starting to switch to nginx-ingress

2024-10-23 11:18:30 +01:00
180 changed files with 51 additions and 5143 deletions
--- a/immich-argocd-apps/.helmignore
+++ b/immich-argocd-apps/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/immich-argocd-apps/Chart.yaml
+++ b/immich-argocd-apps/Chart.yaml
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: immich-argocd-apps
 description: A Helm chart for deploying Immich as an ArgoCD app
 type: application
 version: 0.3.0
 appVersion: v1.123.0
--- a/immich-argocd-apps/templates/_helpers.tpl
+++ b/immich-argocd-apps/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "immich-argocd-apps.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "immich-argocd-apps.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "immich-argocd-apps.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "immich-argocd-apps.labels" -}}
 helm.sh/chart: {{ include "immich-argocd-apps.chart" . }}
 {{ include "immich-argocd-apps.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "immich-argocd-apps.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "immich-argocd-apps.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "immich-argocd-apps.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "immich-argocd-apps.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/immich-argocd-apps/templates/immich-main-chart.yaml
+++ b/immich-argocd-apps/templates/immich-main-chart.yaml
@@ -1,65 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: immich-main-chart
  namespace: argocd  # Ensure this is the namespace where Argo CD is installed
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: default
  source:
    repoURL: "https://immich-app.github.io/immich-charts"
    chart: immich
    targetRevision: 0.x
    helm:
      releaseName: immich
      valuesObject:
        image:
          tag: {{ .Chart.AppVersion }}
        immich:
          persistence:
            library:
              existingClaim: immich-library
        redis:
          enabled: true
        env:
          - name: DB_HOSTNAME
            valueFrom:
              secretKeyRef:
                name: immich-pg-app
                key: host
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: immich-pg-app
                key: password
          - name: DB_USERNAME
            valueFrom:
              secretKeyRef:
                name: immich-pg-app
                key: username
          - name: DB_DATABASE_NAME
            valueFrom:
              secretKeyRef:
                name: immich-pg-app
                key: dbname
          - name: REDIS_HOSTNAME
            value: immich-redis-master
            # value: '{{ printf "%s-redis-master" .Release.Name }}'
          - name: IMMICH_MACHINE_LEARNING_URL
            value: "http://immich-machine-learning:3003"
            # value: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
  destination:
    server: https://kubernetes.default.svc  # Targeting the current Kubernetes cluster
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/immich-argocd-apps/templates/immich-postinstall-app.yaml
+++ b/immich-argocd-apps/templates/immich-postinstall-app.yaml
@@ -1,33 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: immich-postinstall
  namespace: argocd  # Ensure this is the namespace where Argo CD is installed
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: default
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: immich-argocd-postInstall
    helm:
      releaseName: immich-postinstall
      valuesObject:
        tailscaleIngresses:
          immichHostName: {{ .Values.tailscaleIngresses.immichHostName }} 
          filebrowserHostName: {{ .Values.tailscaleIngresses.filebrowserHostName }}
  destination:
    server: https://kubernetes.default.svc  # Targeting the current Kubernetes cluster
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/immich-argocd-apps/templates/immich-pvc-filebrowser-chart.yaml
+++ b/immich-argocd-apps/templates/immich-pvc-filebrowser-chart.yaml
@@ -1,58 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: immich-pvc-filebrowser-chart
  namespace: argocd  # Ensure this is the namespace where Argo CD is installed
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: default
  source:
    repoURL: "tccr.io/truecharts"
    chart: filebrowser
    targetRevision: 11.x
    helm:
      releaseName: filebrowser
      valuesObject:
        persistence:
          config:
            enabled: true
            mountPath: /config
            type: pvc
            namespace: {{ .Values.mainNamespace }}
            accessModes: ReadWriteOnce
            size: 100Mi
            storageClass: {{ .Values.filebrowser.configStorageClassName }}
          database:
            enabled: true
            mountPath: /database
            type: pvc
            namespace: {{ .Values.mainNamespace }}
            accessModes: ReadWriteOnce
            size: 100Mi
            storageClass: {{ .Values.filebrowser.configStorageClassName }}
          data:
            enabled: true
            mountPath: /data
            type: pvc
            namespace: {{ .Values.mainNamespace }}
            existingClaim: immich-library  
  destination:
    server: https://kubernetes.default.svc  # Targeting the current Kubernetes cluster
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
  ignoreDifferences:
  - group: apps
    kind: Deployment
    jsonPointers:
    - /spec/template/spec/hostUsers
--- a/immich-argocd-apps/templates/immich-requirements-app.yaml
+++ b/immich-argocd-apps/templates/immich-requirements-app.yaml
@@ -1,38 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: immich-requirements
  namespace: argocd  # Ensure this is the namespace where Argo CD is installed
  finalizers:
    - resources-finalizer.argocd.argoproj.io
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: default
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: immich-argocd-requirements
    helm:
      releaseName: immich-requirements
      valuesObject:
        mainNamespace: {{ .Values.mainNamespace }}
        immichDb:
          dbClusterInstances: {{ .Values.immichDb.dbClusterInstances }}
          dbClusterStorageClass: {{ .Values.immichDb.dbClusterStorageClass }}
          dbClusterStorageSize: {{ .Values.immichDb.dbClusterStorageSize }}
        photosLibrary:
          storageClassName: {{ .Values.photosLibrary.storageClassName }}
          storageSize: {{ .Values.photosLibrary.storageSize }}
  destination:
    server: https://kubernetes.default.svc  # Targeting the current Kubernetes cluster
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/immich-argocd-apps/values.yaml
+++ b/immich-argocd-apps/values.yaml
@@ -1,13 +0,0 @@
 mainNamespace: immich
 tailscaleIngresses:
  immichHostName: photos
  filebrowserHostName: immich-files
 photosLibrary:
  storageClassName: 
  storageSize: 500Gi
 immichDb:
  dbClusterInstances: 3
  dbClusterStorageClass: 
  dbClusterStorageSize: 10Gi
 filebrowser:
  configStorageClassName:
--- a/immich-argocd-postInstall/.helmignore
+++ b/immich-argocd-postInstall/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/immich-argocd-postInstall/Chart.yaml
+++ b/immich-argocd-postInstall/Chart.yaml
@@ -1,24 +0,0 @@
 apiVersion: v2
 name: immich-argocd-postInstall
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
--- a/immich-argocd-postInstall/templates/_helpers.tpl
+++ b/immich-argocd-postInstall/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "immich-argocd-postInstall.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "immich-argocd-postInstall.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "immich-argocd-postInstall.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "immich-argocd-postInstall.labels" -}}
 helm.sh/chart: {{ include "immich-argocd-postInstall.chart" . }}
 {{ include "immich-argocd-postInstall.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "immich-argocd-postInstall.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "immich-argocd-postInstall.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "immich-argocd-postInstall.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "immich-argocd-postInstall.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/immich-argocd-postInstall/templates/filebrowser-ingress.yaml
+++ b/immich-argocd-postInstall/templates/filebrowser-ingress.yaml
@@ -1,14 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ts-filebrowser-bis
 spec:
  defaultBackend:
    service:
      name: filebrowser
      port:
        number: 10187
  ingressClassName: tailscale
  tls:
    - hosts:
        - {{ .Values.tailscaleIngresses.filebrowserHostName }}
--- a/immich-argocd-postInstall/templates/immich-ingress.yaml
+++ b/immich-argocd-postInstall/templates/immich-ingress.yaml
@@ -1,16 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ts-immich
  annotations:
    tailscale.com/funnel: "true"
 spec:
  defaultBackend:
    service:
      name: immich-server
      port:
        name: http
  ingressClassName: tailscale
  tls:
    - hosts:
        - {{ .Values.tailscaleIngresses.immichHostName }}
--- a/immich-argocd-postInstall/values.yaml
+++ b/immich-argocd-postInstall/values.yaml
@@ -1,3 +0,0 @@
 tailscaleIngresses:
  immichHostName: photos
  filebrowserHostName: immich-files
--- a/immich-argocd-requirements/.helmignore
+++ b/immich-argocd-requirements/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/immich-argocd-requirements/Chart.yaml
+++ b/immich-argocd-requirements/Chart.yaml
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: immich-argocd-requirements
 description: A Helm chart for the underlying requirements to deploy Immich 
 type: application
 version: 0.1.0
 appVersion: "0.1.0"
--- a/immich-argocd-requirements/README
+++ b/immich-argocd-requirements/README
@@ -1 +0,0 @@
 This chart requires CNPG (Cloud Native Postgres) installed on the Kubernetes cluster, as well as the Tailscale operator (for the ingress)
--- a/immich-argocd-requirements/templates/_helpers.tpl
+++ b/immich-argocd-requirements/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "immich-argocd-requirements.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "immich-argocd-requirements.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "immich-argocd-requirements.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "immich-argocd-requirements.labels" -}}
 helm.sh/chart: {{ include "immich-argocd-requirements.chart" . }}
 {{ include "immich-argocd-requirements.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "immich-argocd-requirements.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "immich-argocd-requirements.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "immich-argocd-requirements.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "immich-argocd-requirements.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/immich-argocd-requirements/templates/db-cluster.yaml
+++ b/immich-argocd-requirements/templates/db-cluster.yaml
@@ -1,43 +0,0 @@
 # From https://github.com/immich-app/immich/discussions/9060#discussioncomment-9688353
 apiVersion: postgresql.cnpg.io/v1                                                
 kind: Cluster
 metadata:
  name: immich-pg
  namespace: {{ .Values.mainNamespace }}
 spec:
  instances: {{ .Values.immichDb.dbClusterInstances }}
  imageName: ghcr.io/tensorchord/cloudnative-pgvecto.rs:16.3-v0.2.1
 #  superuserSecret:
 #    name: immich-pg-superuser
 #  enableSuperuserAccess: true
  startDelay: 30
  stopDelay: 100
 #  primaryUpdateStrategy: unsupervised
 #  primaryUpdateMethod: switchover
  postgresql:
    shared_preload_libraries:
      - "vectors.so"
    enableAlterSystem: true
  storage:
    storageClass: {{ .Values.immichDb.dbClusterStorageClass }}
    size: {{ .Values.immichDb.dbClusterStorageSize }}
 #  monitoring:
 #    enablePodMonitor: false
  bootstrap:
    initdb:
      database: immich
      owner: immich
 #      secret:
 #        name: immich-pg-user
      dataChecksums: true
      postInitApplicationSQL:
        - ALTER SYSTEM SET search_path TO "$user", public, vectors;
        - SET search_path TO "$user", public, vectors;
        - CREATE EXTENSION IF NOT EXISTS "vectors";
        - CREATE EXTENSION IF NOT EXISTS "cube";
        - CREATE EXTENSION IF NOT EXISTS "earthdistance";
        - ALTER SCHEMA vectors OWNER TO "immich";
        - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO "immich";
        - GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "immich";
        # - CREATE EXTENSION IF NOT EXISTS "vector";
        # - ALTER ROLE "immich" WITH "superuser";
--- a/immich-argocd-requirements/templates/library-pvc.yaml
+++ b/immich-argocd-requirements/templates/library-pvc.yaml
@@ -1,11 +0,0 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: immich-library
 spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: {{ .Values.photosLibrary.storageClassName }}
  resources:
    requests:
      storage: {{ .Values.photosLibrary.storageSize }}
--- a/immich-argocd-requirements/templates/pgvectrs-imagecatalog-cnpg.yaml
+++ b/immich-argocd-requirements/templates/pgvectrs-imagecatalog-cnpg.yaml
@@ -1,9 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: ImageCatalog
 metadata:
  name: pgvecto-rs
  namespace: {{ .Values.mainNamespace }}
 spec:
  images:
    - major: 16
      image: ghcr.io/tensorchord/cloudnative-pgvecto.rs:16-v0.2.1
--- a/immich-argocd-requirements/values.yaml
+++ b/immich-argocd-requirements/values.yaml
@@ -1,10 +0,0 @@
 mainNamespace: immich
 immichDb:
  dbClusterInstances: 3
  dbClusterStorageClass: null
  dbClusterStorageSize: "10Gi"
 photosLibrary:
  storageClassName: 
  storageSize: 500Gi
--- a/k3s-tooling/.helmignore
+++ b/k3s-tooling/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/k3s-tooling/Chart.yaml
+++ b/k3s-tooling/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: k3s-tooling
 description: A Helm chart for deploying some kubernetes ressources
 type: application
 version: 0.1.0
--- a/k3s-tooling/templates/_helpers.tpl
+++ b/k3s-tooling/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "k3s-tooling.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "k3s-tooling.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "k3s-tooling.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "k3s-tooling.labels" -}}
 helm.sh/chart: {{ include "k3s-tooling.chart" . }}
 {{ include "k3s-tooling.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "k3s-tooling.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "k3s-tooling.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "k3s-tooling.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "k3s-tooling.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/k3s-tooling/templates/certmanager.yaml
+++ b/k3s-tooling/templates/certmanager.yaml
@@ -1,32 +0,0 @@
 {{- if .Values.certManager.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: cert-manager
  namespace: {{ .Values.argocd.namespace }}
  # finalizers:
    # - resources-finalizer.argocd.argoproj.io
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://charts.jetstack.io" 
    chart: cert-manager              # Chart name
    targetRevision: {{ .Values.certManager.targetRevision }}                # Version of the chart (update to latest if needed)
    helm:
      valuesObject:
        crds:
          enabled: true
  destination:
    server: {{ .Values.certManager.destination.server }}
    namespace: {{ .Values.certManager.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/templates/cnpg.yaml
+++ b/k3s-tooling/templates/cnpg.yaml
@@ -1,28 +0,0 @@
 {{- if .Values.cnpg.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: cnpg
  namespace: {{ .Values.argocd.namespace }}
  # finalizers:
    # - resources-finalizer.argocd.argoproj.io
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://cloudnative-pg.github.io/charts"  # Helm repository for Tailscale
    chart: cloudnative-pg              # Chart name
    targetRevision: {{ .Values.cnpg.targetRevision }}
  destination:
    server: {{ .Values.cnpg.destination.server }}
    namespace: {{ .Values.cnpg.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/templates/keycloak-operator.yaml
+++ b/k3s-tooling/templates/keycloak-operator.yaml
@@ -1,28 +0,0 @@
 {{- if .Values.keycloakOperator.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: keycloak-operator
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://github.com/roukydesbois/keycloak-operator.git"
    targetRevision: HEAD
    path: 'keycloak-operator'
    helm:
      releaseName: keycloak-operator
  destination:
    server: {{ .Values.keycloakOperator.destination.server }}
    namespace: {{ .Values.keycloakOperator.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/templates/longhorn.yaml
+++ b/k3s-tooling/templates/longhorn.yaml
@@ -1,26 +0,0 @@
 {{- if .Values.longhorn.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: longhorn
  namespace: {{ .Values.argocd.namespace }}
  # finalizers:
    # - resources-finalizer.argocd.argoproj.io
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578" 
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://charts.longhorn.io"  # Helm repository for Tailscale
    chart: longhorn              # Chart name
    targetRevision: {{ .Values.longhorn.targetRevision }}
  destination:
    server: {{ .Values.longhorn.destination.server }}
    namespace: {{ .Values.longhorn.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/templates/tailscale-operator.yaml
+++ b/k3s-tooling/templates/tailscale-operator.yaml
@@ -1,37 +0,0 @@
 {{- if .Values.tailscaleOperator.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: tailscale-operator
  namespace: {{ .Values.argocd.namespace }} 
  # finalizers:
    # - resources-finalizer.argocd.argoproj.io
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://pkgs.tailscale.com/helmcharts"
    chart: tailscale-operator
    targetRevision: {{ .Values.tailscaleOperator.targetRevision }}
    helm:
      valuesObject:
        oauth:
          clientId: {{ .Values.tailscaleOperator.oauth.clientId }}
          clientSecret: {{ .Values.tailscaleOperator.oauth.clientSecret }}
        operatorConfig:
          hostname: {{ .Values.tailscaleOperator.operatorHostname }}
        apiServerProxyConfig:
          mode: "true"
  destination:
    server: {{ .Values.tailscaleOperator.destination.server }} 
    namespace: {{ .Values.tailscaleOperator.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/templates/traefik.yaml
+++ b/k3s-tooling/templates/traefik.yaml
@@ -1,35 +0,0 @@
 {{- if .Values.traefik.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: traefik
  namespace: {{ .Values.argocd.namespace }}
  # finalizers:
    # - resources-finalizer.argocd.argoproj.io
  annotations:
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://traefik.github.io/charts"
    chart: traefik
    targetRevision: {{ .Values.traefik.targetRevision }}
    helm:
      valuesObject:
        ingressRoute:
          dashboard:
            enabled: false
            annotations: 
              test: test
  destination:
    server: {{ .Values.traefik.destination.server }}
    namespace: {{ .Values.traefik.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/k3s-tooling/values.yaml
+++ b/k3s-tooling/values.yaml
@@ -1,48 +0,0 @@
 argocd:
  namespace: argocd
  project: default
 certManager:
  enable: false
  targetRevision: v1.16.x
  destination:
    server: https://kubernetes.default.svc
    namespace: cert-manager
 cnpg:
  enable: false
  targetRevision: 0.22.x
  destination:
    server: https://kubernetes.default.svc
    namespace: cnpg-system
 longhorn:
  enable: false
  targetRevision: 1.7.x
  destination:
    server: https://kubernetes.default.svc
    namespace: longhorn-system
 tailscaleOperator:
  enable: false
  targetRevision: 1.x
  destination:
    server: https://kubernetes.default.svc
    namespace: tailscale
  oauth:
    clientId:
    clientSecret:
  operatorHostname: tailscale-operator
 traefik:
  enable: false
  targetRevision: 25.x
  destination:
    server: https://kubernetes.default.svc
    namespace: kube-system
 keycloakOperator:
  enable: false
  destination:
    server: https://kubernetes.default.svc
    namespace: keycloak
--- a/keycloak-argocd-apps/.helmignore
+++ b/keycloak-argocd-apps/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/keycloak-argocd-apps/Chart.yaml
+++ b/keycloak-argocd-apps/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: keycloak-argocd-apps
 description: A Helm chart for deploying the different argocd apps to deploy Keycloak
 type: application
 version: 0.2.1
--- a/keycloak-argocd-apps/templates/_helpers.tpl
+++ b/keycloak-argocd-apps/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "keycloak-argocd-apps.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "keycloak-argocd-apps.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "keycloak-argocd-apps.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "keycloak-argocd-apps.labels" -}}
 helm.sh/chart: {{ include "keycloak-argocd-apps.chart" . }}
 {{ include "keycloak-argocd-apps.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "keycloak-argocd-apps.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "keycloak-argocd-apps.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "keycloak-argocd-apps.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "keycloak-argocd-apps.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/keycloak-argocd-apps/templates/keycloak-deployment-app.yaml
+++ b/keycloak-argocd-apps/templates/keycloak-deployment-app.yaml
@@ -1,43 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ .Values.argocd.prefix }}keycloak-deployment
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: {{ .Values.keycloakDeployment.targetRevision }}
    path: keycloak-deployment
    helm:
      releaseName: keycloak-deployment
      valuesObject:
        prefix: {{ .Values.argocd.prefix }}
        keycloakDeployment:
          deploymentName: {{ .Values.keycloakDeployment.deploymentName }}
          numInstances: {{ .Values.keycloakDeployment.numInstances }}
          hostname: {{ .Values.keycloakDeployment.hostname }}
          vendor: {{ .Values.keycloakDeployment.vendor }}
          dbHost: {{ .Values.keycloakDeployment.dbHost }}
          dbPort: {{ .Values.keycloakDeployment.dbPort }}
          usernameSecret:
            name: {{ .Values.keycloakDeployment.usernameSecret.name }}
            key: {{ .Values.keycloakDeployment.usernameSecret.key }}
          passwordSecret:
            name: {{ .Values.keycloakDeployment.passwordSecret.name }}
            key: {{ .Values.keycloakDeployment.passwordSecret.key }}
          database: {{ .Values.keycloakDeployment.database }}
  destination:
    server: {{ .Values.mainDestination }}
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/keycloak-argocd-apps/templates/keycloak-postinstall-app.yaml
+++ b/keycloak-argocd-apps/templates/keycloak-postinstall-app.yaml
@@ -1,31 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ .Values.argocd.prefix }}keycloak-postinstall
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: {{ .Values.keycloakDeployment.targetRevision }}
    path: keycloak-postinstall
    helm:
      releaseName: keycloak-postinstall
      valuesObject:
        prefix: {{ .Values.argocd.prefix }}
        tailscaleIngresses:
          keycloakHostname: {{ .Values.tailscaleIngresses.keycloakHostname }}
  destination:
    server: {{ .Values.mainDestination }} 
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/keycloak-argocd-apps/templates/keycloak-requirements-app.yaml
+++ b/keycloak-argocd-apps/templates/keycloak-requirements-app.yaml
@@ -1,34 +0,0 @@
 {{- if .Values.dbCluster.enable -}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ .Values.argocd.prefix }}keycloak-requirements
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: keycloak-requirements
    helm:
      releaseName: keycloak-requirements
      valuesObject:
        prefix: {{ .Values.argocd.prefix }}
        dbCluster:
          size: {{ .Values.dbCluster.size }}
          numInstances: {{ .Values.dbCluster.numInstances }}
  destination:
    server: {{ .Values.mainDestination }} 
    namespace: {{ .Values.mainNamespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
 {{- end }}
--- a/keycloak-argocd-apps/values.yaml
+++ b/keycloak-argocd-apps/values.yaml
@@ -1,26 +0,0 @@
 argocd:
  namespace: argocd
  project: default
  prefix: null
 dbCluster:
  enable: true
  size: 10Gi
  numInstances: 3
 mainNamespace: keycloak
 mainDestination: https://kubernetes.default.svc
 keycloakDeployment:
  targetRevision: HEAD
  numInstances: 1
  hostname: sso.domain.net
  vendor: postgres
  dbHost: keycloak-db-rw
  dbPort: 5432
  usernameSecret:
    name: keycloak-db-app
    key: user
  passwordSecret:
    name: keycloak-db-app
    key: password
  database: app
 tailscaleIngresses:
  keycloakHostname: sso
--- a/keycloak-deployment/.helmignore
+++ b/keycloak-deployment/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/keycloak-deployment/Chart.yaml
+++ b/keycloak-deployment/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: keycloak-deployment
 description: A Helm chart for deploying the actual keycloak pod through the keycloak operator
 type: application
 version: 0.2.1
--- a/keycloak-deployment/templates/_helpers.tpl
+++ b/keycloak-deployment/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "keycloak-deployment.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "keycloak-deployment.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "keycloak-deployment.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "keycloak-deployment.labels" -}}
 helm.sh/chart: {{ include "keycloak-deployment.chart" . }}
 {{ include "keycloak-deployment.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "keycloak-deployment.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "keycloak-deployment.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "keycloak-deployment.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "keycloak-deployment.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/keycloak-deployment/templates/keycloak-deployment.yaml
+++ b/keycloak-deployment/templates/keycloak-deployment.yaml
@@ -1,26 +0,0 @@
 apiVersion: k8s.keycloak.org/v2alpha1
 kind: Keycloak
 metadata:
  name: {{ .Values.prefix }}keycloak
 spec:
  instances: {{ .Values.keycloakDeployment.numInstances }}
  db:
    vendor: {{ .Values.keycloakDeployment.vendor }}
    host: {{ .Values.keycloakDeployment.dbHost }}
    port: {{ .Values.keycloakDeployment.dbPort }}
    usernameSecret:
      name: {{ .Values.keycloakDeployment.usernameSecret.name }}
      key: {{ .Values.keycloakDeployment.usernameSecret.key }}
    passwordSecret:
      name: {{ .Values.keycloakDeployment.passwordSecret.name }}
      key: {{ .Values.keycloakDeployment.passwordSecret.key }}
    database: {{ .Values.keycloakDeployment.database }}
  ingress:
    enabled: false
  http:
    httpEnabled: true
  hostname:
    hostname: {{ .Values.keycloakDeployment.hostname }}
    strict: false
  proxy:
    headers: xforwarded # double check your reverse proxy sets and overwrites the X-Forwarded-* headers
--- a/keycloak-deployment/values.yaml
+++ b/keycloak-deployment/values.yaml
@@ -1,14 +0,0 @@
 prefix: null
 keycloakDeployment:
  numInstances: 1
  hostname: sso.domain.net
  vendor: postgres
  dbHost: keycloak-db-rw
  dbPort: 5432
  usernameSecret:
    name: keycloak-db-app
    key: user
  passwordSecret:
    name: keycloak-db-app
    key: password
  database: app
--- a/keycloak-operator/.helmignore
+++ b/keycloak-operator/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/keycloak-operator/Chart.yaml
+++ b/keycloak-operator/Chart.yaml
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: keycloak-operator
 description: A Helm chart for the Keycloak operator
 type: application
 version: 0.1.0
 appVersion: "26.0.5"
--- a/keycloak-operator/templates/_helpers.tpl
+++ b/keycloak-operator/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "keycloak-operator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "keycloak-operator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "keycloak-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "keycloak-operator.labels" -}}
 helm.sh/chart: {{ include "keycloak-operator.chart" . }}
 {{ include "keycloak-operator.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "keycloak-operator.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "keycloak-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "keycloak-operator.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "keycloak-operator.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/keycloak-operator/templates/keycloak-crd.yaml
+++ b/keycloak-operator/templates/keycloak-crd.yaml
@@ -1,15 +0,0 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: keycloak-crd-job
 spec:
  template:
    spec:
      containers:
        - name: crd-fetcher
          image: bitnami/kubectl:latest  # Use Bitnami's kubectl image
          command:
            - "sh"
            - "-c"
            - "wget -qO- {{ .Values.baseURL }}/{{ .Release.appVersion }}/kubernetes/keycloaks.k8s.keycloak.org-v1.yml | kubectl apply -f -"
      restartPolicy: OnFailure
--- a/keycloak-operator/templates/keycloak-operator.yaml
+++ b/keycloak-operator/templates/keycloak-operator.yaml
@@ -1,17 +0,0 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: keycloakoperator-job
  annotations:
    "helm.sh/hook": post-install
 spec:
  template:
    spec:
      containers:
        - name: crd-fetcher
          image: bitnami/kubectl:latest  # Use Bitnami's kubectl image
          command:
            - "sh"
            - "-c"
            - "wget -qO- {{ .Values.baseURL }}/{{ .Release.appVersion }}/kubernetes/kubernetes.yml | kubectl apply -f -"
      restartPolicy: OnFailure
--- a/keycloak-operator/templates/keycloakrealmimports-crd.yaml
+++ b/keycloak-operator/templates/keycloakrealmimports-crd.yaml
@@ -1,15 +0,0 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: keycloakrealmimports-crd-job
 spec:
  template:
    spec:
      containers:
        - name: crd-fetcher
          image: bitnami/kubectl:latest  # Use Bitnami's kubectl image
          command:
            - "sh"
            - "-c"
            - "wget -qO- {{ .Values.baseURL }}/{{ .Release.appVersion }}/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml | kubectl apply -f -"
      restartPolicy: OnFailure
--- a/keycloak-operator/values.yaml
+++ b/keycloak-operator/values.yaml
@@ -1 +0,0 @@
 baseURL: "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources"
--- a/keycloak-postinstall/.helmignore
+++ b/keycloak-postinstall/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/keycloak-postinstall/Chart.yaml
+++ b/keycloak-postinstall/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: keycloak-postinstall
 description: A Helm chart for after deploying keycloak - mainly ingress
 type: application
 version: 0.1.0
--- a/keycloak-postinstall/templates/_helpers.tpl
+++ b/keycloak-postinstall/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "keycloak-postinstall.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "keycloak-postinstall.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "keycloak-postinstall.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "keycloak-postinstall.labels" -}}
 helm.sh/chart: {{ include "keycloak-postinstall.chart" . }}
 {{ include "keycloak-postinstall.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "keycloak-postinstall.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "keycloak-postinstall.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "keycloak-postinstall.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "keycloak-postinstall.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/keycloak-postinstall/templates/ts-ingress.yaml
+++ b/keycloak-postinstall/templates/ts-ingress.yaml
@@ -1,16 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ .Values.prefix }}ts-keycloak
  annotations:
    tailscale.com/funnel: "true"
 spec:
  defaultBackend:
    service:
      name: linode-keycloak-service
      port:
        number: 8080
  ingressClassName: tailscale
  tls:
    - hosts:
        - {{ .Values.tailscaleIngresses.keycloakHostname }}
--- a/keycloak-postinstall/values.yaml
+++ b/keycloak-postinstall/values.yaml
@@ -1,3 +0,0 @@
 prefix: null
 tailscaleIngresses:
  keycloakHostname: sso
--- a/keycloak-requirements/.helmignore
+++ b/keycloak-requirements/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/keycloak-requirements/Chart.yaml
+++ b/keycloak-requirements/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: keycloak-requirements
 description: A Helm chart for deploying the DB used by keycloak
 type: application
 version: 0.1.1
--- a/keycloak-requirements/templates/_helpers.tpl
+++ b/keycloak-requirements/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "keycloak-requirements.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "keycloak-requirements.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "keycloak-requirements.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "keycloak-requirements.labels" -}}
 helm.sh/chart: {{ include "keycloak-requirements.chart" . }}
 {{ include "keycloak-requirements.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "keycloak-requirements.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "keycloak-requirements.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "keycloak-requirements.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "keycloak-requirements.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/keycloak-requirements/templates/db-cluster.yaml
+++ b/keycloak-requirements/templates/db-cluster.yaml
@@ -1,9 +0,0 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: {{ .Values.prefix }}keycloak-db
 spec:
  instances: {{ .Values.dbCluster.numInstances }}
  storage:
    size: {{ .Values.dbCluster.size }}
--- a/keycloak-requirements/values.yaml
+++ b/keycloak-requirements/values.yaml
@@ -1,4 +0,0 @@
 prefix: null
 dbCluster:
  size: 1Gi
  numInstances: 3
--- a/nextcloud-linode/templates/ingress.yaml
+++ b/nextcloud-linode/templates/ingress.yaml
@@ -0,0 +1,16 @@
 # apiVersion: networking.k8s.io/v1
 # kind: Ingress
 # metadata:
  # name: ts-nextcloud
  # annotations:
    # tailscale.com/funnel: "false"
 # spec:
  # defaultBackend:
    # service:
      # name: {{ .Release.Name }}
      # port:
        # number: 8080
  # ingressClassName: tailscale
  # tls:
    # - hosts:
        # - "{{ .Values.tailscaleHostName }}"
--- a/nextcloud-linode/templates/ts-ingress.yaml
+++ b/nextcloud-linode/templates/ts-ingress.yaml
@@ -1,16 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ts-nextcloud
  annotations:
    tailscale.com/funnel: "false"
 spec:
  defaultBackend:
    service:
      name: {{ .Release.Name }}
      port:
        number: 8080
  ingressClassName: tailscale
  tls:
    - hosts:
        - "{{ .Values.tailscaleHostName }}"
--- a/nextcloud-linode/values.yaml
+++ b/nextcloud-linode/values.yaml
@@ -34,3 +34,36 @@ nextcloud:
    nextcloudData:
      enabled: true
      size: 8Gi
  image:
    flavor: fpm
  nginx:
    enabled: true
  ingress:
    className: nginx
    annotations:
      nginx.ingress.kubernetes.io/server-snippet: |-
        server_tokens off;
        proxy_hide_header X-Powered-By;
        rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
        rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
        location = /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
        }
        location = /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
        }
        location = /robots.txt {
          allow all;
          log_not_found off;
          access_log off;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
          deny all;
        }
        location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
          deny all;
        }
      nginx.ingress.kubernetes.io/enable-cors: "true"
      nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
--- a/nextcloud-syncthing-argocd-apps/.helmignore
+++ b/nextcloud-syncthing-argocd-apps/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/nextcloud-syncthing-argocd-apps/Chart.yaml
+++ b/nextcloud-syncthing-argocd-apps/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: nextcloud-syncthing-argocd-apps
 description: A Helm chart to deploy Nextcloud and Syncthing using a common data folder
 type: application
 version: 0.1.0
--- a/nextcloud-syncthing-argocd-apps/templates/_helpers.tpl
+++ b/nextcloud-syncthing-argocd-apps/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.labels" -}}
 helm.sh/chart: {{ include "nextcloud-syncthing-argocd-apps.chart" . }}
 {{ include "nextcloud-syncthing-argocd-apps.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "nextcloud-syncthing-argocd-apps.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "nextcloud-syncthing-argocd-apps.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "nextcloud-syncthing-argocd-apps.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/nextcloud-syncthing-argocd-apps/templates/nc-syncthing-postinstall.yaml
+++ b/nextcloud-syncthing-argocd-apps/templates/nc-syncthing-postinstall.yaml
@@ -1,31 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: nc-syncthing-postinstall
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: {{ .Values.argocd.postinstall.repoURL }}
    targetRevision: {{ .Values.argocd.postinstall.targetRevision }}
    path: {{ .Values.argocd.postinstall.path }}
    helm:
      releaseName: nc-syncthing-postinstall
      valuesObject:
        tailscaleIngresses:
          ncHostname: {{ .Values.tailscaleIngresses.ncHostname }}
          syncthingHostname: {{ .Values.tailscaleIngresses.syncthingHostname }}
  destination:
    server: {{ .Values.destination.server }} 
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/nextcloud-syncthing-argocd-apps/templates/nextcloud-main-chart.yaml
+++ b/nextcloud-syncthing-argocd-apps/templates/nextcloud-main-chart.yaml
@@ -1,134 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: nextcloud-main-chart
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://nextcloud.github.io/helm"
    chart: nextcloud
    targetRevision: 6.x
    helm:
      releaseName: nextcloud
      valuesObject:
        # image:
        #   flavor: fpm
        replicaCount: {{ .Values.nextcloud.replicaCount }}
        ingress:
          enabled: false
          # className: nginx
          # annotations:
          #   cert-manager.io/cluster-issuer: letsencrypt
            # nginx.ingress.kubernetes.io/server-snippet: |-
            #   server_tokens off;
            #   proxy_hide_header X-Powered-By;
            #   rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
            #   rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
            #   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
            #   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
            #   location = /.well-known/carddav {
            #     return 301 $scheme://$host/remote.php/dav;
            #   }
            #   location = /.well-known/caldav {
            #     return 301 $scheme://$host/remote.php/dav;
            #   }
            #   location = /robots.txt {
            #     allow all;
            #     log_not_found off;
            #     access_log off;
            #   }
            #   location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            #     deny all;
            #   }
            #   location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
            #     deny all;
            #   }
          #   nginx.ingress.kubernetes.io/enable-cors: "true"
          #   nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
          # tls:
          # - hosts:
          #     - {{ .Values.nextcloud.url }}
          #   secretName: nextcloud-cert
        nextcloud:
          host: {{ .Values.nextcloud.url }}
          existingSecret:
            enabled: true
            secretName: nextcloud-user
            usernameKey: nc-admin-username
            passwordKey: nc-admin-password
          trustedDomains: {{ .Values.nextcloud.trustedDomains }}
          nextcloud:
            configs:
              previews.config.php: |-
                <?php
                $CONFIG = array (
                  'enable_previews' => true,
                  'enabledPreviewProviders' => array (
                    'OC\Preview\Movie',
                    'OC\Preview\PNG',
                    'OC\Preview\JPEG',
                    'OC\Preview\GIF',
                    'OC\Preview\BMP',
                    'OC\Preview\XBitmap',
                    'OC\Preview\MP3',
                    'OC\Preview\MP4',
                    'OC\Preview\TXT',
                    'OC\Preview\MarkDown',
                    'OC\Preview\PDF'
                  ),
                );
              proxy.config.php: |-
                <?php
                $CONFIG = array (
                  'trusted_proxies' => array(
                    0 => '127.0.0.1',
                    1 => '10.0.0.0/8',
                  ),
                  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
                );
          # extraInitContainers - might be useful to make sure the LUKS secret is present
        # nginx:
        #   enabled: true
        redis:
          enabled: true
          auth:
            enabled: false
        cronjob:
          enabled: true
        internalDatabase:
          enabled: false
        externalDatabase:
          enabled: true
          type: postgresql
          host: "nextcloud-db-rw:5432"
          existingSecret:
            enabled: true
            secretName: nextcloud-db-app
            usernameKey: user 
            passwordKey: password
            databaseKey: dbname
        persistence:
          enabled: true
          existingClaim: {{ .Values.nextcloud.configPvc.name }}
          nextcloudData:
            enabled: true
            existingClaim: {{ .Values.dataPvc.name }}
        livenessProbe:
          enabled: false
        readinessProbe:
          enabled: false
  destination:
    server: {{ .Values.destination.server }}
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/nextcloud-syncthing-argocd-apps/templates/thomflix-requirements-app.yaml
+++ b/nextcloud-syncthing-argocd-apps/templates/thomflix-requirements-app.yaml
@@ -1,49 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: nc-syncthing-requirements
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: nextcloud-syncthing-requirements
    helm:
      releaseName: nc-syncthing-requirements
      valuesObject:
        mainNamespace: {{ .Values.destination.namespace }}
        nextcloud:
          enable: {{ .Values.nextcloud.enable }}
          dbCluster:
            numInstances: {{ .Values.nextcloud.dbCluster.numInstances }}
            size: {{ .Values.nextcloud.dbCluster.size }}
          configPvc:
            name: {{ .Values.nextcloud.configPvc.name }}
            storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
            size: {{ .Values.nextcloud.configPvc.size }}
        syncthing:
          enable: {{ .Values.syncthing.enable }}
          configPvc:
            name: {{ .Values.syncthing.configPvc.name }}
            storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
            size: {{ .Values.syncthing.configPvc.size }}
        dataPvc:
          name: {{ .Values.dataPvc.name }}
          createEncryptedPvc: {{ .Values.dataPvc.createEncryptedPvc }}
          storageClassName: {{ .Values.dataPvc.storageClassName }}
          size: {{ .Values.dataPvc.size }}
  destination:
    server: {{ .Values.destination.server }} 
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/nextcloud-syncthing-argocd-apps/values.yaml
+++ b/nextcloud-syncthing-argocd-apps/values.yaml
@@ -1,40 +0,0 @@
 argocd:
  namespace: argocd
  project: default
  postinstall:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: nextcloud-syncthing-postinstall
 destination:
  server: https://kubernetes.default.svc
  namespace: nextcloud
 nextcloud:
  enable: true
  dbCluster:
    numInstances: 3
    size: 4Gi
  configPvc:
    name: nextcloud-config-pvc
    storageClassName: default
    size: 1Gi
  replicaCount: 1
  url: nextcloud.domain.net
  trustedDomains: nextcloud.domain.net office.domain.net
 syncthing: 
  enable: true
  configPvc:
    storageClassName: default
    size: 100Mi
 dataPvc:
  name: data-pvc
  createEncryptedPvc: true
  storageClassName: linode-block-storage-retain-luks
  size: 40Gi
 tailscaleIngresses:
  ncHostname: nextcloud 
  syncthingHostname: syncthing
--- a/nextcloud-syncthing-postinstall/.helmignore
+++ b/nextcloud-syncthing-postinstall/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/nextcloud-syncthing-postinstall/Chart.yaml
+++ b/nextcloud-syncthing-postinstall/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: nextcloud-syncthing-postinstall
 description: A Helm chart for deploying the nc and syncthing ingresses
 type: application
 version: 0.1.0
--- a/nextcloud-syncthing-postinstall/templates/_helpers.tpl
+++ b/nextcloud-syncthing-postinstall/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "nextcloud-syncthing-postinstall.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "nextcloud-syncthing-postinstall.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "nextcloud-syncthing-postinstall.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "nextcloud-syncthing-postinstall.labels" -}}
 helm.sh/chart: {{ include "nextcloud-syncthing-postinstall.chart" . }}
 {{ include "nextcloud-syncthing-postinstall.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "nextcloud-syncthing-postinstall.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "nextcloud-syncthing-postinstall.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "nextcloud-syncthing-postinstall.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "nextcloud-syncthing-postinstall.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/nextcloud-syncthing-postinstall/templates/nc-ingress.yaml
+++ b/nextcloud-syncthing-postinstall/templates/nc-ingress.yaml
@@ -1,16 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ts-nextcloud
  annotations:
    tailscale.com/funnel: "true"
 spec:
  defaultBackend:
    service:
      name: nextcloud
      port:
        name: http
  ingressClassName: tailscale
  tls:
    - hosts:
        - {{ .Values.tailscaleIngresses.ncHostname }}
--- a/nextcloud-syncthing-postinstall/values.yaml
+++ b/nextcloud-syncthing-postinstall/values.yaml
@@ -1,3 +0,0 @@
 tailscaleIngresses:
  ncHostname: nextcloud 
  syncthingHostname: syncthing
--- a/nextcloud-syncthing-requirements/.helmignore
+++ b/nextcloud-syncthing-requirements/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/nextcloud-syncthing-requirements/Chart.yaml
+++ b/nextcloud-syncthing-requirements/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: nextcloud-syncthing-requirements
 description: A Helm chart for deploying the database and the pvcs for Nextcloud and Syncthing
 type: application
 version: 0.1.0
--- a/nextcloud-syncthing-requirements/templates/_helpers.tpl
+++ b/nextcloud-syncthing-requirements/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "nextcloud-syncthing-requirements.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "nextcloud-syncthing-requirements.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "nextcloud-syncthing-requirements.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "nextcloud-syncthing-requirements.labels" -}}
 helm.sh/chart: {{ include "nextcloud-syncthing-requirements.chart" . }}
 {{ include "nextcloud-syncthing-requirements.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "nextcloud-syncthing-requirements.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "nextcloud-syncthing-requirements.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "nextcloud-syncthing-requirements.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "nextcloud-syncthing-requirements.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/nextcloud-syncthing-requirements/templates/db-cluster.yaml
+++ b/nextcloud-syncthing-requirements/templates/db-cluster.yaml
@@ -1,10 +0,0 @@
 {{- if .Values.nextcloud.enable -}}
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: nextcloud-db
 spec:
  instances: {{ .Values.nextcloud.dbCluster.numInstances }}
  storage:
    size: {{ .Values.nextcloud.dbCluster.size }}
 {{- end }}
--- a/nextcloud-syncthing-requirements/templates/encrypted-storage.yaml
+++ b/nextcloud-syncthing-requirements/templates/encrypted-storage.yaml
@@ -1,16 +0,0 @@
 {{- if .Values.dataPvc.createEncryptedPvc -}}
 allowVolumeExpansion: true
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
  name: linode-block-storage-retain-luks
  namespace: kube-system
 provisioner: linodebs.csi.linode.com
 reclaimPolicy: Retain
 parameters:
  linodebs.csi.linode.com/luks-encrypted: "true"
  linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64"
  linodebs.csi.linode.com/luks-key-size: "512"
  csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.mainNamespace }}
  csi.storage.k8s.io/node-stage-secret-name: nc-syncthing-data-luks-key
 {{- end }}
--- a/nextcloud-syncthing-requirements/templates/pvc-data.yaml
+++ b/nextcloud-syncthing-requirements/templates/pvc-data.yaml
@@ -1,11 +0,0 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ .Values.dataPvc.name }}
 spec:
  storageClassName: {{ .Values.dataPvc.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.dataPvc.size }}
--- a/nextcloud-syncthing-requirements/templates/pvc-nextcloud-config.yaml
+++ b/nextcloud-syncthing-requirements/templates/pvc-nextcloud-config.yaml
@@ -1,13 +0,0 @@
 {{- if .Values.nextcloud.enable -}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ .Values.nextcloud.configPvc.name }}
 spec:
  storageClassName: {{ .Values.nextcloud.configPvc.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.nextcloud.configPvc.size }}
 {{- end }}
--- a/nextcloud-syncthing-requirements/templates/pvc-syncthing-config.yaml
+++ b/nextcloud-syncthing-requirements/templates/pvc-syncthing-config.yaml
@@ -1,13 +0,0 @@
 {{- if .Values.syncthing.enable -}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ .Values.syncthing.configPvc.name }}
 spec:
  storageClassName: {{ .Values.syncthing.configPvc.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: {{ .Values.syncthing.configPvc.size }}
 {{- end }}
--- a/nextcloud-syncthing-requirements/values.yaml
+++ b/nextcloud-syncthing-requirements/values.yaml
@@ -1,24 +0,0 @@
 mainNamespace: nextcloud
 nextcloud:
  enable: true
  dbCluster:
    numInstances: 3
    size: 4Gi
  configPvc:
    name: nextcloud-config-pvc
    storageClassName: default
    size: 1Gi
 syncthing: 
  enable: true
  configPvc:
    name: syncthing-config-pvc
    storageClassName: default
    size: 100Mi
 dataPvc:
  name: data-pvc
  createEncryptedPvc: true
  storageClassName: linode-block-storage-retain-luks
  size: 40Gi
--- a/odoo-argocd-apps/.helmignore
+++ b/odoo-argocd-apps/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/odoo-argocd-apps/Chart.yaml
+++ b/odoo-argocd-apps/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: odoo-argocd-apps
 description: A Helm chart for deploying the requirements, main charts and postinstall as ArgoCD apps for Odoo
 type: application
 version: 0.1.0
--- a/odoo-argocd-apps/templates/_helpers.tpl
+++ b/odoo-argocd-apps/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "odoo-argocd-apps.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "odoo-argocd-apps.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "odoo-argocd-apps.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "odoo-argocd-apps.labels" -}}
 helm.sh/chart: {{ include "odoo-argocd-apps.chart" . }}
 {{ include "odoo-argocd-apps.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "odoo-argocd-apps.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "odoo-argocd-apps.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "odoo-argocd-apps.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "odoo-argocd-apps.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/odoo-argocd-apps/templates/odoo-chart.yaml
+++ b/odoo-argocd-apps/templates/odoo-chart.yaml
@@ -1,43 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: odoo-chart
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "0"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: registry-1.docker.io/bitnamicharts
    chart: odoo
    targetRevision: 28.x
    helm:
      releaseName: odoo
      valuesObject:
        odooEmail: {{ .Values.odoo.odooEmail }}
        replicaCount: {{ .Values.odoo.replicaCount }}
        resourcesPreset: {{ .Values.odoo.resourcesPreset }}
        persistence:
          existingClaim: {{ .Values.odoo.dataPvc.name }}
        postgresql:
          enabled: false
        externalDatabase:
          host: odoo-db-rw
          port: 5432
          user: app
          database: app
          create: false
          existingSecret: odoo-db-app
          existingSecretPasswordKey: password
  destination:
    server: {{ .Values.destination.server }}
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/odoo-argocd-apps/templates/odoo-postinstall.yaml
+++ b/odoo-argocd-apps/templates/odoo-postinstall.yaml
@@ -1,30 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: odoo-postinstall
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: {{ .Values.argocd.postinstall.repoURL }}
    targetRevision: {{ .Values.argocd.postinstall.targetRevision }}
    path: {{ .Values.argocd.postinstall.path }}
    helm:
      releaseName: odoo-postinstall
      valuesObject:
        tailscaleIngresses:
          odooHostname: {{ .Values.tailscaleIngresses.odooHostname }}
  destination:
    server: {{ .Values.destination.server }} 
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/odoo-argocd-apps/templates/odoo-requirements-app.yaml
+++ b/odoo-argocd-apps/templates/odoo-requirements-app.yaml
@@ -1,36 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: odoo-requirements
  namespace: {{ .Values.argocd.namespace }}
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: "-1002270587578"
 spec:
  project: {{ .Values.argocd.project }}
  source:
    repoURL: {{ .Values.argocd.requirements.repoURL }}
    targetRevision: {{ .Values.argocd.requirements.targetRevision }}
    path: {{ .Values.argocd.requirements.path }}
    helm:
      releaseName: odoo-requirements
      valuesObject:
        odoo:
          dbCluster:
            numInstances: {{ .Values.odoo.dbCluster.numInstances }}
            size: {{ .Values.odoo.dbCluster.size }}
          dataPvc:
            name: {{ .Values.odoo.dataPvc.name }}
            storageClassName: {{ .Values.odoo.dataPvc.storageClassName }}
            size: {{ .Values.odoo.dataPvc.size }}        
  destination:
    server: {{ .Values.destination.server }} 
    namespace: {{ .Values.destination.namespace }}
  syncPolicy:
    automated:
      prune: true           # Automatically remove resources no longer in the repo
      selfHeal: true        # Automatically self-heal when drift is detected
    syncOptions:
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
      - CreateNamespace=true
--- a/odoo-argocd-apps/values.yaml
+++ b/odoo-argocd-apps/values.yaml
@@ -1,30 +0,0 @@
 argocd:
  namespace: argocd 
  project: default
  requirements:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: odoo-requirements
  postinstall:
    repoURL: "https://git.blarre.net/thomas/helm-charts.git"
    targetRevision: HEAD
    path: odoo-postinstall
 destination:
  server: "https://kubernetes.default.svc"
  namespace: odoo
 odoo:
  dbCluster:
    numInstances: 3
    size: 10Gi
  dataPvc:
    name: odoo-data
    storageClassName: ''
    size: 40Gi
  odooEmail: "admin@domain.net"
  resourcesPreset: "large"
  replicaCount: 1
 tailscaleIngresses:
  odooHostname: odoo
--- a/odoo-postinstall/.helmignore
+++ b/odoo-postinstall/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/odoo-postinstall/Chart.yaml
+++ b/odoo-postinstall/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: odoo-postinstall
 description: A Helm chart for deploying the postinall stuff for odoo, mainly the ingress
 type: application
 version: 0.1.0
--- a/odoo-postinstall/templates/_helpers.tpl
+++ b/odoo-postinstall/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "odoo-postinstall.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "odoo-postinstall.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "odoo-postinstall.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "odoo-postinstall.labels" -}}
 helm.sh/chart: {{ include "odoo-postinstall.chart" . }}
 {{ include "odoo-postinstall.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "odoo-postinstall.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "odoo-postinstall.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "odoo-postinstall.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "odoo-postinstall.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/odoo-postinstall/templates/odoo-ingress.yaml
+++ b/odoo-postinstall/templates/odoo-ingress.yaml
@@ -1,16 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ts-odoo
  annotations:
    tailscale.com/funnel: "true"
 spec:
  defaultBackend:
    service:
      name: odoo
      port:
        name: http
  ingressClassName: tailscale
  tls:
    - hosts:
        - {{ .Values.tailscaleIngresses.odooHostname }}
--- a/odoo-postinstall/values.yaml
+++ b/odoo-postinstall/values.yaml
@@ -1,2 +0,0 @@
 tailcaleIngresses:
  odooHostname: odoo
--- a/odoo-requirements/.helmignore
+++ b/odoo-requirements/.helmignore
@@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/odoo-requirements/Chart.yaml
+++ b/odoo-requirements/Chart.yaml
@@ -1,5 +0,0 @@
 apiVersion: v2
 name: odoo-requirements
 description: A Helm chart for the requirements for Odoo
 type: application
 version: 0.1.0
--- a/odoo-requirements/templates/_helpers.tpl
+++ b/odoo-requirements/templates/_helpers.tpl
@@ -1,62 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "odoo-requirements.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "odoo-requirements.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "odoo-requirements.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "odoo-requirements.labels" -}}
 helm.sh/chart: {{ include "odoo-requirements.chart" . }}
 {{ include "odoo-requirements.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "odoo-requirements.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "odoo-requirements.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "odoo-requirements.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "odoo-requirements.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`This chart requires CNPG (Cloud Native Postgres) installed on the Kubernetes cluster, as well as the Tailscale operator (for the ingress)`
		`@@ -1 +0,0 @@`
			`baseURL: "https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources"`