chore(deps): update helm release nextcloud to v9

clusters/artemis/apps/grainlab-production/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: grainlab-production
+spec:
+  description: GrianLab Production environment
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'grainlab-production'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/grainlab-production/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grainlab-production
+  namespace: grainlab-production
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: grainlab-production
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/grainlab-production
+    targetRevision: main
+  destination:
+    namespace: grainlab-production
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/grainlab-staging/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: grainlab-staging
+spec:
+  description: GrianLab Staging environment
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'grainlab-staging'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/grainlab-staging/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grainlab-staging
+  namespace: grainlab-staging
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: grainlab-staging
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/grainlab-staging
+    targetRevision: main
+  destination:
+    namespace: grainlab-staging
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/grainlab-staging/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

clusters/artemis/apps/homebox/app-project.yaml

@@ -2,15 +2,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  name: osx
+  name: homebox
 spec:
-  description: osx container to proxy shortcuts
+  description: Inventory for the home
   sourceRepos:
     - '*'
   sourceNamespaces:
     - '*'
   destinations:
-    - namespace: 'osx'
+    - namespace: 'homebox'
       server: '*'
   clusterResourceWhitelist:
     - group: '*'

clusters/artemis/apps/homebox/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: homebox
+  namespace: homebox
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: homebox
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/homebox
+    targetRevision: main
+  destination:
+    namespace: homebox
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/homebox/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

clusters/artemis/apps/kaneo/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: kaneo
+spec:
+  description: Project Management
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'kaneo'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/kaneo/application.yaml

@@ -1,20 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: osx
+  name: kaneo
-  namespace: osx
+  namespace: kaneo
   labels:
     platform.dgse.cloud/cluster: artemis
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
-  project: osx
+  project: kaneo
   source:
     repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/osx
+    path: manifests/artemis/kaneo
     targetRevision: main
   destination:
-    namespace: osx
+    namespace: kaneo
     name: in-cluster
   syncPolicy:
     syncOptions:

clusters/artemis/apps/kaneo/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

clusters/artemis/apps/kustomization.yaml

@@ -13,9 +13,9 @@ resources:
   - pocket-id
   - vaultwarden
   - mailu
-  # - ntfy
   - penpot
   - immich
   - digital-garden
-  # - nextcloud
+  - homebox
-  # - osx
+  - grainlab-staging
+  - grainlab-production

manifests/artemis/grainlab-production/app-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grainlab
+  namespace: grainlab-production
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: grainlab
+  template:
+    metadata:
+      labels:
+        app: grainlab
+    spec:
+      imagePullSecrets:
+        - name: ghcr-cred
+      containers:
+        - name: grainlab
+          image: ghcr.io/daniel-luke/grainlab:1.1.6
+          imagePullPolicy: Always
+
+          ports:
+            - containerPort: 3000
+          env:
+            - name: NODE_ENV
+              value: "production"
+            - name: PORT
+              value: "3000"
+            - name: HOST
+              value: "0.0.0.0"
+          envFrom:
+            - secretRef:
+                name: grainlab-app
+            - secretRef:
+                name: grainlab-database
+            - secretRef:
+                name: grainlab-s3
+            - secretRef:
+                name: grainlab-smtp
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              memory: 512Mi

manifests/artemis/grainlab-production/app-ingress.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grainlab
+  namespace: grainlab-production
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  rules:
+    - host: www.grainlab.app
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: grainlab
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - www.grainlab.app
+        - grainlab.app
+      secretName: letsencrypt

manifests/artemis/grainlab-production/app-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grainlab
+  namespace: grainlab-production
+spec:
+  selector:
+    app: grainlab
+  ports:
+    - port: 80
+      targetPort: 3000

manifests/artemis/grainlab-production/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: grainlab-production

manifests/artemis/grainlab-production/postgres-cluster.yaml

@@ -0,0 +1,24 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: grainlab-db
+  namespace: grainlab-production
+spec:
+  instances: 1
+
+  bootstrap:
+    initdb:
+      database: grainlab
+      owner: grainlab
+      secret:
+        name: grainlab-db-credentials
+
+  storage:
+    size: 10Gi
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      memory: 512Mi

manifests/artemis/grainlab-production/www-redirect.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: www-redirect
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`grainlab.app`)
+      middlewares:
+        - name: redirect-to-www
+      services:
+        - kind: TraefikService
+          name: noop@internal
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-www
+spec:
+  redirectRegex:
+    permanent: true
+    regex: "^https?://(?:www\\.)?(.+)"
+    replacement: "https://www.${1}"

manifests/artemis/grainlab-staging/app-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grainlab
+  namespace: grainlab-staging
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: grainlab
+  template:
+    metadata:
+      labels:
+        app: grainlab
+    spec:
+      imagePullSecrets:
+        - name: ghcr-cred
+      containers:
+        - name: grainlab
+          image: ghcr.io/daniel-luke/grainlab:staging
+          imagePullPolicy: Always
+
+          ports:
+            - containerPort: 3000
+          env:
+            - name: NODE_ENV
+              value: "production"
+            - name: PORT
+              value: "3000"
+            - name: HOST
+              value: "0.0.0.0"
+          envFrom:
+            - secretRef:
+                name: grainlab-app
+            - secretRef:
+                name: grainlab-database
+            - secretRef:
+                name: grainlab-s3
+            - secretRef:
+                name: grainlab-smtp
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 10
+            periodSeconds: 5
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+            limits:
+              memory: 512Mi

manifests/artemis/grainlab-staging/app-ingress.yaml

@@ -1,22 +1,24 @@
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  name: grainlab
+  namespace: grainlab-staging
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
-  name: kener-ingress
 spec:
   rules:
-    - host: monitor.dgse.cloud
+    - host: staging.grainlab.app
       http:
         paths:
-          - backend:
+          - path: /
-              service:
-                name: kener
-                port:
-                  number: 3000
-            path: /
             pathType: Prefix
+            backend:
+              service:
+                name: grainlab
+                port:
+                  number: 80
   tls:
     - hosts:
-        - monitor.dgse.cloud
+        - staging.grainlab.app
       secretName: letsencrypt

manifests/artemis/grainlab-staging/app-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grainlab
+  namespace: grainlab-staging
+spec:
+  selector:
+    app: grainlab
+  ports:
+    - port: 80
+      targetPort: 3000

manifests/artemis/grainlab-staging/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: grainlab-staging

manifests/artemis/grainlab-staging/postgres-cluster.yaml

@@ -0,0 +1,24 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: grainlab-db
+  namespace: grainlab-staging
+spec:
+  instances: 1
+
+  bootstrap:
+    initdb:
+      database: grainlab
+      owner: grainlab
+      secret:
+        name: grainlab-db-credentials
+
+  storage:
+    size: 10Gi
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 256Mi
+    limits:
+      memory: 512Mi

manifests/artemis/homebox/deployment.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homebox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homebox
+  template:
+    metadata:
+      labels:
+        app: homebox
+    spec:
+      containers:
+        - name: homebox
+          image: ghcr.io/sysadminsmedia/homebox:latest
+          ports:
+            - containerPort: 7745
+          volumeMounts:
+            - mountPath: /data
+              name: homebox-data
+      volumes:
+        - name: homebox-data
+          persistentVolumeClaim:
+            claimName: homebox-pvc

manifests/artemis/homebox/ingress.yaml

@@ -1,22 +1,23 @@
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
+  name: homebox-ingress
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt
-  name: osx-ingress
 spec:
   rules:
-    - host: osx.dgse.cloud
+    - host: inventory.dgse.cloud
       http:
         paths:
-          - backend:
+          - path: /
-              service:
-                name: macos
-                port:
-                  number: 8006
-            path: /
             pathType: Prefix
+            backend:
+              service:
+                name: homebox-svc
+                port:
+                  number: 7745
   tls:
     - hosts:
-        - osx.dgse.cloud
+        - inventory.dgse.cloud
       secretName: letsencrypt

manifests/artemis/homebox/kustomization.yaml

@@ -4,5 +4,6 @@ kind: Kustomization
 
 resources:
   - service.yaml
+  - ingress.yaml
   - deployment.yaml
   - pvc.yaml

manifests/artemis/homebox/pvc.yaml

@@ -2,10 +2,11 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: macos-pvc
+  name: homebox-pvc
 spec:
+  storageClassName: local-path
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
-      storage: 64Gi
+      storage: 25Gi

manifests/artemis/homebox/service.yaml

@@ -2,11 +2,11 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: kener
+  name: homebox-svc
 spec:
   selector:
-    app: kener
+    app: homebox
   ports:
     - protocol: TCP
-      port: 3000
+      port: 7745
-      targetPort: 3000
+      targetPort: 7745

manifests/artemis/kaneo/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: kaneo
+
+#resources:
+#  - secret.yaml
+
+helmCharts:
+  - name: charts/kaneo
+    repo: https://github.com/usekaneo/kaneo
+    version: 0.1.0
+    releaseName: kaneo
+    namespace: kaneo
+    valuesFile: values.yaml

manifests/artemis/kaneo/values.yaml

@@ -0,0 +1,183 @@
+# Global values
+nameOverride: ""
+fullnameOverride: ""
+replicaCount: 1
+# Autoscaling configuration
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Pod configuration
+podAnnotations: {}
+podSecurityContext: {}
+nodeSelector: {}
+tolerations: []
+affinity: {}
+# Service account configuration
+serviceAccount:
+  create: true
+  annotations: {}
+  name: ""
+# PostgreSQL database configuration
+postgresql:
+  # Set to true to deploy PostgreSQL as part of this chart
+  enabled: true
+  image:
+    repository: postgres
+    tag: 16-alpine
+    pullPolicy: IfNotPresent
+  # Database configuration
+  auth:
+    database: kaneo
+    username: kaneo_user
+    password: kaneo_password
+    # Use existing secret for database credentials (optional)
+    existingSecret: ""
+    secretKeys:
+      adminPasswordKey: postgres-password
+      userPasswordKey: password
+  # Persistence for PostgreSQL data
+  persistence:
+    enabled: true
+    size: 8Gi
+    storageClass: ""
+    accessMode: ReadWriteOnce
+  # PostgreSQL service configuration
+  service:
+    type: ClusterIP
+    port: 5432
+  # Resources for PostgreSQL
+  resources: {}
+  # resources:
+  #   limits:
+  #     cpu: 500m
+  #     memory: 512Mi
+  #   requests:
+  #     cpu: 100m
+  #     memory: 128Mi
+# API backend configuration
+api:
+  image:
+    repository: ghcr.io/usekaneo/api
+    tag: latest
+    pullPolicy: IfNotPresent
+  securityContext: {}
+  service:
+    type: ClusterIP
+    port: 1337
+    targetPort: 1337
+  # Resources are optional and disabled by default
+  resources: {}
+  # resources:
+  #   limits:
+  #     cpu: 500m
+  #     memory: 512Mi
+  #   requests:
+  #     cpu: 100m
+  #     memory: 128Mi
+
+  # Environment variables for the API
+  env:
+    jwtAccess: appelflap
+    existingSecret:
+      enabled: false
+      name: ""
+      key: jwt-access
+    disableRegistration: false
+    # Database configuration
+    database:
+      # Use external PostgreSQL (set postgresql.enabled to false)
+      # Important: when using external postgres, make sure you have set up the db user correctly:
+      #   CREATE DATABASE kaneo;
+      #   CREATE USER kaneo_user WITH PASSWORD 'your_password';
+      #   GRANT ALL PRIVILEGES ON DATABASE kaneo TO kaneo_user;
+      #   \c kaneo;
+      #   GRANT USAGE ON SCHEMA public TO kaneo_user;
+      #   GRANT CREATE ON SCHEMA public TO kaneo_user;
+      #   ALTER SCHEMA public OWNER TO kaneo_user;
+      external:
+        enabled: false
+        host: ""
+        port: 5432
+        database: kaneo
+        username: kaneo_user
+        password: ""
+        # Use existing secret for external database credentials in the form of a uri, e.g.: "postgresql://user:pass@host:port/db"
+        existingSecret:
+          enabled: false
+          name: ""
+          passwordKey: postgres_uri
+  livenessProbe:
+    httpGet:
+      path: /me
+      port: api
+    initialDelaySeconds: 30
+    periodSeconds: 10
+  readinessProbe:
+    httpGet:
+      path: /me
+      port: api
+    initialDelaySeconds: 5
+    periodSeconds: 10
+# Web frontend configuration
+web:
+  image:
+    repository: ghcr.io/usekaneo/web
+    tag: latest
+    pullPolicy: IfNotPresent
+  # Environment variables for the Web
+  env:
+    # Optional: Override the default API URL (http://localhost:1337)
+    # The /api path will be automatically appended to the URL
+    # Make sure this url matches the ingress host
+    # apiUrl: "https://kaneo.example.com"
+    apiUrl: ""
+  securityContext: {}
+  service:
+    type: ClusterIP
+    port: 80
+    targetPort: 80
+  # Resources are optional and disabled by default
+  resources: {}
+  # resources:
+  #   limits:
+  #     cpu: 300m
+  #     memory: 256Mi
+  #   requests:
+  #     cpu: 100m
+  #     memory: 128Mi
+
+  livenessProbe:
+    httpGet:
+      path: /
+      port: web
+    initialDelaySeconds: 30
+    periodSeconds: 10
+  readinessProbe:
+    httpGet:
+      path: /
+      port: web
+    initialDelaySeconds: 5
+    periodSeconds: 10
+# Ingress configuration
+ingress:
+  enabled: true
+  className: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  hosts:
+    # Use the same host in the web env variable apiUrl (with http:// or https://)
+    - host: projects.dgse.cloud
+      paths:
+        - path: /?(.*)
+          pathType: ImplementationSpecific
+          service: web
+          port: 80
+        - path: /api/?(.*)
+          pathType: ImplementationSpecific
+          service: api
+          port: 1337
+  tls:
+    - projects.dgse.cloud

manifests/artemis/kener/db-cluster.yaml

@@ -1,21 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: kener-postgres
-spec:
-  instances: 1
-  managed:
-    roles:
-      - name: kener
-        superuser: true
-        login: true
-  bootstrap:
-    initdb:
-      database: kener
-      owner: kener
-      secret:
-        name: kener-postgres-user
-
-  storage:
-    size: 4Gi
-    storageClass: local-path

manifests/artemis/kener/deployment.yaml

@@ -1,79 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kener
-spec:
-  selector:
-    matchLabels:
-      app: kener
-  template:
-    metadata:
-      labels:
-        app: kener
-    spec:
-      containers:
-        - name: kener
-          image: rajnandan1/kener:latest
-          ports:
-            - containerPort: 3000
-              name: http
-          volumeMounts:
-            - name: kener-uploads
-              mountPath: "/app/uploads"
-          env:
-            - name: ORIGIN
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: ORIGIN
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: DATABASE_URL
-            - name: KENER_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: KENER_SECRET_KEY
-            - name: SMTP_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_HOST
-            - name: SMTP_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_PORT
-            - name: SMTP_USER
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_USER
-            - name: SMTP_PASS
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_PASS
-            - name: SMTP_SECURE
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_SECURE
-            - name: SMTP_FROM_EMAIL
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_FROM_EMAIL
-            - name: TZ
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: TZ
-
-      volumes:
-        - name: kener-uploads
-          persistentVolumeClaim:
-            claimName: kener-pvc

manifests/artemis/kener/kustomization.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-metadata:
-  name: kener
-
-resources:
-  - secret.yaml
-  - db-cluster.yaml
-  - service.yaml
-  - pvc.yaml
-  - deployment.yaml
-  - ingress.yaml

manifests/artemis/kener/pvc.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: kener-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi

manifests/artemis/kener/secret.yaml

@@ -1,74 +0,0 @@
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: kener-secret
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: platform
-    kind: ClusterSecretStore
-  target:
-    name: kener-secret
-  data:
-    - secretKey: ORIGIN
-      remoteRef:
-        key: kener
-        property: ORIGIN
-    - secretKey: DATABASE_URL
-      remoteRef:
-        key: kener
-        property: DATABASE_URL
-    - secretKey: KENER_SECRET_KEY
-      remoteRef:
-        key: kener
-        property: KENER_SECRET_KEY
-    - secretKey: SMTP_HOST
-      remoteRef:
-        key: kener
-        property: SMTP_HOST
-    - secretKey: SMTP_PORT
-      remoteRef:
-        key: kener
-        property: SMTP_PORT
-    - secretKey: SMTP_USER
-      remoteRef:
-        key: kener
-        property: SMTP_USER
-    - secretKey: SMTP_PASS
-      remoteRef:
-        key: kener
-        property: SMTP_PASS
-    - secretKey: SMTP_SECURE
-      remoteRef:
-        key: kener
-        property: SMTP_SECURE
-    - secretKey: SMTP_FROM_EMAIL
-      remoteRef:
-        key: kener
-        property: SMTP_FROM_EMAIL
-    - secretKey: TZ
-      remoteRef:
-        key: kener
-        property: TZ
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: kener-postgres-user
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: platform
-    kind: ClusterSecretStore
-  target:
-    name: kener-postgres-user
-  data:
-    - secretKey: username
-      remoteRef:
-        key: kener
-        property: postgres_username
-    - secretKey: password
-      remoteRef:
-        key: kener
-        property: postgres_password

manifests/artemis/mailu/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: mailu
     repo: https://mailu.github.io/helm-charts/
-    version: 2.6.3
+    version: 2.1.2
     releaseName: mailu
     namespace: mailu
     valuesFile: values.yaml

manifests/artemis/mailu/values.yaml

@@ -1350,11 +1350,11 @@ postfix:
   ##     my_variable = my_value
   overrides:
     postfix.cf: |
+      inet_protocols = ipv4
+      smtp_address_preference = ipv4
       smtpd_helo_restrictions = reject_unknown_helo_hostname
       smtpd_sender_restrictions = reject_unknown_sender_domain
       smtpd_client_restrictions = permit_mynetworks
-      smtp_data_restrictions = reject_unauth_pipelining
-      smtp_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
       smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
       smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
 

manifests/artemis/nextcloud/kustomization.yaml

@@ -10,7 +10,7 @@ resources:
 helmCharts:
   - name: nextcloud
     repo: https://nextcloud.github.io/helm/
-    version: 8.5.2
+    version: 9.0.4
     releaseName: nextcloud
     namespace: nextcloud
     valuesFile: values.yaml

manifests/artemis/ntfy/basicauth.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: basic-auth
-spec:
-  basicAuth:
-    secret: basic-auth

manifests/artemis/ntfy/configmap.yaml

@@ -1,12 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ntfy
-data:
-  server.yml: |
-    # Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
-    base-url: https://notifications.dgse.cloud
-    enable-login: true
-    enable-signup: false
-    upstream-base-url: "https://ntfy.sh"

manifests/artemis/ntfy/deployment.yaml

@@ -1,33 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ntfy
-spec:
-  selector:
-    matchLabels:
-      app: ntfy
-  template:
-    metadata:
-      labels:
-        app: ntfy
-    spec:
-      containers:
-        - name: ntfy
-          image: binwiederhier/ntfy
-          args: ["serve"]
-          resources:
-            limits:
-              memory: "128Mi"
-              cpu: "500m"
-          ports:
-            - containerPort: 80
-              name: http
-          volumeMounts:
-            - name: config
-              mountPath: "/etc/ntfy"
-              readOnly: true
-      volumes:
-        - name: config
-          configMap:
-            name: ntfy

manifests/artemis/ntfy/ingress.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ntfy-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`notifications.dgse.cloud`)
-      kind: Rule
-      middlewares:
-        - name: basic-auth
-      services:
-        - name: ntfy
-          port: 80
-  tls:
-    secretName: letsencrypt

manifests/artemis/ntfy/service.yaml

@@ -1,12 +0,0 @@
----
-# Basic service for port 80
-apiVersion: v1
-kind: Service
-metadata:
-  name: ntfy
-spec:
-  selector:
-    app: ntfy
-  ports:
-    - port: 80
-      targetPort: 80

manifests/artemis/osx/deployment.yaml

@@ -1,58 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: macos
-  labels:
-    name: macos
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: macos
-  template:
-    metadata:
-      labels:
-        app: macos
-    spec:
-      containers:
-        - name: macos
-          image: dockurr/macos
-          env:
-            - name: VERSION
-              value: "14"
-            - name: DISK_SIZE
-              value: "64G"
-            - name: KVM
-              value: "N"
-          ports:
-            - containerPort: 8006
-              name: http
-              protocol: TCP
-            - containerPort: 5900
-              name: vnc
-              protocol: TCP
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-            privileged: true
-          volumeMounts:
-            - mountPath: /storage
-              name: storage
-            - mountPath: /dev/kvm
-              name: dev-kvm
-            - mountPath: /dev/net/tun
-              name: dev-tun
-      terminationGracePeriodSeconds: 120
-      volumes:
-        - name: storage
-          persistentVolumeClaim:
-            claimName: macos-pvc
-        - hostPath:
-            path: /dev/kvm
-          name: dev-kvm
-        - hostPath:
-            path: /dev/net/tun
-            type: CharDevice
-          name: dev-tun

manifests/artemis/osx/service.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: macos
-spec:
-  internalTrafficPolicy: Cluster
-  ports:
-    - name: http
-      port: 8006
-      protocol: TCP
-      targetPort: 8006
-    - name: vnc
-      port: 5900
-      protocol: TCP
-      targetPort: 5900
-  selector:
-    app: macos
-  type: ClusterIP

manifests/artemis/vaultwarden/kustomization.yaml

@@ -7,7 +7,7 @@ metadata:
 helmCharts:
   - name: vaultwarden
     repo: https://guerzon.github.io/vaultwarden/
-    version: 0.34.5
+    version: 0.34.4
     releaseName: vaultwarden
     namespace: vaultwarden
     valuesFile: values.yaml