WIP: Chenge openvpn port

2023-08-08 13:37:53 +02:00
28 changed files with 204 additions and 342 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -105,16 +105,4 @@ steps:
      SOPS_AGE_KEY:
        from_secret: SOPS_AGE_KEY
    commands:
-      - echo "Hey, bud, some helm releases are outdated:" > message_file.tpl
+      - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o
      - cdh --kind helmfile -p $DRONE_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o >> message_file.tpl
  - name: Send telegram notification
    when:
      status:
        - failure
    image: appleboy/drone-telegram
    settings:
      token:
        from_secret: TELEGRAM_TOKEN
      to: 131601077
      message_file: message_file.tpl
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@ -6,17 +6,7 @@ releases:
    installed: true
    namespace: drone-service
    createNamespace: false
-
+  
  - <<: *drone-runner-docker
    installed: true
    namespace: drone-service
    createNamespace: false
  - <<: *tekton-pipeline
    installed: true
    namespace: tekton-service
    createNamespace: true
  - <<: *longhorn
    installed: true
    namespace: longhorn-system
@ -97,3 +87,5 @@ bases:
  - ../environments.yaml
  - ../repositories.yaml
    #helmfiles:
    #  - namespaces.yaml
--- a/badhouseplants/values/secrets.minecraft.yaml
+++ b/badhouseplants/values/secrets.minecraft.yaml
@ -1,28 +0,0 @@
 minecraftServer:
    rcon:
        password: ENC[AES256_GCM,data:7kQAt4R+uN/28Uvn3KnJnOvOcCOf6FEaow==,iv:G20SygTZZ1O2DyPr+/f3XSC3bB4L5p/9CxZkPS5qibY=,tag:O2Ab+AC+Eho6MRm0vC9hHQ==,type:str]
 mcbackup:
    resticEnvs:
        RESTIC_PASSWORD: ENC[AES256_GCM,data:mjrSV6d6a4ZvesYjobhHCVTngw5EQqesAKecSPVY,iv:WSk5V61opvccp/1bhbcO6S+8GcEYVlxk8l6nl++nxc4=,tag:wENZyx6IxJgswetDi8alZA==,type:str]
        AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+4HuGGHaZgPXLX3Sm6U=,iv:qMVfe2BzdJtvHYX7T/6WPt8kCNRdn02Ynew/q9QH1KA=,tag:7JwAloF6HPdBXTGC3kto4w==,type:str]
        AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:yfS/LrX0,iv:HzZmzUOmI0vJ+vPkI2xn2F/w43/BKOGil+SLRwhcG0I=,tag:c+d8nyR5w5mU9F/H0zl/1A==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTWUxY2hYT0dId2hsR0x1
            MXFtRjlSelgwdUcyVnBUdlJ6Nng1UkNJaHg4Ckc5NXBORjBCZHQyc0lDTiswazNF
            cGhKVFFNdlZnRWlxS05OTklOUDJDQjQKLS0tIDNWNDVVWXcxUW8yUHgrOTNkRkQ1
            MGNDV2cvUUF3dWZHSlZNeVFDNXhzalkKubKuiiZuqoZTvRMr2FiUxnFUu+Pvj3Wf
            pZTfZg9rnUukmV+kmwqQKcfoPNfeShhoAsszWwPM628cV9pq87I2/A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-08-15T15:32:19Z"
    mac: ENC[AES256_GCM,data:ghfbBqsdFzQaRehefvpnnFLxp6tYE1K36gXLyN7gdxlvZ20JRn+FMfeUm8IjNKl3fCH2aVdM18v+T4xBs4QSXAWH5R79+HPn6hl7kYXzGJKTdmddj6EFZFXajisIJa2eZpEKPk7uOT6YczcNxNKByKxgHxTXe7SYlIkE6CgLT9w=,iv:inXW7OxvQXPGO4mkJkd/SMVsTBWA+utso26VXb5yNdM=,tag:f/GBzkgI0zgInSdDbHICag==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/badhouseplants/values/secrets.tekton-pipeline.yaml
+++ b/badhouseplants/values/secrets.tekton-pipeline.yaml
@ -1,23 +0,0 @@
 auth:
    git:
        password: ENC[AES256_GCM,data:X1wVDcAeDP9IY/Kry+pP3BayBFJJ4o4NxA==,iv:qVG9R033GKeQxaVpCpN3hUV9d6dGULceEPt70U5psX0=,tag:jgmc/T42T9/JH3PgN6v2qA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdmJzcTFKd1M2dUZyTmxZ
            Mnljc1FCRk9tQUFyWUk4U21kYWR0MVMzSms4CjdCNTFONTJGU1B4bDBOQnp3NEtW
            UDZpTkU4bWFrYVhiV0tUbGRmaTlPTUEKLS0tIHJmTkhGbTZiQkQzR2VHckRoVFVF
            eUtWMXpDWlBwVE1zM1FOMklQd3BhZk0KvJBAxTdAQCHGDd7W2qv/31OblHrX7o0X
            0GCL/z1dw+sG4GS0zwgxVu8jlGzWK8PCZjq5k8bMMzbbKtUNKiShuA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-09-27T04:26:20Z"
    mac: ENC[AES256_GCM,data:Hknt7Td7Tyx/c98Xf7dbsaGRLKO1zzZR34ZarkZtFVyvTcB0kxb5VWeJv+O215UAXEjPE7LUB2gHvhAtgLsAnek55stjZ84ifz923gMKB2ul18TeX4s0oqXyKvKZyv7SKPsVduSA4EutbrOnxLiZCmL8b/u0Y6scUH5pOe7aydg=,iv:vXvdvPE4n6ZYb0CXZZppWuvFFOlDEM2dMiiUwVTTTvE=,tag:gfNWefDG3cC1QzNGwgs5mQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.0
--- a/badhouseplants/values/values.funkwhale.yaml
+++ b/badhouseplants/values/values.funkwhale.yaml
@ -53,4 +53,3 @@ redis:
  host: redis-master.database-service.svc.cluster.local
  auth:
    enabled: true
  database: 3
--- a/badhouseplants/values/values.istio-ingressgateway.yaml
+++ b/badhouseplants/values/values.istio-ingressgateway.yaml
@ -22,10 +22,10 @@ service:
      port: 1194
      protocol: TCP
      targetPort: 1194
-    - name: tcp
+    - name: ovpn2
-      port: 25
+      port: 1195
      protocol: TCP
-      targetPort: 25
+      targetPort: 1195
    # -----------
    # -- Email
    # -----------
--- a/badhouseplants/values/values.minecraft.yaml
+++ b/badhouseplants/values/values.minecraft.yaml
@ -30,11 +30,10 @@ istio:
 image:
  tag: java17-graalvm-ce
  pullPolicy: Always
 resources:
  requests:
-    memory: 3Gi
+    memory: 512Mi
-    cpu: 256m
+    cpu: 50m
  limits:
    memory: 3Gi
@ -43,7 +42,6 @@ lifecycle:
    - bash
    - -c
    - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345
 readinessProbe:
  command:
    - mc-health
@ -52,9 +50,7 @@ readinessProbe:
  timeoutSeconds: 10
 livenessProbe:
  timeoutSeconds: 10
 minecraftServer:
  overrideServerProperties: true
  eula: "TRUE"
  onlineMode: false
  difficulty: hard
@ -62,14 +58,10 @@ minecraftServer:
  version: 1.20.1
  maxWorldSize: 90000
  type: "PAPER"
-  paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar
+  paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/100/downloads/paper-1.20.1-100.jar
  gameMode: survival
  pvp: true
-  rcon:
+  memory: 2512M
    enabled: true
    withGeneratedPassword: false
    port: 25575
    serviceType: ClusterIP
  extraPorts:
    - name: metrics
      containerPort: 9225
@ -87,28 +79,6 @@ persistence:
  dataDir:
    enabled: true
    Size: 15Gi
 mcbackup:
  enabled: true
  backupInterval: 2h
  pauseIfNoPlayers: "false"
  pruneBackupsDays: 2
  rconRetries: 5
  rconRetryInterval: 10s
  excludes: "*.jar,cache,logs"
  backupMethod: restic
  resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft
  resticAdditionalTags: "mc_backups"
  pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2"
  resources:
    requests:
      memory: 512Mi
      cpu: 100m
  persistence:
    backupDir:
      enabled: false
 # ---------------------------------------------
 # -- Install Plugins
 # ---------------------------------------------
 initContainers:
  - name: install-prometheus-exporter
    image: alpine/curl
@ -134,18 +104,6 @@ initContainers:
      - name: plugins
        mountPath: /data/plugins
        readOnly: false
  - name: install-gravity-control-plugin
    image: alpine/curl
    command:
      - curl
      - -L
      - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar
      - -o
      - /data/plugins/GravityControl-1.3.0.jar
    volumeMounts:
      - name: plugins
        mountPath: /data/plugins
        readOnly: false
 extraVolumes:
  - volumeMounts:
      - name: plugins
--- a/badhouseplants/values/values.mysql.yaml
+++ b/badhouseplants/values/values.mysql.yaml
@ -4,3 +4,4 @@ primary:
 auth:
  createDatabase: false
--- a/badhouseplants/values/values.openvpn.yaml
+++ b/badhouseplants/values/values.openvpn.yaml
@ -9,35 +9,14 @@ istio:
    - name: openvpn-tcp
      gateway: badhouseplants-vpn
      kind: tcp
-      port_match: 1194
+      port_match: 1195
      hostname: "*"
      service: openvpn
      port: 1194
    - name: openvpn-tcp-fake-port
      gateway: badhouseplants-vpn
      kind: tcp
      port_match: 25
      hostname: "*"
      service: openvpn
      port: 1194
 # ------------------------------------------
 image:
  tag: v2.6.5-xor-4.0.0beta08
 storage:
  class: longhorn
  size: 512Mi
 storageClassName: longhorn
 openvpn:
-  proto: tcp
+  server: "tcp://195.201.250.50:1195"
  host: 195.201.250.50
 easyrsa:
  cn: Bad Houseplants
  country: Germany
  province: NRW
  city: Duesseldorf
  org: Bad Houseplants
  email: allanger@zohomail.com
 service:
  type: ClusterIP
  port: 1194
--- a/badhouseplants/values/values.tekton-pipeline.yaml
+++ b/badhouseplants/values/values.tekton-pipeline.yaml
@ -1,4 +0,0 @@
 auth:
  git:
    username: tekton
    url: https://git.badhouseplants.net
--- a/docs/restic.md
+++ b/docs/restic.md
@ -1,7 +0,0 @@
 # Restic
 We are using restic for backing up the Minecraft server
 ## How to restore
 TODO: Describe the restoration process
--- a/etersoft/helmfile.yaml
+++ b/etersoft/helmfile.yaml
@ -1,5 +0,0 @@
 ---
 bases:
  - ../environments.yaml
  - ../repositories.yaml
--- a/etersoft/values/secrets.drone-runner-docker.yaml
+++ b/etersoft/values/secrets.drone-runner-docker.yaml
@ -0,0 +1,22 @@
 env:
    DRONE_RPC_SECRET: ENC[AES256_GCM,data:RAZbnTrv9PxiCLLqjKWBtFWd+Nzqma8Zw+NuKRLO,iv:IiFcTQGUmYa6UCBzx1yTDd0zwB6D1Cv0raXZxLXm1qA=,tag:83bnBW+MhkKehZfso3g+/g==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVk0yaTlySHpuOWFFT3J5
            Z210NzJPTmV0akdFQ1REM1JzK0pwTC9XWjJJCm54QmQ3ODJwakZuamMzYTBIeEJi
            aUxKNmQ3dU52V2N2cjl5VTJpTTAwWGsKLS0tIDFyR2o2VnQ4QWFCWWRzZGNMZnNQ
            em1VMlhBNGRrVFhXVUVRdU16Q1Q4bUEKvZ6UbZsfdvfCk37FlEN4vg0RTnPO2nwh
            DY4klzcan+9DBRT2qdIIy6pj94GuSoXKXEYc9X0AvYab/HoLithMWA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-05-21T09:27:21Z"
    mac: ENC[AES256_GCM,data:U2JETtW0lbb2znJBupGMPsab13y5M1v1N0wkFxEBs+YVNFhnkvIqSZiY5mq9KTYiY4tRzw1kV+jqP0jNsODekCI1++4NBuQsGSZFUoTERHgTRlnz1aAS+nf39lvYnWyQxsQmw9vY/GQ/yluBJkOEV/EoIF3wHjxZe1HCBIViPyk=,iv:WMj7aSgW8LdNQbOgC4FcyOtR/3gjckiHO8vlZGdiTeY=,tag:Xty2QVLJ/D2dlzQY13od5w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/etersoft/values/values.drone-runner-docker.yaml
+++ b/etersoft/values/values.drone-runner-docker.yaml
@ -0,0 +1,16 @@
 ---
 env:
  DRONE_RPC_HOST: drone.badhouseplants.net
  DRONE_RPC_PROTO: https
  DRONE_NAMESPACE_DEFAULT: drone-service
 rbac:
  buildNamespaces:
    - drone-service
 dind:
  resources:
    limits:
      cpu: 2000m
      memory: 2024Mi
    requests:
      cpu: 100m
      memory: 512Mi
--- a/etersoft/values/values.minio.yaml
+++ b/etersoft/values/values.minio.yaml
@ -71,8 +71,6 @@ policies:
    - resources:
        - 'arn:aws:s3:::longhorn/*'
        - 'arn:aws:s3:::longhorn'
        - 'arn:aws:s3:::restic/*'
        - 'arn:aws:s3:::restic'
      actions:
        - "s3:DeleteObject"
        - "s3:GetObject"
@ -83,10 +81,6 @@ buckets:
    policy: none
    purge: false
    versioning: false
  - name: restic
    policy: none
    purge: false
    versioning: false
 metrics:
  serviceMonitor:
    enabled: false
--- a/etersoft/values/values.openvpn.yaml
+++ b/etersoft/values/values.openvpn.yaml
@ -14,9 +14,7 @@ istio:
      service: openvpn
      port: 1194
-storage:
+storageClassName: microk8s-hostpath
  class: microk8s-hostpath
  size: 5Gi
 openvpn:
  server: "tcp://91.232.225.63:1194"
 service:
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -46,5 +46,11 @@ releases:
    namespace: metallb-system
    createNamespace: true
  - <<: *drone-runner-docker
    installed: true
    namespace: drone-service
    createNamespace: false
 helmfiles:
  - path: {{.Environment.Name }}/helmfile.yaml
--- a/manifests/metallb/badhouseplants-ip.yaml
+++ b/manifests/metallb/badhouseplants-ip.yaml
@ -1,9 +1,10 @@
 # addresspool.yaml
 ---
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: custom-addresspool
  namespace: metallb-system
-spec:
+spec: 
  addresses:
-    - 195.201.250.50-195.201.250.50
+  - 195.201.250.50-195.201.250.50
--- a/manifests/debug/istio-stuff.yaml
+++ b/manifests/debug/istio-stuff.yaml
@ -0,0 +1,17 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
  name: proxy-protocol
  namespace: istio-system
 spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: LISTENER
    patch:
      operation: MERGE
      value:
        listener_filters:
        - name: envoy.listener.proxy_protocol
--- a/manifests/debug/proxy-prot.yaml
+++ b/manifests/debug/proxy-prot.yaml
@ -0,0 +1,17 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: EnvoyFilter
 metadata:
  name: proxy-protocol
  namespace: istio-system
 spec:
  configPatches:
  - applyTo: LISTENER
    patch:
      operation: MERGE
      value:
        listener_filters:
        - name: envoy.listener.proxy_protocol
        - name: envoy.listener.tls_inspector
  workloadSelector:
    labels:
      istio: ingressgateway
--- a/manifests/debug/test.yaml
+++ b/manifests/debug/test.yaml
@ -0,0 +1,83 @@
 apiVersion: networking.istio.io/v1alpha3
 kind: Gateway
 metadata:
  name: httpbin-gateway
 spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP2
    hosts:
    - "test.badhouseplants.net"
  - hosts:
    - "test.badhouseplants.net"
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: badhouseplants-wildcard-tls
      mode: SIMPLE
 ---
 apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
  name: httpbin
 spec:
  hosts:
  - "test.badhouseplants.net"
  gateways:
  - httpbin-gateway
  http:
  - route:
    - destination:
        host: httpbin
        port:
          number: 8000
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: httpbin
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: httpbin
  labels:
    app: httpbin
    service: httpbin
 spec:
  ports:
  - name: http
    port: 8000
    targetPort: 80
  selector:
    app: httpbin
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: httpbin
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: docker.io/kong/httpbin
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80
--- a/manifests/metallb/etersoft-ip.yaml
+++ b/manifests/metallb/etersoft-ip.yaml
@ -1,9 +1,10 @@
 # addresspool.yaml
 ---
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: custom-addresspool
  namespace: metallb-system
-spec:
+spec: 
  addresses:
-    - 91.232.225.63-91.232.225.63
+  - 91.232.225.63-91.232.225.63
--- a/manifests/git_clone.yaml
+++ b/manifests/git_clone.yaml
@ -1,80 +0,0 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: git-clone-repo
  namespace: tekton-jobs
 spec:
  workspaces:
    - name: src
      mountPath: /src
  params:
    - name: url
  steps:
    - name: Git Clone
      image: alpine/git
      script: |
        #!/bin/bash
 ---
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: write
  namespace: tekton-jobs
 spec:
  workspaces:
    - name: src
      mountPath: /custom/path/relative/to/root
  steps:
    - name: goodbye
      image: ubuntu
      script: |
        #!/bin/bash
        cat $(workspaces.src.path)/check
 ---
 apiVersion: tekton.dev/v1beta1
 kind: Pipeline
 metadata:
  name: hello-goodbye
  namespace: tekton-jobs
 spec:
  tasks:
    - name: read
      taskRef:
        name: read
      workspaces:
        - name: src
          workspace: src
    - name: write
      runAfter:
        - read
      taskRef:
        name: read
      workspaces:
        - name: src
          workspace: src
  workspaces:
    - name: src
 ---
 apiVersion: tekton.dev/v1beta1
 kind: PipelineRun
 metadata:
  name: hello-goodbye-run
  namespace: tekton-jobs
 spec:
  pipelineRef:
    name: hello-goodbye
    namespace: tekton-jobs
  params:
    - name: username
      value: "Tekton"
  workspaces:
    - name: src
      volumeClaimTemplate:
        spec:
          accessModes:
            - ReadWriteOnce # access mode may affect how you can use this volume in parallel tasks
          resources:
            requests:
              storage: 1Gi
--- a/manifests/tekton/cdh.yaml
+++ b/manifests/tekton/cdh.yaml
@ -1,13 +0,0 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: check-da-helm
  namespace: tekton-pipelines
 spec:
  params:
    - name: environment
      type: string
  steps:
    - name: check-da-helm
      image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable
      script: "cdh --kind helmfile -p helmfile.yaml --helmfile-environment  \n"
--- a/manifests/tekton/gitea-event-listener.yaml
+++ b/manifests/tekton/gitea-event-listener.yaml
@ -1,13 +0,0 @@
 ---
 apiVersion: triggers.tekton.dev/v1beta1
 kind: EventListener
 metadata:
  name: gitea-webhook
 spec:
  serviceAccountName: pipeline
  triggers:
    - name: tekton-greeter-webhook
      bindings:
        - ref: gitea-triggerbinding
      template:
        ref: tekton-greeter-trigger-template
--- a/message_file.tpl
+++ b/message_file.tpl
--- a/releases.yaml
+++ b/releases.yaml
@ -26,33 +26,6 @@ templates:
        args:
          - -c
          - "helm show crds {{ .Release.Chart }} --version {{ .Release.Version }} | kubectl delete -f - || true"
  tekton-triggers-hook:
    hooks:
      - events: ["preapply"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - |
            kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml \
              && kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml
      - events: ["prepare"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - |
            kubectl diff  -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml || true \
              && kubectl diff -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml || true
      - events: ["postuninstall"]
        showlogs: true
        command: "sh"
        args:
          - -c
          - |
            kubectl delete  -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/release.yaml \
              && kubectl delete -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.25.0/interceptors.yaml
  # ----------------------------
  # -- Configs
  # ----------------------------
@ -121,12 +94,12 @@ templates:
  metallb: &metallb
    name: metallb
    chart: metallb/metallb
-    version: 0.13.11
+    version: 0.13.10
  cert-manager: &cert-manager
    name: cert-manager
    chart: jetstack/cert-manager
-    version: 1.12.4
+    version: 1.12.3
    set:
      - name: installCRDs
        value: true
@ -140,7 +113,7 @@ templates:
  argocd: &argocd
    name: argocd
    chart: argo/argo-cd
-    version: 5.46.2
+    version: 5.42.2
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -153,7 +126,7 @@ templates:
  prometheus: &prometheus
    name: prometheus
    chart: prometheus-community/kube-prometheus-stack
-    version: 51.0.0
+    version: 48.3.1
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -164,7 +137,7 @@ templates:
  loki: &loki
    name: loki
    chart: grafana/loki
-    version: 5.20.0
+    version: 5.10.0
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -172,7 +145,7 @@ templates:
  promtail: &promtail
    name: promtail
    chart: grafana/promtail
-    version: 6.15.1
+    version: 6.14.1
    inherit:
      - template: monitoring-common
      - template: default-env-values
@ -182,7 +155,7 @@ templates:
  istio-common:
    labels:
      bundle: istio
-    version: 1.19.0
+    version: 1.18.2
  istio-base: &istio-base
    name: istio-base
@ -210,8 +183,8 @@ templates:
  # ----------------------------
  openvpn: &openvpn
    name: openvpn
-    chart: allanger-gitea/openvpn
+    chart: allanger-charts/openvpn
-    version: 1.0.6
+    version: 1.0.3
    inherit:
      - template: default-env-values
      - template: ext-istio-resource
@ -224,7 +197,7 @@ templates:
  drone: &drone
    name: drone
    chart: drone/drone
-    version: 0.6.5
+    version: 0.6.4
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -240,19 +213,10 @@ templates:
      - template: default-env-secrets
      - template: drone-common
  tekton-pipeline: &tekton-pipeline
    name: tekton-pipeline
    chart: cdf/tekton-pipeline
    version: 1.0.2
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: tekton-triggers-hook
  nrodionov: &nrodionov
    name: nrodionov
    chart: bitnami/wordpress
-    version: 17.1.7
+    version: 17.0.4
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -271,16 +235,15 @@ templates:
  minecraft: &minecraft
    name: minecraft
    chart: minecraft-server-charts/minecraft
-    version: 4.9.6
+    version: 4.9.3
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-istio-resource
  gitea: &gitea
    name: gitea
    chart: gitea/gitea
-    version: 9.4.0
+    version: 9.1.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -290,7 +253,7 @@ templates:
  funkwhale: &funkwhale
    name: funkwhale
    chart: ananace-charts/funkwhale
-    version: 2.0.3
+    version: 2.0.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -319,7 +282,7 @@ templates:
  redis: &redis
    name: redis
    chart: bitnami/redis
-    version: 18.0.4
+    version: 17.14.6
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -327,7 +290,7 @@ templates:
  postgres: &postgres
    name: postgres
    chart: bitnami/postgresql
-    version: 12.11.1
+    version: 12.8.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -335,7 +298,7 @@ templates:
  db-operator: &db-operator
    name: db-operator
    chart: db-operator/db-operator
-    version: 1.10.1
+    version: 1.9.1
  db-instances: &db-instances
    name: db-instances
@ -348,7 +311,7 @@ templates:
  mysql: &mysql
    name: mysql
    chart: bitnami/mysql
-    version: 9.12.2
+    version: 9.10.10
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/repositories.yaml
+++ b/repositories.yaml
@ -2,6 +2,8 @@
 repositories:
  - name: metrics-server
    url: https://kubernetes-sigs.github.io/metrics-server/
  - name: allanger-charts
    url: https://allanger.github.io/allanger-charts
  - name: jetstack
    url: https://charts.jetstack.io
  - name: istio
@ -35,6 +37,4 @@ repositories:
  - name: db-operator
    url: https://db-operator.github.io/charts
  - name: allanger-gitea
-    url: https://git.badhouseplants.net/api/packages/allanger/helm
+    url:  https://git.badhouseplants.net/api/packages/allanger/helm
  - name: cdf
    url: https://cdfoundation.github.io/tekton-helm-chart/
`@ -4,3 +4,4 @@ primary:`

	`auth:`	`auth:`
	`createDatabase: false`	`createDatabase: false`