Updates after the disaster recovery

2024-02-08 19:58:31 +01:00 · 2024-02-08 19:58:31 +01:00 · b1f183d712
parent 9c7e44e757
commit b1f183d712
50 changed files with 795 additions and 135 deletions
--- a/.woodpecker/.cdh.yml
+++ b/.woodpecker/.cdh.yml
@ -2,7 +2,6 @@
 # -- Check da helm pipeline
 # ----------------------------------------------
 when:
  - event: push
  - event: cron
    cron: nightly
 steps:
--- a/4
+++ b/4
@ -1,4 +0,0 @@
 create_crb:
 	kubectl create clusterrolebinding drone-deployer-workaround \
 		--clusterrole=cluster-admin  \
  	--serviceaccount=drone-service:default
--- a/README.md
+++ b/README.md
@ -2,4 +2,4 @@
 [![Build Status](https://drone.badhouseplants.net/api/badges/badhouseplants/k8s-cluster-config/status.svg)](https://drone.badhouseplants.net/badhouseplants/k8s-cluster-config)
 # CRD hooks
-I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. 
+I'm using hooks to install CRDs, that doesn't wotk with apply on the first time. If you've added a release with CRDs, that are installed by hooks, you need to run `helmfile sync` first, so CRDs are installed and then diff will work again, hence the `apply` also will. 
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@ -2,6 +2,12 @@
 {{ readFile "../releases.yaml" }}
 releases:
  - <<: *namespaces
    installed: true
  - <<: *coredns
    installed: true
  - <<: *cilium
    installed: true
  - <<: *drone
    installed: true
    namespace: drone-service
@ -114,7 +120,7 @@ releases:
    createNamespace: true
  - <<: *mailu
-    installed: true
+    installed: false
    namespace: mailu-application
    createNamespace: false
 bases:
--- a/badhouseplants/values/secrets.funkwhale.yaml
+++ b/badhouseplants/values/secrets.funkwhale.yaml
@ -1,10 +1,10 @@
-djangoSecret: ENC[AES256_GCM,data:ZO4k/jj4a+7m1sq+pBw=,iv:fw5Zhm8zktqhjC5BZh4XBGK54Zfzx0Fs7pnNftlcCtg=,tag:iXQmKvUxPzsuQvA5XtF0bg==,type:str]
+djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str]
 postgresql:
    auth:
-        password: ENC[AES256_GCM,data:mN7MyNpu4yOK4NDZcwVPye4XK7O41LQsj5BTVAo=,iv:LZfshbpgHXnA2EE14sWL6ZMUFNYaZKq9NkNEpYGd4Kg=,tag:44blsZvcJnLCZYh3gqB+dg==,type:str]
+        password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str]
 redis:
    auth:
-        password: ENC[AES256_GCM,data:PFrpebm0/T/4ri10tgIyXm+rmROn4JcqD7ES5cnz,iv:4dt2ZXGXdx3kmQNiph++ZOh6QJ02g22ONGq5ZDIhwaU=,tag:F2UdakzYxQYdkUnQXjAo6g==,type:str]
+        password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -14,14 +14,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwR0NNUDlJMVljMXVzNkR2
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty
-            NVFhQlNCUU1la1RPQ3BTSlJhVHpsWlJFMVNNCkc1VThKbUt0NGRkVHNSR1Y3TGF3
+            dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG
-            Um95Y3UxZUhRbHlUc1hXeUZSZUlnRXcKLS0tIHdWcXlzdm8xLzVtU01JRnBOaXFB
+            SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y
-            ZnFaK3IySUxQQVE4MjVYdk9SV1N0MGMKKobWq+C9Gqk8biGQkQvq0cvw0OHjDMN5
+            ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC
-            M9EEAchVKNVLHTGWuCOOGqYySxG1oI3Bsj0W0FkkOxwVsqxjwxdOzQ==
+            nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-31T18:41:30Z"
+    lastmodified: "2024-02-09T09:33:11Z"
-    mac: ENC[AES256_GCM,data:wMkuLGHZZct9XAgnhu8PQR5tvO0edwua7C0j3wVu6voJFwVm47GL0vv7TXi4OJCdFClEJVIBKfx5cP6JcqR6jv3gpI0EO40rO7j5xGiW8emWIQM09/Tu6nBxYdcGE2zpCwPkYsNxwoeJ6gSclAAzwmHl3DRG9IVOYEdNqQ4I+fs=,iv:JQrefnKSA7SQEuPfWGUSszyK96Xfm8HQC/twhn/k+WM=,tag:K0ruyaFYDExvbmitTmC7vA==,type:str]
+    mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/badhouseplants/values/secrets.gitea.yaml
+++ b/badhouseplants/values/secrets.gitea.yaml
@ -1,23 +1,23 @@
 gitea:
    admin:
-        username: ENC[AES256_GCM,data:EUVMB/Tx8Ks=,iv:JCxHND/KhUTwSuLDckkmvSdeTtKDSXMl4HS5cAsv4sw=,tag:VWmPz5tfwfbk2OAJaW2/4g==,type:str]
+        username: ENC[AES256_GCM,data:o01/289lwFk=,iv:ubra+bsAGt3Sgu49oClylLWUd5ie0l82Uur5vMPcFfs=,tag:bH8dxpC/yls48dWoF60r1w==,type:str]
-        password: ENC[AES256_GCM,data:hfl+L/+yCkE5sXGABVVO03OaDGs=,iv:5VHNokuzOtk+6gnSfk0MWInjDDuAAZqDmjFsP4eQoU4=,tag:meoXVqZ8UjazAnC4viLgXg==,type:str]
+        password: ENC[AES256_GCM,data:L6dhobCkOinNg/MNIAA3VBAq6ZY=,iv:CPBDvQ/i/OniOFTngH5CaUmygf331aqAVJRzBcMJw+4=,tag:RNtXdxEMckIaHTaMVLn3uA==,type:str]
    config:
        mailer:
-            PASSWD: ENC[AES256_GCM,data:D+OJRvkXfwtJp0oBLK2YEr58gDE=,iv:G4PQVBp5f3hI66CQob4EP5lxDd3KoDUy6PgQGqmCG0I=,tag:eLyv0Y8AyA/dOby1sw6EsA==,type:str]
+            PASSWD: ENC[AES256_GCM,data:tTMOtRJ3trW34d+KqMGTYLBMBJg=,iv:4B3ThvHS+vha8pX/OA9rf8yeSGcafEbuMwHvjHPZfKA=,tag:Qs/y3HyxWX9il6HXCw9sMQ==,type:str]
        database:
-            PASSWD: ENC[AES256_GCM,data:L2nszTcORz6siiSiSi4or3vaRoc=,iv:DGzFlYSzcIVobBlRBmZVIfZdzlFbdNOMsF8YWaR19u8=,tag:v4Y5jCMcZzSaQjcWTzXUdQ==,type:str]
+            PASSWD: ENC[AES256_GCM,data:WlmdwR035A7nk7xfq5U6A9Ndoj0F3hkl5g==,iv:IgCCq9Hl7oYVTE3W/MfqSMT8yEl275HO8CwW/az2e10=,tag:ZKsJZq88oJhsIvSYwWsX3w==,type:str]
        session:
-            PROVIDER_CONFIG: ENC[AES256_GCM,data:+Iu3TvVmdiVYRfA+DZeqoB3syT1mMWqvIl/yrjgrCdbLvKa5D3lq+9e84XDJUD0d1WvPHXLiLFDC8U05qHrTLK3xIAyRw1yn3opknEi6EdqWT7MFQfqmpLub8YPNKmw+ZKHlzMOSOVCxwstP8wMCZk/MnFd3ke4iA1R8FKQZ3Q==,iv:Yq1QAZfFcckLxxyoMOXRSUnjXBgQB9/FY2YDHX1i3kg=,tag:WPxpeVd0M6HFPgDQxMgfGw==,type:str]
+            PROVIDER_CONFIG: ENC[AES256_GCM,data:amNVifRdK6R3SJNlLTYik/wrTgfwn6WR4cpCqrmSGlTXKgirmY2UjgYQkxThakmgCEDPaQGFf3dUi7CmCaThIN6bBueNVIrWiccLcp99vVIz05pMlgi+tRQStDStNtn0hIT2hsfCShlX+yVemUYveb+5TZXigqgwpFyqLGUh0Q==,iv:uc/R+s2IZwaXVbaT0+D4rNd1ZjqyrRw0ef1hdQeC7rY=,tag:WhK0ti0PV66LsTLrMmSrQw==,type:str]
        cache:
-            HOST: ENC[AES256_GCM,data:sP1dDmNTyrTgBhtU+gqI5LZ0exY3t0kJYiNNSnE5nsM8PYOIdF4ZY6ezX33ol/w2EhiMsVwBhCdUIuuFf2PXdZyGQYUMFnR5CM131XU76219KXl9U6t5cwHo+G5JE9yyNqy8u9yEe28n0NKVcsMElm8rPFpHxp7PqE8NpVIItQ==,iv:+167G9myX7Vr1LR6OlyWT1XD+AbZdKMI8IcQMGYIMtE=,tag:iXVgx3uojYbj9dQiCSFqvQ==,type:str]
+            HOST: ENC[AES256_GCM,data:YlP7/4j3r1IpIuQN2yq2QD3IPN6F/sFw66RfsF0wPv53DNmordSB6D6Ltp4p5rhJtv9b5yX/XwEf6HY8BPpV4hC0oEDIMWHr1+rIS8GqaDt0faiwPCvMxAOmFjEP6n4pcEJgOlCx1Qm57SOQPKrUb64VchgOSAvkeSpWsBXoUQ==,iv:0P5LUtVCHpuuG8AwHhK2Hm/9ZY5XUYhxz9pVirhtt7I=,tag:8Hg5l1e/36AEa2mDmJSPWA==,type:str]
        queue:
-            CONN_STR: ENC[AES256_GCM,data:hNoZmnASD9wViry2ZzqlEdZ8nQEWN/xf2bhBJoooN/dQCzonZytk9xKK76ZdI3fzwH5MtiSgPYAkAaZf4eP2XlLixdUWdAcn2rA4UiY0DTYqsVHBdQ8w7S1G06+7Q0fcudvAjgXHiMhGGMRGOIFRHXPPZ0eI2YxDVbJ4XFGDYw==,iv:TAkEqWV+Jw2hkCNX7V1vKKIpxNyVUwjtHzwkjGW1hbY=,tag:afNdBj5lN/Wy4L6IjS5aZw==,type:str]
+            CONN_STR: ENC[AES256_GCM,data:8WzpUjOeIUy/wd1SVah8huYgKGnQOeaIsHIGDOp5RPn3sDRFWQjt8UrQSvdQlpS1ByfzEKOagiRbAntopgKUBS217BIxCTseWWNHZSWFHmeqHl5khF12W/vzGnmNz13AzYjFyAa9pL8EO3padLCcW1a4amxrZrVxfoDdPGtLfg==,iv:ORrQ4J5h8GHCIc3t0DkMe7Su0azZZbXbHRq3a4els1g=,tag:OVtgofGCMpuAlZRSP2SC7g==,type:str]
    oauth:
-        - name: ENC[AES256_GCM,data:1K2tuMM+,iv:uTErKIJ6kY0z9hayLBFx1GrALjxZlLfh3w96vP1jwGg=,tag:sK9R93kCYntqWAniTHq0PQ==,type:str]
+        - name: ENC[AES256_GCM,data:DgSGZYls,iv:jO6H2etEbN72eUqALClaNSSXTmFmwEwh68+B55XjgSg=,tag:NPvG3dNbqBfJpIYs5x5DRA==,type:str]
-          provider: ENC[AES256_GCM,data:nNshputv,iv:SoPevM6rAnDoylG+IgMSxqyW4B7zYQy9vhA4MBK/YlM=,tag:expZe1N109ALbLyOGL3u3Q==,type:str]
+          provider: ENC[AES256_GCM,data:KoZ8Phel,iv:DnVY7rr6Si7wRqcq7CIEHVwzdk4pu8LI+SfIKmQ/CK4=,tag:BDzwrZlCrG/1PZkZatAinQ==,type:str]
-          key: ENC[AES256_GCM,data:FNcbBPLJh1bRtB6l9NYqs7QNFwY=,iv:5JyhAl00KSH992oMdfB3DotpPaKPBWSZLE1EDRdi8Ic=,tag:PzUoBu4AM+jHzo7up9iu3w==,type:str]
+          key: ENC[AES256_GCM,data:KHj8+hRm9WkQoJu9zZpXM9MggLU=,iv:HxbXynfvGPFDGKdHl9Vx4Y+Zg8hk0PBX4SmK/KDfVKk=,tag:tL2lkB458HhuaqZ0zf2FSA==,type:str]
-          secret: ENC[AES256_GCM,data:DyWPTUWidYCO3nH3FI5hPXRf2rCk8NruyIh2sTg99v96Z3WbxQaqiQ==,iv:dp/TE4aHCCe88NzCLAMb2CrZYFPNhTkxPkn/FjT449s=,tag:aoIME2e/FAuOEsCknyz99w==,type:str]
+          secret: ENC[AES256_GCM,data:xGu+1QXvLo328O5D7+mJb+X0s3qQbD93kQA8UC3ec27oCcomXRSX7A==,iv:vVLCaFNv/4qjbvxyM2NKfScWAUz7Pn4o3GfzW/IhTO8=,tag:mRvGiq9jrcp+kaUeNlCnTA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -27,14 +27,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMmxwaGh1eGtoYm5yenZk
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUUg3a2M5cklyK1pXbklQ
-            OUNSbkNyT1NXTG1RdmY0OVlzdlRUZnBmUEU4CjAxQ1hrTS85NHF1a0RXZXJkdzIy
+            M2NXVkFyejhsVmtuclB0bDJSUm9RanBza2lNClVoc1VaSjhrWkNUc0Q5NVJ0Zlo5
-            Q0RNU3lZalBlbVVneUxQWVlUYVF4ZzQKLS0tIFkzUk5STTBOMzBsS2hQZTdubEp3
+            TEFzWXBya2tRS3hCelA2NTdUaFNqekkKLS0tIEwweEw0NFJRb1B0YlhnSFUwQUVC
-            YnZRRkRFTFl1QXY2UC9CdWxqL1J1aGMKd0mn4chDTjf6snQrMFOBkPxXfQGc4MkI
+            OUh2Y3dUN1E2cEtaZWxvQXR2S2RRU1EK/4pB/huJUUfnai9tNuLCgVlYV+5e235X
-            nLHPetVhnrs1ey4RmIkAhThAwItfFVy7+nYRjs5CQenVODOpo9W1/w==
+            RsA/rvpzFkwLWJD/Bg6Uxys9zU0LyuEvi9DwmEHM7Wuam85Ssh20Wg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-30T18:17:44Z"
+    lastmodified: "2024-02-09T09:32:40Z"
-    mac: ENC[AES256_GCM,data:1yeXL2qIMP8kfynN19/ZEKI91EF9nDzNiR5OdRt3qBWbwv4Z6T99vVLuEFWi0zrkXL5K97Ojz0Lr3uzF8gFaEUTYRa0dMV4yjlfRBe1jiimqmJbU/LZAIPFRMmNbvXGAuZ43ebcpgTO5KwelSFVWV5r4XNg9EbfksYAl2kUVUAc=,iv:ewo0eBy7FbcXAE/Y5UKGTR0eCwt96UvtZlf2QNEGXWY=,tag:S/AucM7f6K5fppC2Y4/NYA==,type:str]
+    mac: ENC[AES256_GCM,data:zB/f5zCAEYpfFxhA1PW0osBvIC3WRVH8GlGZggD98KyuwhKDRlwRlNp6LTcBJjt0xZLK7xGQYB/A6vhpo/V6D8JYc6Cajy0mdy3n1BhX6W7ow6qsc7iPxFOKu2FegNwxY433FWsprisbV73K45TKLxxBtwD1PO/gCzCUah+iXr4=,iv:YEyYqURF4K1WbN8XB3f7YKq+asco8+m1jjBmCnqQ5gE=,tag:F7CgV3cQNTWndm4gvphejQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/badhouseplants/values/secrets.mailu.yaml
+++ b/badhouseplants/values/secrets.mailu.yaml
@ -1,21 +1,21 @@
-secretKey: ENC[AES256_GCM,data:MCbDSjkm+iTuDTIjD9yntg==,iv:xWe8wC5Czplnj267juQlNjLeCmP5j3/E8ZhaxKnlwzI=,tag:cXSHV0lLJzjShUlGGw/FGw==,type:str]
+secretKey: ENC[AES256_GCM,data:0LlGX1QG39jemZ8X2Itq2A==,iv:Dt1YoxrQ3yxJVZ3sc60kWXDvtwKCO7PrsZRMZUDOHpg=,tag:NY/8/xxnYcX/Hv1BCIKCjw==,type:str]
 initialAccount:
-    enabled: ENC[AES256_GCM,data:h5hFrg==,iv:KfzoSoh53smpPL5rWW/rrg46PYx7BeyK2d4Nbx3iDmQ=,tag:i3ZoAa1nsJVa3g9FbPw64w==,type:bool]
+    enabled: ENC[AES256_GCM,data:rCMSGQ==,iv:mltQk4uc4jETPOimbRirrlxWxPsck6cLOM387chFtt4=,tag:3cy2sk+WPle9T96PcdWL+g==,type:bool]
-    username: ENC[AES256_GCM,data:igOhMhvNXKd7qcSq4KrsJuUYGndREuNw9sjC,iv:rsi0qaHK/Y6+eIE3HLrd3I/8+pb7YiMc7L5DZMFuHxY=,tag:lm5sO+Knfe3UsvITVBee3A==,type:str]
+    username: ENC[AES256_GCM,data:2s3WINCPpAg=,iv:inUPAt/Q/lqSi88CKIEcexkbeJwSkS7pCWJqjDBbZ68=,tag:793MA/57fipWdODD2zcaUg==,type:str]
-    domain: ENC[AES256_GCM,data:+cAOdMZOPF6/bkeznQHeDZeh,iv:lRe3qsqzAMbahX5ElQTzuxb3NLbVc8pR6EgHJ1QF6Ik=,tag:7LzeDKE9lG8nEMAchpwgbQ==,type:str]
+    domain: ENC[AES256_GCM,data:IPoIY+yGxry3QQTRbdfbaRJU,iv:xG3mp+yAf+J2V0owRYi3XUCpQjtxAA+92bNiKTLvhvw=,tag:JogwzTxnImd4iKgJz76yaA==,type:str]
-    password: ENC[AES256_GCM,data:f/pR+h/93EP3F/aFSxhUNVWvACbP9NrkJEmwtaT7,iv:fVyPq1jETWuN8UfDiss7ZV2sfq0xBzAhHRZbeeR/2EE=,tag:jkmkrZnXmeEZBgz7Bo37zg==,type:str]
+    password: ENC[AES256_GCM,data:e2d9qYEUjkxbQRatzDslMTGDZhIqZwgr9t/olN2G,iv:uynCQDAKn7IoVpd1VLhWAI6dK2hN7LNC9PFNnOkYGOU=,tag:gqZSMCh3j/9lA7m6RQm6Ag==,type:str]
 postgresql:
    auth:
-        password: ENC[AES256_GCM,data:eBtjApYj1UUNAVcVygZTkKhXFQkuKm6STaS5YWXW,iv:LsSt2JE+gC7t5KSsxjR/TgMTxTlXidakyedUinAbxDA=,tag:Xyurn+923S10PHfK8GTGng==,type:str]
+        password: ENC[AES256_GCM,data:YHgy0iu0oaaRBiiO0FXCN2o9d76Vgdbxi3Mnoerj,iv:d0tOkZsXvbEVA8awiX3P9AMrctbvy2JIbGggua5dTzs=,tag:v8b7QHY+5urMsV53IL7wsA==,type:str]
-        postgresPassword: ENC[AES256_GCM,data:IEKdX+BAIWdW5zj/cIgerhSl2eqSCe2mh3qU85yf,iv:bi8qDy5vy29gtcY8ySl0S4JGbousAnEb8t0HhD/uPDM=,tag:aZ5qvC56SqRXUMtrhj1WmA==,type:str]
+        postgresPassword: ENC[AES256_GCM,data:LJH0X2ptmy3xNOHcpWr1FQ0IA1v8q1GmzXrhRwZz,iv:kLh8rb/75uGQL4uFbNLxzD+U59LcKkDeY4uExgbfgoE=,tag:abbtDQZAdzzrMsw0ErnX9w==,type:str]
    secretKeys:
-        adminPasswordKey: ENC[AES256_GCM,data:ScMlQYWDym9YPjXLxMrtQr8qWgvniGtJ2eAWaw/X,iv:F2ecwyX/sjKGMmyEU3LB98I4lqqXchXVZrUk9CY/RnI=,tag:mFFdMMh4nnk0XLwq4F3gng==,type:str]
+        adminPasswordKey: ENC[AES256_GCM,data:30CNkafy6P0F5UCvjxMus9Isi/FzDzyOqMT+VFk0,iv:1s7dFCEGD6soA+uwjAzKmvCltS+YUVY1/2Tk3ZOBemU=,tag:IO+YBBWmmUnyxbsigACRwA==,type:str]
-        replicationPasswordKey: ENC[AES256_GCM,data:uZYWCQnOx70W2ArguYg/QuTVfMpXdryAB9d7zUNb,iv:SrJ3NJkBBXFwpJL1oJzQ15uUmiFwGTANJQwd9dSKIl8=,tag:aB8TZKZUfjeqmA8zSaPzbA==,type:str]
+        replicationPasswordKey: ENC[AES256_GCM,data:pdBxjNmwcsDj0/dC5324XVUBpemUM8LbjxVlBwt/,iv:+wfSUgLgCORtSe1Vf02LZx0U9eEs6Bd9OgH3n6kK8BQ=,tag:E+FgJG2z8/TBAmy7+XlYSw==,type:str]
-        userPasswordKey: ENC[AES256_GCM,data:6EGo3sek1Y2KtwQInhFkUGtb4T5WEnFXqFe7Mh3Y,iv:3x77MgFm7EIOzrrF17ibGTabSI+yIw0REV+Uz+FAN0M=,tag:HzitiFTCIYocKBpAzRYKEQ==,type:str]
+        userPasswordKey: ENC[AES256_GCM,data:3s35K9e4RHRvpt85ft2Msb9GfC6TlGnjIT8B/obp,iv:KnuBW4b0LOuHwXNzgxVqpVDnijiV+DoyQfveHvgCsp8=,tag:G3FcSSPMJy/7IUsUPLbuSw==,type:str]
 global:
    database:
        roundcube:
-            password: ENC[AES256_GCM,data:kHqZpU2mJGfusw==,iv:sSM9vSDUAMN248r42kK4gx4BFNkDpaJK2X+DO6EfYwI=,tag:+Nj36rki6pXCIu5b/Xybog==,type:str]
+            password: ENC[AES256_GCM,data:WUgeCqoWVRCdrA==,iv:5HO53lEArnIqRlWnQqlSKZ+hs7DxDAc9D3wHmbvb68M=,tag:nrjt2qnqGDmT/rv7JNR8Mg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -25,14 +25,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaHlQclZUQ1hOVnBaUGNN
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVlBCaDl3OHBxTnM4aWRS
-            Mnp2RzBDM0pZbnRYK2U0YkZLNWd4WGIwbURFCjROSi84RjFLL2llaE5IUG5COW96
+            L1Q2aC9uT20rUlgvQXFkVThsa1JBS3ZwdnlrCmwxQnNRazlENVFPUER4WEx2ODVu
-            a01ZT1NhMlZXUjZhQkdxTDJTQ0c1OUUKLS0tICtQMU9ubFRHWUNuMmttVE9kVER5
+            Ukx1RHQ5c2NCZHptNm9IV2cxdHlmUFkKLS0tIG9kRUhzZDlocEhNQlFrYVpZdzVj
-            S0hHNERPU0xVMk1vNTBGMkpZNC9VNDQKsM+5tNoEhAO3n3E+UTqJswfpudVukNV9
+            aXFnN08yR2JMVkNGcjE1UDFDWjBWSzAKQIt/5DQkW8FTQTQyWfU8QSxMQ8TV1J8i
-            wrqcvqUpdPKcn1W/hLHiiwVoMfgfrSHBS950PzN/vfgqG7WTfVIKOA==
+            l326pi2q+TuLoIvef8EKA+qax56OGnqESl2JcyHCAyT2T1tTzM1bpw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-02T07:57:08Z"
+    lastmodified: "2024-02-04T09:30:41Z"
-    mac: ENC[AES256_GCM,data:wn75wv69i+OZB33namwvph914za4/ZSP917X4ah8dPbkNdp5u4TvjGU27PtoG64unT4lPTSl5Q6+5CzvjlLwIlr8GWG1KDoO0q4K2SrXOnNnKu32r7ZN+ANKwtMvHV7lgUn+J7u1D8ytftBIffE7ECHKgAphpGHClUE1X7nAmJE=,iv:YBQXpkcluF/tyXSQj6nSefp4yxCYpvefeUKkD9lrV7o=,tag:t9u1bESxVrdfTd3EpeC4NQ==,type:str]
+    mac: ENC[AES256_GCM,data:5SE/XCKyCArO+AqhRJb8h3K1WYys5OHcOfZuRW8j8i3SMEtb+84D1KcsgEFBsJmvffbpxaKXcz7umEIKG+LWLeLjvCgqHwZa7Tidn1X07a9Dep74BfvTNZWVCKEAi/6YcHkLIsVM9Bkl0MOPZTxDjmzVsdiCR+3nfZ6RJ4AysxA=,iv:Yf8m6YNxycoZj+uYAe4rKRmzQiuZtmpLrYYmxDvwPbA=,tag:TcrPy/gj/je8gGOw3jiZ1w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/badhouseplants/values/values.cilium.yaml
+++ b/badhouseplants/values/values.cilium.yaml
@ -0,0 +1,10 @@
 operator:
  replicas: 1
 endpointRoutes:
  # -- Enable use of per endpoint routes instead of routing via
  # the cilium_host interface.
  enabled: true
 ipam:
  ciliumNodeUpdateRate: "15s"
  operator:
    clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
--- a/badhouseplants/values/values.coredns.yaml
+++ b/badhouseplants/values/values.coredns.yaml
@ -0,0 +1,32 @@
 service:
  clusterIP: 10.43.0.10
 servers:
  - zones:
      - zone: .
    port: 53
    plugins:
    - name: errors
    # Serves a /health endpoint on :8080, required for livenessProbe
    - name: health
      configBlock: |-
        lameduck 5s
    # Serves a /ready endpoint on :8181, required for readinessProbe
    - name: ready
    # Required to query kubernetes API for data
    - name: kubernetes
      parameters: cluster.local in-addr.arpa ip6.arpa
      configBlock: |-
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    # Serves a /metrics endpoint on :9153, required for serviceMonitor
    - name: prometheus
      parameters: 0.0.0.0:9153
    - name: forward
      parameters: . 1.1.1.1 1.0.0.1
    - name: cache
      parameters: 30
    - name: loop
    - name: reload
    - name: loadbalance
--- a/badhouseplants/values/values.istio-ingressgateway.yaml
+++ b/badhouseplants/values/values.istio-ingressgateway.yaml
@ -1,5 +1,6 @@
 service:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
    - name: minecraft
      port: 25565
--- a/badhouseplants/values/values.mailu.yaml
+++ b/badhouseplants/values/values.mailu.yaml
@ -19,7 +19,7 @@ istio:
  istio:
    - name: mailu-web
      kind: http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
      hostname: email.badhouseplants.net
      service: mailu-front
      port: 80
@ -91,7 +91,7 @@ ingress:
  selfSigned: false
  existingSecret: mailu-certificate
  realIpFrom: istio-ingressgateway.istio-system.svc.cluster.local
-  realIpHeader: "X-Forwarded-For"
+  realIpHeader: "X-Envoy-External-Address"
 front:
  hostPort:
    enabled: false
--- a/badhouseplants/values/values.metallb-resources.yaml
+++ b/badhouseplants/values/values.metallb-resources.yaml
@ -0,0 +1,5 @@
 metallb:
  enabled: true
  ippools:
    - name: fuji
      addresses: 195.201.249.91-195.201.249.91
--- a/badhouseplants/values/values.namespaces.yaml
+++ b/badhouseplants/values/values.namespaces.yaml
@ -1,11 +1,23 @@
---
+namespaces:
-ns:
+  - name: longhorn-system
  - name: cert-manager
  - name: minio-service
  - name: metallb-system
  - name: reflector-system
  - name: drone-service
  - name: argo-system
  - name: nrodionov-application
  - name: minecraft-application
  - name: gitea-service
  - name: funkwhale-application
  - name: monitoring-system
-templates:
+  - name: bitwarden-application
-  - |
+  - name: database-service
-    {{ range .Values.ns }}
+  - name: mail-service
-    apiVersion: v1
+  - name: istio-system
-    kind: Namespace
+  - name: vaultwarden-application
-    metadata:
+  - name: woodpecker-ci
-      name: {{ .name }}
+  - name: openvpn-service
-    {{ end }}
+  - name: tandoor-application
  - name: badhouseplants-main
  - name: mailu-application
--- a/badhouseplants/values/values.prometheus.yaml
+++ b/badhouseplants/values/values.prometheus.yaml
@ -87,6 +87,7 @@ prometheus:
              storage: 12Gi
 grafana:
  assertNoLeakedSecrets: false
  persistence:
    enabled: true
    size: 2Gi
--- a/charts/namespaces/chart/.helmignore
+++ b/charts/namespaces/chart/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/charts/namespaces/chart/Chart.yaml
+++ b/charts/namespaces/chart/Chart.yaml
@ -0,0 +1,24 @@
 apiVersion: v2
 name: namespaces
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
--- a/charts/namespaces/chart/templates/_helpers.tpl
+++ b/charts/namespaces/chart/templates/_helpers.tpl
@ -0,0 +1,43 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "namespaces.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "namespaces.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "namespaces.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "namespaces.labels" -}}
 helm.sh/chart: {{ include "namespaces.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
--- a/charts/namespaces/chart/templates/namespaces.yaml
+++ b/charts/namespaces/chart/templates/namespaces.yaml
@ -0,0 +1,18 @@
 {{- if .Values.namespaces }}
 {{- range $ns := .Values.namespaces }}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: {{ $ns.name }}
  labels:
    {{- include "namespaces.labels" $ | nindent 4 }}
    {{- with $ns.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with $ns.annotations}}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/namespaces/chart/values.yaml
+++ b/charts/namespaces/chart/values.yaml
@ -0,0 +1,20 @@
 namespaces:
  - name: giantswarm-flux
    labels:
      name: giantswarm-flux
  - name: giantswarm
    labels:
      name: giantswarm
  - name: monitoring
    labels:
      name: monitoring
  - name: org-giantswarm
    labels:
      name: org-giantswarm
  - name: flux-system
    labels:
      name: flux-system
  - name: flux-giantswarm
    labels:
      name: flux-giantswarm
  - name: policy-exception
--- a/charts/namespaces/kustomize/flux-system.yml
+++ b/charts/namespaces/kustomize/flux-system.yml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: flux-system
  labels:
    name: flux-system
--- a/charts/namespaces/kustomize/giantswarm-flux.yml
+++ b/charts/namespaces/kustomize/giantswarm-flux.yml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: giantswarm-flux
  labels:
    name: giantswarm-flux
--- a/charts/namespaces/kustomize/giantswarm.yml
+++ b/charts/namespaces/kustomize/giantswarm.yml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: giantswarm
  labels:
    name: giantswarm
--- a/charts/namespaces/kustomize/kustomization.yaml
+++ b/charts/namespaces/kustomize/kustomization.yaml
@ -0,0 +1,5 @@
 resources:
  - ./giantswarm-flux.yml
  - ./giantswarm.yml
  - ./monitoring.yml
  - ./org-giantswarm.yml
--- a/charts/namespaces/kustomize/monitoring.yml
+++ b/charts/namespaces/kustomize/monitoring.yml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: monitoring
  labels:
    name: monitoring
--- a/charts/namespaces/kustomize/org-giantswarm.yml
+++ b/charts/namespaces/kustomize/org-giantswarm.yml
@ -0,0 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: org-giantswarm
  labels:
    name: org-giantswarm
--- a/charts/root/.helmignore
+++ b/charts/root/.helmignore
@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/charts/root/Chart.yaml
+++ b/charts/root/Chart.yaml
@ -0,0 +1,6 @@
 apiVersion: v2
 name: root
 description: A Helm chart for Kubernetes
 type: application
 version: 0.1.5
 appVersion: "1.16.0"
--- a/charts/root/templates/_helpers.tpl
+++ b/charts/root/templates/_helpers.tpl
@ -0,0 +1,62 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "root.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "root.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "root.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "root.labels" -}}
 helm.sh/chart: {{ include "root.chart" . }}
 {{ include "root.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "root.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "root.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "root.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "root.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/charts/root/templates/root.yaml
+++ b/charts/root/templates/root.yaml
@ -0,0 +1,25 @@
 {{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: GitRepository
 metadata:
  name: root
 spec:
  interval: 30s
  url: {{ .Values.url }}
  ref:
    branch: {{ .Values.branch }}
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: root
 spec:
  interval: 30s
  targetNamespace: flux-system
  sourceRef:
    kind: GitRepository
    name: root
  path: "."
  prune: false
  timeout: 1m
 {{- end }}
--- a/charts/root/templates/self.yaml
+++ b/charts/root/templates/self.yaml
@ -0,0 +1,25 @@
 {{ if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1" }}
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: GitRepository
 metadata:
  name: root-self
 spec:
  interval: 30s
  url: {{ .Values.self.url }}
  ref:
    branch: {{ .Values.self.branch }}
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: root-self
 spec:
  interval: 30s
  targetNamespace: flux-system
  sourceRef:
    kind: GitRepository
    name: root-self
  path: "."
  prune: false
  timeout: 1m
 {{- end }}
--- a/charts/root/values.yaml
+++ b/charts/root/values.yaml
@ -0,0 +1,5 @@
 url: https://git.badhouseplants.net/giantswarm/cluster-example.git
 branch: main
 self:
  url: git@git.badhouseplants.net:giantswarm/root-config.git
  branch: master
--- a/common/values.metallb.yaml
+++ b/common/values.metallb.yaml
@ -0,0 +1,14 @@
 ---
 metallb:
  templates:
    - |
        {{ range .Values.ippools }}
        ---
        apiVersion: metallb.io/v1beta1
        kind: IPAddressPool
        metadata:
          name: {{ .name }}
        spec:
          addresses:
          - {{ .addresses }}
        {{ end }}
--- a/crd.yaml
+++ b/crd.yaml
@ -0,0 +1,27 @@
 templates:
  # ---------------------------
  # -- Hooks
  # ---------------------------
  crd-management-hook:
    hooks:
      - events: ["preapply"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - |
            helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f  - \
            || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f  - \
            || true
      - events: ["prepare"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
      - events: ["postuninstall"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
--- a/docs/restic.md
+++ b/docs/restic.md
@ -1,7 +0,0 @@
 # Restic
 We are using restic for backing up the Minecraft server
 ## How to restore
 TODO: Describe the restoration process
--- a/etersoft/values/secrets.minio.yaml
+++ b/etersoft/values/secrets.minio.yaml
@ -1,21 +1,21 @@
-rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str]
+rootPassword: ENC[AES256_GCM,data:b0e8jPZizEOqRRdBfL5cby3BCz4/vv/NX+39HAZ1IFb8,iv:Y4af+rhXaoaH3ho7W4YLSD0c7Li3ih130aUNPwsWCsI=,tag:OpW8bftAtm4s+aIxTvOq3A==,type:str]
 users:
-    - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str]
+    - accessKey: ENC[AES256_GCM,data:0zHY1dpZcro=,iv:jYvIGZNi2j9bGXgDU8EuhlWivB88Fr0/oBIBgSMnyRc=,tag:VBTWvhQy02xgCD5/ew4A6g==,type:str]
-      secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str]
+      secretKey: ENC[AES256_GCM,data:+5pzvUItGiuOpKTFWcDtt60bcg==,iv:Z1ITL0rTy/3/hKVApPCjWSslEUrEOGvUhiHAx3Fa84c=,tag:H7L2MZ/QQYulMqWv65fStw==,type:str]
-      policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str]
+      policy: ENC[AES256_GCM,data:UH1OW/DcPycrKBpE,iv:nssYtBSfN09O0Z9FMQzW660LAMJ4EZP+090c893sb1Q=,tag:XSZpHMX6P1u4UyyzVLnGcQ==,type:str]
-    - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
+    - accessKey: ENC[AES256_GCM,data:h8Zqj8Oi,iv:TlRLh7w4nHi0zNSF41gJBvCetQxQHH4bJLhJIgVv+MQ=,tag:xJht3fA5NwAKGJvUFyiBVQ==,type:str]
-      secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
+      secretKey: ENC[AES256_GCM,data:uUHZdSRYPEiE5zvapL8=,iv:xYY7QBSzfRicImZZBoFpIbODiypxKC7wIZ/S4BluQX0=,tag:xXSYqJ3lEohWp9heC08qOw==,type:str]
-      policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
+      policy: ENC[AES256_GCM,data:W+8wc5fu,iv:J+WHxQIbkffku41GJV9LgK/l28Ds7YI5nNtk8VlICYs=,tag:NtDHmQGJcjMoeD3oAbk9Kw==,type:str]
-oidc:
+      #ENC[AES256_GCM,data:TYF79Nw=,iv:dW5GFF4Se81r+JEKNN0P/dIluq+LT+CueMr1Rr7Hhic=,tag:UGDIsRChsM6DPIqAh3kECg==,type:comment]
-    enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
+      #ENC[AES256_GCM,data:UO5QDyZ4GYVRKkHIJ97Cwl4=,iv:88QMVL1cji5fY1lpZp/B6CHhqrvY57jmRF2o4ixdnFA=,tag:QE/luvZJ03zh1SyR7GMXDQ==,type:comment]
-    configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
+      #ENC[AES256_GCM,data:ddVGAKMd/cyVSDtM5RYnUo6z+T5dsuzb5DUd6/Tio52jNZZ4YtvUhrncW+I4SQzPUElNx6R/CNUmGmkYqXjkd2LnwchB5F0U1j+OhZHR,iv:KveAUI8L/muXShLVojH2xjwZGIS+D0RmJio26prCCHw=,tag:Mpoi7h0anEqHjYbvOHjPkw==,type:comment]
-    clientId: ENC[AES256_GCM,data:6vU3UzdsBjCoxa+H3V87UeNyGt7IYsYMkjEZGFhMfCVWVxxB,iv:4J21E9eskroCTmUFbnt4K4v4tgD+Bjq5j2wT+1q1NE0=,tag:bBDqviaFjnQNDSwTzmpCtw==,type:str]
+      #ENC[AES256_GCM,data:mQZZbdr8wc2LpD5XLNaseerkclUtuSU6gOHJSP6f85PkyiHduGBdS8PZCvB1l82Yu0Y=,iv:60Bpshtdt61vlTjvEaHgi/MNGRbgXjFCIVb/HbcUr1U=,tag:uoLQmsvv31rv2fXPMgb5bQ==,type:comment]
-    clientSecret: ENC[AES256_GCM,data:G0OChA212NVb7utdsx4kJRS8BQ0V6igeteOo3Q+PvFTd0U7IVt27YB2u0BUGkt4/Go+wByf8joI=,iv:7khUct7Iln7pi7ET7FBLI51Zc+aFTjLpj92EV5q4Sjc=,tag:vMZtRxTDpphKRW4dN3OVfA==,type:str]
+      #ENC[AES256_GCM,data:WBT41MB3gOut5RHECWApPUU54EErbzMWUOHBBl0mBOAuPK0lYtDSwNZgbSsPVb5WVcN19dMVfGdszox8oYyqKmLG6envNwhtfvQ=,iv:xsTwI3VeAzZqkkGJsU3CxlAkUlDS6aBbD6cOn+z5hj4=,tag:2yesctQM0VlspQZvrCNRng==,type:comment]
-    claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
+      #ENC[AES256_GCM,data:2+1H+f/x8gI5vQuv9cfUYS3Q+iu9,iv:gtxhtl2vPcMSqTq8GtY4ywk+XA1k8bl00bgoFk6mHME=,tag:sRT3bc/W39SsQoBtGNQ2eQ==,type:comment]
-    redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
+      #ENC[AES256_GCM,data:lwOXCoMkHgQk4xo9nmEtsD/hbqKCgGCK/26AtrYpoH5ntzInb/eXSqeZEsDCqPwy/ZjQCUmYU7XCvKXKm9T6HA==,iv:lcFNE1zKBc24JkPvZQMLlGAx5vhdDJZiJ6gzeJb/ZOo=,tag:xZ8KKC7RCOp9QeJGuxXHFA==,type:comment]
-    comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
+      #ENC[AES256_GCM,data:AUwdNARkPPyycH6dooeSudjtiNanxcjOsr7lNdo=,iv:UIUU0CU4+6iD3yVaevnwqfoyprtSX/maBncP4q56yak=,tag:op1twIDRJtnxi44PVFfQtQ==,type:comment]
-    claimPrefix: ""
+      #ENC[AES256_GCM,data:AnHAONVEQiEofEmL/T0wdt1E0Q==,iv:L2wX/5EF+NJP/Ped+M5XuAg+IoymRmqHdvztFxYz3oI=,tag:t+uDB+bdv/m92JQsOvf0pA==,type:comment]
-    scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str]
+      #ENC[AES256_GCM,data:ceYRPrvLpYUqV/aVVpP1elX/nOmGHUN81R1/JhTICEHWDm8a7wPc,iv:3dfTNmkYmTE01MSco390r/9oshumWm6OKvpofDicl+s=,tag:qH6M8xLJvFxa01MxlWnkFw==,type:comment]
 sops:
    kms: []
    gcp_kms: []
@ -25,14 +25,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZ2hGWUYvbUorMzg5ZkV6
-            QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I
+            MDAyR0kzUmNiV2U1TWVmT2hidWJwRW40alJVCmljR2t3aXRzdHVFR3FldmxEMm1U
-            R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa
+            SG1MdDJEeVVNdGswTkF4alNFMFIwM0kKLS0tICtSTHRTeE0ramt0UldVblh0dWtX
-            UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
+            ZjQ2V2FrTnZEOGxCVTdzb1JHRVNjd2MKumygdzhr6eObw2CFKPVukneG9j/S9iPg
-            vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
+            mtCKiTHzuePabixUagFvY3R8Y6P8X0/nq/2Me5MJTdI80Ga8WOQ23Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-04T19:00:41Z"
+    lastmodified: "2024-02-04T08:44:29Z"
-    mac: ENC[AES256_GCM,data:jhZqJDZuHXpb50aI4f9Otj5y7lHzb1JadZqccju0No2PGUVO1Le3X/Zc51YIm3di+UV8bZSDUosYA7mWz4zNsyMwK0ikB0zUb12Wv1M0ESe4sJQR3mlQSa6fBe1EUGSAtjtmo/HlKaWvprEo3knTZJrxN8pZdTaPOTSA/Akr8m0=,iv:oUbuW1FL1qFbByt5DKqgCWVv/0D2ByWXs2dyUSuB3Uc=,tag:19MFSo0Y1AfB+kFk0sfW2g==,type:str]
+    mac: ENC[AES256_GCM,data:g1CM1dHqXKNWMFNxjHr8JfBWBiEii5iIPeycvmfYm8kXSeVLMHBM3TiJPbOdqxuwme1lXxRKIPwoebYdCc5B/38Ugqu+JLFSj6QJOd6y67BinrS/mn99MVifASe+msYIo+r2B1T9mFiRxY71GJAVfpsy0hljcrJ7dW9Hdd7HAVI=,iv:7Q47rPLmW6uCi8cKYSsSWFVyDc3dT503Vnu1MvM0leI=,tag:vSTff0dVb6h9oBhLjkvvxA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/etersoft/values/values.metallb-resources.yaml
+++ b/etersoft/values/values.metallb-resources.yaml
@ -0,0 +1,5 @@
 metallb:
  enabled: true
  ippools:
    - name: etersoft
      addresses: 91.232.225.63-91.232.225.63
--- a/etersoft/values/values.minio.yaml
+++ b/etersoft/values/values.minio.yaml
@ -18,6 +18,16 @@ istio:
      hostname: s3.e.badhouseplants.net
      service: minio
      port: 9000
 image:
  repository: quay.io/minio/minio
  tag: RELEASE.2024-01-11T07-46-16Z-cpuv1
  pullPolicy: IfNotPresent
 mcImage:
  repository: quay.io/minio/mc
  tag: RELEASE.2024-01-11T05-49-32Z-cpuv1
  pullPolicy: IfNotPresent
 rootUser: 'overlord'
 replicas: 1
 mode: standalone
--- a/extensions.yaml
+++ b/extensions.yaml
@ -0,0 +1,56 @@
 templates:
  # ----------------------------
  # -- Extensions
  # ----------------------------
  ext-istio-gateway:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: istio-gateway
    values:
      - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
  ext-istio-resource:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: istio
    values:
      - '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
  ext-certificate:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: certificate
    values:
      - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
  ext-metallb:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: metallb
    values:
      - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
  service-monitor:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: service-monitor
    values:
      - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
  namespace:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: ns
    inherit:
      - template: default-common-values
      - template: default-env-values
  ext-database:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: ext-database
    values:
      - '{{ requiredEnv "PWD" }}/common/values.database.yaml'
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -50,6 +50,11 @@ releases:
    installed: true
    namespace: longhorn-system
    createNamespace: false
  - <<: *metallb-resources
    installed: true
    namespace: metallb-system
    createNamespace: false
 helmfiles:
  - path: {{.Environment.Name }}/helmfile.yaml
--- a/manifests/badhouseplants/namespace-creator-binding.yaml
+++ b/manifests/badhouseplants/namespace-creator-binding.yaml
@ -1,12 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: namespace-manager
 subjects:
  - kind: User
    name: badhousplants
    apiGroup: rbac.authorization.k8s.io
 roleRef:
  kind: ClusterRole
  name: namespace-manager
  apiGroup: rbac.authorization.k8s.io
--- a/manifests/badhouseplants/namespace-creator-role.yaml
+++ b/manifests/badhouseplants/namespace-creator-role.yaml
@ -1,8 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: namespace-manager
 rules:
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "watch", "list", "create", "delete"]
--- a/manifests/debug/istio/httpbin.yaml
+++ b/manifests/debug/istio/httpbin.yaml
@ -14,9 +14,9 @@ metadata:
  namespace: debug
 spec:
  hosts:
-    - "httpbin.e.badhouseplants.net"
+    - "httpbin.badhouseplants.net"
  gateways:
-    - istio-system/e-badhouseplants-net
+    - istio-system/badhouseplants-net
  http:
    - route:
        - destination:
--- a/manifests/new-ip.yaml
+++ b/manifests/new-ip.yaml
@ -0,0 +1,11 @@
 ---
 # Source: raw/charts/metallb/templates/resources.yaml
 ---
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: etersoft
 spec:
  addresses:
  - 91.232.225.63-91.232.225.63
--- a/releases.yaml
+++ b/releases.yaml
@ -63,7 +63,13 @@ templates:
        alias: certificate
    values:
      - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
-
+  ext-metallb:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: metallb
    values:
      - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
  service-monitor:
    dependencies:
      - chart: bedag/raw
@ -92,6 +98,14 @@ templates:
  # ----------------------------
  # -- System
  # ----------------------------
  namespaces: &namespaces
    name: namespaces
    chart: '{{ requiredEnv "PWD" }}/charts/namespaces/chart'
    namespace: kube-public
    createNamespace: false
    inherit:
      - template: default-env-values
  metrics-server: &metrics-server
    name: metrics-server
    chart: metrics-server/metrics-server
@ -102,12 +116,20 @@ templates:
  metallb: &metallb
    name: metallb
    chart: metallb/metallb
-    version: 0.13.12
+    version: 0.14.3
  metallb-resources: &metallb-resources
    name: metallb-resources
    chart: bedag/raw
    version: 2.0.0
    inherit:
      - template: ext-metallb
      - template: default-env-values
  cert-manager: &cert-manager
    name: cert-manager
    chart: jetstack/cert-manager
-    version: 1.13.3
+    version: 1.14.1
    set:
      - name: installCRDs
        value: true
@ -121,7 +143,7 @@ templates:
  argocd: &argocd
    name: argocd
    chart: argo/argo-cd
-    version: 5.52.1
+    version: 5.53.13
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -134,7 +156,7 @@ templates:
  prometheus: &prometheus
    name: prometheus
    chart: prometheus-community/kube-prometheus-stack
-    version: 55.7.0
+    version: 56.6.1
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -145,7 +167,7 @@ templates:
  loki: &loki
    name: loki
    chart: grafana/loki
-    version: 5.41.5
+    version: 5.42.2
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -153,7 +175,7 @@ templates:
  promtail: &promtail
    name: promtail
    chart: grafana/promtail
-    version: 6.15.3
+    version: 6.15.5
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -241,7 +263,7 @@ templates:
  woodpecker-ci: &woodpecker-ci
    name: woodpecker-ci
    chart: woodpecker/woodpecker
-    version: 1.0.3
+    version: 1.1.1
    inherit:
      - template: ext-database
      - template: default-env-values
@ -251,7 +273,7 @@ templates:
  nrodionov: &nrodionov
    name: nrodionov
    chart: bitnami/wordpress
-    version: 19.0.4
+    version: 19.2.3
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -261,7 +283,7 @@ templates:
  minio: &minio
    name: minio
    chart: minio/minio
-    version: 5.0.14
+    version: 5.0.15
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -279,7 +301,7 @@ templates:
  gitea: &gitea
    name: gitea
    chart: gitea/gitea
-    version: 10.0.2
+    version: 10.1.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -308,7 +330,7 @@ templates:
  redis: &redis
    name: redis
    chart: bitnami/redis
-    version: 18.6.3
+    version: 18.12.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -316,7 +338,7 @@ templates:
  postgres16: &postgres16
    name: postgres16
    chart: bitnami/postgresql
-    version: 13.3.1
+    version: 14.0.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -324,7 +346,7 @@ templates:
  db-operator: &db-operator
    name: db-operator
    chart: db-operator/db-operator
-    version: 1.16.2
+    version: 1.18.0
  db-instances: &db-instances
    name: db-instances
@ -337,7 +359,7 @@ templates:
  mysql: &mysql
    name: mysql
    chart: bitnami/mysql
-    version: 9.17.1
+    version: 9.19.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -376,13 +398,29 @@ templates:
      - template: ext-istio-resource
      - template: ext-certificate
  tandoor: &tandoor
    name: tandoor
    chart: gabe565/tandoor
-    version: 0.8.11
+    version: 0.8.12
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-istio-resource
      - template: ext-database
  coredns: &coredns
    name: coredns
    chart: coredns/coredns
    version: 1.29.0
    namespace: kube-system
    inherit:
      - template: default-env-values
  cilium: &cilium
    name: cilium
    chart: cilium/cilium
    version: 1.14.6
    createNamespace: false
    namespace: kube-system
    inherit:
      - template: default-env-values
--- a/repositories.yaml
+++ b/repositories.yaml
@ -47,3 +47,7 @@ repositories:
    url: https://charts.gabe565.com
  - name: mailu
    url: https://mailu.github.io/helm-charts/
  - name: coredns 
    url: https://coredns.github.io/helm
  - name: cilium 
    url: https://helm.cilium.io/
--- a/system/values/values.cilium.yaml
+++ b/system/values/values.cilium.yaml
@ -0,0 +1,10 @@
 operator:
  replicas: 1
 endpointRoutes:
  # -- Enable use of per endpoint routes instead of routing via
  # the cilium_host interface.
  enabled: true
 ipam:
  ciliumNodeUpdateRate: "15s"
  operator:
    clusterPoolIPv4PodCIDRList: ["10.244.0.0/16"]
--- a/system/values/values.coredns.yaml
+++ b/system/values/values.coredns.yaml
@ -0,0 +1,32 @@
 service:
  clusterIP: 10.43.0.10
 servers:
  - zones:
      - zone: .
    port: 53
    plugins:
    - name: errors
    # Serves a /health endpoint on :8080, required for livenessProbe
    - name: health
      configBlock: |-
        lameduck 5s
    # Serves a /ready endpoint on :8181, required for readinessProbe
    - name: ready
    # Required to query kubernetes API for data
    - name: kubernetes
      parameters: cluster.local in-addr.arpa ip6.arpa
      configBlock: |-
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
        ttl 30
    # Serves a /metrics endpoint on :9153, required for serviceMonitor
    - name: prometheus
      parameters: 0.0.0.0:9153
    - name: forward
      parameters: . 1.1.1.1 1.0.0.1
    - name: cache
      parameters: 30
    - name: loop
    - name: reload
    - name: loadbalance
--- a/system/values/values.namespaces.yaml
+++ b/system/values/values.namespaces.yaml
@ -0,0 +1,23 @@
 namespaces:
  - name: longhorn-system
  - name: cert-manager
  - name: minio-service
  - name: metallb-system
  - name: reflector-system
  - name: drone-service
  - name: argo-system
  - name: nrodionov-application
  - name: minecraft-application
  - name: gitea-service
  - name: funkwhale-application
  - name: monitoring-system
  - name: bitwarden-application
  - name: database-service
  - name: mail-service
  - name: istio-system
  - name: vaultwarden-application
  - name: woodpecker-ci
  - name: openvpn-service
  - name: tandoor-application
  - name: badhouseplants-main
  - name: mailu-application
--- a/templates/crd-hook.yaml
+++ b/templates/crd-hook.yaml
@ -0,0 +1,25 @@
 ---
 templates:
  crd-management-hook:
    hooks:
      - events: ["preapply"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - |
            helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl replace -f  - \
            || helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl create -f  - \
            || true
      - events: ["prepare"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl diff -f - || true"
      - events: ["postuninstall"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
--- a/templates/extensions.yaml
+++ b/templates/extensions.yaml
@ -0,0 +1,56 @@
 templates:
  # ----------------------------
  # -- Extensions
  # ----------------------------
  ext-istio-gateway:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: istio-gateway
    values:
      - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
  ext-istio-resource:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: istio
    values:
      - '{{ requiredEnv "PWD" }}/common/values.istio.yaml'
  ext-certificate:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: certificate
    values:
      - '{{ requiredEnv "PWD" }}/common/values.certificate.yaml'
  ext-metallb:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: metallb
    values:
      - '{{ requiredEnv "PWD" }}/common/values.metallb.yaml'
  service-monitor:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: service-monitor
    values:
      - '{{ requiredEnv "PWD" }}/common/values.service-monitor.yaml'
  namespace:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: ns
    inherit:
      - template: default-common-values
      - template: default-env-values
  ext-database:
    dependencies:
      - chart: bedag/raw
        version: 2.0.0
        alias: ext-database
    values:
      - '{{ requiredEnv "PWD" }}/common/values.database.yaml'