6kNI285o4uuqsQI+SSZ+zkxwlFwvLcp1RdfJZFLUNyrQm3mlvMUY9xjZANlCHZ
+    username: AgB67La0V5HRLzZ1RqR0Y0nufYKq3z0SK/go4AQ0aaZwQEE/mIy0c6xhdkwup7ava4PzTyOavEEQoluhojOcrVTz9qKUHoMQHcnhS3NagBc/QCeA+2rL15qw9ZUn5+sSU4OhM3UNCTy2jF1kMoXr2cdCi9pALRdAXPLhrccPoaItmWkA4bMRIe3on78BQUOlhF+zJjcMciPlDo+9ywY8ArShMHj5YlRgWQ6uOJmIH5FFp2BcXKP5d0gALoVQ4/Ek4zIkk4YubtO1C0sqfbvkTW+oxeymUSLd2PddGyF18iohfrgje6PQAvvtkDBX2hUuVcp8h2oFj2JkeZld4neOYpDFbdKwe1aGep24GxbYIt24j+iFfs8txqXhQQsHJWJmwHNB2798gPvjIxPC+G90V4/drsjr7KiAgdWKUaqU5JMDVo2HTSplyWpS1LZIGQmloafWiAXvTWQVIEg2044TXQIq2X7k3npbHU/KcWmlMqR1546QawsZAnohWaOIskqEBkG7nXx/eeYk7LVppP2TqdRtt+VfuvptXgfFhkOB2wUSOwqWH7OkQu/k3jtPR0FVJni+Hc1/+fKfuStwvEX+/1bdjZuS8DUGelOb1d/pXrHw+KypfzXcOoDaO31hJMQOEalXZc2GNJleAvLAxv34s8fFWKWvnEXqwYIaNwRPvX64GtencJwyFo/rdO/HH7gVIhA2DCDQwB0=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: argus
+    type: Opaque

services/Authelia/application-authelia.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authelia
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: authelia
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Authelia
+    targetRevision: HEAD

services/Authelia/deployment-authelia.yaml

@@ -29,7 +29,7 @@ spec:
           - name: web
             containerPort: 9091
         volumeMounts:
-        - name: flexvolsmb-authelia-conf
+        - name: csismb-authelia-conf
           mountPath: /config
       - name: redis
         image: redis:7-alpine
@@ -43,12 +43,12 @@ spec:
           - name: redis
             containerPort: 6379
         volumeMounts:
-        - name: flexvolsmb-authelia-redis
+        - name: csismb-authelia-redis
           mountPath: /data
       volumes:
-      - name: flexvolsmb-authelia-conf
+      - name: csismb-authelia-conf
         persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-conf
-      - name: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-conf
+      - name: csismb-authelia-redis
         persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-redis
+          claimName: csismb-authelia-redis

services/Authelia/ingressroute-authelia.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: authelia
@@ -14,4 +14,4 @@ spec:
       port: 9091
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Authelia/persistentvolume-csismb-authelia-conf.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-conf
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-conf
+  mountOptions:
+    - dir_mode=0600
+    - file_mode=0600
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#conf
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/conf
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia

services/Authelia/persistentvolume-csismb-authelia-redis.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-authelia-redis
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-authelia-redis
+  mountOptions:
+    - dir_mode=0700
+    - file_mode=0700
+    - uid=999
+    - gid=1000
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#authelia#redis
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: authelia/redis
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: authelia

services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-conf
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/conf

services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-redis
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/authelia/redis

services/Authelia/persistentvolumeclaim-csismb-authelia-conf.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-conf
+  name: csismb-authelia-conf
   namespace: authelia
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
+  storageClassName: csismb-authelia-conf
   resources:
     requests:
       storage: 1Gi

services/Authelia/persistentvolumeclaim-csismb-authelia-redis.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-authelia-redis
+  name: csismb-authelia-redis
   namespace: authelia
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
+  storageClassName: csismb-authelia-redis
   resources:
     requests:
       storage: 1Gi

services/Authelia/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: authelia
-spec:
-  encryptedData:
-    password: AgC/GDJHhqeyFSWsJ8Ie3tt9ppAe3Ns6tt29rieMKcJrQ71sn47MFEow9SOJJVNSjzUWukDg8tRrkq3CdB63jz7NO6CWKNy++nlSU0adDtuwioNUov3a9bnhzgdjjM/ZzpO/pz7j/utGFO1bkPWn4bU/tGoRYM1TsjP1t9m2qL/Me9LigLtafG8LTd/JKNHdyvii1CNcWkZoxKTocy+YdB3hA+0KZClxaQ2O5KPZMl6AoxJGWcuOVpvqQ831Epkl4f+uJp+YtMZbu+poB+hxhuhFZZH9Sx1sn20mZd8M2Kc863oJjzpZPAR5I9faMmDyEqBvJmdS9C9dZrpIdeDZFm25QYIGgu3ZNk+LItuWSoW8kZGsEefsINV6rqAOQmysfvq5aPkYe90RHvaf6Nf0F4wYq1fEiEoSnLPH+J0ToUSIPxMftBcXimTm/HtkUJCg2+rDb+EHp9ahjGaJBp45vd8hOKSF50GA2X8e4UlvbR6QBib6G//F7Pf6OBgsVxSvKQmlSsrBJRo3hxm7G7iLWd5lCmk0jbgRFWJvEnQMk/FqYoc/fcodpGtzEM0I6jL4Kpi1DnRnIgHQTWtU3LVF9aym2H1ExhZfhu0I2F56VQsQcg3vUVOBOwF+XjlrBaAEAEMcbBuigUbvqiSfpUHMQJSsIjtnkAEUs0/19iNCNNSvmjENr5Ml+88iqYQmg9hY11s4LbrsXa5t8q2TgTBrfPVw
-    username: AgCORI9b0L6FSdB+yDY6VEq77p9CFcwnpZ7nb0M1bz7tVNluYQSB69Y6dLTDCCVx2KdOXyU/QOdb0z8mzEywtC9R4Kzm4+SkTRHgrKOTmxXF3qW5VZDe0UlbSbJUUb3YdC9k2HPPoUvg45woGv1LGXFHgYTxbG+U1lxU8LDoMKfBQ3+GaeUUjI2bx33kyHKztyQizd+b2eSkoSHwRCHiBWZMNYa3zEvY6+07ytKJtaOhGhVsdt04blw4jUMym2sHOBCf95pAzI9gJH2RcuQBQI+ZXci0VeMPvmY3B6T+MruH+1Goy+/HoZOjI2Keu1Jk/Ppg/1FyB9VGX6A2YMyismk8LKWKG0/RNBfWn8RcDVlpgAcjDeX2PdYY17E/gZz2NLnIctBJ/dc93QjrAp/ZfLXBakCA3d0LKLFjUbpKwgaST5wnKif+UjqasDyjVkEG7jK5lGk3fmRCDyPgyxzqkUOSeCHQjDUa07AqKm56qfz/Wr9gm94VC1GiQ39F5/LAnAa2+qAQyJ+RVCBkXmt33sDSvelmXKmh9rIBCvsIxwUSkprpf76HcReRjaRv/9CyuPaskjYAkwOX6/NQPDQVHgKYtvoUhm4OnJ4amrsK2tPco1HC9xPGFIhrqoWeyfiUc1ui8IjxO5geV4hAWSUi5J/H3XBXsFpQt6ZqbemTnQyorTGd0asNP/6OTBtMcIgaPMmZi7F1Olo=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: authelia
-    type: mount/smb

services/Authelia/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: authelia
+spec:
+  encryptedData:
+    password: AgBFKV//U1Pd9HlRAIk1Mv4iQBs5A3Z2ixe5RqglCAmpeG5AgS1h4pIuZSN6tEPAj7lKkkFt0LkSQIlSIBiU+Rqw2ziRwQuntIOy2IRmGMRyHA6f7AdFM21HHI0eS7ND0yamlYV0RPidyn7TzYhAmAoECsFzU64COBYZcZygVquOklw5zTH6MlXzTC6L7l4FtbQa1mvuIgGT5p0jXarSAAODOPm7O1c+g1aRvqWDSz1LI5wq4c5kSXdNlgH6+ZNLiYNKUx5HfqujCsd5wHW/hou0JpliiLFsADW0YXssLgb1zkCG++FdO+Pt/kDVStj4yFcSg7h2Ym0U3kmKx0H0mH7Qz91N5hV61Cc3Yh1ngyVS1bmW4xvlEy+yefYwvqWjWcoQHtBWqXJvNOcBkigo6+fd16YhHwRVp4REipjd7E5EXqVdKFkwFznLK4lm9LmCFT++WT5v4zJNia/AkXsAZwld7T6oR0uZ5aaXjnGh6ah5QRstAs3fDaJBObPPUOdBgxQ5mutp3AZkrWJnX534YRLtWkTrVftCo8hxbsVqA+h5deGKuBPPCGtkBbdk3ytrMmZ3sSw4ZZO76Y9aEK8eG/N+i7NOi1DM5KwMknURR2c5WMlbAABkUswLlB/ChnUcWhsJ2ooS64kcGGAAoqr81fxy7EKK9KzBEqzQq7dXZg0U8786xD4yQQyy2FercGY5g2HAsqripRbvCCNkMihTjA7d
+    username: AgACSLitw/XzwlDjsVTrwSEUigBO9NGtYTxK6oSpkuervaZW3K5t1O9CUNm3BfOUTaz/yZDnu+LtgXbVMIKp/SM6ivmCzxPO/4Ph+UD5m3mogGl0fV1agfN80VOsxbpZHwXmTGwws9jY4jFjFHRroNgfYtpwp0f7NYiuYCg0c0+9xrm3WURKcMoUwfm01Ut7aSld24xLgePYtiS0YzbhYg0bDo6sSGUWOgyxJxRiMaqCu5JNyQl5byJGUuOgJB1J/ccsZwu47WdercWiEcSQgd1SZpBJzvzIaTpyaafAd/L/uX7cXJW3RBAyzwO4mq5hdiYXzRG12FKJB+HSaYOEJatM5WFZTNLtLR+S+6vrOIA8KnPeOF7HQUupVolYGH/Aq/Kc0o33iHi58GyFIJUnY70HwJpTgF1e35Hbhip83vjQEXcB1Ly7sSbGT7UbMUYjyVSHRXoNg5QY4YXIkWm3qTiWr+ws1JYX3jpkRswYsk5mIvTneF2grGgdcNJG4XBKJVVn8BLTsW0wC/BAA1thIn0cLgCN3tgT9bgu/r518TMxa8hOdLsNuCJqVr6CLEWuoFqB9QswS/4gYwUZgLlbD2FW1mynLq7USi+hDt8sPjrZKQYmGhLDdlTNEF6YBOX4xDmXYvc26cE33QYyAU3+8lpRTIHX1l0OfjQ6tHprvgZbMi4hkDtdZgW4PgvE8wLdr2NpBO8CEv4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: authelia
+    type: Opaque

services/Authelia/service-authelia.yaml

@@ -4,6 +4,7 @@ metadata:
   name: authelia
   namespace: authelia
 spec:
+  #externalTrafficPolicy: Local
   ports:
     - protocol: TCP
       name: web

services/DDclient/application-ddclient.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ddclient
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: ddclient
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/DDclient
+    targetRevision: HEAD

services/DDclient/deployment-DDclient.yml

@@ -20,8 +20,8 @@ spec:
         image: linuxserver/ddclient
         volumeMounts:
         - mountPath: /config
-          name: flexvolsmb-ddclient-config
+          name: csismb-ddclient-config
       volumes:
-      - name: flexvolsmb-ddclient-config
+      - name: csismb-ddclient-config
         persistentVolumeClaim:
-          claimName: flexvolsmb-ddclient-config
+          claimName: csismb-ddclient-config

services/DDclient/persistentVolume-DDclient.yml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-ddclient-config
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/ddclient/config

services/DDclient/persistentvolume-csismb-ddclient-config.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ddclient-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ddclient-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ddclient#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ddclient/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: argus

services/DDclient/persistentvolumeclaim-csismb-ddclient-config.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-ddclient-config
+  name: csismb-ddclient-config
   namespace: ddclient
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-ddclient-config
+  storageClassName: csismb-ddclient-config
   resources:
     requests:
       storage: 1Gi

services/DDclient/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ddclient
-spec:
-  encryptedData:
-    password: AgC8YpHe7iZjSbAit7fxn2+JSSoZWZEyktda/agtNTubuwm2n2ZUAQ2QLBPkotkBNJMwAJMJ+LM27EbRGplDkEFfYvIRu3vJk+tj4eSPSlsJ/5csosSafU93cDe1y1Ifj2DCm2ad1CkSy3dc7L+xggIxY301LgIZMMZK5nZi4j4cyP3/Z5H7NSQ4NvkNT/UDiQ0HtLyFfwOArWgRtfS3+BEfKKzlNuRIbK2GgNb0O95VkLVXhNv5mqd6SDsaOfVZ4/ZMGWjp4PNdS4NIuPQ6wvuOnY+6+FVNr0wpWWdbvDk1SvKMc/GRVwxtW6xNFuL294jrUgJgo5QAcC/kQ9+6AVN49obx75XsoztB4zglvFhMxgD3UDoDmBKzMD/35VLtxYwvL/KC3lgwgFZv8gCIh35yWSLOsEN0R8WSeUlKKqiKaYT57cbg1tZAaug3ButQkacJfxu3ebCXU7xkNEdYAsYLI9Hay33gVMHmiGzF8KVgfl2yO7Qfm+vswZVmLPQxOxHdvKciO3v/+bgLoBc7OHbIME2IRjWNu8zM3fUW+2k34duC0KVUxdDgCXOFyLV8WvaBUld6IXViBx5CU9OpAlJvka0pz/9ehlzRCx6qZ55vhPjeEUA1Y6zPCMYQY8ZikB6Xti7md4a+qWYgAmvekMSB7fSrd1JyWzKgSp0LB0ihflIQDTVS2sE6RwerFf0Qs8vJOzaOs0i4mS1V19Yz10Gj
-    username: AgBwnjfl03RuFpBuCMP5E5a+UfVow+tJ7kLVgoZlFC2qrOHZ4R0C4nwLZyKmSjKXVCJ202jqmkWo5Y1uSJIKohIS04U+PS9f1zaLXJthJUnEFlszyF+/UHamuePpT7rn3+woDPYqrHhEmKYAScWNUeX/LRvFekbRWROY0ZFiXq9Oi5Yr5wDOJC0iRGKOs6zMn0xvkdOEtiBLH0Usn6yT3VWov5e+XJO7uWbhozMvx3Cypqrf/zBOYBAZw9nxpA8ccNko0mTlTgWTQfvQScP6zVQQWeXGR/w6kSraLU0EqGI7v1f99s9k77AOcUFYEBLwjYHUEQsUqjWgD5fXa+6zVuNtWxAgYmJIdIztWx/3jKtWGy35nlovVIiF+RZFF+CbGZzlBEYhcW/ngZnK4B5MCvwAUz1YCrIiF+nQPGrHLPQ6H4xYiwMGaQa0CkJfWAgi2agljTFQUJW1JF19MNYFUxChz0IrUb/SKZ7mr1LGuTP/9b5PqdaqGSVIaiwDVfWDJoClM6kMg06E5hOcYvTnrbxBkl5966q81Qhj6OqKaXXtd4GG5FDTVLiw+TwPjqC1YREFE8/DDJIe0r2GbZOVQit3VCH4gZfx2FSSseoR8WZNvHw9r8mRZ1C/0Ruxr7Ed/3uhPlwNYqBYNuLKDlSu3m0trvq/Eo163X1aBSN64VMoiXUn53zgOClcs9/PgfjTXwZXe/2w1rs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ddclient
-    type: mount/smb

services/DDclient/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ddclient
+spec:
+  encryptedData:
+    password: AgB2+te1+XyMsfrWSl7iEmz0O9dV0h/CrzroddfZ8cvFpP0ObGx2Lkn3nvBu2U0/aMpXtl7CV6dARmHtAV4HjoeNTtNFVtnipa6aoQYtzxLSOP/oMJQdPnXNUKxd2LyK+vKpSQy8AXR/zh3dcMJxoxfS7H/Uc/f66ogRP4gSK0JohArjnYZexlIxF3jHEZf2iHp+gGXA5ju8lO1vLl4CknnnH7Z6f1/PDrN95tePv4lXnZe2D7Yb+4Aw7Fo2QtdpsmToEoIdS96X2cBHG5iSsDdeZ7JSL1LzcWWGtt0fbhQQAamPMcNvKv0R1MZgg3A3du6Yk64Fj6s5ngo8XbTk1rgRa2Tv3ODuNvrJrtTN3QGQjI5hgqrivQB5hR7hOt4IXyc2EX0stMlZSvoelrTJsK+Xuh9fyvr6K4nA/QzgiYCAAJQT6XdxN8p1VzSENwjo0EwNQ8OyDY/nUMy7assx0vGYiJj1KbzW0dG/RERBLoC2RlxQcTFSvvwjZG/itV8ffoKdrbsz9p6nJVhh15WvrfV5csBcDAr8r0h2XjoJLUpJF+p9u56UKcS9qAgtSHYbCah9jOFbjFlcPWCrvnUqMV7nU3iwSMYM6q8OW48LnEmHHSwKSMp2auo6o36lt6hge73DGMGxTrHQHn/RLXVdGFsGBviMD54clusBmeOhFU1mQfXWDpgIb3+cwESyMrkpeSqwWqW8ztGj3ovmdbo1NlJa
+    username: AgCIqggFRQB1jLa1I/W8Q5fZNMQyLKSLmx3UjMwr6MNsWgmIcs9xGs14tA3GkhiMpa5QScYWIGLKjX4Z00m+oZjc0WXHDUHmgFA/Bda9Bim5HpTlMYvPGFNMn222zArVD2s/Yhc3Sgcllx/1aGvhHNhlvHVxPXXuLzxwomAL9XyARQ2k9haqC9OUxssSbj5c2l0FDLmEw9+GGuomYJ0FtQkCdv7vp3AXwNUHrfJhXDJAGPuVH554q9y66E27d4DJlnuWEKBP9v3fj/rNAMBANyZStJ4XXQykSpJzzWFM0vYSpiYf9aQJIv4SuNVS58hEVMv8roPBpbcMFL0WCZ8RwMyaNrOWPHROC83BXoLBt9N2k+a2E3B+K9btm1QsqIXaNwPrQBG+adB1OWBIuYU4KStETb5LyZDhdah3KrUL5BLYFmsdYll5KOMPGZJiduK6A443ekQD1mEB2XW/PMjsd1CEqzohu9dip4FjXoW3IOlzVgArMOXBboU6SX7TY9jQ1Xr/GwwXP8esHp8+ct13f6Xqq0nnscDvsiMaw6SiX3N1dJ7ouNTQ64AjND81X5QaRU3+BuniKUAJtwdHFXdrtjpIbZtHDipVXVRJDwLs05O0hTsuLa1vTb7FTAdc+4ezNZHbfbq59W3gvcomue4zCT7NkvBW9agN4Z/+JV1glRjKo2D8uPK1gXbi3JAJeU18WsaZ5CVc5y8=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ddclient
+    type: Opaque

services/Gitea/application-gitea.yaml

@@ -8,16 +8,27 @@ spec:
     server: https://kubernetes.default.svc
     namespace: gitea
   project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
   sources:
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+#    path: services/Gitea/manifests
+#    targetRevision: HEAD
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gitea/manifests
+    targetRevision: master
   - repoURL: https://dl.gitea.com/charts/
     chart: gitea
-    targetRevision: 10.6.0
+    # targetRevision: 11.0.0
+    targetRevision: 12.1.1
     helm:
       valueFiles:
       - $values/services/Gitea/values.yaml
-  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
-    targetRevision: master
-    ref: values
-#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
 #    targetRevision: master
 #    ref: values
+  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: master
+    ref: values

services/Gitea/manifests/persistentvolume-csismb-gitea-data.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gitea-data
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gitea-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1000
+    - gid=1000
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gitea#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gitea/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gitea

services/Gitea/manifests/persistentvolumeclaim-csismb-gitea-data.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-syncthing-data
-  namespace: syncthing
+  name: csismb-gitea-data
+  namespace: gitea
 spec:
   accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: csismb-gitea-data
   resources:
     requests:
       storage: 5Gi

services/Gitea/manifests/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gitea
+spec:
+  encryptedData:
+    password: AgA2STKBdZL5heP7usLfB0fcgR8VzAljmt0VbBkRtF6Kw0rOMJ9o64CDDXgjm8ZGdjIbAkBGklf/EUs7YD+RtCM+vSyPP+UB8ZQe9EtgsnPvL2wIHe0zgMYzrxd6n1LYiKzgBnq1lbXUaMcBZM3V2C7REZqeIEEXAs3g408k64JBtGdqGhlxfNq/Mj4M1HNvGSK1extVnqw170oK76e1COcTiTj6fNPRgTq+s41zHwATdgBbqR89mnVxbuguQui/ymqsBLE5+pZX3pR6eABwdzyhJ+RRjINKY8QM+ku0im5oHhqlfZyOJlXh/dcXeGcx8QKm5KbDdto9pOfQz/D3P7oIAJF0mhD04DXRDdGoZQnYrnz24zy+xq8bldXZ6tnpoSdJd9VqWozNJJZFFQJb2IlGU/izp42H72vFNcVeMp22esc8NzUHsUtTyFr38Y4SnPdJ3Tblwd7/3O9SvI1DaFDBTKm7nNekGCycBm9pJvC06eq5SU5DggW6ChZmhSfgDRqIHGoP9Sp57QRIrd6/IJwUwSjQaueyVpEod0ClgTo8uhSkJmMvExQnnBYT96y/NkqTnK5z2nVZfRPw4+ZcM3oOB2xyi2eMU1YLivy5DAML0E7NZ0V37/LvxIH4ppV8iRq+BcVOjggyLDNpV9veYTza5p8zLdufNrrcDRIrNx3orWiIs8r0swjnjzncmpQfYvosW/YTb19wxgE9zUPZZ60d
+    username: AgCVJ8IrRrZ4R98Yjs/K9Zj5SWE9kpQWYB2DBGTMulhEKA+KuFjGJL/P1/3Nkq8HXzfGehTXhIovwPeNbZh39SPrPFAk68IMpJff9PYbQEh2OVPlihDE875Fr7YLZzpRU4uUG8ZlbSIGSFji6MaD2oGSKd0JVm4+ojuHan3DUlbpAAg/++hLofhAucpQZITdLEQ2qLuHZ4Efob94lHWImfp+NmarIUZLxSq/NBHbBFvPRm/vRPKRVmJslA6YQzVpChtMNQqGpHuDV6soQsfNHqLaifpwKxuGHljuMXkBmeZ0Sim8A5Vlf+rYwQLAnPW1K6tUiH8Umz3049vtRIHIy8EYcPm6pSXNFRjQhP2Gy8FKafV7jPBk/IOKnSvEO0N7jj4guomYPkiAvLAE/m9dPg5d06nZ4PQKkma2dPcifXMdaXPS4txYF/neWkEyujtOHAPWixxvGKB6SoGQEep81nbiK1MmQxk14NgsICHqB0H8+KowajZ8t3ao5ZtGQG3PWDSCvYaaZjZ48ATq0/8GsnAZABqlw5JKRZHfBjLEfFyFGZup3EG4W5Z5xDQD/YGUeuSwg+/7vLIQ94A4lwhDnfkWk2XUTJ94y3xVUEEyXMlxV75b+5uCMUNP+Cdbb5QTWXyg/ca3DTViv1rfvjhXeu9TPmu9GESvNLfSech0Rg+HNlIhYjtDUIpbJqdeja0aNXNuiJrJ9Dc=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gitea
+    type: Opaque

services/Gitea/values.yaml

@@ -1,10 +1,10 @@
-actions:
-  enabled: true
-  provisioning:
-    enabled: true
-    annotations:
-      argocd.argoproj.io/hook: PostSync
-      argocd.argoproj.io/hook-delete-policy: HookSucceeded
+#actions:
+#  enabled: true
+#  provisioning:
+#    enabled: true
+#    annotations:
+#      argocd.argoproj.io/hook: PostSync
+#      argocd.argoproj.io/hook-delete-policy: HookSucceeded
 gitea:
   admin:
     existingSecret: gitea-admin-secret
@@ -35,12 +35,16 @@ ingress:
         - path: /
           pathType: Prefix
 persistence:
-  storageClass: smb-csi
+  create: false
+  claimName: csismb-gitea-data
+  storageClass: csismb-gitea-data
 postgresql:
   enabled: false
 postgresql-ha:
   enabled: false
-redis-cluster:
+valkey:
+  enabled: false
+valkey-cluster:
   enabled: false
 strategy:
   type: Recreate

services/Gotify/application-gotify.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: gotify
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Gotify
+    targetRevision: HEAD

services/Gotify/deployment-gotify.yaml

@@ -23,8 +23,8 @@ spec:
             containerPort: 80
         volumeMounts:
         - mountPath: /app/data
-          name: flexvolsmb-gotify-data
+          name: csismb-gotify-data
       volumes:
-      - name: flexvolsmb-gotify-data
+      - name: csismb-gotify-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-gotify-data
+          claimName: csismb-gotify-data

services/Gotify/ingressroute-gotify.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: gotify
@@ -14,4 +14,4 @@ spec:
       port: 80
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Gotify/persistentvolume-csismb-gotify-data.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-gotify-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-gotify-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#gotify#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: gotify/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: gotify

services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-gotify-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/gotify/data

services/Gotify/persistentvolumeclaim-csismb-gotify-data.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-gotify-data
+  name: csismb-gotify-data
   namespace: gotify
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-gotify-data
+  storageClassName: csismb-gotify-data
   resources:
     requests:
       storage: 1Gi

services/Gotify/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: gotify
-spec:
-  encryptedData:
-    password: AgCbVh6VlH65jVBXiCQ0Ak3+XI1AyCaTykxDzi6F/4FFnXl5jRmJAGank50t5kt9GLpIqNPdx0ZKxlDgOVEiFjDf6J14jkYMrOP39oYcqDfg6ZHmLAvM1/LzjAnd0pR3C7rDc8TCOUGSjw+j1PjOoqkS0oYPsB7xTBkappF/e8JcmVO6DZwdZDyHMEAd/DgGE+BZNbPC1JPUv4D9l/lSAri7WIMhh9dhcvvvV+KJ/YuAksxLY4ruomtwDmYXNHh3X6BZMbOXwgxmzGU6wtOqxCWC2IcMEMPG5/AaH2A3oXLqMwIcVD+WOb2zHI7dCtDdRVTblh4gqylmm0iCLsFfhztj+1/EPGL4fpiqXgjPs0EjKY1bFndNiKw3d3zK58Id8aHnJWXcdrIuNm0sJlXIt8k6vSZTKcT5WiDeKBgqubCh90MZbixThRTGhZ99CuznvukbCGm0ukL+/s7y+8zN7hRwIQFnUrGFFha951t8SU8JTc56vKhJ+cf036ka3y2fz6zVMFfxp4K5S8RiQ3RS5jWdzmby5KGZvh70WGrbXrWWuEeVlCF1TU3nrzLW2g+eKCn5cRVU8oN2CvWPRIDJQsNNGf5rCc4Zhy7ikjwBWIFg13YjdXL5dXyCHRBwllyZqqlYAvpxxSKexClMip2cvLQ4gTP9saO77+gAYbBKz/x7/xW6ZWH1WqspYTi6K+5zBsgQ+rVuz04sfLp2iRObs+Zp
-    username: AgAoVIGIHXhuW3vITMT24TGVNBKhxHvVqCqNLJwShqA0xqWLfd7DE7YXOe6/RV7bcBIeQOYxNCPDmMhild4tAx9Rd4PLV1c6NQdOUYqiRbIuWS32R74g4njL+7eBkfi8aGZUXm0dLBy1jFNHEUd+XssWIbQDsbu8fbRD1ENgmocc0dAmfDTuiqvZ9hIAZFEOjmjw3PIEgJw1FXFTWOUIc287MEk5kJ+7oYzdA52qBt6nrfGapFCvy1cSmiKhhY1WYEEn6Rd0/XWlMd09YH8rDkt9gkvP3omfVMzJ4WUuFaDlfz4WnWdOSy+XGc39xOsC6zFC9FA0t3FGzyvyucmroabnUI51LGLRQ5LUgmAhTfSliZFZ+nXWa7sSs2N2CtCSJExG3mgZ7js2s53mHM8XkcCYJfsaNuGkVDCzJI/536/3mB7xe292h4DJmOu3JO4cRIivu8Uxva4j+KvByfhnHdhiZUERgJKtljc+32Yg1f6Z37GYbUBjnzmgm/+b5JMpAgEeu+KaTU9QK2WgwlY5pTLle/Q6oyrqB9EsodhosuQvi/mbq0ZwrxCkcrp+IZKJdauFyEuLhO4WEi7zdxFlAAA1bGfepkJC2kV540o7Yy6CfOM22E5XPBlGhCraGVjYvdUfyFxI9bR8HyUv7DjT/oaJmkm13KNsJNn+K72I7YjZDgiqCXsChzdVv7BkySw3glvwXMTCIrs=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: gotify
-    type: mount/smb

services/Gotify/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: gotify
+spec:
+  encryptedData:
+    password: AgBn2ViZ3H1mko/y2yOi0MvU1GKwx7F0+QB0QBDuCxg9MuF/EZGDZN6kRxBjuLk5vDBEpinKiBCKpWU/xPonW34m7Vr9tqCinjZOtnEupy6rvnouWg5J/Wee0Xztn5cPf++8adIvv6cOO2boEIbMyUNyaZ7B0tQZ3Z/sG+LOHGp3emew7mFa4r7m1UvjLzeCcCvFVe2qIfJdwjYZH5zJ8pZ9ARJLNR4T/TgBZz6hOeMn2PzkUs+3fX8B6dRn/cMerBLJumy5Rj3QpfIOpsWMraVZdz0qC9DvfijjphmKAeKPqM/Yz/rLIvESy+JpdWfZM214U/Dm80oJRioWytgTgYPEi+KOJy/N/dZlKch1ocMQg/QCYPAcaTJ+aY1hvqA8O9Te6BpPZrCIRtI9jmWXUhsBsZnTFGx7YVznk6lC3j2Ry3Z7IO31ZmhGfMoMwyK8m4zR9342eMdkBfBcDpxyU2YiZzkHnj9S+CxaYLSf8X9KL4yOeHvZWXXxYoM13eI+qiUY6QXf1ucCtRwtL0RyIiGMR+UB9Xi5tPmRqrH1IqRhAiCDJ5f7GCWsJ6xuqbNpB+hyhNZceCEzQ8JdT0WFb3GZxv6PAvtG7YhVDR5MQL9uXxGSzxxgGOupnYh4TXUzjD7plLmh1W0UafZ6tEASiPhAgfFbEzjdwEGMHD6UjT8J9rwGUpTMWdmmsIEsZLAnXGPCBGkDI/F7ctdTyTRivrmA
+    username: AgBPbShedVwwz+BUdMGGdXiOMEEYhGw56MlQSXQnR/PyCIn2L+lvyxXgzPoryovJiFcdc91Fs0R6z3bgTpPfx0MdQLgHp6DBwwzcfw0Y3ZLTDPlbLAYjpS+bozqDEuWJJp95xGVBgFW8zyploHUqfY8/+D4KVnoK9eNvTjpIzwWsmYV+vxzhuZAV302SjnSCwsb/S3NkQ8FneHocY76ynQegtcgiI5x0qBOUL3lbf3mtuGrh7EPQxJAL5+w07YKRKNj5bY7fuJTG7yiw55NFFYvUaihrQOpVia4OUDoPjyE/nMG/SlCIoiPlHiket/6TU/7jV9zDGwxclaj3iQdzpwIq3chw070KGvx7eO6U/VwlUAPElcpdJKVNh02aOsS1TM80EVHXIhMA7UXqOj1HS7e4RtZ7M2zKIhcIJjDBgJMQ6+EjQ4JbPD/dxogB6nFCthddastyHm4wl2faxPa3NBKSIEFljuZgayoHzeFHlt9SueLIB55pHq8Cplc4pshLkEgobpVl+9pt35EzTEA53JQhz9SCie2IuTHwRRFt8kfZOZtKhIAo2auli/YVvapyP9MO31+pivmWcHFFCbOzTBc1sCuznV9LDNYPHd169LJEbhaX4zqt8lfQyiQBEHwp8d2323rY3+byp7437fBCtEXgJOsOx5RVQ/G0SoD8pNMFE+wmXAeV9gV+G8HGeYWQyFTFA5rb6RU=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: gotify
+    type: Opaque

services/Guacamole/application-guacamole.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: guacamole
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: guacamole
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Guacamole
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Guacamole/deployment-Guacamole.yml

@@ -35,6 +35,10 @@ spec:
         ports:
           - name: ui
             containerPort: 8080
+        livenessProbe:
+          httpGet:
+            port: ui
+            path: /guacamole
       - name: guacd
         image: guacamole/guacd:1.5.5
         env:
@@ -43,6 +47,9 @@ spec:
         ports:
           - name: proxy
             containerPort: 4822
+        livenessProbe:
+          tcpSocket:
+            port: 4822
       - name: db
         image: postgres:16-alpine
         securityContext:
@@ -60,6 +67,9 @@ spec:
         ports:
           - name: db
             containerPort: 5432
+        livenessProbe:
+          exec:
+            command: ["pg_isready" ,"-U" ,"$POSTGRES_USER", "-d" ,"$POSTGRES_DATABASE"]
       volumes:
       - name: flexvolsmb-guacamole-db
         persistentVolumeClaim:

services/Guacamole/ingressRoute-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: guacamole
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: prepend-path-guacamole
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Guacamole/middleware-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: prepend-path-guacamole

services/Guacamole/persistentVolume-Guacamole.yml

@@ -14,7 +14,7 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/db
 ---
 apiVersion: v1
@@ -33,5 +33,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/home

services/HeadLamp/sealedsecret-headlamp-kubeconfig.yaml

@@ -1,15 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: headlamp-kubeconfig
-  namespace: headlamp
-spec:
-  encryptedData:
-    kubeconfig: AgBeAP7vtPNm+FBdLPRDkV/k7Uy3mR/eC3Repuvyw5uEKZdBGqzLwInaBcySSiLFUTRfc/csDFxHgviFh9jyGJPCBlEZpHBStz3BrTc33ehwTYTDPf7P1bvPZlWLomnFdEkh16Wn6In4YZnMcpMDxswY/LHQheHeEIAp2YnkZRvd9aJJbQbLYK1Dl90xRjHq0gqTl4QZX9BMzGZE3iUr08suTOY84b8V8Y+mrzy9DvbU7S7SusPpiX7HZ0Ty1IQEDHXPDAyIX6VnPqPCxx2p+/Dce1Io8Ql1CB5So/g/3+VcMlQEKUKt2bReFKslrv9veuvg5N4ZGlTlOu7uU/Q44AgbjB9jYvJrmHclt9dnYSIICP3x3MuNVsQ4CxOtIRG2KDJdzCnYFv16tBHc4zL3WABonmLzzuQoBFYqx/JxWfIr2U+nvbqKMm3yfFi4fvsp7Wcgu76Vak0ndBo+HwkzDWHxYNQOZO/LwEfQcoetHzlzpzzoS1Qw9JKjIlTt4Yc/7OOE6luKv18ZI/MXx4bfZ31HwkJ1P/4hnmsBwNVWLFtfGi1bmpc7Ahv0EnZuLjmxH2APnDKVvpZOMWxQ0M4zHAQLonh5/pyhEWpqJzdpfroOa+yACKr8PiBKXDlaFYD35NgHNt0LDyQTlDXRCxUnGed9pTVx4pTMDYRlzZoc5j/Q8QmhshJGePcoO0m2WXb+1O0p/k/gkU9mTz64swexDD/40gyl+YZwD4K2LOAIMHvEitv2J+3ou2QQMHcxNILJVGT1mor4bqw9W1stwzv68c05eJC0LP0f545f06AmlaFxfKLHSeds78Yxbg75lgTpknuBcnyMGtqAyhDA5h3acXhZdRFqpuxBswfmQ9S5BU8svtC79FOd86m/oOyKM5fqf1kKoG7eqgB0AYyEe9vAwZTPKuIE7dL6q9UZP0fUhu9a9g5vp7JPJStNdAqLeIDNFJpGiupb1W6pk4k1KQi6XUS8xfNVBQtFLvdty85fkDP2pnY89tznGGbimcblNsFFUx58wuu2gY9zIFk4N1gk2j5ZAym6PdeBToqQB9R/IyPwUP5o3IEn8afqZL9wTkZZjuwo5l1PsvPm5U6d2CQ9IFgnvc4v6NMWGOsri0TSnw23PAJJw6bhaU5ClK908HZDEUT2vQ86tFoNbU28451XKTgDa027PELRirlL+NpVYPwoRNDhTn+/kMMYNkYLlhUVIl2AGhoJYakvDClstmZuuMpDNeTwgqK5POlEltC9/enWvD77YdvnNZXQqkvDHcZcCRVur4cZNhtrvsdimfLj9I3DS6UdMvwxx9rCP4IoykwtTw2kMlvMwalESegtJQ2Vw6E6GqJDszUGNbLxFIwB27BTqOv4msxzJeVTNQgzdgcidg0pvipW88YYTScTD9G2Uec1Qe2FCKYLUlLVjEYCveQxx40RS2fOEwASKs0btFLb83TKBqw5GOImLHTDpLBnaetyHTI6Qa88+c0eRd2Z5Lqjr0ZVCMUtX5/0v4+zr5V5BRSRJNPpIM3gm8w/FcAV1QDRL4wlBtlKBuUyGnOI24nJbs9WlnE1HscrvzsWklOnhEtlzfWHlWLF7pgM3WmEy0lIFrQf+Ef7yubYOfg6w8eoD+NAEcM3dQUafe8Yo8V0j+GWzr9+utCxVDPzuOY1yGuA513x0+bc5yk39XSqLwetqkYxUyBmMWFuZYs8Llw+qIPRA34+m6ZzqPHD93rYpPOBRyo33djB7PV7QkxZz3DPYi1a/+Xu+ZNocFRtxw5YvNh/b4BW07A1mDzjqvH2QKjetGRjTj+8Kzb7GLKo7ZPz2oESJwAiV6ftDldt3a9R4zUh/RE05nKUgpOwanrkUyNUary3nAFXUjU7AtDKMRPU8I9y1UZiiYNod+Lvkj/ihYjgGDbhRHqSugrbKZ0jOALSx6YiZ7isKSSwFRJzZD821AB/3hWa1QlWuCpNkyc5bq/6IxeKOLFJnHhq706HwEChzpGc3swOa4clkS05OFgNvQjhnL5Rbny9oAEeXBvtLJtO0VBt5pN5zC3ZHs+w9cKLSsE4/OBTsDhaxJ2LDRmg2EGs4sPjNnJ2RABUnseELAR6tL2X5OkltzkvnJSEvansTkzi5WqWvkRf5orUATik9NR86e8k+O196ajv7GJvdueLQ9V/tMRbCEST7ry4OXssLQhZQEBU6OJsceGPd0ICtY4Bc9f2P2JFhov7ybLgMI/8aULYlyOseoGUn7ySidT9zosjEPo6ioBZYZomJSW9FPgSSZ6W+j/gCZLWxLW5mzywbl1vb4Q5dt9cDfxG3S+2TfVrUJWDOGc7cxYFdGaeHYLkGndUVLyNnlH7dQ/U3A/6iikX9TbhV+cY6qq16in5jZNDyprm13k85L+5ScyD4U3y1kniHFPKQDJt56pOaLz5cfQseeCV9qau4zbjZT1QGLWSYs58tp7ViABMqufbyv4civOm4pRRPu5RVjdY/rY7iM8ZypXnnPcSDrPZH7UcnniRPqGS7G83WyAquiyVJVahueUScmtxMQy62vkDUoisj1aOxC97WTUcBiJQKqWoTRT7HFcVl9XxZc8O8WtIIcS7/KzIaGzM25s3+vM7fRiguv0cEMV0ikE18/Zt+UT9J86AoGhnlcD8R92d3wuisM5pkNd6fv9jwQnNaULRwjhQCbRo4JGc2CxluWoKhkwpfyCxBzm8bNq2e1XhWl9WfiWsmKZyWCH3JIE7G2MnO8C6gqRJfd4idXLe9vv9F/duzm2uy6xvivP61NR7dCyn988lwtFrdOKx2dvX3PlOV852/XO1hv32W2FIh6Z32sIN8JjDqJvy/9Wu5JHng2Le79P2Zcf6db5I2hQejOtZkx1914bHO6Aro9Csj6s2VJ1YuhI4GalZYTjo5l9r6Da5J7uDpWl9uKBToFW/e3x6nMFpzARsEQc3jYixtX6gPSh4Q8VueUJAaZmpW3i8DdkkvBOHtzVAHzN+8xXTYMK8RTo6qGDiUkA6XE4apY8POp3F35mbiCKdHGZakVnHYJAyK4LUl+2oRW9JzcJNzWkggNi+DLwEjzdg1dpKGMtDSVaXl4IfPgU4QAhja7FVNyKfdXsXGV3uqxuWfju07hol5I2DFHgFHRQEPIlnlyWabYAMBUca6VVZDEDhR8aeVSLbeFw2ERXhlq2QMOpgOrPPDsT0x9YP3X6YuBzgl+dvgbO8GGLJhLEBPq9BKshTP1sKaykS4cxlO+uC59+pO/fhXe6+SKMYbAlvGMBILLv/l82gQ4P6YwAsPEEnh+pEEJ09sRwDyl8/evcORvqdYYKO/ROCtdCBxp8u9TzdhY4uUUdKbscWhnTjwSUD4sEC8H+BKpJstWwSdeYGCdCNF79F/2VgPzq+L39INqS5TUSo6d4ZH8oPxX3kfU/HUYAtPp7ign0hIvVXkqaqYJRHeEEEk+SqUHaYY5wZLBwbAcxk+AvsrDThCEYlFVQhONJ1Miodhi3bHeSK6lehlLsMgxj+j3MaM9iohhxk45GuwsqRzu+EfyaemiEEFVxI2q5IEnfjR1xfc5Lg4SmYQQpeuUaxZ463xBxNhiBKlNA2JFQwTbaCa2HLsp060ysVZGiOq6yKFBrVRMAuRNxp1/A/Ies5nvGhD7lCA0mSDpy8j+TTCFUn2T0U1ChkYn/y+X1t4pPPtKIcy2aGkFdY/reOSBU0yfaM0iFrj0D1Rf1JDIBtCnYM12uOi2h+7GAJQLWbAbnTz6aHCF9vGlXB6krC0BF8fp/Snn1BQqKjChjqW3IXBazMK8zT5ouds+mxxIidN8smDoOqytT941TgGV9RGPQuCNePTX86fhh981PS2gKUBSGBPfaKMFpVSGDxypAdQi/irsjEbQn0ugKWvzxNVopS/ImcXGYVu5w3PZocs/mpv2k2h/vka2N/SF39E9DS6fMTX0SwATBuAdwsQpWeQd2Hd1eZeVSDNUn5Jqud4jmJH/Mp21sfEEzoGgmZl5+T1JaK4EsG+yldVIPpEcsde/ecc6xPvluVfxd5cKWKg1vTxuTRVzX8I3f6dTq0c+/VRnQn+QEhEpLXutR+4XT/wh1obdBHJ0/h+9Fo2QlUz6Hni6iI3DrAqJjCsz8xBfZXCF2LSekQTO/ZiIrHe4CAnGOueWV8Vg2ASiqhEUs0g7UP/aInxkvmY4byfwSgF3OhBzt69xIzyY1NjQxPRo3Gn+Ma5NiZEawjdtCNLw9oHTHIFil9d2K9CiZ/pBMfZslJ+86xLDIOKikMRb84ANwcOSbgEu+Bpgf2MfMS2Fqt8K37uhFJQ0eTQeCLY6u6J6AKhX+9oKg7uMsnDudZsd5mKe7+JcaXyuz77NiJDtWcA1VHfb3h33vlZiUCb9cO7+8Bmtgm4eXbsafaINWFgUVEXpy9gqpopBUOO32mG07trMG8SwNZItCtqSD8J6tp4zNHZHo8IDq4dqGBlSHafnlCA3MLZrXtfOW18zwEnmC+uncQhByIOW260sLkSL1AsA/vz9083P1LVyZVt1v/SWHKDkWHOir9cAVsGBpYu+u4EUmg+DAdv+gnb25yf2f4a+OaDHWV42N/oqn4tmNhF3SlrocKawLd1qnMSCUCXgbTC1A7A/2ifZUTUF3Cxg2RCOULmp5fScNjfPoTqHsf0Y9IMltn9gDOAlofXY8=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: headlamp-kubeconfig
-      namespace: headlamp
-    type: Opaque

services/HeadLamp/sealedsecret-oidc.yaml

@@ -1,18 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: oidc
-  namespace: headlamp
-spec:
-  encryptedData:
-    OIDC_CLIENT_ID: AgBXJgPrEI44ACJJ3S0+/Atic7ckP0tfVAfPtl5iNcgj+6PL8h1Xh/hzjZbYEiebG1FzSH50K977ijMdEHDFmagYSR5Ju1VpAHJyjtRZbysm8IbFV2g/8aBV88HwdXD8fZhY+PmXKNkSNFGqb6+E31NgetEjsZNjMgS0cM/YfCXwrVPMaR8QawjszyfOLUh4Z+D0QqH2Mb6d6vBaBgNgikUUgixFn+f1S4A66qUxGGzZKVIIa+f6Eo3gQDuo+4bi6/criaMoB8foSkXgWqRIiiVGzp7NcXT1mmWTwjosVexhKGSBiNDJFiWMgtc3Sti7Jp44fvYGdDHddiBsIBFB1uv19rGYLhq/4qpGQiT06Dq28n0+ehBfxsZZQ2nLDRjXciTgG354enMJO58ol6Dqk6zKjTWx6YwHAIdh0kuQ9atT4TsdAL8BR4qkdYuIRUmlhCUj9Ywh76GIdbnPWQfWHap4bjP7KVxFRw0Ke467TFoU4iO9TmVhF0LvS4g45fTXKV/j1R8yU7cA+TFEDGvQLixOdeJrICmn+WRJTHuCtvI5E1W5yJAstSEdkZTt7PSUAq76o6uUT18OJYZdGzaG3j118xVcFAM/GsEgQ0M4CyExTraJcl2NegrhcjXokJHyz7Nm8Fm9+x/++jDMYq0rWaPYRaPcYKYDsvF0t9vzY3JyigtoiPIR9KIjNSiLWQKKGyGgLOwCI2gTXA==
-    OIDC_CLIENT_SECRET: AgBrX+mUYkAAyyP1T4iLYDZkx0aIyWUSf5781/ZYQsh0gOtoTuZZ/l6q61wDxxYY5xJqtzYTSa0QOmIORyhusODDokVkCGlx06GyTP6As46m6GqmwGp57vanF6YiSL9he97E8Sarr+v4EOrhGtUejLH2TCFJsXV3CzQvQiAWXxHMZxRIOBkzpbqFJ9dez2n22N49j6qd5sTNskv13HNJruKEsYJM/m/vWuVVe1Rf3cIFdChUNt0Wv9Xir1waXe4QTAYKkzYrPjeDB+xIe8xGms7tqEQxKVP/SmYaQG3rPSIAu55zLdLMcbIFSVBensVr1Fcx9Jb00OB5JPZuKEftQMRR3NTIBcJNAIvlxFbv6uM7xbXOOrRZ3YG68I4/e8mxRx6o56z/IeNd83FH8aiEIfMdKhZAAmKlrMnv0F2wSQk4JxAL31uzcNtZR9HhfDpZRxzFNe6P8Msjv4kEri9jOE6qAwyXsigT5D9dI/7Kzni3NfGf411z4hkqedE9EF2RTRS4LtUFCPHqJ+HcuLYDeU91a2XhAjWUYXML0okjFu/W1ZR3xvyngZJLbdRuturCyLvql9cfQwwvabYc6miV7LBAgIJASqNx4GpN2aFH5s9sAor3Jh7Gva3DVZxklhORl0Ajt+5/Kk2LmofvmiTWL9Jx1gEgV4ND/VXg73uDX2boqwZ1dpf4pJhVitkoh1AOGoRtzznfPF3JAfzCPvp1tmJNBx77MAOs1taBfbR6OGk58w==
-    OIDC_ISSUER_URL: AgAuwDryEOuf4o/Pj88FaRyCeX1MW3sJK7V9U0Tpm6K1k1y88n6jurzwU0oXP/l+6Wt5e/Us8vjc8FpKiUa5RHo+EeZUsXDFBdmLoiJ9PdUiemj7CTJbs/Vd6a0f5yTTa7+dBbB3/h17f8QhFyMoVxZkU9VsDea3rvouf8dK9vbv7JcvSCnMdqeo5ShN+ZJz9S2JN1ATB3Rlp9FPjwwg9lPHjXN/OBVO16KE1Mws0ecxICfgOUwueis2qqWA3qJRUjjUMFV4Gg3y2JaLVcNWh3HvxZgKDd1YpoDklx3e3V/Ja+XODM9mPKrYypRKLrR8zF2bYJvPGaH0+oavQzFBsYKso0cQ1xbnnQX4xtJRKaw99IxWh4gjT0e7cJWIxcpF1W6inW88igRzHluJVWnpmrtmLKrFtFtJ8ALs1XX762OoPFN+SnylGjScHYUEL9P40zpAYrH0r2/b7K2P2LbAtvMBDU8EJwQkzbkUBuO470I9b2KEgY+gIL+hKbDtPZuxC4nQMx7eHMMWZVvxjzPmpIX7knBPLrDZG9bWZzJBNyA9We4pwJDh6qxHR/15OpcCQRoPM2ZPSOgaDTFZ08ISvNLdQGy1gCDAEXq3Cu9rK4Lo8Ixmor+cYQJM5yplrSHX8S70FmSwGvTSizabJM4suX8s0Q/gfS6IkQpCxOy0EHpTysCYrIGnHKJXuiFo5PZKz4fJ+AryNfPQeQgT+iUTSA9aDKE9RY2QRAcYRLFF
-    OIDC_SCOPES: AgCKdxns6u+wOUE1uwbSc9JzvYZBc2H+Rljeu83xVMuNN2XaaFlkc6GxKnOs9S+ikm7TFRo0DtPMdHOCEQjgOHrAUzsR+quC6KJ9LeCVEiEjsZec8hYAZLoeL/k8dZu+9W2K/cmsinqi8wspIb0mj/zZ+3AsYhoxYOkTFUtFvYC6cgkqwDfNZK7xzJBmUor5DVDVer3VoHdvqCph9RvFT4tHbNSm0B90rz1OBU62aFI3IGcTgMpEwpqu9KQ3M6Ie2zIZyIeBeWuJTcFzvLl4KWxK7XtEGQfuIKbJqHKArtA90W2vvwuJlDoa4lB1uASUHqe9cIfWxzSPApjwZ5a1PoSmJDpbzblt8W7akrz9WJzXXDnKG3R2OZGM/eDkwCa8LWa8xGSpe7JVHfcZS3bWE4noDXneBb0wAdHgs2vGy5b6L8IeKcI79sohWcz53pJBlIZ/uaK8T2QXeG/Woe0SO7Q+2C7Rnc62Cq5H/I+Rij5s61qbfb4r1vU8mtXtimoku5PYGUPJC+3DwHAOda/BssTqT/C68o4Rsj0RmdMiEy4kvPknTAJck+RwsJkNE/47mn+RYLpbK5mp2+wqMeNDD/STxmgf9yLOcvLkKQTEgaW0TnpbAEed1tC8dUHtTtIimKJ51Z53f/+FcxIFYYvweDXLOe3/n+cRCmVO0LU44//flA9d/iQ4dzMj40awEIqBJhhGOtoU1n6RNZITJb127Pqx68LXLg==
-  template:
-    metadata:
-      creationTimestamp: null
-      name: oidc
-      namespace: headlamp
-    type: Opaque

services/HeadLamp/values.yml

@@ -1,35 +0,0 @@
-config:
-#  baseURL: dashboard.spamasaurus.com
-  extraArgs:
-  - -enable-dynamic-clusters
-  - -kubeconfig=/home/headlamp/kubeconfig
-  oidc:
-    secret:
-      create: false
-    externalSecret:
-      enabled: true
-      name: oidc
-
-volumeMounts:
-  - mountPath: /home/headlamp
-    name: headlamp-kubeconfig
-
-volumes:
-  - name: headlamp-kubeconfig
-    secret:
-      secretName: headlamp-kubeconfig
-
-#persistentVolumeClaim:
-#  enabled: true
-#  size: 1Gi
-#  storageClass: smb-csi
-
-ingress:
-  enabled: true
-  annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file
-  hosts:
-    - host: dashboard.spamasaurus.com
-      paths:
-        - path: /
-          type: Prefix

services/LdapWrapper/application-ldapwrapper.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ldapwrapper
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ldapwrapper
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/LdapWrapper
+    targetRevision: HEAD

services/LdapWrapper/deployment-ldapwrapper.yaml

@@ -31,8 +31,8 @@ spec:
           name: ldap
         volumeMounts:
         - mountPath: /app/.cache
-          name: longhorn-ldapwrapper-cache
+          name: csismb-ldapwrapper-cache
       volumes:
-      - name: longhorn-ldapwrapper-cache
+      - name: csismb-ldapwrapper-cache
         persistentVolumeClaim:
-          claimName: longhorn-ldapwrapper-cache
+          claimName: csismb-ldapwrapper-cache

services/LdapWrapper/persistentvolume-csismb-ldapwrapper-cache.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-ldapwrapper-cache
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-ldapwrapper-cache
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#ldapwrapper#cache
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: ldapwrapper/cache
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: ldapwrapper

services/LdapWrapper/persistentvolumeclaim-csismb-ldapwrapper-cache.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-ldapwrapper-cache
+  name: csismb-ldapwrapper-cache
   namespace: ldapwrapper
 spec:
   accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: csismb-ldapwrapper-cache
   resources:
     requests:
       storage: 1Gi

services/LdapWrapper/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,17 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: ldapwrapper
-spec:
-  encryptedData:
-    password: AgAd6z2kg+6+B2dgmywZ3iJ/jqM36I4utd7CUE3w5QSJ19DrbkruppftsYczGycOT9TQju9dM1knWAxA/3Axu9WvX9RjcfdJgWJFtP07PuEKcuhh23QhE7hD+SruixrLWTKeDGa+w4XmDvmjXlUA5rVUwyvx8zIWWn2SC2sbK43Gm0lCgGaFzCINNK3Z3OfKeOiehIKtWdIAfaNgeLMK2HWkwNhQ3DVtgtLqz1O/Y/rJRNase9o3yObVGN1HhzxwdC7fp/B2HLYujCQy9b0JuZhWLXczJJEw/oX8kPvtxLAKUi4TaOp1TefE92X28lBCAqXGYfA0dEWeF9qRmyPH/yOdBN3MFI82G8Ac5rRcmG/RkwEY9aUDlSYiyU+fiiSzKAzhufZSk/disH71sO2l4DohqWa1IvFKmh4qa1caQ/GuthU3eP0pPmru9sqFdUagECd6Uh+18pv5FVFSWyaXQjXAXG/rBvygcEjA1pniIIvmAZGQwgpRZcuFVjQkx6bHbU2112ExfgbCTYKbDD1ocJ6ukQuObeSBv1Q5h9ARiRRjWJSNzQKWrtOBk5wzErZnHrY7u7/R0Bdg1zvT6luTW4goJGFvXkSQT8JUcp14cBfLu6PmaFYON3+Uw9vT99Tal7bco3aqgLEB03VVN0uXpT8vua9vbU9W302nwKTl+f4v7S5ZMqA3PmrKSnIaLmn1cwOaFUuax/KyGFLuB4o5WkAV
-    username: AgAet+Fs6g0L/TC46Rz7L8vh0LuYWug+nz4McOQXlEDn/F+1PdwYDXLwd/9j+G2xBTybQde6ENPNS1Gpav7AoqY8CFIpb0sCkCeQD/gPzZmSWotUl+d8KJkfgqvKATbFVgH/CVHCgsWn8nU9A7q6vpoLioX1Pg/4p4s39Dja7fwHij0l1//cSumfnu2dIkBaIr0uOVTAZoMZhwYjnYnVXSlA9INDtaw/B0jkr80F2/d/VY9lheQKV6EpypCvevKp+ZJHp/XliFXlas8o4KVA4pQcDr9iQVQAt5ywrdJcTDVVFOSZkFuZDHSorEWzPQYgnqqrAqYVmQQUyAme3fwLZ/u5dDpPSY7YDrO80fzwnr2KF5XU3V2JMnR4Gka7hc08Psq5ayveqQpH1CbHg8peS/d27Ks21N4AXPIDsH11ejpJdvIUifYX0WoytUnukyT4ChOqfGOOEw2e/oF3LzIC4jco2df3uipuYXxEFgj9j8zpfyGkCbqmLIqh1imVNLmAIzhZX9rnf9jaU+wi8DpANPzrcWMtrpLuWKoCSNRMW2yViMfoVpLzPQcHyn36U4GmYToq1NHRl4tkcPMsPARErmtdTTqrSHyViyoPKY7/1MW8/fA5pJuMeXAic9MZiM1r7LbsNpJwGfaXDBhurXEgMna23C8fVjbTUL16y2R1FQEjQ+/qaFNhwcyPxDoPL/ir7EVJXo3ezF0=
-  template:
-    data: null
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: ldapwrapper
-    type: mount/smb

services/LdapWrapper/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: ldapwrapper
+spec:
+  encryptedData:
+    password: AgBc2k0pHG/YT8gHBugDzpAreGsVlDLQJeQnGEn6lzk97Gv1F2RSBy5pASx6WgMX1P/OU4+MPD1QkAIHRQowUTXH2/YDsEKUO/8n93kXnWRr3LOc0hjKGeHCUWdyzre8fU07g4+6dcKopNRGY53nCBNTSQG0DOQOiyCzkEgGDQYLFLk6cnN0B2n2sYRgkNJQCRXUbjKIWaNc8xbmzMrWb+qCBarP75J0c42249K0cpVS/u8txpmWOOtPfngIRh6wV+r5/3W7CwXuNBSUHa+Sm18j/guvIIloN2m5nHY/jXFopekIr02lHv4ANO24EZ1N4V4Uo9TvVV/agNGAU9nK0a0ebZ8W4wjvhiKwMiBOHWp55E3+oA8mP4C9ZC1hkhgbyBi9rK/9ZhVvoB+Q1rl+FD8bdbMcuTYDU9lt799MOThpbR1ti9gj3hO4Yz/GACN7rCJhpb+MIQywrdpRlO2eME1ssVKSmedEAVp/efLfNgfNhlLDl0rZ/I4vwwiQ5JBNsrNwKIoIhneC98ouRJdrZUWFWU0p95dbActr3qmAZQNJbfJ+UktPWSWxd+HW7LqvmYB1A0BT628GLBM5SvXWx0+ye7MLS/t8hJM/cqtOtdwdzoTZZfZv2dCnDQ0WtsZfXAdnigitA7UES3TzapIgdim3d6ujvnOY0OfJcKKSsKh7GQw451dKWUzTWafkciWoaWRBZnTmEgt6zz0Be0hQCfJm
+    username: AgAMIlu1M5O+fL3DJvdgSHkLpp8QDYXada4cFGTOGREY/1VonKhnmCDvgchsDzZY4DFiXn/nRxljlc8PalZsDmZ+6CZCmnJpMVSehrDw0gUigLgf0fFccJ8Sqk/kb3RTfZUYu906xUVHCQg7XeVaNyOaVZVfxB/SpPV33Y41nt4rjlwwIs+haQA1HoJLekANsR8YTDJABa/PFj/+oX2WS3OHXJvRtCeSSmPR3WJWJXQYQQewakMNqOuGTRjXSvHw95XJPnyYJiwHL8b+fdZRKxPpJwhRvKNmj+reosJkKeaq/M6cERLixJo8RpFATNAnv8BcKMbslMRQB+cn5HlfX5afMS8E1k/nPHa/3uSjNCuFoc1w4t9FjNMjfQrvDMxTIaJ78py0eZHznBO9uGdr1gDwZHzgcLJSFKL2aH8AdGTivRk7qKegCcWvFxtujGUWyXNnCV/6S1n9V4gvk62tnxNMbC5alCo8cAehJfJMyQrozyWH3mtnn7a61brPh+LVMeSne6dl6RRctQY7ZG0ypH7r1UxQczvkwuafVFvY+EfuKRM95SV41wo8Nyunb1MpXte77QLFpBnDxs/td14/i8QDJMjHIw0dItmtEbvPOaLMiyIk6kIGYRksyVwAQOHdEJISUJPnF8wcCeC3gpbXukSpgmQFQeyGsMgiRPlKYGFRq1nk8gIDMtUn5k1cZsMPX9G43vBGU4M=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: ldapwrapper
+    type: Opaque

services/Lighttpd/application-lighttpd.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lighttpd
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: lighttpd
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Lighttpd
+    targetRevision: HEAD

services/Lighttpd/deployment-lighttpd.yaml

@@ -30,9 +30,7 @@ spec:
           subPath: .htpasswd
         - name: configmap-lighttpd-vhosts
           mountPath: /etc/lighttpd/vhosts.d
-        - name: flexvolsmb-lighttpd-data
-          mountPath: /data/scripts
-        - name: flexvolsmb-lighttpd-websites
+        - name: csismb-lighttpd-websites
           mountPath: /var/www/
       volumes:
       - name: configmap-lighttpd-conf
@@ -41,9 +39,6 @@ spec:
       - name: configmap-lighttpd-vhosts
         configMap:
           name: configmap-lighttpd-vhosts
-      - name: flexvolsmb-lighttpd-data
+      - name: csismb-lighttpd-websites
         persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-data
-      - name: flexvolsmb-lighttpd-websites
-        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-websites
+          claimName: csismb-lighttpd-websites

services/Lighttpd/ingressroute-lighttpd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: lighttpd
@@ -14,4 +14,4 @@ spec:
       port: 8080
     middlewares:
     - name: security-headers@file
-    - name: compression@file
+    # - name: compression@file

services/Lighttpd/persistentvolume-csismb-lighttpd-websites.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-lighttpd-websites
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-lighttpd-websites
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#lighttpd#websites
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: lighttpd/websites
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: lighttpd

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/data

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-websites
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/websites

services/Lighttpd/persistentvolumeclaim-csismb-lighttpd-websites.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-lighttpd-data
+  name: csismb-lighttpd-websites
   namespace: lighttpd
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
+  storageClassName: csismb-lighttpd-websites
   resources:
     requests:
       storage: 1Gi

services/Lighttpd/persistentvolumeclaim-flexvolsmb-lighttpd-websites.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-lighttpd-websites
-  namespace: lighttpd
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-websites
-  resources:
-    requests:
-      storage: 1Gi

services/Lighttpd/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: lighttpd
-spec:
-  encryptedData:
-    password: AgAc9UFx4rs5SmuntY7dUxf80geDlDc/zn9SaGWu4Z5n9aWJZZWlrAAq081fTeb4jjiR3bjdlKqgwLkKiIgkYlp1nBgfLsLo5rE49c8eo+s0x+0L2gVj9ArqHWD5hw76evnD73AU3zuQGNoHg7x7iUmyCtBk9kLDQTXWsLkSnb0HLB7knOqQjK8C1uC4eTdjQRLmhevQAl/oxiDZ8lf/xkj7GH3o0Gp6DKiGetnKYsaJJGPeImdAQzHMlH7F0ypQGMeyWU9zh4ro8a8G+Sxorjz45ws/ORpN6jWifnDX0xshVjsVM/hD98xui7thsf++B8JxZK0i+sls0zpgtJvKyzJJytOXknPNMyqG+S5QN94iFfoCnP1ZgBGdEJVI7c+RXFekenXSNgrCqjCEHy+L09AjTXOwrtPfQovhw7ai7lAsE6f4N5uU8XbYdbqh6jG442ZowWyl0vpVa1Ea93Fy205vxoncasAiO0UT0UcMxekZ5jzeJU8crxieCtck7Z65GsHWuoWLSH2PX43k1JSKMG5zbZNvOszjR58fXHdj/HjXug9K5hHJekNk0A4+iAY/SwdzxaTCKbQgly4HTHX2JqBHMXRDYGm15qns/R5O48XcEs7aEWWVDvYyeiDrSM0il/29kMNb+vwzaPOdSwfb5GShZcirRWQgAdPdEM36Z6O1h+EoeazO6/Hj+JYf+DcX8/5DuC1nTkhQj9NFmoLzrHtc
-    username: AgDW9pYxGa/I0NBjXWcqcHZY2ZSY9IUd/sOyg40e6T5wPSioUgWqn3tf3EzNqUVJsSJndKWZnagXZGMafkYS3WYOsrIiSR4jyAtHc7t7D9TGw8dEzXeP8UF+ICCpd3YzD7856+Xov9pmXziHS1gT5hqywdFEruoiR9gtbrdEqG0PHFt96Bcve5JillbFWh2VsRBe4gMKoRfjGHd69voGsqkn3H4VwHITRWixNploRXOyq1+hO49Ka+Rs4TbQvXWTVAyqYZEWWKC9W0S8CN3mhzBDg+JNHSzsd1BqQNQ+lJ9S12gaTphWH5v+IUSlCWsIGDjwC5oKTzy5IYcw5V/DcfMl8/vYexb2dB4nQo0vJb1Ip+HPrBSl3HvV/Vz7Tq2fXN0h7QvyUjeEsTQaMrYe47AuMBCiNcmUY5z1KwNMfNjXSYbJEqLZ25ABj2xNq2GefZhWcBOl3zkQExgGfrmfh8eSzThMkfY8NpWho9DfitD44a9B9J2hGn5H/eUKbEJXLYs8JKXXBfSYZQJS7ac/ub/iPDfefSPPXeJFPBZIwnSP/khp9D/6/4tVQyT1XijJBrD2FkcX6nE5fcrnVmJtGEv6YBkOSyszJqtTBjXbHQuNnyCc2R//ybPev+CIyGvD2uZwN5b/8nKbABweLPRKpRJlM2v4e1N/Y70hxSOIN5iFd7FSG/8QV0U8Jm6ZI7xkoHAAitu8A2U=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: lighttpd
-    type: mount/smb

services/Lighttpd/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: lighttpd
+spec:
+  encryptedData:
+    password: AgCVf7upjlA1IEYq6QwaF3UTbqgd+Hw7910Zy1GKI99ii+StJmv/8U5AdN17ceEQVfkGpTgdgZ+crL72HKjkAWaEXKJDatHvvE2nbE1WjDcLke87Fff4aZAXrQQFi3Vxj6lcGlUlWnDME+Rer7XlGLZGuP5N4z9C+uXurWaEHa8NO/zC92H/UGuNbIZUeQaMIYe9yVuAQ7/S8GSjdWORepbK3k35b4nH9uuDqIt03eoPz9H1ngYH/vqT9L094srGeNTuuAgHpPua+8+QR62ZjBPxIU71bWu3FKZjqzKYuv5pPCm41No0kWU/+odsEDzzdOr2WKnEIxpbedli4FzoSXcTkCIEgUtOjqsxHuulP8hroy3C8h2Pi30OtxMGAocF06y51A1SXcawmP5toqHYqq0r1hj0VIqJBisOxrDJiad577au6lB7BIJ9go8pU+Sk7XLpNenUhOZ0nyjVv6ziZLZYAcETPVPZIypP8EoNNfFUUy3OCx/cX8Bcxg0U5owOMsnf/U0Bh5Bn2oR0Hnf7ry/EFIlYzYVxNGOYZlOIc2RJSW4SO06ly4cJfyG/nkmvtvvY54caivygh+nCKiX/nEoNnNH/HoGBU+OsGmnAc/4QEC/S1mHKYedSuTmz3SllkM4VOgBi0W/sZPLquO4JNMtxyUu93lRLjsDVTBEAeaAjI3axb19z+HGuiBzH/ydg81YMd3fv24xgi+FX8OiZoZaJ
+    username: AgBQKX7gfhaqhYGrOTZVKVEv3BcQlYHQ9hPUW38iaKCPQL5DBbye3oMkXgt6EE4rJAXF2XkZyPp/mbJY8hkqSoLxyCTakf3FJjLfcPx3q3VbS8k1kgkCeolm9iJHMhrGKhwXhi6di0ETY4olESDLeCkO91pQCTfKaoN8M7dYFW6AOuWkPy90fo6ehgo4V0ylTazTOnPdQi0+topJRPrpGvDlkE09Gc4CYivEb6G1nFSZq/fVCG8QqmUbo/y6jjURzy3DeYR7abmasWYwig/GoOAY7WkPJYCw9uCBJrgkcKlbjuUTCjFXb4fIF6Q6PLjHWo2sRTjwGgBSt3LwNNzFTC2uoX7sO1LhJPognkXS/WRAXg4TWmZ+8hOIE+LM7sHrEramanrxMzTMx7HHRFT+pD++/BrYBGr0J1Po/IDb0cyaREkDukGGKFH9cABxVUTHKw583YNSMEY1FcDuslcohafVVN12uCykKo7ls/xOGjxwNnBtei64vbG77WcsCuRbPIMpLbneB8TShQAGJjDNuX6qRaT88hRN+kTwdy1wdGT5y6x/KcfY9BGl65dnR74TlonuIvWRaPnqwScHTJnMrBZubaKEoNnb8WL7Pd+f4M/W/s8DgAqpmSuILisg7wQZJ91CoZVAWvCX9cNHQ8eDmtVIaMZeZlkNCwIdJiJLC9iAB54ANDVeMjkLJ/4p44fOGWATbxoZgek=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: lighttpd
+    type: Opaque

services/Memos/application-memos.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memos
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: memos
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/Memos
+    targetRevision: HEAD

services/Memos/deployment-memos.yaml

@@ -17,7 +17,8 @@ spec:
     spec:
       containers:
       - name: app
-        image: neosmemo/memos:stable
+        image: neosmemo/memos:0.24
+        imagePullPolicy: Always
         env:
           - name: MEMOS_PORT
             value: '5230'
@@ -26,8 +27,8 @@ spec:
             containerPort: 5230
         volumeMounts:
         - mountPath: /var/opt/memos
-          name: flexvolsmb-memos-data
+          name: csismb-memos-data
       volumes:
-      - name: flexvolsmb-memos-data
+      - name: csismb-memos-data
         persistentVolumeClaim:
-          claimName: flexvolsmb-memos-data
+          claimName: csismb-memos-data

services/Memos/ingressroute-memos.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: memos
@@ -14,4 +14,4 @@ spec:
       port: 5230
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Memos/persistentvolume-csismb-memos-data.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-memos-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-memos-data
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=1001
+    - gid=1001
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#memos#data
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: memos/data
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: memos

services/Memos/persistentvolume-flexvolsmb-memos-data.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-memos-data
-  namespace: memos
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/memos/data

services/Memos/persistentvolumeclaim-csismb-memos-data.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-memos-data
+  name: csismb-memos-data
   namespace: memos
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-memos-data
+  storageClassName: csismb-memos-data
   resources:
     requests:
       storage: 1Gi

services/Memos/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: memos
-spec:
-  encryptedData:
-    password: AgBeEaCDaKwgafALNYq/ykvhoYtC9N+1D+DN37HrwpGEEbw8cXKBdmO7cV3hRL/uT9FvvCh3g0fq7a0xozjZiFDxzUM5V+pY37ENvoDBepbdAktwCXFhXmarSHVuLH0q8j8eS3OFYUR2Xdh6eivhpeYEqs0kC8G9VaplHWFGLJQBDKDKg3pfhlPu9E9FX7uspYHKazMfS6L0x9bxJl/hktl33Mh+kEprMcppYocdI3SNoR3OGvbwiZIpLG/ihavviybmzsRofUT8/s27ACX6URym7KCy/+Sq0hx4e5qCN30rYl2HkdKZmY91YPunnT+UmHuH30Vj52uFNV/ySd3P+G9hRE2BVNFvaZ5Mu4BA5Ei+F2l8xJar9NJ0mi2VYbIjWarQmvcaywfHR1TsQ5lmhSxHuJhx4tllTKcDHBl1wTWkRRWIjWWvRdjcCwNpAKGiKvbExxI715JgmFn/4wOvlX7UkRBUr3QAhVzNHVbd8mexlotqTIaPVXEjJ79Oc61yAU5Q1ZFLzpeDbI/Rz1egjBXsAW0V4ojA6TDKiyBEs9g3WoTjI3Ziwn31Rmg1r0/Vc2uJERcMU0i+Chh49duyurL3K6AKBfm7NHh6bwABUnYtb2BQj+CBK8Bkm3XWfLo8ul4hZarYwg2nE/tY2ZVIS1Jc7XpiZAhpBqF4Drz46lKY5Pi45atMmZt6rGAdx3LbZdk87DMqMnEdzX+PXLWSBQQJ
-    username: AgAJdgjk+DU8EhLKSHE/H3i4D/lwrzzmi5SqCc5XT6aMFnZ7hAtdubd6qH2QfpvS0EpjHn0C4WeT6JdUAvB4w5Ee3MPRmxrUlt4zfOjXtv7mrnrOaEunlczKxOJDZp+J8NsBb3fgzCfoZilAi9uewffDJ6YXxSwNTgBpx1JGB7c7QDxvYh3L0whqQN87hrw9ZObFVSTUztTQQH7QgDIBRUTH+1YkMHftkzKLdvwRdcKrQ3NYIqbcQFsFlelTVWQYfQ8WteR7k1H4QABe3oeCnm7OD3dwQbbuksd+sA5i4lsYHIPVQW46hcxhRk46ONTyB5HeSfSITE//p2XU3PLYoKWjvUC71vJkFtT4eFE50hoSdGZW7CsNJnnFGMXobhhtvPWJ4TdzM8bRNGHpmxxigTIKM/GNuhckuUNcHlFTYdqEglJpBAWpaDcgIiqaDV9S/AajSk8jwBNG7OQYNmJUiLe1ZyZR2JSVyFszCzJe9/I8k1RK5HEbBYpRd46oZS+qgD4/4t3P/9fF7I7IlMNjBdBDb4HGs9lMdnNQyXYaelMmPWrbw8FOSfV1QggKkcE4j2D2j60AmljLxVadnr0r1oB+NPsCDmo24BYhjMgSZY79vDcRK+sy9475A+UE7ACJYKdYHkh0tyriSn/Dnp/XXfr7dIi78dAd4q6DfTuLOgfKTe6MORktxgTvWKe+dcOXZGGKik9DLk8=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: memos
-    type: mount/smb

services/Memos/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: memos
+spec:
+  encryptedData:
+    password: AgBp0xmRNTIUJ8c50lsNFa4SsT3HjJ5tMTR5QdCZBVlGDiYl7ZlL7nX7VMyR2aZf5awEh4fnSd145kj2NxIhrPVi0rdviH4BsmybNLf6WJzEKG6wQnJvD8d74RHsKV9NDkuOixld8qBwMBEo3WkfOPn2VYMYZrBM7H+7DGBiXcXOUG5vZ8W+au5FePluWGNsaJYEvOiyESla/jLYraKYFDq2mIl8kZdvVY9U5vc+ITa7ktgp0irtjm8wzv8M2/AY/FKk7PNZjE2vYQXYzhTSPZDzizDLRvvun/83yCvVLrHCLG7mcTyHB+6bDITSF5XSymxkAbU9MN455PLDzBcZJyH1QRO3Yi6dFY1vXA9q1vaboanxkInFaMQW/IZsR+GExVAGc+MZ9Q8kIT6tKVu6vw3PSCVUOlkbIJGdH8WPsdASTYpdusnt2NW9idjqc1bLXdCBqh3aMzwKTiD6wpA1kAWdCVpxkDdMZFg/E9sQJTqjD5XCRh0SvHOlrd2ZteHqyYLPYx1tkCDpN33b0K24XatftReKHlYnXum+RympNLYWs6cUyeegAAfauvrI4wqEhkB1oXvri1wRqAVKxo21hqf9Z0vPd0azkJ5+BA34QG0nfUskgNkvyJwNL7iwKgFasU+YziVHh21ZP8RxNRwzmNNcvcR/WiLrz7rfA05Pok/+q/7YLr5+QsxFbgemwXKbOUvARjHxi6tpqEoDp4r4jHG8
+    username: AgB3UU+q37U0s3SPnnb1YtIgxPIPGaogzc7L199wtqUHY1QJ0Z+yHegbtE0TU+c+RhpjGO41ntVnQiW5+V777G2Zs43ehJQmChSf6AXRtLTVeSRTzztlB3tACZfzglrU07LaGWkigAszLtTwJLkt9yFADewGlPEzY9EGSe3xFReA4TRIpqlNLlDwPBx/eI5TqehXtYkPQN4/+xsA2iWjJrVj8MxPvvQaj9Alhxfs51QYXmg/i2sC15+CG5ndSWhouvmzdqAYyb/L2JvqTcJludrMT4r3UhEAbfG1YLvPoigpkF1pVY3+hz1c1kb6YgmxBwGe/w/Ys6wjJIa1aESkf0xTTpfr6bys96T0VvI1GlC3WhU0jJJ42VjuSqfdwqFrLwCyoZNMB5MLmQLe5XrBz3bQ7DOA2MBdTSU0Pbd21hMxTnNtGsOa0rycm4u0o3mV3mwYQCzhIiMHZHfIQe1ULNwA3/c6yTRtWIClYFgVcPEgfwKBdVBM+hWEHCuol2XjHPXHdWeqCYr5fjjF8ain3LcDYJoiwXXtC6+G8s1u+LGX6pXlWNpWrUQMK8Ps1lC+5QxaJZFafHCTxcYbFRaQ5Zp92wfkfbfkqXc9W0KzkxeCIdkWRZgCcSac32oobcarjIlgF6tvnQ67NsGT9xV9vZkBs+eI7uCT/ohtwm7gNdmq5t0RPE0ScgWxqf+NgiCqlc5gpOTmsic=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: memos
+    type: Opaque

services/Minecraft/values.yaml

@@ -1,22 +0,0 @@
-minecraftServer:
-  eula: "true"
-  serverName: Clydebank Rd Survival
-
-  serviceType: LoadBalancer
-  loadBalancerIP: 192.168.154.240
-
-  cheats: true
-
-  ops: "2533274801327950"
-
-persistence:
-  storageClass: "smb-csi"
-  dataDir:
-    enabled: true
-    Size: 1Gi
-    accessModes:
-      - ReadWriteOnce
-
-extraEnv:
-  ENABLE_ROLLING_LOGS: true
-  OVERRIDE_SERVER_PROPERTIES: true

services/PVR/Jellyfin/application-jellyfin.yaml

@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyfin
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyfin
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyfin/manifests
+    targetRevision: HEAD
+  - repoURL: https://jellyfin.github.io/jellyfin-helm
+    chart: jellyfin
+    targetRevision: 2.3.0
+    helm:
+      valueFiles:
+      - $values/services/PVR/Jellyfin/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-config.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: jellyfin/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-movies.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-movies
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-movies
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+#    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#movies
+    volumeAttributes:
+      source: //192.168.154.195/Public
+      subDir: Video's/Films
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolume-csismb-jellyfin-series.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyfin-series
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyfin-series
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+#    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyfin#series
+    volumeAttributes:
+      source: //192.168.154.195/Public
+      subDir: Video's/Series
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyfin

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-config.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-config
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-config

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-movies.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-movies

services/PVR/Jellyfin/manifests/persistentvolumeclaim-csismb-jellyfin-series.yaml

@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: csismb-jellyfin-series
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: csismb-jellyfin-series

services/PVR/Jellyfin/manifests/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: jellyfin
+spec:
+  encryptedData:
+    password: AgAKjCGM2YuuGiRc2ix7Hh3f71QfBH16jrU6i3WFH1ypVWwpkIsiiV1SGYfxUMuweW0xByl+54DvtWEpI9dJglvZpDgfdP4Br4jrzeF0if5eAnQA1nC2CXYAps49Do2YKR8umudp7J+Januugh8lRNz2RQUcDV0vtPWZJGOLTUK8ha4pL87IhQeGojW9eBc+iAL5pypWIyCsKJ0y8eq4JP6ZpO12XtNggcqa/QVdJrKAVJZnEjIHMO+g5mblNmrM+xjLQhsynHZE+88tPjpAFSpsymhT+841dd7yQqWN4WlSuVkPiDEKJHrSV/q+BQliVHXzWupdYJ2NXQn1R0Xzaw7IROEvk1Dhob4sQaYhI4m1hX0uD2ldYnY2KHY0FFMXJz+rIN/yNSokk+P8/Uh6qtslHfCHfanGtIZrAN2HZz83Q0CJu6YIzSgn1K05NDvXSJ2oRRs3RgootVXYiwm7snrDyAm1nLZ07fxP0omq5ZN1G5HzCZhYV6JCeF1MSejI89oK9cbmqJJFOcOVjs8PBFlFhFJrcsWJjx9z1e9GhNJKBj4xp7rX+nU+kXBqxlp2ZbliUJd8jlFKsihWj4T02ppekFwZee7ryLVhOllvd1QKwFKotwuhQVSJCiHFflKvwvcmqJ0nUv+L7COxPhFJHrmsCNmRH06hYIWoLYu61R+1U/ZY5BRXeWeClYKdAZOjahH5e+4f68kEUiGpb7tOWgNC
+    username: AgA/L2pauimeaL9iM9ng0HK9biOqQojt07f1eFLu2P6s/KrCFIAp7ItfMIPRjb9W/QLcAPmaEnHTweMejw9c2cybewlDrr+UlqRUZbCsKoIjh9AkrRthJAIv01u+KLGNrCpzsNeGdGc3QaBS1wE/DiYEN3tvgfcc6o/9wen9bGSaN/jJ1bfHfDIdO1Ccuo+92oIYxQbfl7M1Cm+9K8/LCOdNdT6vZr9+3LfnE1h7Qd8cSRg1Oo82X49Qo7b6HLofz7Y9YN3syxLjnVKZu4LHpmVWPsA1OXDaK70g90gnfLdk5qT264Snp+74NTszKTa+Eyceuw4Ztqf0KoraFrWMG+dpTnQ2NAsFfIw5rp7Wh45xMpOU7GWlaWu9PtD4mYGFBOsNlJllfBzabPE8SL/nB0AAq8PPrt2qIpshMBi+DA53bVZ0+pG+bL6bBGboWDnebrzXYjX8x3iQcg433BcvxIS/AAYBRIlrReaoYuvh1+qETDv3gcQzH5S4g4s4cXAQuvLaEHGHHZbh9Y37cr6SN/RsTv8L8ZEYprDf37sFJPx+JPDAXwhxvjl8i1a7ehAr3uSTrqg0AfPqdhC4ZrPN5QMGXGdhxzInsEzG3IRW1Xpey3ioD4coreywm2xZ4iMTtAL9RXAYbFAhRCPPpe+5hnsNZbNTIlFwyPldaLwZC8CGkqA4AJx+4FUFes5pbg0jgQoPNGDlgLo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: jellyfin
+    type: Opaque

services/PVR/Jellyfin/values.yaml

@@ -0,0 +1,47 @@
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: security-headers@file
+  hosts:
+    - host: player.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+securityContext:
+  capabilities:
+    add:
+      - "SYS_ADMIN"
+    drop:
+      - "ALL"
+  privileged: true
+
+volumes:
+  - name: csismb-jellyfin-movies
+    persistentVolumeClaim:
+      claimName: csismb-jellyfin-movies
+  - name: csismb-jellyfin-series
+    persistentVolumeClaim:
+      claimName: csismb-jellyfin-series
+  - name: igpu
+    hostPath:
+      path: /dev/dri
+
+volumeMounts:
+  - name: csismb-jellyfin-movies
+    mountPath: "/movies"
+  - name: csismb-jellyfin-series
+    mountPath: "/series"
+  - name: igpu
+    mountPath: /dev/dri
+
+# jellyfin: {}
+
+persistence:
+  config:
+    enabled: true
+    size: 5Gi
+    existingClaim: csismb-jellyfin-config
+  media:
+    enabled: false

services/PVR/Jellyseerr/application-jellyseerr.yaml

@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyseerr
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyseerr
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyseerr/manifests
+    targetRevision: HEAD
+  - repoURL: ghcr.io/fallenbagel/jellyseerr
+    chart: jellyseerr-chart
+    targetRevision: 2.4.0
+    helm:
+      valueFiles:
+        - $values/services/PVR/Jellyseerr/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values

services/PVR/Jellyseerr/manifests/persistentvolume-csismb-jellyseerr-config.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: smb.csi.k8s.io
+  name: csismb-jellyseerr-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: csismb-jellyseerr-config
+  mountOptions:
+    - dir_mode=0777
+    - file_mode=0777
+    - uid=911
+    - gid=911
+    - nobrl
+    - cache=none
+    - mfsymlinks
+    - noserverino  # required to prevent data corruption
+  csi:
+    driver: smb.csi.k8s.io
+    # volumeHandle format: {smb-server-address}#{sub-dir-name}#{share-name}
+    # make sure this value is unique for every share in the cluster
+    volumeHandle: 192.168.154.195#jellyseerr#config
+    volumeAttributes:
+      source: //192.168.154.195/K3s.Volumes
+      subDir: jellyseerr/config
+    nodeStageSecretRef:
+      name: smb-credentials
+      namespace: jellyseerr

services/PVR/Jellyseerr/manifests/persistentvolumeclaim-csismb-jellyseerr-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: csismb-jellyseerr-config
+  namespace: jellyseerr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: csismb-jellyseerr-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyseerr/manifests/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: smb-credentials
+  namespace: jellyseerr
+spec:
+  encryptedData:
+    password: AgAXVD3WsMzueRvwCYyh5mrkZsWr6vtR2WegrW3lMa3etjOAAy7ARhrx25pmfX3vzo0PaEbZBLyusMQ04hU0n96TG4+Q5k3H61t9KO6JIjJl3/4myMWfok6H+UuR6qpJl+H3H+A6lYm3M/rwpzvWrq7r3TiepYARHm+MLhI2zSwXn322Pht7Gu8yrshx0mq7ADf/rko9iBBixSGUOuol3eMG+5JNfVCdgb4EQWl5qUwZmXQjWN1Kp3lqRAKXpS5bxqwAmKFP0WRAlMsI63ZBdJeFg+hYcV3PTssDbL6I4hDa+8cVqOMN/JDYnZnNkPxIFy1X7hlOONfNVAda0PYgQO+C2fGuLBFyK2YVcL2uAn84FlEMshdaDpJ0AYlDndattbXSjUVXN04E3/wTsDo5bKzivamyphjeeLlrK0O82yJJvhBPvrQvy0LMtpoIIk39rlctckJKInZbFrl7wCVPUj3d1oCTV4z+quBNIFNCUZmK0aWvjmctW5h6zCFhSnyoWSsc8u+u2Zu/H3vCE3aPSfqg+DLKjv9Dz+itPFMU57kS6SfgcREVeNiqH97Y5wA/wOFcDutb7HHS7dw/l4QCwkBqJiVHDWe45tEsi1ZYmdBlNjKTjCtYzEpxcaO1d6HfRhA2JryrUpqH+WNM1kNA00yTIvfDDC+yKAaEN6y64sUEDhI33ygipo2LLuvB9Moy7DVyBCjYHVtnU0yQiEBoonFn
+    username: AgAGdnx+CIi0PFgSUx+X2LFChH9IlcMAXjlkB0rqM3XM0ht4ghl9HKk4nLa0R2cho6ISSNfpKeBQItMOTxmb5wWbkav0uTLone0nF4Eq0eKysQ4L0yApvKfipl0ZiVb4Z9hsve7MyVcNuE/H5NqLMkgqNPkLaK4yixlxb3KTwDi7/K8NvZjf0a073c1rpfgvbiV7Aodbda+2dmnAcI7k398RuEqTeY7xeBIgg4nR5grsDV448RIeouRX1t4NFvVwdF/6xaVTc085iTxoH9HWf5bpVbP8IxHUtbS+zjMxPz3rwZy1/0nXw8HOs+QFgtFIxNxgsQ1wIH5V46aufPzSc4JUCi0IpV3FsPlHMtv+6aFk4RNv/Z06aa+kT/WY2GHUU+3GdGoFVe2cV2Ty463K4SPluZ/R4UtVtRsCMp1SPkgMOZeUs0g9tK9CBu8l6+comSSny+ub2rAzGpRW0x/i5rEqXBsQqY28Gm36Cv175kB2UOXUTNAY868yaOzgo1LEgMyhFgKzYchju3nWFxyhY+AoG06XRSKzU1ClqlkCwnQBu77Yxu+FjZqXbv6ywUa9TvSVcs8RLGXX/+svM/xXztuots26VMrHLUfcnE23NIHSVkDy5JfDbzn6i2nUnOOJzrm+DUTeRQziu7LIlCFLVjVjygegupMMSC2+F8FbOyKuu5GDBXkZqycfM+n0CA+6Sh+Rrh2LqT4=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: jellyseerr
+    type: Opaque

services/PVR/Jellyseerr/values.yaml

@@ -0,0 +1,15 @@
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  hosts:
+    - host: requests.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+config:
+  persistence:
+    name: csismb-jellyseerr-config
+    storageClass: csismb-jellyseerr-config
+    accessModes: ["ReadWriteMany"]
+    size: 1Gi

services/PVR/Plex/chart-values.yml

@@ -1,34 +0,0 @@
-image:
-  pullPolicy: Always
-
-ingress:
-  enabled: true
-  ingressClassName: traefik
-
-  url: media.pvr.spamasaurus.com
-
-pms:
-  configStorage: 20Gi
-
-  resources:
-    limits:
-      gpu.intel.com/i915: "1"
-    requests:
-      gpu.intel.com/i915: "1"
-
-extraVolumeMounts:
-  - name: flexvolsmb-pvr-movies
-    mountPath: /movies
-  - name: flexvolsmb-pvr-series
-    mountPath: /series
-
-extraVolumes:
-  - name: flexvolsmb-pvr-movies
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-movies
-  - name: flexvolsmb-pvr-series
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-series
-
-# extraEnv:
-#   PLEX_CLAIM: "claim-EzKU3rNVbWtc3qY_y7wq"

services/PVR/Prowlarr/_namespace-prowlarr.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: syncthing
+  name: prowlarr

services/PVR/Prowlarr/application-prowlarr.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prowlarr
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: prowlarr
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    automated: {}
+    syncOptions:
+      - CreateNamespace=true
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Prowlarr
+    targetRevision: HEAD

services/PVR/Prowlarr/deployment-prowlarr.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: prowlarr
-  namespace: pvr
+  namespace: prowlarr
   labels:
     app: prowlarr
 spec:
@@ -17,7 +17,6 @@ spec:
     spec:
       containers:
       - name: prowlarr
-        # image: bv11-cr01.bessems.eu/proxy/linuxserver/prowlarr:develop
         image: linuxserver/prowlarr:develop
         imagePullPolicy: Always
         ports:
@@ -25,8 +24,8 @@ spec:
             containerPort: 9696
         volumeMounts:
         - mountPath: /config
-          name: flexvolsmb-prowlarr-config
+          name: csismb-prowlarr-config
       volumes:
-      - name: flexvolsmb-prowlarr-config
+      - name: csismb-prowlarr-config
         persistentVolumeClaim:
-          claimName: flexvolsmb-prowlarr-config
+          claimName: csismb-prowlarr-config

services/PVR/Prowlarr/ingressroute-prowlarr.yaml

@@ -1,8 +1,8 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: prowlarr
-  namespace: pvr
+  namespace: prowlarr
 spec:
   entryPoints:
     - websecure
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file