Some changes for ARM

Issue: #116

Makefile

@@ -2,3 +2,4 @@ create_crb:
 	kubectl create clusterrolebinding drone-deployer-workaround \
 		--clusterrole=cluster-admin  \
   	--serviceaccount=drone-service:default
+

badhouseplants/helmfile.yaml

@@ -5,42 +5,42 @@ releases:
   - <<: *drone
     installed: true
     namespace: drone-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *drone-runner-docker
     installed: true
     namespace: drone-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *longhorn
-    installed: true
+    installed: false
     namespace: longhorn-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *argocd
     installed: true
     namespace: argo-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *nrodionov
     installed: true
     namespace: nrodionov-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *minecraft
     installed: true
     namespace: minecraft-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *gitea
     installed: true
     namespace: gitea-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *funkwhale
     installed: true
     namespace: funkwhale-application
-    createNamespace: false
+    createNamespace: true
 
   - <<: *prometheus
     installed: true
@@ -50,12 +50,12 @@ releases:
   - <<: *loki
     installed: false
     namespace: monitoring-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *promtail
     installed: false
     namespace: monitoring-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *bitwarden
     installed: true
@@ -67,7 +67,7 @@ releases:
     namespace: database-service
     createNamespace: true
 
-  - <<: *postgres
+  - <<: *postgres16
     installed: true
     namespace: database-service
     createNamespace: true
@@ -87,6 +87,11 @@ releases:
     namespace: database-service
     createNamespace: true
 
+  - <<: *docker-mailserver
+    installed: true
+    namespace: mail-service
+    createNamespace: true
+
 
 bases:
   - ../environments.yaml

badhouseplants/values/secrets.bitwarden.yaml

@@ -1,5 +1,7 @@
 env:
     ADMIN_TOKEN: ENC[AES256_GCM,data:ea2lgOEYMi8Dsvun00YZR3PCE3ycNC4Mpe+xye9YL5CTtnyrDwV9Tw==,iv:28Tcn1/qIquS4jCNBTtspB9c+5U3Ut1zoY6gIez8fcs=,tag:POmhoUY3t4w+iTJKK2eHVQ==,type:str]
+smtp:
+    password: ENC[AES256_GCM,data:cs+2Ml3YfZCk8z/KmexGMqzFQRM=,iv:mg8e3oHbLT07pZEdDGwlBchPyT83xOdwKJg9CCaicnc=,tag:NPD+8gKERO8uCuwrFnn3bQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +17,8 @@ sops:
             dzNYMlRnUDIxK2padTRCSzR4UUpWQjQKxex3RqZGU7ekdNC3qIiqdFs7d7a0Pxa1
             amLsaNnBfJ3OqjuD8atF2iCAXy1Q2BcXunkWi3wbzHb/DgYly3n9OQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-16T18:40:43Z"
-    mac: ENC[AES256_GCM,data:tbPAgDQGA8MPnG5mIZLfvsOKdSkpOTK1Oy7uIQJ3DsNtBIt9vSO+vYxNjvfjAHyB6vE1cfx8zJkRcUw8kPh485jOxsM9G1ms/sjZKyJwsJbMjiqxs5zs0E4X9sqpJWiIhILBreZ8IopK4hCd2uLvhoV/HPxW8FV/HnHoCQ5p2Do=,iv:FtgTWFdkxCPOsNiJQWWIUmwYgh5rqRcbM/ToShcSODY=,tag:yc54xWHdq4KnSNxT9breOQ==,type:str]
+    lastmodified: "2023-10-15T12:20:48Z"
+    mac: ENC[AES256_GCM,data:2yRwdYM32eESPuUz+d7m7pTcluDUeOrLgv7iJmhPEnowcU9WvypAZr73w4y4ewc3yvLmmu5uuFjJJhN1+yjwULGUtU1NPdcvXHsGwtlA7KDyYUqwIc4NrD6BAeR7tRQChNVD++2wB43kiGAWAMmieOMt+xHcaWlM2btuLoiwE34=,iv:ZMxA5eu0IJKTRBtoKhyIJiDe/W3zVjzlz3TbO7gpRnU=,tag:ErYqzleh87+wj0uBRah20g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1

badhouseplants/values/secrets.db-instances.yaml

@@ -3,6 +3,10 @@ dbinstances:
         secrets:
             adminUser: ENC[AES256_GCM,data:pKbAQDiOs6k=,iv:yET0mJtdm2baDJHwq1uYEoxye48g2PrMqiOSO3POTBo=,tag:wuIxhHiRzjSRM+uaEo2KNQ==,type:str]
             adminPassword: ENC[AES256_GCM,data:/U3q6RmOYLpxJBAYsJ8f4lV3MB0=,iv:dw7g0E4Gm0YqtgvdcC+bq+YbSRPop3BKLiJfwaz+1io=,tag:NAXnWj4AjgajN94ml/ENsA==,type:str]
+    postgres16:
+        secrets:
+            adminUser: ENC[AES256_GCM,data:1THZrB3Rg+g=,iv:/euSgQUYlJ4HbiqWr3ezwLkds0nwioFHRhXbqTiYR6M=,tag:GSbSxrNrVJKHp9+3+ECVRA==,type:str]
+            adminPassword: ENC[AES256_GCM,data:F+5az4JRH6LMz88duwFp5EDm4AYG,iv:dbsfSSwigBX1cU6XFYu4ZFd15Te0MdGBoq5O9OtqxgM=,tag:uOLhvHSiBEbbos2GzLJZ3g==,type:str]
     mysql:
         secrets:
             adminUser: ENC[AES256_GCM,data:XFEGew==,iv:7aj2J7Qs9mHC5kRZGrg71hwEBP64vEz0qQ+qoPHSgrc=,tag:/Rx5yx7iMU5Gwcmbf5GVSg==,type:str]
@@ -22,8 +26,8 @@ sops:
             Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
             OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-30T15:07:28Z"
-    mac: ENC[AES256_GCM,data:/q/LG+CgBAm666nwu+QCw9beoC8m11R5OYspnUxdwTfAv4h0yqY0Hk599hy+Yqt0brpUpj8hwqCESkt6gufFAklilSYV8SWvea7FxA4Jdbfpj1kfty9d4qMxHrpggId/jPshVAVsF0Ezh1/XbPWpQnTiaAMu2JTVMR9cFR3xvyc=,iv:37EdIo9QoUemTvpHSKD2kdq1FnJpwNXGr8ym0dPX6w8=,tag:ri2ILtd9FvLJf0O5iKOdyg==,type:str]
+    lastmodified: "2023-10-04T02:28:20Z"
+    mac: ENC[AES256_GCM,data:EBNSr29LlLjadOrrk2ZSwH9Ng4YD0pYCrhfupaQPSK5559zUCRIuPuTC5P0sfh5dn7YARrcprAwH68I3Xc3EUWkZabCYcjR+bfbby1s8tjiIIgVcksQJr523CDIXMiezf860M9uyktxWdUQa1TjuEfo0SAkYs0XHEaIQlOloN6c=,iv:v/Al1appBTv7ypplQEz7C2qAnvCDRK3JPCN8+PATeX4=,tag:Ci8eg6xsFyZz35r5p4ie6g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.0

badhouseplants/values/secrets.funkwhale.yaml

@@ -1,7 +1,7 @@
 djangoSecret: ENC[AES256_GCM,data:CxsJVhNxku3pohREaVs=,iv:KDupR8tZlPkPeRwGWzyz+eKtp1tfTdFWqXNuQW20oXo=,tag:lCHqv2CC8cXpnqTr8fGzPg==,type:str]
 postgresql:
     auth:
-        password: ENC[AES256_GCM,data:IKPFpCY0Im2SQquNFM/3umvGfYOt1A==,iv:asWxkKTvez1FxxXto/ulh4CDBvPZ6SovqKnoFEQjG/s=,tag:iqyxZU+jERNgakMcAm+cnQ==,type:str]
+        password: ENC[AES256_GCM,data:RdsyzDU+XesRJkUSllyvfREzbDz68t6RSw==,iv:RpV9BjK9ytpUYJvNGQ5eHXuhNbXSV+Nl9Yib0ac34KM=,tag:Y1K7cfmoyNS6sih0JMjBVQ==,type:str]
 redis:
     auth:
         password: ENC[AES256_GCM,data:fgxZMA13BpFf5FA8JwLUXjlelUgvR4qtg316OALq,iv:numLe3PrsToG0Fbl7+mdbWOBTb7XrgppF09pIVg+rrU=,tag:ivKuF0xFe/s4P1otjLML8g==,type:str]
@@ -20,8 +20,8 @@ sops:
             dWdMUFpOOVJYSXdBbzJiSzhQM0VmbWMKUqdIpfa8i7vASIga8HFurrPf1RgA+WVA
             GZiG+M0i4yc3SooTIwbDzH0orfaEHueKdNTGOXMgxNiRIt2q9BG76g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-29T20:22:20Z"
-    mac: ENC[AES256_GCM,data:G9+rbTp4AXIr97bl4UUUIMsd47Gmwt5IGFJQMSAtKRkCCcWIVK9ac+3nX5g9gOgziKvPE7moETXPAfFjcfOQFvi8bmU7jZnoLr4rOvP7SX1LZEfs9siCCtC1q9S/VrlWhxx/2Cpz1EegM+o2cQepqGr4IoIpboEowKl2yhpZiko=,iv:aRDq9ptB6GrRAvl5b0yyKVTZwOPdtFvSGEIPhlMrZbg=,tag:PsRUQJrBtu3sfLcIhIJbqw==,type:str]
+    lastmodified: "2023-10-04T18:47:37Z"
+    mac: ENC[AES256_GCM,data:Mh6OGkcKMGnmBHIKadpLYfFO3UNLoww4gFW+U7mnu4v87j06h6QHOx4p99TBp8OqK3/ky73FUVLGtm5XFLvMgzM5wpghqwqPa4G9UvgP2zY6GM5HaEw90l9mEtdSw6czs1hi9ChNF3RbIPwowW6KNJoASK08YaSwkRLK3J8T0sM=,iv:9N3hRle1eH5EHEPQeAnKSXSjkhhs1045rgk/WNOP3I8=,tag:bsqCJQE5puKckYMgKZsr3w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.0

badhouseplants/values/secrets.gitea.yaml

@@ -4,9 +4,9 @@ gitea:
         password: ENC[AES256_GCM,data:TnIUSnX7Lj+2N6mWWOvVVmc96DQ=,iv:vjow//IrtvdmTg4jYenwTyUnuBhq7witfzugbE0uq9c=,tag:L5UPa9UK4aB1wY1ilZntzg==,type:str]
     config:
         mailer:
-            ENABLED: ENC[AES256_GCM,data:C2qWn4E=,iv:APUvrTInDdxf1tJ5eFSgxUej8e085HZalsiHY6/Fryc=,tag:MW3KhfU+25EWDzM/+QOZ5A==,type:bool]
+            PASSWD: ENC[AES256_GCM,data:lb1VwH/Bc2XoyB42UrhgCX5ad70=,iv:Eh4R2deZOMGq4LxZadtt6SgrdoSxcArYC2X+czKtns8=,tag:ZCtQguWQt8ARS2rTWCSoSg==,type:str]
         database:
-            PASSWD: ENC[AES256_GCM,data:EVawxgpBgJ1ZlU4F+KFlJZXHq/4=,iv:ZUC7YBQ+RXNKLFEZzAeXfoGqBv9ilGw6Q5ynspAsc78=,tag:Wpb3awtdRLLBNYmmuTUCrA==,type:str]
+            PASSWD: ENC[AES256_GCM,data:mI1RHEThB0bM1bJ/pBioJjvKT3Q=,iv:WSwV4+UzD8HUtA5ipZNu2IVXa4AuQE9k7hTB++AsTgU=,tag:CtU3ValcNw0RSIQVdaHmtw==,type:str]
         session:
             PROVIDER_CONFIG: ENC[AES256_GCM,data:i/N01zYx1H1D1eFiZKOmf4e1LoDBJE5AoN4eZl3h/QKwOEy5x4LNQoF7CbGguCBMvITtYbzXr12VzQ8pxEf17z6nssQ2nNiz84zuBOY9DQqxZLkxS5AmKKgk7XKF/YYYDaavMdJj54gtXoCrDZ58z5Tw8FM0ScTRp2+4RXGMwg==,iv:dKZhe9cOPDhdtK9sJKzCHmimV1vcuAebY8DfaJMqk2Q=,tag:ZhyEepW4wIM1Dv97xn5xBA==,type:str]
         cache:
@@ -33,8 +33,8 @@ sops:
             Ym5KMWw5ZDBBZzJBcHBXdFZiaDZpU0UKNl/GkGP25D7z5a8mVBmoSTfOM3EzymPN
             WW62zIoBHlwLxF9nwj1xCCtcL1XKgiB8nnn4IrY3ljqFc0VkxD9dnQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-29T20:30:31Z"
-    mac: ENC[AES256_GCM,data:jd8jrX6GTAsEMydRfjLPW8XKXs4HgNNMqR0UvzVq0qFl/2zisKYLxtc6m4XBjDLeI8te+nNcJ16XYR0tdayM4PjXzurC9bAMdyI4utv1cRUJdWVxbo2oODWjJ9IAHqwkVHfJOrAJ7j0qamzHr/4h7u2DsLxvHm/lQY2g5zDKPD0=,iv:P215bq4q6iv8fSpU2CvfUhR1Pbr6mpYtv868m2F+M44=,tag:oWzMZOyCuxf2JBiGjDdCKg==,type:str]
+    lastmodified: "2023-10-15T09:58:05Z"
+    mac: ENC[AES256_GCM,data:W7Ml9O6oA5dG59O7eWUEBdRrOdmoXWdib2tzK2zCFfMbjWczS5I7AM3DFKG6+P/kRiEQpjj0OarFvuJ7e23blx0/43UXqjpRCuGqcWkNXQaYaxlye6SDlLjregTUeqo4gyzyXYVpIGikLNBYoufewpdlboVQk8ZheSLSOttrbcE=,iv:IqrjduR0EhuzCCWCCJOHCL0DlS4B66P1Wlucg9R0gk4=,tag:vmq6+uh9q7avpK5Q56+iJA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1

badhouseplants/values/secrets.postgres16.yaml

@@ -0,0 +1,24 @@
+global:
+    postgresql:
+        auth:
+            postgresPassword: ENC[AES256_GCM,data:O5Fvmjipcx7CZ4DKQjRW0isfzoUt,iv:sVl6TFRCKAL5ci+lC4DfX/vZkWwRVg559kq4GU67udY=,tag:dEsoEe1UfvD5rUrI+EYOsg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbENvMm1YQzlSV3UrSEJ4
+            VTZ1RWVKTlpsUDFzQlVjMlJEZmIvaldHVXlFCm9SVzN3Z0dwTGo1Y3dnaHhvSmpi
+            bDIrMlJhbHhKUmRZejdkTmJiSDYvY2MKLS0tIFpRbkwySVh2MDlNWEFNZHVtY2Ns
+            Wmh3Z29ZSlBhbmFJNkFQZlE3aXpMMk0K14rSXjSF08xkil+fFJpeMV+6XChTJ2/3
+            OQecJtg+0NQPyvC+kR5qKq8roiSzNNJgTVg2wwKMdukKVVTbEGi0gA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-10-04T02:27:48Z"
+    mac: ENC[AES256_GCM,data:yyvzDlqm3ZOGAMAWCbA4JBC2xs14dKJ4oGifHCvD6K3cBcLgQLS8MOoQJBVfAfL/lVqYDtQ8qwQl/NbCEAKdqw5mtGRwSGaCExSTfO8PIUZCT69q5lwhAxfSGkhjjup+88MhwdZbe2iqqr0nF/GBYT7exqu6Pj85ZKbeDVBTMUE=,iv:KVuyYWYvtVjFinkY82nPwKI/XX18t4purLInfjSxYlg=,tag:kD0G+keg4veTy+CN7KOo6Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0

badhouseplants/values/values.argocd.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: argocd-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: argo.badhouseplants.net
       service: argocd-server

badhouseplants/values/values.bitwarden.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: bitwarden-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: bitwarden.badhouseplants.net
       service: bitwarden-vaultwarden
@@ -17,21 +17,24 @@ istio:
   pathType: Prefix
 
 env:
-
   SIGNUPS_ALLOWED: false
   DOMAIN: "https://bitwarden.badhouseplants.net"
-  # YUBICO_CLIENT_ID
-  # YUBICO_SECRET_KEY
-  # DATA_FOLDER
-  # DATABASE_URL
-  # ATTACHMENTS_FOLDER
-  # ICON_CACHE_FOLDER
-  # ROCKET_LIMITS
-  # ROCKET_WORKERS
   WEB_VAULT_ENABLED: true
 
 persistence:
   enabled: true
   accessMode: ReadWriteOnce
   size: 800Mi
-  storageClass: longhorn
+  storageClass: longhorn
+
+smtp:
+  host: badhouseplants.net
+  security: "starttls"
+  port: 587
+  from: bitwarden@badhouseplants.net
+  fromName: bitwarden
+  username:
+    value: overlord@badhouseplants.net
+  authMechanism: "Plain"
+  acceptInvalidHostnames: "false"
+  acceptInvalidCerts: "false"

badhouseplants/values/values.db-instances.yaml

@@ -10,6 +10,16 @@ dbinstances:
     generic:
       host: postgres-postgresql
       port: 5432
+  postgres16:
+    monitoring:
+      enabled: false
+    adminSecretRef:
+      Name: postgres16-secret
+      Namespace: database-service
+    engine: postgres
+    generic:
+      host: postgres16-postgresql
+      port: 5432
   mysql:
     monitoring:
       enabled: false

badhouseplants/values/values.docker-mailserver.yaml

@@ -0,0 +1,129 @@
+istio-gateway:
+  enabled: true
+  gateways:
+    - name: badhouseplants-email
+      servers:
+        - hosts:
+            - "*"
+          port:
+            name: smtp
+            number: 25
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: pop3
+            number: 110
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: imap
+            number: 143
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: smtps
+            number: 465
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: submission
+            number: 587
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: imaps
+            number: 993
+            protocol: TCP
+        - hosts:
+            - "*"
+          port:
+            name: pop3s
+            number: 995
+            protocol: TCP
+istio:
+  enabled: true
+  istio:
+    - name: docker-mailserver-smpt
+      kind: tcp
+      gateway: badhouseplants-email
+      service: docker-mailserver
+      hostname: badhouseplants.net
+      port_match: 25
+      port: 25
+    - name: docker-mailserver-smpts
+      kind: tcp
+      gateway: badhouseplants-email
+      port_match: 465
+      hostname: badhouseplants.net
+      service: docker-mailserver
+      port: 465
+    - name: docker-mailserver-smpt-startls
+      kind: tcp
+      gateway: badhouseplants-email
+      hostname: badhouseplants.net
+      port_match: 587
+      service: docker-mailserver
+      port: 587
+    - name: docker-mailserver-imap
+      kind: tcp
+      hostname: badhouseplants.net
+      gateway: badhouseplants-email
+      port_match: 143
+      service: docker-mailserver
+      port: 143
+    - name: docker-mailserver-imaps
+      kind: tcp
+      gateway: badhouseplants-email
+      hostname: badhouseplants.net
+      port_match: 993
+      service: docker-mailserver
+      port: 993
+    - name: docker-mailserver-pop3
+      kind: tcp
+      gateway: badhouseplants-email
+      port_match: 110
+      hostname: badhouseplants.net
+      service: docker-mailserver
+      port: 110
+    - name: docker-mailserver-pop3s
+      kind: tcp
+      gateway: badhouseplants-email
+      port_match: 993
+      hostname: badhouseplants.net
+      service: docker-mailserver
+      port: 993
+    - name: docker-mailserver-rainloop
+      kind: http
+      gateway: istio-system/badhouseplants-net
+      hostname: mail.badhouseplants.net
+      service: docker-mailserver-rainloop
+      port: 80
+
+rainloop:
+  enabled: true
+  ingress:
+    enabled: false
+demoMode:
+  enabled: false
+domains:
+  - badhouseplants.net
+  - mail.badhouseplants.net
+ssl:
+  issuer:
+    name: badhouseplants-issuer
+    kind: ClusterIssuer
+  dnsname: badhouseplants.net
+  dns01provider: cloudflare
+  useExisting: false
+pod:
+  dockermailserver:
+    enable_fail2ban: "0"
+    ssl_type: manual
+service:
+  type: ClusterIP
+spfTestsDisabled: true

badhouseplants/values/values.drone.yaml

@@ -6,7 +6,7 @@ istio:
   enabled: true
   istio:
     - name: drone-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: drone.badhouseplants.net
       service: drone

badhouseplants/values/values.funkwhale.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: funkwhale-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: funkwhale.badhouseplants.net
       service: funkwhale
@@ -15,8 +15,8 @@ istio:
 
 ext-database:
   enabled: true
-  name: funkwhale-postgres
-  instance: postgres
+  name: funkwhale-postgres16
+  instance: postgres16
 
 replicaCount: 1
 celery:
@@ -43,10 +43,10 @@ ingress:
   enabled: false
 postgresql:
   enabled: false
-  host: postgres-postgresql.database-service.svc.cluster.local
+  host: postgres16-postgresql.database-service.svc.cluster.local
   auth:
-    username: funkwhale-application-funkwhale-postgres
-    database: funkwhale-application-funkwhale-postgres
+    username: funkwhale-application-funkwhale-postgres16
+    database: funkwhale-application-funkwhale-postgres16
 
 redis:
   enabled: false

badhouseplants/values/values.gitea.yaml

@@ -8,13 +8,13 @@ istio:
   istio:
     - name: gitea-http
       kind: http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       hostname: git.badhouseplants.net
       service: gitea-http
       port: 3000
     - name: gitea-ssh
       kind: tcp
-      gateway: badhouseplants-ssh
+      gateway: istio-system/badhouseplants-ssh
       hostname: "*"
       port_match: 22
       service: gitea-ssh
@@ -25,8 +25,8 @@ istio:
 # ------------------------------------------
 ext-database:
   enabled: true
-  name: gitea-postgres
-  instance: postgres
+  name: gitea-postgres16
+  instance: postgres16
 # ------------------------------------------
 # -- Kubernetes related values
 # ------------------------------------------
@@ -43,7 +43,7 @@ resources:
 
 persistence:
   enabled: true
-  size: 6Gi
+  size: 8Gi
   accessModes:
     - ReadWriteOnce
 
@@ -61,9 +61,9 @@ gitea:
   config:
     database:
       DB_TYPE: postgres
-      HOST: postgres-postgresql.database-service.svc.cluster.local
-      NAME: gitea-service-gitea-postgres
-      USER: gitea-service-gitea-postgres
+      HOST: postgres16-postgresql.database-service.svc.cluster.local
+      NAME: gitea-service-gitea-postgres16
+      USER: gitea-service-gitea-postgres16
     APP_NAME: Bad Houseplants Gitea
     ui:
       meta:
@@ -101,6 +101,13 @@ gitea:
       ADAPTER: redis
     queue:
       TYPE: redis
+    mailer:
+      ENABLED: true
+      FROM: gitea@badhouseplants.net
+      PROTOCOL: smtp+startls
+      SMTP_ADDR: badhouseplants.net
+      SMTP_PORT: 587
+      USER: overlord@badhouseplants.net
 service:
   ssh:
     type: ClusterIP
@@ -112,4 +119,4 @@ service:
 postgresql-ha:
   enabled: false
 redis-cluster:
-  enabled: false
+  enabled: false

badhouseplants/values/values.istio-gateway-resources.yaml

@@ -0,0 +1,69 @@
+istio-gateway:
+  enabled: true
+  gateways:
+    - name: badhouseplants-net
+      servers:
+        - hosts:
+          - badhouseplants.net
+          - '*.badhouseplants.net'
+          port:
+            name: http
+            number: 80
+            protocol: HTTP2
+          tls:
+            httpsRedirect: true
+        - hosts:
+          - badhouseplants.net
+          - '*.badhouseplants.net'
+          port:
+            name: https
+            number: 443
+            protocol: HTTPS
+          tls:
+            credentialName: badhouseplants-wildcard-tls
+            mode: SIMPLE
+    - name: nrodionov-info
+      servers:
+        - hosts:
+          - nrodionov.info
+          - dev.nrodionov.info
+          port:
+            name: http
+            number: 80
+            protocol: HTTP2
+          tls:
+            httpsRedirect: false
+        - hosts:
+          - nrodionov.info
+          - dev.nrodionov.info
+          port:
+            name: https
+            number: 443
+            protocol: HTTPS
+          tls:
+            credentialName: nrodionov-wildcard-tls
+            mode: SIMPLE
+    - name: badhouseplants-vpn
+      servers:
+        - hosts:
+          - '*'
+          port:
+            name: tcp
+            number: 1194
+            protocol: TCP
+    - name: badhouseplants-ssh
+      servers:
+        - hosts:
+          - '*'
+          port:
+            name: ssh
+            number: 22
+            protocol: TCP
+    - name: badhouseplants-minecraft
+      servers:
+        - hosts:
+          - '*'
+          port:
+            name: minecraft
+            number: 25565
+            protocol: TCP

badhouseplants/values/values.istio-ingressgateway.yaml

@@ -1,4 +1,3 @@
----
 service:
   type: LoadBalancer
   ports:
@@ -22,10 +21,6 @@ service:
       port: 1194
       protocol: TCP
       targetPort: 1194
-    - name: tcp
-      port: 25
-      protocol: TCP
-      targetPort: 25
     # -----------
     # -- Email
     # -----------

badhouseplants/values/values.longhorn.yaml

@@ -5,9 +5,9 @@ defaultSettings:
   guaranteedReplicaManagerCPU: 6
   storageOverProvisioningPercentage: 300
   storageMinimalAvailablePercentage: 5
-  defaultDataPath: /media-longhorn
+  defaultDataPath: /media/longhorn
 csi:
-  kubeletRootDir: /var/snap/microk8s/common/var/lib/kubelet
+  kubeletRootDir: /var/lib/kubelet
 persistence:
-  defaultClassReplicaCount: 1
+  defaultClassReplicaCount: 3
 enablePSP: false

badhouseplants/values/values.mailu.yaml

@@ -21,7 +21,7 @@ istio:
       kind: http
       gateway: badhouseplants-net
       hostname: email.badhouseplants.net
-      service: mailu-front
+      service: mailu-fr ont
       port: 80
     # - name: mailu-smpt
       # kind: tcp

badhouseplants/values/values.metallb-resources.yaml

@@ -0,0 +1,4 @@
+ext-ipaddresspool:
+  enabled: true
+  name: badhouseplants-addresspool
+  addresses: 195.201.250.50-195.201.250.50

badhouseplants/values/values.minecraft.yaml

@@ -18,7 +18,7 @@ istio:
   enabled: true
   istio:
     - name: minecraft-tcp
-      gateway: badhouseplants-minecraft
+      gateway: istio-system/badhouseplants-minecraft
       kind: tcp
       port_match: 25565
       hostname: "*"
@@ -110,7 +110,7 @@ mcbackup:
 # -- Install Plugins
 # ---------------------------------------------
 initContainers:
-  - name: install-prometheus-exporter
+  - name: 0-install-prometheus-exporter
     image: alpine/curl
     command:
       - curl
@@ -122,7 +122,7 @@ initContainers:
       - name: plugins
         mountPath: /data/plugins
         readOnly: false
-  - name: install-password-plugin
+  - name: 0-install-password-plugin
     image: alpine/curl
     command:
       - curl
@@ -134,7 +134,7 @@ initContainers:
       - name: plugins
         mountPath: /data/plugins
         readOnly: false
-  - name: install-gravity-control-plugin
+  - name: 0-install-gravity-control-plugin
     image: alpine/curl
     command:
       - curl
@@ -146,6 +146,29 @@ initContainers:
       - name: plugins
         mountPath: /data/plugins
         readOnly: false
+  - name: 0-install-fast-minecart-plugin
+    image: alpine/curl
+    command:
+      - curl
+      - -L
+      - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar
+      - -o
+      - /data/plugins/FastMinecarts.jar
+    volumeMounts:
+      - name: plugins
+        mountPath: /data/plugins
+  - name: 1-add-plugins-to-minecraft
+    image: alpine/curl
+    command:
+      - sh 
+      - -c 
+      - cp -r /in /out/plugins
+    volumeMounts:
+      - name: plugins
+        mountPath: /in
+        readOnly: false
+      - name: datadir
+        mountPath: /out
 extraVolumes:
   - volumeMounts:
       - name: plugins

badhouseplants/values/values.minio.yaml

@@ -7,13 +7,13 @@ istio:
   enabled: true
   istio:
     - name: minio-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: minio.badhouseplants.net
       service: minio-console
       port: 9001
     - name: s3-http
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: s3.badhouseplants.net
       service: minio

badhouseplants/values/values.nrodionov.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: nrodionov-http
-      gateway: nrodionov-info
+      gateway: istio-system/nrodionov-info
       kind: http
       hostname: dev.nrodionov.info
       service: nrodionov-wordpress

badhouseplants/values/values.openvpn.yaml

@@ -7,24 +7,17 @@ istio:
   enabled: true
   istio:
     - name: openvpn-tcp
-      gateway: badhouseplants-vpn
+      gateway: istio-system/badhouseplants-vpn
       kind: tcp
       port_match: 1194
       hostname: "*"
       service: openvpn
       port: 1194
-    - name: openvpn-tcp-fake-port
-      gateway: badhouseplants-vpn
-      kind: tcp
-      port_match: 25
-      hostname: "*"
-      service: openvpn
-      port: 1194
 # ------------------------------------------
 image:
   tag: v2.6.5-xor-4.0.0beta08
 storage:
-  class: longhorn
+  class: default
   size: 512Mi
 
 openvpn:

badhouseplants/values/values.postgres16.yaml

@@ -0,0 +1,10 @@
+architecture: standalone
+
+auth:
+  database: postgres
+
+persistence:
+  size: 1Gi
+
+metrics:
+  enabled: false

badhouseplants/values/values.prometheus.yaml

@@ -7,7 +7,7 @@ istio:
   enabled: true
   istio:
     - name: grafana-https
-      gateway: badhouseplants-net
+      gateway: istio-system/badhouseplants-net
       kind: http
       hostname: "grafana.badhouseplants.net"
       service: prometheus-grafana

badhouseplants/values/values.rook-ceph-cluster.yaml

@@ -0,0 +1,144 @@
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- Namespace of the main rook operator
+operatorNamespace: rook-ceph
+
+# -- The metadata.name of the CephCluster CR
+# @default -- The same as the namespace
+clusterName:
+
+# -- Optional override of the target kubernetes version
+kubeVersion:
+
+# -- Cluster ceph.conf override
+configOverride:
+# configOverride: |
+#   [global]
+#   mon_allow_pool_delete = true
+#   osd_pool_default_size = 3
+#   osd_pool_default_min_size = 2
+
+# Installs a debugging toolbox deployment
+toolbox:
+  # -- Enable Ceph debugging pod deployment. See [toolbox](../Troubleshooting/ceph-toolbox.md)
+  enabled: false
+  # -- Toolbox image, defaults to the image used by the Ceph cluster
+  image: #quay.io/ceph/ceph:v17.2.6
+  # -- Toolbox tolerations
+  tolerations: []
+  # -- Toolbox affinity
+  affinity: {}
+  # -- Toolbox container security context
+  containerSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 2016
+    runAsGroup: 2016
+    capabilities:
+      drop: ["ALL"]
+  # -- Toolbox resources
+  resources:
+    limits:
+      cpu: "500m"
+      memory: "1Gi"
+    requests:
+      cpu: "100m"
+      memory: "128Mi"
+  # -- Set the priority class for the toolbox if desired
+  priorityClassName:
+
+monitoring:
+  # -- Enable Prometheus integration, will also create necessary RBAC rules to allow Operator to create ServiceMonitors.
+  # Monitoring requires Prometheus to be pre-installed
+  enabled: false
+  # -- Whether to create the Prometheus rules for Ceph alerts
+  createPrometheusRules: false
+  # -- The namespace in which to create the prometheus rules, if different from the rook cluster namespace.
+  # If you have multiple rook-ceph clusters in the same k8s cluster, choose the same namespace (ideally, namespace with prometheus
+  # deployed) to set rulesNamespaceOverride for all the clusters. Otherwise, you will get duplicate alerts with multiple alert definitions.
+  rulesNamespaceOverride:
+  # Monitoring settings for external clusters:
+  # externalMgrEndpoints: <list of endpoints>
+  # externalMgrPrometheusPort: <port>
+  # allow adding custom labels and annotations to the prometheus rule
+  prometheusRule:
+    # -- Labels applied to PrometheusRule
+    labels: {}
+    # -- Annotations applied to PrometheusRule
+    annotations: {}
+
+# -- Create & use PSP resources. Set this to the same value as the rook-ceph chart.
+pspEnable: false
+
+# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
+# imagePullSecrets:
+# - name: my-registry-secret
+
+# All values below are taken from the CephCluster CRD
+# -- Cluster configuration.
+# @default -- See [below](#ceph-cluster-spec)
+cephClusterSpec:
+  resources:
+    mgr:
+      limits:
+        memory: "1Gi"
+      requests:
+        cpu: "200m"
+        memory: "512Mi"
+    mon:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "250m"
+        memory: "1Gi"
+    osd:
+      requests:
+        cpu: "200m"
+        memory: "4Gi"
+    prepareosd:
+      # limits: It is not recommended to set limits on the OSD prepare job
+      #         since it's a one-time burst for memory that must be allowed to
+      #         complete without an OOM kill.  Note however that if a k8s
+      #         limitRange guardrail is defined external to Rook, the lack of
+      #         a limit here may result in a sync failure, in which case a
+      #         limit should be added.  1200Mi may suffice for up to 15Ti
+      #         OSDs ; for larger devices 2Gi may be required.
+      #         cf. https://github.com/rook/rook/pull/11103
+      requests:
+        cpu: "500m"
+        memory: "50Mi"
+    mgr-sidecar:
+      limits:
+        cpu: "500m"
+        memory: "100Mi"
+      requests:
+        cpu: "100m"
+        memory: "40Mi"
+    crashcollector:
+      limits:
+        cpu: "500m"
+        memory: "60Mi"
+      requests:
+        cpu: "100m"
+        memory: "60Mi"
+    logcollector:
+      limits:
+        cpu: "500m"
+        memory: "1Gi"
+      requests:
+        cpu: "100m"
+        memory: "100Mi"
+    cleanup:
+      limits:
+        cpu: "500m"
+        memory: "1Gi"
+      requests:
+        cpu: "500m"
+        memory: "100Mi"
+    exporter:
+      limits:
+        cpu: "250m"
+        memory: "128Mi"
+      requests:
+        cpu: "50m"
+        memory: "50Mi"

common/values.ipaddresspool.yaml

@@ -0,0 +1,14 @@
+---
+ext-ipaddresspool:
+  templates:
+    - |
+        ---
+        apiVersion: metallb.io/v1beta1
+        kind: IPAddressPool
+        metadata:
+          name: "{{ .Values.name }}"
+        spec:
+          addresses:
+            - "{{ .Values.addresses }}"
+          autoAssign: true
+          avoidBuggyIPs: false

common/values.istio-gateway.yaml

@@ -0,0 +1,16 @@
+---
+istio-gateway:
+  templates:
+    - |
+        {{ range .Values.gateways }}
+        ---
+        apiVersion: networking.istio.io/v1beta1
+        kind: Gateway
+        metadata:
+          name: {{ .name }}
+        spec:
+          selector: 
+            istio: ingressgateway
+          servers:
+        {{ toYaml .servers | indent 4 }}
+        {{ end }}

common/values.istio.yaml

@@ -10,7 +10,7 @@ istio:
           name: {{ .name }}
         spec:
           gateways:
-          - "istio-system/{{ .gateway }}"
+          - "{{ .gateway }}"
           hosts:
           -  {{ .hostname | quote }}
           {{- if eq  .kind "http" }}

environments.yaml

@@ -1,5 +1,5 @@
 environments:
   badhouseplants:
-    kubeContext: badhouseplants
+    kubeContext: badhouseplants-arm
   etersoft:
     kubeContext: etersoft

etersoft/values/values.metallb-resources.yaml

@@ -0,0 +1,4 @@
+ext-ipaddresspool:
+  enabled: true
+  name: etersoft-addresspool
+  addresses: 91.232.225.63-91.232.225.63

helmfile.yaml

@@ -7,44 +7,53 @@ bases:
 
 releases:
   - <<: *metrics-server
-    installed: true
+    installed: false
     namespace: kube-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *istio-base
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
   
   - <<: *istio-gateway
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
+
+  - <<: *istio-gateway-resources
+    installed: true
+    namespace: istio-system
+    createNamespace: true
 
   - <<: *istiod
     installed: true
     namespace: istio-system
-    createNamespace: false
+    createNamespace: true
 
   - <<: *cert-manager
     installed: true
     namespace: cert-manager
-    createNamespace: false
+    createNamespace: true
 
   - <<: *minio
     installed: true
     namespace: minio-service
-    createNamespace: false
+    createNamespace: true
 
   - <<: *openvpn
     installed: true
     namespace: openvpn-service
-    createNamespace: false
+    createNamespace: true
   
   - <<: *metallb
     installed: true
     namespace: metallb-system
     createNamespace: true
 
+  - <<: *metallb-resources
+    installed: true
+    namespace: metallb-system
+
 helmfiles:
   - path: {{.Environment.Name }}/helmfile.yaml

releases.yaml

@@ -41,6 +41,14 @@ templates:
   # ----------------------------
   # -- Extensions
   # ----------------------------
+  ext-istio-gateway:
+    dependencies:
+      - chart: bedag/raw
+        version: 2.0.0
+        alias: istio-gateway
+    values:
+      - '{{ requiredEnv "PWD" }}/common/values.istio-gateway.yaml'
+
   ext-istio-resource:
     dependencies:
       - chart: bedag/raw
@@ -79,15 +87,32 @@ templates:
       alias: ext-database
     values:
       - '{{ requiredEnv "PWD" }}/common/values.database.yaml'
-  # ----------------------------
+
+  ext-ipaddresspool:
+    dependencies:
+    - chart: bedag/raw
+      version: 2.0.0
+      alias: ext-ipaddresspool
+    values:
+      - '{{ requiredEnv "PWD" }}/common/values.ipaddresspool.yaml'
+
+  # -------------------------------------------------------------------
   # -- Releases
-  # ----------------------------
+  # -------------------------------------------------------------------
   # -- System
-  # ----------------------------
+  # -- This is what has to be installed first. Without those releases
+  # --  cluster can't function
+  # -------------------------------------------------------------------
+  common-system:
+    labels:
+      layer: system
+
   metrics-server: &metrics-server
     name: metrics-server
     chart: metrics-server/metrics-server
     version: 3.11.0
+    inherit:
+      - template: common-system
     values:
       - common/values.{{ .Release.Name }}.yaml
 
@@ -95,25 +120,89 @@ templates:
     name: metallb
     chart: metallb/metallb
     version: 0.13.11
+    inherit:
+      - template: common-system
+
+  metallb-resources: &metallb-resources
+    name: metallb-resources
+    chart: bedag/raw
+    version: 2.0.0
+    needs: 
+      - metallb
+    inherit: 
+      - template: default-env-values
+      - template: ext-ipaddresspool
+      - template: common-system
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
-    version: 1.13.0
+    version: 1.13.1
+    inherit: 
+      - template: common-system
     set:
       - name: installCRDs
         value: true
+  
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
     version: 1.5.1
     inherit:
       - template: default-env-values
+      - template: common-system
+
+  # ----------------------------
+  # -- Istio
+  # ----------------------------
+  common-istio:
+    labels:
+      bundle: istio
+    version: 1.19.3
+    inherit: 
+      - template: common-system
+
+  istio-base: &istio-base
+    name: istio-base
+    chart: istio/base
+    inherit:
+      - template: crd-management-hook
+      - template: common-istio
+
+  istio-gateway: &istio-gateway
+    name: istio-ingressgateway
+    chart: istio/gateway
+    needs:
+      - istio-base
+      - metallb-system/metallb-resources
+    inherit:
+      - template: common-istio
+      - template: default-env-values
+
+  istiod: &istiod
+    name: istiod
+    chart: istio/istiod
+    needs:
+      - istio-base
+    inherit:
+      - template: common-istio
+      - template: default-env-values
+
+  istio-gateway-resources: &istio-gateway-resources
+    name: istio-gateway-resources
+    chart: bedag/raw
+    version: 2.0.0
+    needs:
+      - istio-base
+    inherit:
+      - template: ext-istio-gateway
+      - template: default-env-values
+      - template: common-system
 
   argocd: &argocd
     name: argocd
     chart: argo/argo-cd
-    version: 5.46.7
+    version: 5.46.8
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -126,7 +215,7 @@ templates:
   prometheus: &prometheus
     name: prometheus
     chart: prometheus-community/kube-prometheus-stack
-    version: 51.2.0
+    version: 51.6.1
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -137,7 +226,7 @@ templates:
   loki: &loki
     name: loki
     chart: grafana/loki
-    version: 5.23.0
+    version: 5.29.0
     inherit:
       - template: monitoring-common
       - template: default-env-values
@@ -149,34 +238,6 @@ templates:
     inherit:
       - template: monitoring-common
       - template: default-env-values
-  # ----------------------------
-  # -- Istio
-  # ----------------------------
-  istio-common:
-    labels:
-      bundle: istio
-    version: 1.19.0
-
-  istio-base: &istio-base
-    name: istio-base
-    chart: istio/base
-    inherit:
-      - template: crd-management-hook
-      - template: istio-common
-
-  istio-gateway: &istio-gateway
-    name: istio-ingressgateway
-    chart: istio/gateway
-    inherit:
-      - template: istio-common
-      - template: default-env-values
-
-  istiod: &istiod
-    name: istiod
-    chart: istio/istiod
-    inherit:
-      - template: istio-common
-      - template: default-env-values
 
   # ----------------------------
   # -- Applications
@@ -216,7 +277,7 @@ templates:
   nrodionov: &nrodionov
     name: nrodionov
     chart: bitnami/wordpress
-    version: 17.1.11
+    version: 18.0.4
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -226,7 +287,7 @@ templates:
   minio: &minio
     name: minio
     chart: minio/minio
-    version: 5.0.13
+    version: 5.0.14
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -235,7 +296,7 @@ templates:
   minecraft: &minecraft
     name: minecraft
     chart: minecraft-server-charts/minecraft
-    version: 4.10.0
+    version: 4.11.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -244,7 +305,7 @@ templates:
   gitea: &gitea
     name: gitea
     chart: gitea/gitea
-    version: 9.4.0
+    version: 9.5.0
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -283,15 +344,15 @@ templates:
   redis: &redis
     name: redis
     chart: bitnami/redis
-    version: 18.1.0
+    version: 18.1.5
     inherit:
       - template: default-env-values
       - template: default-env-secrets
 
-  postgres: &postgres
-    name: postgres
+  postgres16: &postgres16
+    name: postgres16
     chart: bitnami/postgresql
-    version: 12.12.7
+    version: 13.1.4
     inherit:
       - template: default-env-values
       - template: default-env-secrets
@@ -299,7 +360,7 @@ templates:
   db-operator: &db-operator
     name: db-operator
     chart: db-operator/db-operator
-    version: 1.11.0
+    version: 1.11.1
 
   db-instances: &db-instances
     name: db-instances
@@ -312,7 +373,17 @@ templates:
   mysql: &mysql
     name: mysql
     chart: bitnami/mysql
-    version: 9.12.3
+    version: 9.12.5
     inherit:
       - template: default-env-values
       - template: default-env-secrets
+
+  docker-mailserver: &docker-mailserver
+    name: docker-mailserver
+    chart: allanger-gitea/docker-mailserver
+    version: 2.1.3
+    inherit:
+      - template: default-env-values
+      - template: ext-istio-gateway
+      - template: ext-istio-resource
+

scripts/migrate_postgres.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+export PGHOST=$OLD_PGHOST
+export PGPASSWORD=$OLD_PGPASSWORD
+export PGDATABASE=$OLD_PGDATABASE
+DUMP_FILE=/tmp/$PGDATABASE.dump
+pg_dump $PGDATABASE --no-owner --no-privileges -Fc -f $DUMP_FILE -vvv
+
+export PGHOST=$NEW_PGHOST
+export PGPASSWORD=$NEW_PGPASSWORD
+export PGDATABASE=$NEW_PGDATABASE
+pg_restore --no-owner --no-privileges -d $PGDATABASE -Fc $DUMP_FILE -vvv
+
+psql -c "GRANT ALL PRIVILEGES ON DATABASE \"${PGDATABASE}\" to \"${PGDATABASE}\""
+psql -c "GRANT ALL ON SCHEMA public to \"${PGDATABASE}\""
+psql -c "GRANT ALL ON ALL TABLES IN SCHEMA public TO \"${PGDATABASE}\""
+
+rm -f /tmp/output
+
+psql -c "\
+SELECT format(\
+  'ALTER TABLE %I.%I.%I OWNER TO %I;',\
+  table_catalog,\
+  table_schema,\
+  table_name,\
+  '${PGDATABASE}')\
+FROM information_schema.tables \
+WHERE table_schema='public'" | grep ALTER > /tmp/output
+
+psql -c "\
+SELECT format(\
+  'ALTER SEQUENCE %I.%I.%I OWNER TO %I;',\
+  sequence_catalog,\
+  sequence_schema,\
+  sequence_name,\
+  '${PGDATABASE}')\
+FROM information_schema.sequences \
+WHERE sequence_schema='public'" | grep ALTER >> /tmp/output
+
+psql -c "$(cat /tmp/output)"