Update system/ArgoCD/application-argo-cd.yaml

ingress/Traefik2.x/helmchartconfig-traefik.yaml

@@ -5,11 +5,14 @@ metadata:
   namespace: kube-system
 spec:
   valuesContent: |-
+    core:
+      defaultRuleSyntax: v2
     additionalArguments:
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
-    certResolvers:
+    certificatesResolvers:
       default:
+        acme:
           email: letsencrypt.org.danny@spamasaurus.com
           storage: /data/acme.json
           dnsChallenge:
@@ -66,8 +69,8 @@ spec:
                     stsSeconds: 315360000
                     stsIncludeSubdomains: true
                     stsPreload: true
-                compression:
-                  compress: {}
+                # compression:
+                #   compress: {}
             tls:
               options:
                 defaults:
@@ -76,6 +79,7 @@ spec:
                   curvePreferences:
                     - secp521r1
                     - secp384r1
+                    - secp256r1
                   cipherSuites:
                     - TLS_AES_128_GCM_SHA256
                     - TLS_AES_256_GCM_SHA384
@@ -123,8 +127,11 @@ spec:
       storageClass: longhorn
     ports:
       web:
-        redirectTo:
-          port: websecure
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
       websecure:
         forwardedHeaders:
           insecure: true

services/Argus/ingressroute-argus.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: argus
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Argus/persistentvolume-argus-config.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/argus/config

services/Argus/persistentvolume-argus-data.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/argus/data

services/Authelia/ingressroute-authelia.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: authelia
@@ -14,4 +14,4 @@ spec:
       port: 9091
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/authelia/conf

services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/authelia/redis

services/Authelia/service-authelia.yaml

@@ -4,6 +4,7 @@ metadata:
   name: authelia
   namespace: authelia
 spec:
+  #externalTrafficPolicy: Local
   ports:
     - protocol: TCP
       name: web

services/DDclient/persistentVolume-DDclient.yml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/ddclient/config

services/Dawarich/_namespace-dawarich.yml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: dawarich

services/Dawarich/deployment-dawarich.yaml

@@ -1,116 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: dawarich
-  namespace: dawarich
-  labels:
-    app: dawarich
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: dawarich
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: dawarich
-    spec:
-      enableServiceLinks: false
-      containers:
-      - name: dawarich
-        image: freikin/dawarich:0.24.0
-        env:
-          - name: REDIS_URL
-            value: redis://dawarich.dawarich.svc.cluster.local:6379/0
-          - name: DATABASE_HOST
-            value: dawarich.dawarich.svc.cluster.local
-          - name: DATABASE_USERNAME
-            value: dawarich
-          - name: DATABASE_PASSWORD
-            value: dawarich
-          - name: DATABASE_NAME
-            value: dawarich
-          - name: DISABLE_TELEMETRY
-            value: "true"
-          - name: APPLICATION_HOST
-            value: timeline.spamasaurus.com
-          - name: APPLICATION_HOSTS
-            value: timeline.spamasaurus.com
-          - name: TIME_ZONE
-            value: Australia/Melbourne
-          - name: REVERSE_GEOCODING_ENABLED
-            value: "true"
-          - name: MIN_MINUTES_SPENT_IN_CITY
-            value: "30"
-          - name: DISTANCE_UNIT
-            value: km
-        command:
-        - web-entrypoint.sh
-        args:
-        - 'bin/rails server -p 3000 -b ::'
-        ports:
-          - name: app
-            containerPort: 3000
-        volumeMounts:
-        - name: flexvolsmb-dawarich-data
-          mountPath: /var/app/public
-      - name: sidekiq
-        image: freikin/dawarich:0.24.0
-        env:
-          - name: REDIS_URL
-            value: redis://dawarich.dawarich.svc.cluster.local:6379/0
-          - name: DATABASE_HOST
-            value: dawarich.dawarich.svc.cluster.local
-          - name: DATABASE_USERNAME
-            value: dawarich
-          - name: DATABASE_PASSWORD
-            value: dawarich
-          - name: DATABASE_NAME
-            value: dawarich
-        command:
-        - sidekiq-entrypoint.sh
-        args:
-        - "bundle exec sidekiq"
-        volumeMounts:
-        - name: flexvolsmb-dawarich-data
-          mountPath: /var/app/public
-      - name: redis
-        image: redis:7-alpine
-        ports:
-          - name: redis
-            containerPort: 6379
-        volumeMounts:
-        - name: flexvolsmb-dawarich-redis
-          mountPath: /data
-      - name: db
-        image: postgis/postgis:16-3.5-alpine
-        securityContext:
-          runAsUser: 70
-          runAsGroup: 70
-        env:
-        - name: PGDATA
-          value: /var/lib/postgresql/data/pgdata
-        - name: POSTGRES_DATABASE
-          value: dawarich
-        - name: POSTGRES_PASSWORD
-          value: dawarich
-        - name: POSTGRES_USER
-          value: dawarich
-        volumeMounts:
-        - name: flexvolsmb-dawarich-db
-          mountPath: /var/lib/postgresql/data
-        ports:
-          - name: db
-            containerPort: 5432
-      volumes:
-      - name: flexvolsmb-dawarich-db
-        persistentVolumeClaim:
-          claimName: flexvolsmb-dawarich-db
-      - name: flexvolsmb-dawarich-redis
-        persistentVolumeClaim:
-          claimName: flexvolsmb-dawarich-redis
-      - name: flexvolsmb-dawarich-data
-        persistentVolumeClaim:
-          claimName: flexvolsmb-dawarich-data

services/Dawarich/ingressroute-dawarich.yaml

@@ -1,17 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: dawarich
-  namespace: dawarich
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`timeline.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: dawarich
-      port: 3000
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file

services/Dawarich/persistentVolume-dawarich.yml

@@ -1,56 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-dawarich-db
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-db
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/dawarich/db
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-dawarich-redis
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-redis
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
-      share: /K3s.Volumes/dawarich/redis
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-dawarich-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/dawarich/data

services/Dawarich/persistentVolumeClaim-dawarich.yml

@@ -1,38 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-dawarich-db
-  namespace: dawarich
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-db
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-dawarich-redis
-  namespace: dawarich
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-redis
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-dawarich-data
-  namespace: dawarich
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-dawarich-data
-  resources:
-    requests:
-      storage: 1Gi

services/Dawarich/sealedsecret-flexvolsmb-credentials.yaml

@@ -1,16 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: flexvolsmb-credentials
-  namespace: dawarich
-spec:
-  encryptedData:
-    password: AgDB1T2hBs8kf5sPcAQ1EQopYDsoHBS2a32V0C556RCOvZ9BR45Esx69L3Ug6LcSW3LlfsN0EYfxCEVJMhshfWvPEeyZpcrml1twP7EsnyEfkvBmWpCM2M4bDe6eD5A6gkqnIKt4vpNn87xT4WCnnXK77cal42E1EA4DDrHv5Np+4ju87FOV3UtClFwoRbNgs0wpKk/glVokSu62qHaXWqUULSGZbF13TLG1aFv3/FAnY7i7UwPQcEPbx1mHaBsWZ4JvWRze49gBb9s+6AFgLxTwd7oPQCjONvSKfz9xesjLaxAGjgEm3e8v5ramjSaTqOd4V5Tv96L5MJUIpHIw4fFCdi+++pR2ZAjNEkQrrL9Q+keF+TWhz/IH8T5bY7KST9TXVNPGAlHuvBduFklx/0bSU7UXA7X88E3t4Yjp1n5ggp0xgggene4pAZrly361v1LjzXtV6Cb6v0EUxgWn62Rf1ikRszc4ab+Y4JZZHPJuiSyBZGw0RUCf44iTVR2I0ScgTTSywElKGjGyzrP7FxZ5VK0kPqKkJIsBNm5shBigU1EbD3Gos5g61gzIRtvl3XsT4bDnqASDRVMPsM2biIdYr3ITZy/8uzFsqUH9EA+ZUFhDxHZUgIdRa0Jgx9wMs1ptKl/pRGo0MiZqev/m6aO/KDv1I/aGXQEG1wUtWvGAWJ87WdUVB/5Gz8u0hg9Z9IRHgkldhrgO1f6aZXxE6MwJ
-    username: AgCQYNKlpsSZ8PkkFkUJXKxCFK5Xl2Jr1AuokM7uXiAPYWHeNal+MrTBbJL6oWab53oBeHu1fou45aGYKKnXQN8yNHNoyrpDTEP65AUlUzLJshaB56vLrPAqPdHUpmHyMWZIQxHqlU7c7vZ4TgWkuFS7oXmuFptsDp36tpL6dANKKBIvMniWLiWouZgZSDiJdSwdOGoMqvKp1L9vbkcYstbMHOfAry1hYHxcBa/BYdjV9mvZqwa0GWJ0Zq+q5iwlSInrLa0xH08M1cuNRGjTXIuY+qV7pmVv6HuuhhUAUI8RJTs6g/0et/caFVKpMbj0LnmI7y8c6wMawexbqLD2t6lrBn1bQD4TBuuxk1hh9IiJ2ju18POv11eMPbYQRiNygytFsZ7iYTF4nxxeIExfb9OoYlkfdHl9855DmJHKWkRF1eSRkrtdxnT69BTPXi3wugf50LTUTIuXXEcXp6hdWeZLOytyQDeVoEZsknLuVemJ62iz/IhN+EHfhnibx0DwS2doPn3rzg4gt7zThRk+8I4g1yyqywoLMw+79Rk1ft+2XjZlWr6TPo8T6lCM/3aVNrtuNfrMWiQPKRxXdLX6syjkd8pb7yUMXVtvofGIhyHVXgQA5PJQRQzNcEU/Mm5oFdjpfEFQhtIef6u0urg+37dRb5liVYWmhnPozOvD52B3I99md9rzEwK20faK7XoiHENlsRFExwI=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: flexvolsmb-credentials
-      namespace: dawarich
-    type: mount/smb

services/Dawarich/service-dawarich.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: dawarich
-  namespace: dawarich
-spec:
-  ports:
-    - protocol: TCP
-      name: app
-      port: 3000
-    - protocol: TCP
-      name: redis
-      port: 6379
-    - protocol: TCP
-      name: db
-      port: 5432
-  selector:
-    app: dawarich

services/Gotify/ingressroute-gotify.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: gotify
@@ -14,4 +14,4 @@ spec:
       port: 80
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Gotify/persistentvolume-flexvolsmb-gotify-data.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/gotify/data

services/Guacamole/ingressRoute-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: guacamole
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: prepend-path-guacamole
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Guacamole/middleware-Guacamole.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: prepend-path-guacamole

services/Guacamole/persistentVolume-Guacamole.yml

@@ -14,7 +14,7 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0700,uid=70,gid=70,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/db
 ---
 apiVersion: v1
@@ -33,5 +33,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0755,dir_mode=0755,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/guacamole/home

services/Headlamp/application-headlamp.yaml

@@ -9,9 +9,9 @@ spec:
     namespace: headlamp
   project: default
   sources:
-  - repoURL: https://headlamp-k8s.github.io/headlamp/
+  - repoURL: https://kubernetes-sigs.github.io/headlamp/
     chart: headlamp
-    targetRevision: 0.28.0
+    targetRevision: 0.30.1
     helm:
       valueFiles:
       - $values/services/Headlamp/values.yaml

services/LdapWrapper/application-ldapwrapper.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ldapwrapper
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ldapwrapper
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/LdapWrapper
+    targetRevision: HEAD
+#   - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#     path: services/LdapWrapper
+#     targetRevision: master

services/LdapWrapper/deployment-ldapwrapper.yaml

@@ -31,8 +31,8 @@ spec:
           name: ldap
         volumeMounts:
         - mountPath: /app/.cache
-          name: longhorn-ldapwrapper-cache
+          name: flexvolsmb-ldapwrapper-cache
       volumes:
-      - name: longhorn-ldapwrapper-cache
+      - name: flexvolsmb-ldapwrapper-cache
         persistentVolumeClaim:
-          claimName: longhorn-ldapwrapper-cache
+          claimName: flexvolsmb-ldapwrapper-cache

services/LdapWrapper/persistentvolume-flexvolsmb-ldapwrapper-cache.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-ldapwrapper-cache
+  namespace: ldapwrapper
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-ldapwrapper-cache
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none,nobrl
+      server: 192.168.154.195
+      share: /K3s.Volumes/ldapwrapper/cache

services/LdapWrapper/persistentvolumeclaim-flexvolsmb-ldapwrapper-cache.yaml

@@ -1,13 +1,12 @@
----
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: longhorn-ldapwrapper-cache
+  name: flexvolsmb-ldapwrapper-cache
   namespace: ldapwrapper
 spec:
   accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn
+    - ReadWriteMany
+  storageClassName: flexvolsmb-ldapwrapper-cache
   resources:
     requests:
       storage: 1Gi

services/Lighttpd/application-lighttpd.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: lighttpd
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: lighttpd
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Lighttpd
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Lighttpd/deployment-lighttpd.yaml

@@ -30,8 +30,6 @@ spec:
           subPath: .htpasswd
         - name: configmap-lighttpd-vhosts
           mountPath: /etc/lighttpd/vhosts.d
-        - name: flexvolsmb-lighttpd-data
-          mountPath: /data/scripts
         - name: flexvolsmb-lighttpd-websites
           mountPath: /var/www/
       volumes:
@@ -41,9 +39,6 @@ spec:
       - name: configmap-lighttpd-vhosts
         configMap:
           name: configmap-lighttpd-vhosts
-      - name: flexvolsmb-lighttpd-data
-        persistentVolumeClaim:
-          claimName: flexvolsmb-lighttpd-data
       - name: flexvolsmb-lighttpd-websites
         persistentVolumeClaim:
           claimName: flexvolsmb-lighttpd-websites

services/Lighttpd/ingressroute-lighttpd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: lighttpd
@@ -14,4 +14,4 @@ spec:
       port: 8080
     middlewares:
     - name: security-headers@file
-    - name: compression@file
+    # - name: compression@file

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-data.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-lighttpd-data
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
-      share: /K3s.Volumes/lighttpd/data

services/Lighttpd/persistentvolume-flexvolsmb-lighttpd-websites.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/lighttpd/websites

services/Memos/application-memos.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: memos
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: memos
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: services/Memos
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

services/Memos/deployment-memos.yaml

@@ -18,6 +18,7 @@ spec:
       containers:
       - name: app
         image: neosmemo/memos:0.24
+        imagePullPolicy: Always
         env:
           - name: MEMOS_PORT
             value: '5230'

services/Memos/ingressroute-memos.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: memos
@@ -14,4 +14,4 @@ spec:
       port: 5230
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Memos/persistentvolume-flexvolsmb-memos-data.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0600,dir_mode=0700,uid=1001,gid=1001,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/memos/data

services/Minecraft/application-minecraft-bedrock.yaml

@@ -11,7 +11,7 @@ spec:
   sources:
   - repoURL: https://itzg.github.io/minecraft-server-charts/
     chart: minecraft-bedrock
-    targetRevision: 2.8.2
+    targetRevision: 2.8.4
     helm:
       valueFiles:
       - $values/services/Minecraft/values.yaml

services/Minecraft/values.yaml

@@ -1,9 +1,11 @@
 minecraftServer:
+  # version: 1.21.73.01
+
   eula: "true"
   serverName: Clydebank Rd Survival
 
   serviceType: LoadBalancer
-  loadBalancerIP: 192.168.154.240
+  loadBalancerIP: 192.168.154.241
 
   cheats: true
 
@@ -17,6 +19,11 @@ persistence:
     accessModes:
       - ReadWriteOnce
 
+resources:
+  requests:
+    memory: 1024Mi
+    cpu: 500m
+
 extraEnv:
   ENABLE_ROLLING_LOGS: true
   OVERRIDE_SERVER_PROPERTIES: true

services/PVR/Jellyfin/application-jellyfin.yaml

@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyfin
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyfin
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyfin/manifests
+    targetRevision: HEAD
+  - repoURL: https://jellyfin.github.io/jellyfin-helm
+    chart: jellyfin
+    targetRevision: 2.3.0
+    helm:
+      valueFiles:
+      - $values/services/PVR/Jellyfin/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values
+#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+#    targetRevision: master
+#    ref: values

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-config.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-config
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /K3s.Volumes/jellyfin/config

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-movies.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-movies
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Films

services/PVR/Jellyfin/manifests/persistentvolume-flexvolsmb-jellyfin-series.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyfin-series
+  namespace: jellyfin
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-series
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Series

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-config
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-movies.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-movies
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-movies
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/persistentvolumeclaim-flexvolsmb-jellyfin-series.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyfin-series
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyfin-series
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyfin/manifests/sealedsecret-flexvolsmb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: jellyfin
+spec:
+  encryptedData:
+    password: AgCSzsJlQR2jIMsm7R9goGzziFCEb9quF+tvfXN3dKqWo/zviB4eU5CZ243bEX71eygU+1K7NpcPMF3yD1OB/QBsEKL1Lr62IcHeAHEnsySa2twfLR2wIINXm2kR946HRlmMkroUiJMAdDYCuYnXPxWRewmotvNL1ODK7Yu4rtaZbMjYrV/PDz8I6xIWmpTlsOOI7oj25ZngxS0W8OPMNn83yDR4zgsX2CenNygOfCXdYzJJcMv2Ubue/LxUt3z+RLQznu3/2h8bElauxlJC6QCHXTbjzOX3iFVbFFzn65a8NJIaPysFu+Fi68VdFzwTSq+/ITlun20/zFlW4x177hSdYgUh7pMZpcOMqOPyeT/8Jonxx3wa9CUr1JGnlRukwrfrL6Doyh04FJiftUiLVYDsqCgrLRqaTQ1+90NRFZGhaKhYkSrKfWjNbupiPCTsRsRmVbrPaVCDK5q820l8Jyjhz6dBu0Fi0qXEL7ZbXF1+bdPwnIOgtPPUOJVtc0gYuLluHS6ODd7H8bKc0me5Vr5U0ME0iqhvbyJ6tpkJFpE9tMo4wIpYG3cKiIi1SgHZ7rOKRVfS72xbRhxnKmi1O64J2+jN94wEGIHX8LFppvtxi2WrsyHffQuawkGO4S4sSYVZjoCRMcs0P+jvPMorF7Q0/uecH6noaJIj4it8YoirO6LVUOQKwDg1OEOByeCI7rDFX740UZiX9aOH6osy0Z8e
+    username: AgDRZH7OydcXH1rw6/GAVv4qApl1klI1iTRVozT7OjNCAhTYTFUF5gPLmtfT/CCSY0ieywjhEC5bJkLZdilcayVfUyfVoPHOC9aLuajk48owwdVwWbe4sEWUT6ZncQrt6s4WuOp6PgWIegW9ycQHZE4pylbgUPh1H0vurDXGnLKQBn5n0zMiMGxAmnXYTTXn77pAuvTN/kim6JcqVylCUbWtetvR98ex33FsHsKS7SBhAS4IZ3vK0xh2iOPH5QfJLwPbIgaa1oYzhBrqAht1sdIY9rVW2WBFqqGDwwbSxnSuddWSXXUoeWY37Lo+qDL+Zqb4+Lk7MDuuTXK/St42BZtQToyihP4PPZjKbIpRFeBPHLDTs63CyPPy5u4ip+kR/aivwgOCbKv+SAqVXAFXk9T8h9drMSCr8oUMoIp5M27Pzs3Cqm68U2KaFPmt3nzbygYjr9H7tNjlpi5FWiCsgpRqNQ93/uJ7pTQZNGk5zjzf+RdJag3NbQejxzq8uDAc/dl01NLxdBfe+pK0x0qoi5o4V5/mPwM+X6u4aOyeFqbE9Uo/cSRxkBeRyO6aHMXRXsSyiYIobbReH0+L3OqiEPF2ddgYIN+dcM665qEWQ3iEy94+JhtL715k00z6UYE70aM4wuFksbkMl4NjPFW38uQM4UMLEOg87I4h+C8p2k94UK7tQ4x9ZSL2dgIFf/wkf5/Ob6HTIFM=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: jellyfin
+    type: mount/smb

services/PVR/Jellyfin/values.yaml

@@ -0,0 +1,47 @@
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: security-headers@file
+  hosts:
+    - host: player.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+securityContext:
+  capabilities:
+    add:
+      - "SYS_ADMIN"
+    drop:
+      - "ALL"
+  privileged: true
+
+volumes:
+  - name: flexvolsmb-jellyfin-movies
+    persistentVolumeClaim:
+      claimName: flexvolsmb-jellyfin-movies
+  - name: flexvolsmb-jellyfin-series
+    persistentVolumeClaim:
+      claimName: flexvolsmb-jellyfin-series
+  - name: igpu
+    hostPath:
+      path: /dev/dri
+
+volumeMounts:
+  - name: flexvolsmb-jellyfin-movies
+    mountPath: "/movies"
+  - name: flexvolsmb-jellyfin-series
+    mountPath: "/series"
+  - name: igpu
+    mountPath: /dev/dri
+
+# jellyfin: {}
+
+persistence:
+  config:
+    enabled: true
+    size: 5Gi
+    existingClaim: flexvolsmb-jellyfin-config
+  media:
+    enabled: false

services/PVR/Jellyseerr/application-jellyseerr.yaml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyseerr
+  namespace: argo-cd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: jellyseerr
+  project: default
+  sources:
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    path: services/PVR/Jellyseerr/manifests
+    targetRevision: HEAD
+  - repoURL: ghcr.io/fallenbagel/jellyseerr
+    chart: jellyseerr-chart
+    targetRevision: 2.4.0
+    helm:
+      valueFiles:
+        - $values/services/PVR/Jellyseerr/values.yaml
+  - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
+    targetRevision: HEAD
+    ref: values

services/PVR/Jellyseerr/manifests/persistentvolume-flexvolsmb-jellyseerr-config.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-jellyseerr-config
+  namespace: jellyseerr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyseerr-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none,nobrl
+      server: 192.168.154.195
+      share: /K3s.Volumes/jellyseerr/config

services/PVR/Jellyseerr/manifests/persistentvolumeclaim-flexvolsmb-jellyseerr-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-jellyseerr-config
+  namespace: jellyseerr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-jellyseerr-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/Jellyseerr/manifests/sealedsecret-flexvolsmb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: jellyseerr
+spec:
+  encryptedData:
+    password: AgAt3cqRtt1kYuX+F1XMrNpbSulwd+qyBQWsoPPgXQhRz3rWzemEqJwMXEYj0D9ow79p7W17ytePDnkgEZsVgXHdyiwYbMP9kfzDwoEanFyGeCwbcy90mp13xlX3dH/LpCNQcJcS5aVfaprMS6aHbVwmTCaeP2J0Kmr1eD/0o+poSAtsZn7ru2rfXIZz3bT5KqxWdR/op09ra8PvJpo3JC2h8RVV30UnXQ4+6J2wiZaIQ7vhqGjwKYKjOh6CAUzljFIflZ8a0kQSMPeuAmVQhG4cVqTe4BQ7JucB0eRdBumrYCxtbYW0wg/2YbTlAnPRm9jULpOo5UfKef0mlAW46uIHHABtQywu7RyZ0DUQ1R+4Qx/sp+qsYkeCgfwoYnh6jT/0O967D3CFFPtTrRnDr/R1vdB1h2BPRdmdo9kb90+25KFBlaX4aoA4lbQ1m6RrodU48OcAIVjqtREOXHruxQyS20LAamze3hEI16wT9pnuh+50T4ntCRF+WuuY6Oi+OLpNePWJTIICkFvc9fUCcx6eKz/KzvzqKGVSisQlPzoDJkdwOxTW4uvm2HgMCw8wBgzxkOPk6ru0jxphdSpQE2OSJr7w+15RIIf4O+ne0fBSg7KFxYsc8KvDjvFYnK/tGm00Sz3pHFdMmQPCAYAnUq5s8oimA5OF1EDhvWVgv4KNWr+pgzZPDaMjRxEQR+ZZhwsBDrEBBUQJlfe1msSs43Cn
+    username: AgCk+TrEHAVBFGuu3u7c+zNVagqYjcWj7mljnpSAhIibaFm8+/G44xbfiU5ks7hteWvJ6KInr8g+VAaot8ygICjI7jZoJW/rN8kwNZZVH6ddlQwczAxBukBVFQiZrjy3lN4OtfamKLCJsvBuw39OflVLjHqtfJuTTO5WLCeI9MiTkAP0ZQ/w8T2LrLRzqtmx7/Zxgw34zXYXsAfU+vsUA7QTiCCV6rvEO+P+TsK/opf7HRDqM2jIRRwPK5z9NwYV2MNEb+IO7fmDwwSbGHs135V8yST95VjkdU00m0AHq+Ry7VLjrUBwdqaj72Dn6of28vLtTNL84ck/I59j60Y0QEBQy+9oonP4Y18Bcsix2IbpYw7yklP8cD3dqbc+XufjpV3nwyF/QiJ3XpMtggSsnEvYgTsushLxxDHAS8n7MRufpxRsgZ2QdQIKNZXh+wnI8V3CXuQ9pIGK50QreO1o2BQ8CSfgsHLoyEbCxtPVvSY9/jaSxApOX9tRwyJyHUKadH5jc/EJeokQX7fWAPXwORAlWhU84hPyZtujI9iPLaxVT+2PdKMaE1qHjXZlpn5VySzmA6QOvOVjVHtbtYmI0XpMl/LdwMoLeJAOW2QgOqCLF8+4p/RiSRgUTZqdMzUkVYj3CeeDLfveq92m0nPtc12xc73y8nFf5S0Xhfvn/bu/0Jf9k0zp8jySdK7CCUWSk5/QjC2X/9g=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: jellyseerr
+    type: mount/smb

services/PVR/Jellyseerr/values.yaml

@@ -0,0 +1,15 @@
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  hosts:
+    - host: requests.pvr.spamasaurus.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+config:
+  persistence:
+    name: flexvolsmb-jellyseerr-config
+    storageClass: flexvolsmb-jellyseerr-config
+    accessModes: ["ReadWriteMany"]
+    size: 1Gi

services/PVR/Plex/chart-values.yml

@@ -1,34 +0,0 @@
-image:
-  pullPolicy: Always
-
-ingress:
-  enabled: true
-  ingressClassName: traefik
-
-  url: media.pvr.spamasaurus.com
-
-pms:
-  configStorage: 20Gi
-
-  resources:
-    limits:
-      gpu.intel.com/i915: "1"
-    requests:
-      gpu.intel.com/i915: "1"
-
-extraVolumeMounts:
-  - name: flexvolsmb-pvr-movies
-    mountPath: /movies
-  - name: flexvolsmb-pvr-series
-    mountPath: /series
-
-extraVolumes:
-  - name: flexvolsmb-pvr-movies
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-movies
-  - name: flexvolsmb-pvr-series
-    persistentVolumeClaim:
-      claimName: flexvolsmb-pvr-series
-
-# extraEnv:
-#   PLEX_CLAIM: "claim-EzKU3rNVbWtc3qY_y7wq"

services/PVR/Prowlarr/ingressroute-prowlarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: prowlarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Prowlarr/persistentvolume-flexvolsmb-prowlarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/prowlarr/config

services/PVR/Radarr/ingressroute-radarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: radarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Radarr/persistentvolume-flexvolsmb-radarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/radarr/config

services/PVR/SABnzbd/ingressroute-sabnzbd.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: sabnzbd
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/SABnzbd/persistentvolume-flexvolsmb-sabnzbd-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/sabnzbd/config

services/PVR/Sonarr/ingressroute-sonarr.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: sonarr
@@ -15,4 +15,4 @@ spec:
     middlewares:
       - name: 2fa-authentication@file
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/PVR/Sonarr/persistentvolume-flexvolsmb-sonarr-config.yaml

@@ -15,5 +15,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,uid=1000,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/sonarr/config

services/PVR/ingressRoute-PVR.yml.template

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: pvr-apikeys
@@ -7,35 +7,35 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`movies.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+  - match: Host(`movies.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: radarr
       port: 7878
     middlewares:
       - name: security-headers@file
-      - name: compression@file
-  - match: Host(`index.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    #   - name: compression@file
+  - match: Host(`index.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: prowlarr
       port: 9696
     middlewares:
       - name: security-headers@file
-      - name: compression@file
-  - match: Host(`download.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    #   - name: compression@file
+  - match: Host(`download.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: sabnzbd
       port: 8080
     middlewares:
       - name: security-headers@file
-      - name: compression@file
-  - match: Host(`series.pvr.spamasaurus.com`) && (Headers(`X-Api-Key`, `<removed>`) || Query(`apikey=<removed>`))
+    #   - name: compression@file
+  - match: Host(`series.pvr.spamasaurus.com`) && (Header(`X-Api-Key`, `<removed>`) || Query(`apikey`, `<removed>`))
     kind: Rule
     services:
     - name: sonarr
       port: 8989
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+    #   - name: compression@file

services/PVR/persistentVolumeClaim-PVR.yml

@@ -1,65 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-pvr-movies
-  namespace: pvr
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-movies
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
-      server: 192.168.154.225
-      share: /Public/Video's/Films
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-pvr-movies
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-movies
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-pvr-series
-  namespace: pvr
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-series
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: flexvolsmb-credentials
-    options:
-      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
-      server: 192.168.154.225
-      share: /Public/Video's/Series
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-pvr-series
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-pvr-series
-  resources:
-    requests:
-      storage: 1Gi

services/PVR/persistentvolume-flexvolsmb-pvr-movies.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-movies
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-movies
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Films

services/PVR/persistentvolume-flexvolsmb-pvr-series.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-series
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-series
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
+      server: 192.168.154.195
+      share: /Public/Video's/Series

services/PVR/persistentvolumeclaim-flexvolsmb-pvr-movies.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: flexvolsmb-lighttpd-data
-  namespace: lighttpd
+  name: flexvolsmb-pvr-movies
+  namespace: pvr
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: flexvolsmb-lighttpd-data
+  storageClassName: flexvolsmb-pvr-movies
   resources:
     requests:
       storage: 1Gi

services/PVR/persistentvolumeclaim-flexvolsmb-pvr-series.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pvr-series
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-series
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/persistentvolumeclaim-smb-pvr-volatile.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: smb-pvr-volatile
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: pvr
+  resources:
+    requests:
+      storage: 100Gi

services/PVR/storageclass-pvr.yaml

@@ -4,7 +4,7 @@ metadata:
   name: pvr
 provisioner: smb.csi.k8s.io
 parameters:
-  source: "//192.168.154.225/K3s.StorageClass/pvr"
+  source: "//192.168.154.195/K3s.StorageClass/pvr"
   csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
   csi.storage.k8s.io/node-stage-secret-namespace: "pvr"
 #  createSubDir: "true"  # optional: create a sub dir for new volume
@@ -17,16 +17,3 @@ mountOptions:
   - cache=none
   - uid=911
   - gid=911
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: smb-pvr-volatile
-  namespace: pvr
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: pvr
-  resources:
-    requests:
-      storage: 100Gi

services/Vaultwarden/ingressroute-vaultwarden.yaml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: vaultwarden
@@ -14,7 +14,7 @@ spec:
       port: 8080
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file
   - match: Host(`vault.spamasaurus.com`) && Path(`/notifications/hub`)
     kind: Rule
     services:
@@ -22,4 +22,4 @@ spec:
       port: 3012
     middlewares:
       - name: security-headers@file
-      - name: compression@file
+      # - name: compression@file

services/Vaultwarden/persistentvolume-flexvolsmb-vaultwarden-data.yaml

@@ -14,5 +14,5 @@ spec:
       name: flexvolsmb-credentials
     options:
       opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
-      server: 192.168.154.225
+      server: 192.168.154.195
       share: /K3s.Volumes/vaultwarden/data

storage/Longhorn/values.yaml

@@ -4,4 +4,5 @@ ingress:
   enabled: true
   host: storage.spamasaurus.com
   annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file,security-headers@file,compression@file
+#    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file,security-headers@file,compression@file
+    traefik.ingress.kubernetes.io/router.middlewares: 2fa-authentication@file,security-headers@file

storage/csi-driver-smb/sealedSecret-CSIdriverSMB.yml

@@ -1,25 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "smb-credentials",
-    "namespace": "default",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "smb-credentials",
-        "namespace": "default",
-        "creationTimestamp": null
-      },
-      "type": "Opaque",
-      "data": null
-    },
-    "encryptedData": {
-      "domain": "AgCFtOnYpGlu49+rxtdMcweWKvIOo+cRq2wbI+SkQft1cARN5msXCyepELkF79onzT6UtQg3ASNvzR81TZRPqLKibq/qeV3+TyeuTYQOsj8xahe0+pJmg3NZGa4CBhYSj5Es6UFBZ6m8EcOR08HTG3zkXRao5tdfUoKWzB5Ie9savYYUrCHBVCWW29oBoKMKujPxId51qB1yP1Rwa5rZE2+9mfscs+cp5WAyLFd5UjVIjSP13///U/VzFAYcMW/Sm+xmenxnYuzKD2xmAF7YLIsQaaKHv2gNcJuHluSna3YZrSebZoomXdpjWhB78a1pZvQSJkTrDX++E71Urqf9fsKUu6ekV/rfffRyzUFdnxwlJVB94c9ZRml82fJRdFtIYwvkSI/EFU18CjjJKfpuwG5HmL/1AKVSl5/NdaB+xGSlhi6QblIl/p97RZa3wt9l9LzhlCqT9EoDCNB45fOBSX5lpLPBDxOvlWrW4m3sKvwIdno8bKMPhO/m9yCooZZ8QX1zfakgfkCThsOQ1UCFWBiNqzFnTqPhz3Mg8GLTD4jREi10KONTGl+aFFSJ8Y51Ufen8YLA9DcgLypdn4UBelwBsu6qmg/CZbxb5QIPjE2NN5Ioz3R4Nyl2pX9EbyQGfw8umBn57sdFzbl58tbhp4YQn4vl0cFCwYxkJMqx4bd5Rz9Jvf1dCgKU5AXg60+LhZJMU8TLzAN6Qa5L",
-      "password": "AgA9rRVJ7uUGmwnla+Y7He2aFaAthEiLI72GyzLflzQCJWHtPukAon/1NseeJb0BqVqnc5APPgFeDZ7k0JQRlmlqWPLArKcrTcj0PdWaxrSioohZTMe5LoS7GlFpJrhfULMLKipaIMXaCXx/E8etkYOM6tcnjCxUh+KKdcpPfzH7U6i02tCA+IXcrBDO3jx78G1XAtbYYIgD7wsfXD5EeR5DcoPBOsaeYNiLvQQS5aiWaS0rqDUsv6EeL6dhUeBoAljisL8EMP6yb0XIvNXcYmYidSbbwrt2T6D0YtJ4ivsFuxvT7bkbnI3G7orAdw4EGYvhPBNII4T1QYBjCKP+F6fowDYoufUHR5lnD1wiaw6axrE8X//ekaVipVJbaTQhvtFtnMbKnjYtjL9F3K994HCIDlO6nzhCzm+UpQRk2lDqEL3xLmU6L6oUxpOI9VPunubNDY+CBK4dbzThDJ7ruW1fYv9jdn5h9LzkIoDTIebFy5hl5CSAT6YAjedeYi19cuUBRB9m8PhWMna6NUMeQSZila87SzagBAspCke5iufFFQxg6FyV7Kfm9+O9annY/PyvJXMQ87sto4d5qXyb5yIUpElrp2P1DzMuIHyhlKcjEQGG6TRbRHEmR9dquwsg8I7e0DZD8JcgPwRCqZDPJaS4f3loxyfqds5sp2Hgf2MusIZQn+8AgFLimR/EZ+zV3otGb3UdfDU8Zv5EoeFxBUxb",
-      "username": "AgCr48TUqDuqHyKLzZTrKqUawED+Ltb/NuA6nOSjb08TuVR7tOPzgga3IH+Y6fN16lzobcmylwh70kosXs0KKWFmpG7TsoNzWtB5hq1KJsvJNWAJNs6mO1n+40wyLE0aS/bo4dDFpFtUVe/n8DdDyH42FwsnnfNJbtEqzItOXaVO/TiDjFDy09SPblVSgFaK+i0A+jdIbqdBQH2bkPDM3WTn0iBLdXpaxAHqWyLDnLmg8dyU8kJfjUS17OylJZP2bm375exikKw+69h7hLbcuKhsFQnmY2Vffe+0D+ozpCO/8PBqv1dkA0FG8EuhqGCbX6dUxbOdhVzkHyK0a+N8bX45ORSlc+V49bzU7BrvzkmPz3j4Yg11ZZP9vXnRrUJgzD8Jp274dArb+3EF+JH5lNBl1RFbB6s0vrbHXOI5oNXxl+dv9ri+2JKE95DXbsN9uXeLnCh+UqBCmSWW4MfO8rHgM/HQL8k8IHwEBphsDjwthWzQz34b4yUSzh5hEJMMa74S2VFTJeITY8DsvNo+rvOjSxyc3XxkLNH6FmFmGgAfVcWHelm4JCY47Ua1IgztsQbeqXRQQVmxC/A9iqYamZuvkZBSYdN6EcRbFf/FXlmqWw4BQV1d4xHgakoY3O/zWAg/39nNH2bIm190EsLap4qAEShFGf5kvXqymXXpqWPIjIDTy11eGlF9N9OhuYbsP+U6XPwemhg="
-    }
-  }
-}

storage/csi-driver-smb/sealedsecret-smb-credentials.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: smb-credentials
+  namespace: default
+spec:
+  encryptedData:
+    password: AgCkOReg8deCpkzUQj+J6XjMKcHUXwzg5AM2Y68CrC1gNgWSWhVKONX5UruNemJ773ZmgRDdDbIwQUBanLUByMbo4y3/kVnwgJCOADD+ERo30ysbdei+SNIIgg55J8R8nU/H31GFWYdq8Ck3FPNvBXo9uMHyUzqopZm8iOV2YVNA0kx9J1uArpzzc1bx3ZA2sV1Rcg9FtLvPErd7WEn5xdosC2Jtxl8NpMFEU32CiKJVM0h4GjmT5uyEOEYeVBURqRB73QfwS7rIRGGCfV8Px6ByF+ADZQ++0Vdla+kWLfsbTW6qcnDv6rqTc8MtXCfYDC3eWKnNvVgI7aNyyWNntQ1qlgW4o3kBNJm33HEU8lxWtgbt8L+g6l/x/ECRsb2EDJWa15VkEJr2WyghkM9WrgL+C0sVwxjOSPcbiZyk2VLfKL02NN4sJ8GQxVW1AvE6MM+YrPD/9o6YaQkOjI6IbZThpDnGGM3n+VQvUB3mSBR1cC9DNjssbzZOJiMm11OfW3Pfw2blyCzO8swM0RN+pO1+8/63uFh6y3hzYuW/6XkHY1bp2EqBRvpaCsjiJfLg+zhPGKz0Lv7L6GzCaXolxWGrdkTiPVpTKvQl1rW5HhWEYz5W+djRZTSX0Kimu3sawI0riPvJyD+6ANHGvHnW8ioONuv3/TXuCs5As2f9V8PikR8jeEGr5YJQOwnXTXaVd/5Yg7ulVXltLnFZ2fa3jYkW
+    username: AgAUu6XbTsHoS33fRV9N31CxHildp0XrnrDkT3UuJQKIx8c/GmUy6LZK1/yWD4hwco0DY6BmDMUUXdJQQDE5aYLBADRq5EobwlyuBgHP2pAhncV750e+u0VhWsCg0AREjLJA4P9xN61Qpbw7w1Yfi6OBjFhzKw4e0YyG3D7EoA2Q9+0dQrkPf3ooLJBx6SE/NuVs7uTuKWi2hC+kuKp3WhgrTU9IG+r1UFOO2jPR9ZFtsHaIArDzgbYZ03dFAXuTFjFLLx519/vCMXKKOglUsTzzaZUb798u3zG1xic+nZIvt6OmjyB86QZ+mjRAElVRINZRUJEMPbWkP2frbN1caQnPvX28LGcRiP0wFM+tgJG/3tAu9T1kaYnLFx+g8wex/kYqI0xktFJb2aisEb32Dhr4S883gpvvEouxuY/Y1g0ZuKxuS7tL8SE3i8x6GBFGaqLx+Wp60G2LsHDDn1PRqZ/GRlPci6QnAwScMPRuHbZOkyQem5w7n5t+LkoYq/gQ/hI+kiyEJOT7XqgR0iCsGGqsLQrVuP1M4XaZQEMlXl8q/iw4N7B28XMDAvWKF02jPM1XsCXMi5ins20KjzHwriMZA0CR7LWyBQsp88phQ/JNqTkEYa+AMdL2zVrhKYao7GvbYs15i3dcuZR08Lof2QIkeLe96DVKb3z6cqqRkbCxlErmD2M8BKhS3TXcNRhSgMReFUqTUAU=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: smb-credentials
+      namespace: default
+    type: Opaque

storage/csi-driver-smb/storageClass-SMB.yml.example

@@ -1,17 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: <name>
-provisioner: smb.csi.k8s.io
-parameters:
-  source: "//192.168.11.225/K3s.StorageClass/<name>"
-  csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
-  csi.storage.k8s.io/node-stage-secret-namespace: "default"
-  createSubDir: "true"  # optional: create a sub dir for new volume
-reclaimPolicy: Retain  # only retain is supported
-volumeBindingMode: Immediate
-mountOptions:
-  - dir_mode=0700
-  - file_mode=0700
-  - uid=1001
-  - gid=1001

storage/csi-driver-smb/storageclass-smb-csi.yaml

@@ -0,0 +1,23 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: smb-csi
+mountOptions:
+- dir_mode=0777
+- file_mode=0777
+- uid=1001
+- gid=1001
+- nobrl
+- noperm
+- mfsymlinks
+- cache=strict
+- noserverino
+parameters:
+  csi.storage.k8s.io/node-stage-secret-name: smb-credentials
+  csi.storage.k8s.io/node-stage-secret-namespace: default
+  csi.storage.k8s.io/provisioner-secret-name: smb-credentials
+  csi.storage.k8s.io/provisioner-secret-namespace: default
+  source: //192.168.154.195/K3s.StorageClass/smb-csi
+provisioner: smb.csi.k8s.io
+reclaimPolicy: Retain
+volumeBindingMode: Immediate

system/ArgoCD/application-argo-cd.yaml

@@ -11,13 +11,15 @@ spec:
   sources:
   - repoURL: https://argoproj.github.io/argo-helm
     chart: argo-cd
-    targetRevision: 7.8.2
+    targetRevision: 8.1.2
     helm:
       valueFiles:
       - $values/system/ArgoCD/values.yaml
   - repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog
-    targetRevision: master
+    targetRevision: lab-k8s
     ref: values
-#  - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
-#    targetRevision: master
-#    ref: values
+  # - repoURL: https://github.com/djpbessems/Kubernetes.K3s.installLog
+  #   targetRevision: master
+  #   ref: values
+  syncPolicy:
+    automated: {}

system/ArgoCD/values.yaml

@@ -2,9 +2,9 @@ configs:
   params:
     server.insecure: true
 global:
-  domain: gitops.spamasaurus.com
+  domain: gitops.lab.spamasaurus.com
 server:
   ingress:
     enabled: true
     annotations:
-      traefik.ingress.kubernetes.io/router.middlewares: security-headers@file,compression@file
+      traefik.ingress.kubernetes.io/router.middlewares: security-headers@file

system/kube-vip/application-kube-vip.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: kube-vip
+  namespace: argo-cd
+spec:
+  destination:
+    namespace: kube-system
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: system/kube-vip
+    repoURL: https://code.spamasaurus.com/djpbessems/Kubernetes.K3s.installLog.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

system/kube-vip/daemonset-kube-vip-ds.yaml

@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/name: kube-vip-ds
+    app.kubernetes.io/version: v0.9.1
+  name: kube-vip-ds
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-vip-ds
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: kube-vip-ds
+        app.kubernetes.io/version: v0.9.1
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+      containers:
+      - args:
+        - manager
+        env:
+        - name: vip_arp
+          value: "true"
+        - name: port
+          value: "6443"
+        - name: vip_nodename
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: vip_interface
+          value: eth0
+        - name: vip_cidr
+          value: "32"
+        - name: dns_mode
+          value: first
+        - name: cp_enable
+          value: "true"
+        - name: cp_namespace
+          value: kube-system
+        - name: svc_enable
+          value: "true"
+        - name: svc_leasename
+          value: plndr-svcs-lock
+        - name: vip_leaderelection
+          value: "true"
+        - name: vip_leasename
+          value: plndr-cp-lock
+        - name: vip_leaseduration
+          value: "5"
+        - name: vip_renewdeadline
+          value: "3"
+        - name: vip_retryperiod
+          value: "1"
+        - name: address
+          value: 192.168.154.240
+        - name: prometheus_server
+          value: :2112
+        image: ghcr.io/kube-vip/kube-vip:v0.9.1
+        imagePullPolicy: IfNotPresent
+        name: kube-vip
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+      hostNetwork: true
+      serviceAccountName: kube-vip
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+  updateStrategy: {}