Migrate anything to helmfile (#12)

Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/12
2023-02-22 08:39:55 +00:00
parent df48d45018
commit 9a237f5998
17 changed files with 455 additions and 1 deletions
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@@ -12,6 +12,26 @@ releases:
    namespace: drone-service
    createNamespace: false

+  - <<: *nrodionov
+    installed: true
+    namespace: nrodionov-application
+    createNamespace: false
+
+  - <<: *minecraft
+    installed: true
+    namespace: minecraft-application
+    createNamespace: false
+  
+  - <<: *gitea
+    installed: true
+    namespace: gitea-service
+    createNamespace: false
+
+  - <<: *funkwhale
+    installed: true
+    namespace: funkwhale-application
+    createNamespace: false
+
 bases:
  - ../environments.yaml
  - ../repositories.yaml
--- a/badhouseplants/values/secrets.funkwhale.yaml
+++ b/badhouseplants/values/secrets.funkwhale.yaml
@@ -0,0 +1,25 @@
+postgresql:
+    auth:
+        username: ENC[AES256_GCM,data:S09SpdX3ro0S,iv:QYQiF8Ozz9iLElqsoxyika+iVcHzRyo4hhaaIw8/vDM=,tag:KzorD+/Pysqwm5PneRRsyg==,type:str]
+        password: ENC[AES256_GCM,data:R6bqME1FH72K,iv:PuOIgStSM/NvwhQj06E/PMtB30aDbstypIBt84Fh1q0=,tag:gzv9S+hYW6qjgdoMhl1mTw==,type:str]
+        database: ENC[AES256_GCM,data:Ld33SGYZdlK+,iv:hZ/DlO3wNQ7Bm5L3RmNDzOp9U4QBr+nhJbDD1XYc56Y=,tag:NIgpN71+dL1jIgG66l+3VA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRL0l4OHh5TTd1UGoxZFcw
+            TUtNYkdYTzhRS3hpTHkyNlhoT2hTek54RlJnCktpZmpDNk9mYThyUVZOUTAvanBL
+            VElHYjR6T2QrV3N2c08vZ3JHVWdjSHMKLS0tIE5nREIyVlJ1d29UVzE2aFl2Q21Y
+            dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
+            GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-21T14:05:30Z"
+    mac: ENC[AES256_GCM,data:gt+reA0ZXvsTCbRFDcDDpu/DYZAeEuS1XYAK2H/t3VudIxHcPSNYeQeOwpZ4ziOoX0DbSeci8jTXOSmqhI3R+g5ENS3KL9jw+9e+7znzvc9Y0esNVhqSJZCxDhAlrxW6th1fYdFQ43QHyQsK8HXafh9DO2qMmam5Kf0zxO6RpFM=,iv:Xdk1s1Sx/lIpHulkWD1JJWw/Rhs9aP3MC8uRKtCrSQ8=,tag:E2qFvcr4pmJ98I1ci6iFSw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/badhouseplants/values/secrets.gitea.yaml
+++ b/badhouseplants/values/secrets.gitea.yaml
@@ -0,0 +1,31 @@
+postgresql:
+    global:
+        postgresql:
+            postgresqlDatabase: ENC[AES256_GCM,data:hJfOcMc=,iv:/M0BkKTSojwNcd0nUETwaQJeNWNuIPugROHsQD+VyvY=,tag:7Ljs3VlZ2BLCMYXuU2XtpA==,type:str]
+            postgresqlUsername: ENC[AES256_GCM,data:3c+n9o4=,iv:i3rgY+NvP6lUqXQHbRYQSWIVxlvmI2LHFsZ1wLMkPsE=,tag:ykMrMgxN0nMjpgsdbkCHDw==,type:str]
+            postgresqlPassword: ENC[AES256_GCM,data:8qmyYj/FcclYfd6h8FqICQ9vRFE=,iv:hhHjXdZY393PnG7KnXuXiRnf/Nooc6fbuG/Vnfm9uPQ=,tag:a5HArQdN2YEQa011pZkw5g==,type:str]
+gitea:
+    admin:
+        username: ENC[AES256_GCM,data:f4o3zs74rjY=,iv:t5Cx0suxiZduwL2bsfNyxOVI8RZH1ytEGUdOF2nONco=,tag:mo/BwFwzw7e8tAX6LyaIQg==,type:str]
+        password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
+        email: ENC[AES256_GCM,data:sePKv5CPwYZtayjcqX4JoSGrZAR+Zhfe,iv:TTwfxzqq83xe2bk8cVV93GTlfGMaxmR5arK+Vdht+vE=,tag:Aiox/la2sENjC24Jiib9uQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMCtwL0h3aGtNQlYzVC94
+            QVFvQ3VsTnVuckt1eW80RXFkTUw2VzdzMTBjCjMvSDFlZXpyM2RQRTFTTTJrL3Zu
+            LzNlRy9ZVTY5cWh1WmxmbzdwZVNHQm8KLS0tIDdxNGlxbnk1SDc2R0IrcmFHMmo4
+            Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
+            WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-19T20:56:47Z"
+    mac: ENC[AES256_GCM,data:I4TVIsmcuFAvOCM9rjMHVAokmNzyAZJZ5tSNnWhLRk+WfOUQ8OMuJ0GlzE9EJxeIM2LMLU475EvKyMnrqmsFFsP7VE+t2yxG3kioAr5zDvaqqJ1OVrpKEGRH+EQrc96vc5bv5v94kqU6uQRdxm+q/or+rMm7Gf0P4vifaQPxBIo=,iv:ujv0Vlh71isP/gG3B96M8f1vA13jAjn7pnrezAqTSVY=,tag:N8I29R21DYvby7t03i5nbA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/badhouseplants/values/secrets.minio.yaml
+++ b/badhouseplants/values/secrets.minio.yaml
@@ -0,0 +1,25 @@
+rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99ibNxcFO6RtiC7gjtqSqYrtfmbwocIQ=,tag:ravi1nGLEVSqELVskv71CA==,type:str]
+users:
+    - accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str]
+      secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str]
+      policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VjY3eWQ4V29rQ2VUejA5
+            cG1JTTBCVWY5WGpaVFpDNU8yRTJaUEcwYTI4CnhHVjZrSFVnTGg1Yyt2ekM2YkRr
+            RzljT003RFVURFVRaThaNnYyOTZka1UKLS0tIFYyd1JIQzQ2VEZ2b2xabXM4TFVp
+            NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y
+            zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-19T20:48:11Z"
+    mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/badhouseplants/values/secrets.nrodionov.yaml
+++ b/badhouseplants/values/secrets.nrodionov.yaml
@@ -0,0 +1,28 @@
+wordpressPassword: ENC[AES256_GCM,data:yYE91wuc9uOzIQ==,iv:jLqs0BZcEIG73roA/wxtK74xX+osePoIaKhg6XvuAXE=,tag:9a3n1tbRAy4TaU0OE8uZcQ==,type:str]
+wordpressEmail: ENC[AES256_GCM,data:Fy6mIfhu0DuO+MSp1TPN7On6cFZk,iv:bxYiJBYgbuQsWPRWKfubmNZ/jShMBLeiPDyw7XtOAkY=,tag:RyBuqoNGoTzKR68RNSgumA==,type:str]
+mariadb:
+    auth:
+        rootPassword: ENC[AES256_GCM,data:oex+HDJ5SnaYrw==,iv:5HfGr27bpbXTROVMIWodMUe0WN6T3tXEESYSXwUUxw0=,tag:K83scpenVclwsEnGolsQiQ==,type:str]
+        database: ENC[AES256_GCM,data:xqBbXrRmtrUPaCZBC4NTelk=,iv:HOQHpilfi5TpD1jqI8XaEzO6W4CfdLBsTn+ACFWNhdE=,tag:EnsdqkExZi7PE7X4LlwBxA==,type:str]
+        username: ENC[AES256_GCM,data:oxVjkciMzifFIuhF,iv:kQsEGv9HIB+RTs54KfU8s/fpp1ooyzLK5lBQJZGSvy0=,tag:Y0uzVdsGb6McWRGPk2dNBQ==,type:str]
+        password: ENC[AES256_GCM,data:HV2d0nHUrOdE2Suju6/EUQ==,iv:HLOoCUdtOhm7ss8WSBkEAT4ulR+fwSNF4Oqv1XwDfrU=,tag:BBlW+z5LLmvtIwG69+De0Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V2tQdkFWenZWZU1pT1JY
+            cXpVV3UxNnN6and1R0lBd1NrcXdWNTdibkFnCkJxeERBYyt4ZUtabWl5dlIxNmJZ
+            blhSUHZWTk1PVS9RUThlNFRBREh0T1UKLS0tIENKK200NnRDNUJCeGNTeFB5Z1BI
+            a2l5SG4yTjhmUlorWlJNbmFDekN5LzgKCS8nqMu72GDYjuSrfgbp/KZbHfhOdpyu
+            WpT0T6pk/oOc9ohQKGD/jvcjrMW7OZ5uYpZc/4gPdLKcOnNB+BEo/g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-19T20:44:54Z"
+    mac: ENC[AES256_GCM,data:ZCsQBgVwgAEfVh3Qhyiq7WDbthwliLqDzy4cyfpRN54oQ1SfuTofLKJmdPgmdraDJaCjxgb9zM0RfXS9x2wcFXWc2Q8I06TmWIEbZ1jehSqlQk1WmWWP7P6LqIvA0AY/c32tUhO9kmuftiOcT8sDmiFB/MqHBahAmdTT+0vo4LI=,iv:gcSDUwTMmuNtNTf4wtmSlXSvbje25wd288gnLEQx294=,tag:lcwpAyfDRgGfZ+H07ZkcZw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/badhouseplants/values/values.funkwhale.yaml
+++ b/badhouseplants/values/values.funkwhale.yaml
@@ -0,0 +1,24 @@
+replicaCount: 1
+worker: 
+  replicaCount: 1
+celery:
+  beat:
+    resources:
+      limits:
+        cpu: 100m
+        memory: 512Mi
+      requests:
+        cpu: 10m
+        memory: 75Mi
+extraEnv:
+  FUNKWHALE_HOSTNAME: funkwhale.badhouseplants.net
+  FUNKWHALE_PROTOCOL: https
+persistence:
+  enabled: true
+  accessMode: ReadWriteMany
+  size: 10Gi
+s3:
+  enabled: false
+ingress:
+  enabled: false
+
--- a/badhouseplants/values/values.gitea.yaml
+++ b/badhouseplants/values/values.gitea.yaml
@@ -0,0 +1,59 @@
+replicaCount: 1
+clusterDomain: cluster.local
+resources:
+  limits:
+    cpu: 300m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+persistence:
+  enabled: true
+  size: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  labels: {}
+  annotations: {}
+memcached:
+  enabled: true
+  service:
+    port: 11211
+postgresql:
+  auth: 
+    postgresPassword: check
+  enabled: true
+  global:
+    postgresql:
+      servicePort: 5432
+  persistence:
+    size: 10Gi
+ingress:
+  enabled: false
+gitea:
+  config:
+    APP_NAME: Bad Houseplants Gitea
+    ui:
+      meta:
+        AUTHOR: Bad Houseplants
+        DESCRIPTION: by allanger
+    repository:
+      DEFAULT_BRANCH: main
+    service: 
+      DISABLE_REGISTRATION: true
+    server: 
+      DOMAIN: git.badhouseplants.net
+      ROOT_URL: https://git.badhouseplants.net
+    packages:
+      ENABLED: true
+    cron:
+      enabled: true
+statefulset:
+  env:
+    - name: DOMAIN
+      value: git.badhouseplants.net
+    - name: START_SSH_SERVER
+      value: "true"
+service:
+  ssh:
+    type: ClusterIP
+    port: 22
--- a/badhouseplants/values/values.longhorn.yaml
+++ b/badhouseplants/values/values.longhorn.yaml
@@ -0,0 +1,10 @@
+defaultSettings:
+  backupTarget: s3://longhorn@us-east1/backupstore 
+  backupTargetCredentialSecret: aws-secret
+  guaranteedEngineManagerCPU: 6
+  guaranteedReplicaManagerCPU: 6
+csi:
+  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
+persistence:
+  defaultClassReplicaCount: 1
+enablePSP: false
--- a/badhouseplants/values/values.minecraft.yaml
+++ b/badhouseplants/values/values.minecraft.yaml
@@ -0,0 +1,18 @@
+resources:
+  requests:
+    memory: 512Mi
+    cpu: 50m
+minecraftServer:
+  eula: "TRUE"
+  onlineMode: false
+  difficulty: hard
+  hardcore: true
+  version: 1.19.2
+  gameMode: survival
+  motd: "Suck my cock"
+  pvp: true
+  memory: 2512M
+persistence:
+  dataDir:
+    enabled: true
+    Size: 8Gi
--- a/badhouseplants/values/values.minio.yaml
+++ b/badhouseplants/values/values.minio.yaml
@@ -0,0 +1,36 @@
+rootUser: 'overlord'
+replicas: 1
+mode: standalone
+environment:
+  MINIO_SERVER_URL: "https://s3.badhouseplants.net:443"
+tls:
+  enabled: false
+  certSecret: ''
+  publicCrt: public.crt
+  privateKey: private.key
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 10Gi
+service:
+  type: ClusterIP
+  clusterIP: ~
+  port: '9000'
+consoleService:
+  type: ClusterIP
+  clusterIP: ~
+  port: '9001'
+resources:
+  requests:
+    memory: 2Gi
+buckets:
+  - name: allanger
+    policy: none
+    purge: false
+    versioning: true
+metrics:
+  serviceMonitor:
+    enabled: false
+    public: true
+    additionalLabels: {}
+
--- a/badhouseplants/values/values.nrodionov.yaml
+++ b/badhouseplants/values/values.nrodionov.yaml
@@ -0,0 +1,38 @@
+wordpressBlogName: Николай Николаевич Родионов
+wordpressUsername: admin
+wordpressFirstName: Nikolai
+wordpressLastName: Rodionov
+wordpressTablePrefix: wp_
+wordpressScheme: http
+existingWordPressConfigurationSecret: ""
+resources:
+  requests:
+    memory: 300Mi
+    cpu: 10m
+service:
+  type: ClusterIP
+  ports: 
+    http: 8080
+    https: 8443
+
+persistence:
+  enabled: true
+  storageClass: ""
+  accessModes:
+    - ReadWriteOnce
+  accessMode: ReadWriteOnce
+  size: 2Gi
+  dataSource: {}
+  existingClaim: ""
+  selector: {}
+
+mariadb:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true
+      storageClass: ""
+      accessModes:
+        - ReadWriteOnce
+      size: 3Gi
+  
--- a/bin/migrate.sh
+++ b/bin/migrate.sh
@@ -1,3 +1,6 @@
 #kubectl get all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings -l app.kubernetes.io/managed-by=Helm -l app.kubernetes.io/instance=cert-manager -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name | while read -r var1 var2; do kubectl annotate $var1 $var2 "meta.helm.sh/release-namespace"="cert-manager" "meta.helm.sh/release-name"="cert-manager" --overwrite; done

-kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=istio-ingressgateway -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="istio-system" "meta.helm.sh/release-name"="istio-ingressgateway" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done
+argo_instance=$1
+helm_name=$2
+helm_ns=$3
+kubectl get PersistentVolumeClaim,EnvoyFilter,PodDisruptionBudget,sa,ValidatingWebhookConfiguration,all,cm,secret,ing,role,clusterrole,rolebindings,clusterrolebindings,MutatingWebhookConfiguration -l argocd.argoproj.io/instance=$argo_instance -A --no-headers --output  custom-columns="POD-NAME":.kind,"NAMESPACE":.metadata.name,"ns":.metadata.namespace | while read -r var1 var2 var3; do kubectl annotate $var1 $var2 -n $var3 "meta.helm.sh/release-namespace"="$helm_ns" "meta.helm.sh/release-name"="$helm_name" && kubectl label $var1 $var2 -n $var3 app.kubernetes.io/managed-by=Helm; done
--- a/etersoft/values/secrets.minio.yaml
+++ b/etersoft/values/secrets.minio.yaml
@@ -0,0 +1,28 @@
+rootPassword: ENC[AES256_GCM,data:s38LHPKR4UsJE2MvlvIuKllZsYGZxcwssbqMWoPqo11j,iv:iredmR6yFSMxmS7NFwz5kLUxPWdSIImYRLRkICr7sJQ=,tag:Gb+rMEBrVX4dDS+N/quHyA==,type:str]
+users:
+    - accessKey: ENC[AES256_GCM,data:J3pNKKmaius=,iv:Mjbx//mHSfVM4NEsOCdPMw7nZ5N2J1rg/IE8JZxzZ30=,tag:sX3OuZ3RodAn8znacBTu4A==,type:str]
+      secretKey: ENC[AES256_GCM,data:f4PO+T8IRvw5yhFz9Twf3h6vxw==,iv:13ekjlbaTZYDyhMQeM0oJ7/U53ZfhVX/AP20FUnVQ/A=,tag:ZR1YkIl9/6iyWm6leLvQcA==,type:str]
+      policy: ENC[AES256_GCM,data:mjGhLyvFBU5n6ePk,iv:v/ECOoGcnHGjuLgqMZ8yVTLPqdvn1HBVVAaUiD5fBT0=,tag:3tS26PT1Gg8kHUTfSSUH+g==,type:str]
+    - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
+      secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
+      policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaeWFCZlp0VTdkNjV5VDkz
+            QVErMnVJM1hHbXZERnM5b1hvQWdRQ1N3SmpRCmpCaUkyc3pzRm0yTGZtQ3I5b21I
+            R3g5T2hKZzNxZmVKVHNoZU1RaTZlamMKLS0tIDlIUVBLSFVZOElZaktjK0xRYjJa
+            UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
+            vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-19T20:49:43Z"
+    mac: ENC[AES256_GCM,data:LKS2YTDM0VSJwHyItYQ3rdgZgwvJNoHgsQdolduzYZ1RA33RX2b1IvWSufhfTTwR9AWoAYQgjrutyNSjC9ND5hSvvlQ97wAGUwgj9jFseDy5kAFet5QfhQBtWy6ngE3SlzY/zuapHij2b+AbjcRRQ1/6kQ72ht3cM5G7QvBV1bM=,iv:yrl/diVMfiNpBftBvUMLsbN3Lv+tXxVF8dmYi6QW/iM=,tag:O9lIRXDJLnbEaOgc89UO0Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/etersoft/values/values.minio.yaml
+++ b/etersoft/values/values.minio.yaml
@@ -0,0 +1,47 @@
+---
+rootUser: 'overlord'
+replicas: 1
+mode: standalone
+environment:
+  MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443"
+tls:
+  enabled: false
+  certSecret: ''
+  publicCrt: public.crt
+  privateKey: private.key
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 30Gi
+service:
+  type: ClusterIP
+  clusterIP: ~
+  port: '9000'
+consoleService:
+  type: ClusterIP
+  clusterIP: ~
+  port: '9001'
+resources:
+  requests:
+    memory: 0.7Gi
+policies:
+- name: backup
+  statements:
+  - resources:
+      - 'arn:aws:s3:::longhorn/*'
+      - 'arn:aws:s3:::longhorn'
+    actions:
+      - "s3:DeleteObject"
+      - "s3:GetObject"
+      - "s3:ListBucket"
+      - "s3:PutObject"
+buckets:
+  - name: longhorn
+    policy: none
+    purge: false
+    versioning: false
+metrics:
+  serviceMonitor:
+    enabled: false
+    public: true
+    additionalLabels: {}
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -30,6 +30,11 @@ releases:
    installed: true
    namespace: cert-manager
    createNamespace: false
+
+  - <<: *minio
+    installed: true
+    namespace: minio-service
+    createNamespace: false
  
  - <<: *openvpn
    installed: true
--- a/releases.yaml
+++ b/releases.yaml
@@ -45,11 +45,18 @@ templates:
    set: 
      - name: installCRDs
        value: true
+  longhorn: &longhorn
+    name: longhorn
+    chart: longhorn/longhorn
+    version: 1.4.0
+    inherit:
+      - template: default-env-values
  # ----------------------------
  # -- Istio
  # ----------------------------
  istio-version:
    version: 1.16.1
+  
  istio-base: &istio-base
    name: istio-base
    chart: istio/base
@@ -97,4 +104,42 @@ templates:
      - template: default-env-values
      - template: default-env-secrets

+  nrodionov: &nrodionov
+    name: nrodionov
+    chart: bitnami/wordpress
+    version: 15.2.22
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+  
+  minio: &minio
+    name: minio
+    chart: minio/minio
+    version: 5.0.4
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+  
+  minecraft: &minecraft
+    name: minecraft
+    chart: minecraft-server-charts/minecraft
+    version: 4.4.0
+    inherit:
+      - template: default-env-values
+    
+  gitea: &gitea
+    name: gitea
+    chart: gitea/gitea
+    version: 7.0.2
+    inherit: 
+      - template: default-env-values
+      - template: default-env-secrets
+
+  funkwhale: &funkwhale
+    name: funkwhale
+    chart: ananace-charts/funkwhale
+    version: 1.0.0
+    inherit: 
+      - template: default-env-values
+      - template: default-env-secrets

--- a/repositories.yaml
+++ b/repositories.yaml
@@ -10,3 +10,15 @@ repositories:
    url: https://istio-release.storage.googleapis.com/charts
  - name: drone
    url: https://charts.drone.io
+  - name: bitnami
+    url: https://charts.bitnami.com/bitnami
+  - name: minio
+    url: https://charts.min.io/
+  - name: minecraft-server-charts
+    url: https://itzg.github.io/minecraft-server-charts/
+  - name: longhorn
+    url: https://charts.longhorn.io
+  - name: gitea
+    url: https://dl.gitea.io/charts/
+  - name: ananace-charts
+    url: https://ananace.gitlab.io/charts