Remove the storage installation

chore(deps): update redis docker tag to v20.7.1
chore(deps): update helm release renovate to v39.171.0
2025-02-17 22:52:23 +01:00 · 2025-02-17 21:48:14 +00:00 · 2025-02-17 21:48:09 +00:00 · 2025-02-17 22:47:33 +01:00 · 2025-02-11 15:39:19 +01:00 · 2025-02-09 16:41:53 +01:00
84 changed files with 2032 additions and 937 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -11,10 +11,10 @@ repos:
          (?x)^(
            .*secrets.*yaml
          )$
-  - repo: https://github.com/codespell-project/codespell
+          #  - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.4
+          #    rev: v2.2.4
-    hooks:
+          #    hooks:
-      - id: codespell
+          #      - id: codespell
  - repo: local
    hooks:
      - id: check-sops-secrets
--- a/charts/tf-ocloud/Chart.yaml
+++ b/charts/tf-ocloud/Chart.yaml
@ -9,7 +9,7 @@ maintainers:
    url: https://badhouseplants.net
 dependencies:
  - name: helm-library
-    version: 0.1.4
+    version: 0.1.5
    repository: oci://ghcr.io/allanger/allangers-helm-library
 annotations:
  allowed_workload_kinds: "Deployment"
--- a/common/environments.yaml
+++ b/common/environments.yaml
@ -21,8 +21,6 @@ environments:
      - redis:
          enabled: true
      - istio:
          enabled: false
      - teleport:
          enabled: true
  etersoft:
    kubeContext: etersoft
@ -47,8 +45,6 @@ environments:
          enabled: true
      - istio:
          enabled: false
      - teleport:
          enabled: false
  xray-1:
    kubeContext: xray-1
    values:
@ -72,8 +68,6 @@ environments:
          enabled: false
      - istio:
          enabled: false
      - teleport:
          enabled: false
  xray-2:
    kubeContext: xray-2
    values:
@ -97,5 +91,3 @@ environments:
          enabled: false
      - istio:
          enabled: false
      - teleport:
          enabled: false
--- a/common/templates.yaml
+++ b/common/templates.yaml
@ -37,6 +37,12 @@ templates:
  default-env-secrets:
    secrets:
      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/secrets.{{ `{{ .Release.Name }}` }}.yaml'
  env-values:
    values:
      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/values.yaml'
  env-secrets:
    secrets:
      - '{{ requiredEnv "PWD" }}/values/{{ .Environment.Name }}/{{ `{{ .Release.Namespace }}` }}/{{ `{{ .Release.Name }}` }}/secrets.yaml'
  # ----------------------------
  # -- Extensions
  # ----------------------------
--- a/installations/applications/helmfile-badhouseplants.yaml
+++ b/installations/applications/helmfile-badhouseplants.yaml
@ -1,41 +1,21 @@
 bases:
  - ../../common/environments.yaml
  - ../../common/templates.yaml
 repositories:
  - name: softplayer-oci
    url: zot.badhouseplants.net/softplayer/helm
    oci: true
  - name: allanger-oci
    url: zot.badhouseplants.net/allanger/helm
    oci: true
  - name: requarks
    url: https://charts.js.wiki
  - name: ananace-charts
    url: https://ananace.gitlab.io/charts
  - name: gitea
    url: https://dl.gitea.io/charts/
  - name: mailu
    url: https://mailu.github.io/helm-charts/
  - name: bedag
    url: https://bedag.github.io/helm-charts/
  - name: bitnami
    url: https://charts.bitnami.com/bitnami
  - name: allangers-charts
    url: ghcr.io/allanger/allangers-charts
    oci: true
  - name: robjuz
    url: https://robjuz.github.io/helm-charts/
  - name: badhouseplants-helm
    url: git+https://gitea.badhouseplants.net/badhouseplants/badhouseplants-helm@charts?ref=main
  - name: bedag
    url: https://bedag.github.io/helm-charts/
  - name: open-strike
    url: git+https://gitea.badhouseplants.net/badhouseplants/open-strike-2.git@helm?ref=main
 releases:
  - name: funkwhale
    chart: ananace-charts/funkwhale
    namespace: applications
    version: 2.0.5
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: gitea
    chart: gitea/gitea
    version: 10.6.0
@ -45,29 +25,23 @@ releases:
      - template: default-env-secrets
      - template: ext-database
      - template: ext-tcp-routes
-  - name: openvpn
+
-    chart: allangers-charts/openvpn
+  - name: app-vaultwarden
    version: 0.0.2
    namespace: applications
    inherit:
      - template: default-env-values
      - template: ext-tcp-routes
  - name: vaultwarden
    chart: allangers-charts/vaultwarden
-    version: 2.3.0
+    version: 3.0.0
-    namespace: applications
+    namespace: org-badhouseplants
    inherit:
-      - template: default-env-values
+      - template: env-values
-      - template: default-env-secrets
+      - template: env-secrets
-      - template: ext-database
+
-  - name: stalwart
+  - name: app-stalwart
    chart: allangers-charts/stalwart
-    version: 0.4.0
+    version: 1.0.1
-    namespace: applications
+    namespace: org-badhouseplants
    inherit:
-      - template: default-env-values
+      - template: env-values
-      - template: default-env-secrets
+      - template: env-secrets
-      - template: ext-tcp-routes
+
  - name: navidrome
    chart: allangers-charts/navidrome
    namespace: applications
@ -75,34 +49,44 @@ releases:
    inherit:
      - template: default-env-values
      - template: ext-traefik-middleware
  - name: navidrome-private
    chart: allangers-charts/navidrome
    namespace: applications
    version: 0.2.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: server-xray-public
    chart: allangers-charts/server-xray
    namespace: public-xray
-    version: 0.4.0
+    version: 0.5.0
    inherit:
      - template: default-env-secrets
      - template: default-env-values
      - template: ext-tcp-routes
      - template: ext-cilium
      - template: ext-certificate
  - name: server-xray-public-edge
    chart: allangers-charts/server-xray
-    installed: false
+    installed: true
    namespace: public-xray
-    version: 0.4.0
+    version: 0.5.0
    inherit:
      - template: default-env-secrets
      - template: default-env-values
      - template: ext-tcp-routes
      - template: ext-cilium
-  - name: vaultwardentest
+      - template: ext-certificate
-    chart: allangers-charts/vaultwarden
+
-    version: 2.4.0
+  - name: memos
    chart: allangers-charts/memos
    version: 0.1.0
    namespace: applications
    installed: false
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: badhouseplants-net
--- a/installations/applications/helmfile-etersoft.yaml
+++ b/installations/applications/helmfile-etersoft.yaml
@ -8,6 +8,8 @@ repositories:
  - name: gabe565
    url: ghcr.io/gabe565/charts
    oci: true
  - name: xray-docs
    url: git+https://gitea.badhouseplants.net/badhouseplants/xray-docs.git@helm?ref=main
 releases:
  - name: openvpn
    chart: allangers-charts/openvpn
@ -18,7 +20,7 @@ releases:
      - template: ext-tcp-routes
  - name: qbittorrent
    chart: gabe565/qbittorrent
-    version: 0.3.7
+    version: 0.4.0
    namespace: applications
    inherit:
      - template: default-env-values
@ -32,12 +34,6 @@ releases:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-database
  - name: tf-ocloud
    chart: ../../charts/tf-ocloud
    namespace: pipelines
    installed: false
    inherit:
      - template: default-env-secrets
  - name: nrodionov
    chart: bitnami/wordpress
@ -47,3 +43,26 @@ releases:
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: external-service-xray
    chart: ../../kustomizations/external-service-xray
    installed: true
    namespace: public-xray
  - name: server-xray-public
    chart: allangers-charts/server-xray
    namespace: public-xray
    version: 0.5.0
    inherit:
      - template: default-env-secrets
      - template: default-env-values
      - template: ext-tcp-routes
      - template: ext-cilium
      - template: ext-certificate
  - name: xray-docs
    chart: xray-docs/xray-docs
    installed: true
    namespace: public-xray
    inherit:
      - template: default-env-values
--- a/installations/applications/helmfile-xray-1.yaml
+++ b/installations/applications/helmfile-xray-1.yaml
@ -9,7 +9,7 @@ releases:
  - name: server-xray-public
    chart: allangers-charts/server-xray
    namespace: public-xray
-    version: 0.4.0
+    version: 0.5.0
    inherit:
      - template: default-env-secrets
      - template: default-env-values
--- a/installations/applications/helmfile-xray-2.yaml
+++ b/installations/applications/helmfile-xray-2.yaml
@ -9,7 +9,7 @@ releases:
  - name: server-xray-public
    chart: allangers-charts/server-xray
    namespace: public-xray
-    version: 0.4.0
+    version: 0.5.0
    inherit:
      - template: default-env-secrets
      - template: default-env-values
--- a/installations/databases/helmfile.yaml
+++ b/installations/databases/helmfile.yaml
@ -3,7 +3,8 @@ bases:
  - ../../common/templates.yaml
 repositories:
  - name: bitnami
-    url: https://charts.bitnami.com/bitnami
+    url: registry-1.docker.io/bitnamicharts
    oci: true
  - name: bedag
    url: https://bedag.github.io/helm-charts/
 releases:
@ -11,7 +12,7 @@ releases:
    chart: bitnami/redis
    namespace: databases
    condition: redis.enabled
-    version: 20.3.0
+    version: 20.7.1
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -31,7 +32,7 @@ releases:
    namespace: databases
    chart: bitnami/postgresql
    condition: postgres17.enabled
-    version: 16.0.6
+    version: 16.3.4
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/installations/games/helmfile.yaml
+++ b/installations/games/helmfile.yaml
@ -6,11 +6,23 @@ repositories:
    url: https://bedag.github.io/helm-charts/
  - name: minecraft
    url: https://itzg.github.io/minecraft-server-charts/
  - name: allangers-charts
    url: ghcr.io/allanger/allangers-charts
    oci: true
 releases:
  - name: minecraft
    chart: minecraft/minecraft
    namespace: games
-    version: 4.23.2
+    version: 4.23.7
    inherit:
      - template: ext-tcp-routes
      - template: default-env-values
      - template: default-env-secrets
  - name: team-fortress-2
    chart: allangers-charts/team-fortress-2
    namespace: team-fortress-2
    version: 0.1.2
    inherit:
      - template: ext-tcp-routes
      - template: default-env-values
--- a/installations/monitoring/helmfile.yaml
+++ b/installations/monitoring/helmfile.yaml
@ -12,7 +12,7 @@ releases:
  - name: prometheus
    chart: prometheus-community/kube-prometheus-stack
    namespace: observability
-    version: 66.2.1
+    version: 68.5.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
@ -20,7 +20,7 @@ releases:
  - name: grafana
    chart: grafana/grafana
    namespace: observability
-    version: 8.6.0
+    version: 8.9.0
    installed: true
    inherit:
      - template: default-env-values
@ -28,7 +28,7 @@ releases:
  - name: loki
    chart: grafana/loki
    namespace: observability
-    version: 6.19.0
+    version: 6.25.1
    inherit:
      - template: default-env-values
      - template: ext-secret
--- a/installations/pipelines/helmfile.yaml
+++ b/installations/pipelines/helmfile.yaml
@ -12,7 +12,7 @@ releases:
  - name: woodpecker-ci
    chart: woodpecker/woodpecker
    namespace: pipelines
-    version: 1.6.2
+    version: 3.0.1
    inherit:
      - template: ext-database
      - template: default-env-values
@ -20,14 +20,15 @@ releases:
  - name: renovate-gitea
    chart: renovate/renovate
    namespace: pipelines
-    version: 39.18.2
+    version: 39.171.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
  - name: renovate-github
    chart: renovate/renovate
    installed: false
    namespace: pipelines
-    version: 39.18.2
+    version: 39.171.0
    inherit:
      - template: default-env-values
      - template: default-env-secrets
--- a/installations/platform/helmfile.yaml
+++ b/installations/platform/helmfile.yaml
@ -23,14 +23,14 @@ repositories:
    url: https://kubernetes-sigs.github.io/external-dns/
  - name: keel
    url: https://keel-hq.github.io/keel/
-  - name: teleport
+  - name: uptime-kuma
-    url: https://charts.releases.teleport.dev
+    url: https://helm.irsigler.cloud
 releases:
  - name: db-operator
    namespace: platform
    chart: db-operator/db-operator
-    version: 1.29.0
+    version: 1.32.0
  - name: db-instances
    chart: db-operator/db-instances
@ -44,7 +44,7 @@ releases:
  - name: zot
    chart: zot/zot
-    version: 0.1.65
+    version: 0.1.66
    createNamespace: false
    installed: true
    namespace: platform
@ -55,7 +55,7 @@ releases:
  - name: authentik
    chart: goauthentik/authentik
-    version: 2024.10.2
+    version: 2024.12.3
    namespace: platform
    createNamespace: false
    condition: workload.enabled
@ -68,7 +68,7 @@ releases:
  - name: minio
    chart: minio-standalone/minio
-    version: 5.3.0
+    version: 5.4.0
    namespace: platform
    inherit:
      - template: default-env-values
@ -77,25 +77,22 @@ releases:
  - name: kyverno
    chart: kyverno/kyverno
    namespace: kyverno
    condition: workload.enabled
    labels:
      bootstrap: true
-    version: 3.3.3
+    version: 3.3.6
  - name: kyverno-policies
    chart: kyverno/kyverno-policies
    namespace: kyverno
    condition: workload.enabled
    labels:
      bootstrap: true
-    version: 3.3.1
+    version: 3.3.4
    needs:
      - kyverno/kyverno
  - name: custom-kyverno-policies
-    chart: ../../kustomizations/kyverno/
+    chart: "../../kustomizations/kyverno/{{ .Environment.Name }}"
    namespace: kyverno
    condition: workload.enabled
    labels:
      bootstrap: true
    needs:
@ -103,7 +100,7 @@ releases:
  - name: external-dns
    chart: external-dns/external-dns
-    version: 1.15.0
+    version: 1.15.2
    namespace: platform
    inherit:
      - template: default-env-values
@ -111,15 +108,12 @@ releases:
  - name: keel
    chart: keel/keel
-    version: 1.0.4
+    version: v1.0.5
    namespace: platform
    condition: workload.enabled
-  - name: teleport-cluster
+  - name: uptime-kuma
-    installed: true
+    chart: uptime-kuma/uptime-kuma
-    version: 16.4.2
+    version: 2.21.2
-    chart: teleport/teleport-cluster
+    namespace: platform
    namespace: teleport-cluster
    condition: teleport.enabled
    inherit:
      - template: default-env-values
--- a/installations/storage/helmfile.yaml
+++ b/installations/storage/helmfile.yaml
@ -1,34 +0,0 @@
 bases:
  - ../../common/environments.yaml
  - ../../common/templates.yaml
 repositories:
  - name: longhorn
    url: https://charts.longhorn.io
  - name: rook-release
    url: https://charts.rook.io/release
 releases:
  - name: rook-ceph
    chart: rook-release/rook-ceph
    installed: true
    namespace: rook-ceph
    version: v1.14.6
    inherit:
      - template: default-env-values
  - name: rook-ceph-cluster
    chart: rook-release/rook-ceph-cluster
    installed: false
    namespace: rook-ceph
    version: v1.14.6
    needs:
      - rook-ceph/rook-ceph
    inherit:
      - template: default-env-values
  - name: longhorn
    chart: longhorn/longhorn
    namespace: longhorn-system
    installed: true
    version: 1.7.2
    inherit:
      - template: default-env-values
      - template: default-env-secrets
      - template: ext-secret
--- a/installations/system/helmfile.yaml
+++ b/installations/system/helmfile.yaml
@ -17,8 +17,6 @@ repositories:
    url: https://coredns.github.io/helm
  - name: cilium
    url: https://helm.cilium.io/
  - name: piraeus-charts
    url: https://piraeus.io/helm-charts/
  - name: vmware-tanzu
    url: https://vmware-tanzu.github.io/helm-charts/
  - name: openebs
@ -47,25 +45,14 @@ releases:
  - name: coredns
    chart: coredns/coredns
-    version: 1.36.1
+    version: 1.39.0
    namespace: kube-system
    inherit:
      - template: default-common-values
  - name: snapshot-controller
    chart: piraeus-charts/snapshot-controller
    installed: true
    version: 3.0.6
    namespace: kube-system
    condition: velero.enabled
    needs:
      - kube-system/cilium
    inherit:
      - template: crd-management-hook
  - name: cilium
    chart: cilium/cilium
-    version: 1.16.3
+    version: 1.17.0
    condition: base.enabled
    namespace: kube-system
    needs:
@ -75,7 +62,7 @@ releases:
  - name: cert-manager
    chart: jetstack/cert-manager
-    version: v1.16.1
+    version: v1.17.0
    namespace: kube-system
    condition: base.enabled
    missingFileHandler: Warn
@ -109,7 +96,7 @@ releases:
    chart: metallb/metallb
    namespace: kube-system
    condition: base.enabled
-    version: 0.14.8
+    version: 0.14.9
    needs:
      - kube-system/cilium
    inherit:
@ -128,7 +115,7 @@ releases:
  - name: traefik
    chart: traefik/traefik
-    version: 33.0.0
+    version: 34.3.0
    condition: base.enabled
    namespace: kube-system
    needs:
@ -139,8 +126,8 @@ releases:
  - name: velero
    chart: vmware-tanzu/velero
-    namespace: kube-system
+    namespace: velero
-    version: 8.0.0
+    version: 8.3.0
    condition: velero.enabled
    needs:
      - kube-system/cilium
@ -153,7 +140,7 @@ releases:
    chart: openebs/openebs
    condition: openebs.enabled
    namespace: kube-system
-    version: 4.1.1
+    version: 4.1.3
    needs:
      - kube-system/cilium
    inherit:
@ -179,6 +166,7 @@ releases:
  - name: istio-ingressgateway
    chart: istio/gateway
    condition: istio.enabled
    installed: false
    namespace: istio-system
    needs:
      - istio-system/istio-base
--- a/kustomizations/external-service-xray/service.yaml
+++ b/kustomizations/external-service-xray/service.yaml
@ -0,0 +1,23 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: xray-external-proxy
 spec:
  externalName: xray-public.badhouseplants.net
  sessionAffinity: None
  type: ExternalName
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: xray-external-proxy
 spec:
  entryPoints:
    - xray-public
  routes:
    - match: HostSNI(`*`)
      services:
        - name: xray-external-proxy
          nativeLB: true
          port: 27015
--- a/kustomizations/kyverno/badhouseplants/pvc-patch.yaml
+++ b/kustomizations/kyverno/badhouseplants/pvc-patch.yaml
@ -10,6 +10,11 @@ spec:
          - resources:
              kinds:
                - PersistentVolumeClaim
              namespaces:
                - games
                - application
                - platform
                - pipelines
      mutate:
        patchStrategicMerge:
          metadata:
--- a/kustomizations/kyverno/etersoft/pvc-patch.yaml
+++ b/kustomizations/kyverno/etersoft/pvc-patch.yaml
@ -0,0 +1,20 @@
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: replace-storage-class-by-openebs
 spec:
  rules:
    - name: replace-storage-class
      match:
        any:
          - resources:
              kinds:
                - PersistentVolumeClaim
              namespaces:
                - application
                - platform
      mutate:
        patchStrategicMerge:
          metadata:
            annotations:
              volume.kubernetes.io/selected-node: yekaterinburg
--- a/manifests/peerauth.yaml
+++ b/manifests/peerauth.yaml
@ -0,0 +1,8 @@
 apiVersion: security.istio.io/v1
 kind: PeerAuthentication
 metadata:
  name: default
  namespace: public-xray
 spec:
  mtls:
    mode: STRICT
--- a/values/badhouseplants/org-badhouseplants/app-open-strike-2/values.yaml
+++ b/values/badhouseplants/org-badhouseplants/app-open-strike-2/values.yaml
@ -0,0 +1,20 @@
 deployAnnotations:
  keel.sh/policy: force
  keel.sh/trigger: poll
  keel.sh/initContainers: 'true'
 extra:
  templates:
    - |-
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteUDP
      metadata:
        name: "{{ .Release.Name }}-game"
      spec:
        entryPoints:
        - game-udp
        routes:
        - services:
          - name: app-open-strike-2-main
            nativeLB: true
            port: 27015
--- a/values/badhouseplants/org-badhouseplants/app-stalwart/secrets.yaml
+++ b/values/badhouseplants/org-badhouseplants/app-stalwart/secrets.yaml
@ -0,0 +1,27 @@
 config:
    env:
        secrets:
            data:
                SW_ADMIN_SECRET: ENC[AES256_GCM,data:dG2zVmvycL7TZM922XADQ/SwWMBrUvXd+BPwpxIvmaDnjejpEaHUfB0xhpkhZqhAB8M=,iv:5hDpUFLLGLf4VLj8h3weOZhiwJKYORg5uKVgXVXKbgM=,tag:9FQru61B5hDPcIoIUDvUtg==,type:str]
                MINIO_ACCESS_ID: ENC[AES256_GCM,data:HvZa/kOy8ZI=,iv:T2433k3OmZTmPTx2QWEAELlN7zY37LUynapVWpASrJ0=,tag:Kvr4wIgq5dMmXRJDoxqGxA==,type:str]
                MINIO_SECRET_KEY: ENC[AES256_GCM,data:Tv5VWQprCKtJCghzhZ8YD8/9,iv:hioZ+d0ns+Hr3pBVyfFWgcuRKDrPQmskSnU0XOMwhzA=,tag:nuFn0qV9UMy2ywiFfx5gHg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMTZGN2NSYXUzcXNJVUx2
            YXE3Nk5MbnV1dyttUEtmUExabFYvOGdHcTBRCkM1WE9uNlF1OGh4NnNDL3NabXhi
            OW1NcDlydUMraTVQV2tjLzVla2tpSnMKLS0tIHN6RXVJTzNvZlkyTmdDb09UTUNy
            TVJyRVI5U2NmV1VIQTk4cjlYM1htMFkKkxsXzn+7nFiTs3mANqO0+f7/TTGKogFk
            8ix4OpiA9b33kuqi4Z7bXx4ucyCmlDwtxuHvmOEOyW4yJ9F1cgm+Uw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-02-15T23:05:04Z"
    mac: ENC[AES256_GCM,data:Kix/IdONJ79Lj1dc/gigpM7BUPyg7EIsPQzkhtu8+nbIQZQsm0CYqlqPx1V7w0r9vef+rCd/8GX8RdKw0o5ZaDZY5l0nXEi9E7dEtcHTYlrr8fqljcsGRAKmOiBRMkPh0jGTEPlFRtb0Inrn85rWUiMJP12hwIIS0t7GpAydKdI=,iv:1pMdzj1x0Hf65nmZ28Lv7yu6Y+suQKxv274nYl8J3HI=,tag:GQL8HOSswz2N56iNAS9l9w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
+++ b/values/badhouseplants/org-badhouseplants/app-stalwart/values.yaml
@ -0,0 +1,317 @@
 shortcuts:
  hostname: stalwart.badhouseplants.net
 base:
  workload:
    initContainers:
      prepare-config:
        image:
          registry: registry.hub.docker.com
          repository: library/alpine
          tag: latest
          pullPolicy: Always
        volumeMounts:
          files:
            config:
              path: /app/config/config.toml
              subPath: config.toml
          extraVolumes:
            config:
              path: /app/etc
        command:
          - sh
        args:
          - -c
          - cp /app/config/config.toml /app/etc/config.toml && echo "" >> /app/etc/config.toml
    containers:
      stalwart:
        volumeMounts:
          extraVolumes:
            certs:
              path: /app/certs
            stalwart:
              path: /opt/stalwart-mail
            config:
              path: /opt/stalwart-mail/etc
        envFrom:
          secrets: {}
          raw:
            - secretRef:
                name: app-stalwart-db-creds-17
 extraVolumes:
  certs:
    secret:
      secretName: stalwart.badhouseplants.net
  stalwart:
    emptyDir: {}
  config:
    emptyDir: {}
 ingress:
  main:
    annotations:
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 config:
  files:
    config:
      enabled: true
      sensitive: false
      remove: []
      entries:
        # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
        config.toml:
          data: |-
            [lookup.default]
            hostname = "{{ .Values.shortcuts.hostname }}"
            [server.listener."smtp"]
            bind = ["[::]:25"]
            protocol = "smtp"
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."smtp-startls"]
            bind = ["[::]:587"]
            protocol = "smtp"
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."smtps"]
            bind = ["[::]:465"]
            protocol = "smtp"
            tls.implicit = true
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."imap"]
            bind = ["[::]:143"]
            protocol = "imap"
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."imaptls"]
            bind = ["[::]:993"]
            protocol = "imap"
            tls.implicit = true
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener.pop3]
            bind = "[::]:110"
            protocol = "pop3"
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener.pop3s]
            bind = "[::]:995"
            protocol = "pop3"
            tls.implicit = true
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."sieve"]
            bind = ["[::]:4190"]
            protocol = "managesieve"
            proxy.override = true
            proxy.trusted-networks.0 = "192.168.0.0/16"
            [server.listener."https"]
            protocol = "https"
            bind = ["[::]:443"]
            tls.implicit = false
            [server.listener."http"]
            bind = "[::]:8080"
            protocol = "http"
            hsts = true
            [store."minio"]
            type = "s3"
            bucket = "stalwart"
            region = "eu-central-1"
            access-key = "%{env:MINIO_ACCESS_ID}%"
            secret-key = "%{env:MINIO_SECRET_KEY}%"
            endpoint = "https://s3.badhouseplants.net:443"
            timeout = "30s"
            key-prefix = "/"
            [store."postgresql"]
            type = "postgresql"
            host = "postgres17-postgresql.databases.svc.cluster.local"
            port = 5432
            database = "%{env:POSTGRES_DB}%"
            user = "%{env:POSTGRES_USER}%"
            password = "%{env:POSTGRES_PASSWORD}%"
            timeout = "15s"
            [storage]
            data = "postgresql"
            fts = "postgresql"
            blob = "minio"
            lookup = "postgresql"
            directory = "internal"
            [directory."internal"]
            type = "internal"
            store = "postgresql"
            [authentication.fallback-admin]
            user = "overlord"
            secret = "%{env:SW_ADMIN_SECRET}%"
            [tracer.console]
            type = "console"
            level = "info"
            ansi = true
            enable = true
            [certificate."default"]
            cert = "%{file:/app/certs/tls.crt}%"
            private-key = "%{file:/app/certs/tls.key}%"
  env:
    secrets:
      enabled: true
      sensitive: true
 extra:
  templates:
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-smtp"
      spec:
        entryPoints:
        - smtp
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 25
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-smtps"
      spec:
        entryPoints:
        - smtps
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 465
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-smtp-startls"
      spec:
        entryPoints:
        - smtp-startls
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 587
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-imap"
      spec:
        entryPoints:
        - imap
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 143
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-imaps"
      spec:
        entryPoints:
        - imaps
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 993
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-pop3"
      spec:
        entryPoints:
        - pop3
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 110
            proxyProtocol:
              version: 2
    - |
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteTCP
      metadata:
        name: "{{ .Release.Name }}-pop3s"
      spec:
        entryPoints:
        - pop3s
        routes:
        - match: HostSNI(`*`)
          services:
          - name: app-stalwart-mail
            nativeLB: true
            port: 995
            proxyProtocol:
              version: 2
    - |
      apiVersion: kinda.rocks/v1beta1
      kind: Database
      metadata:
        name: "{{ .Release.Name }}-postgres17"
      spec:
        secretName: {{ .Release.Name  }}-db-creds-17
        backup:
          cron: 0 0 * * *
          enable: false
        credentials:
          templates:
            - name: POSTGRES_HOST
              secret: true
              template: "{{` {{ .Hostname }} `}}"
            - name: POSTGRES_PORT
              secret: true
              template: "{{` {{ .Port }} `}}"
        deletionProtected: true
        instance: postgres17
        postgres: {}
--- a/values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
+++ b/values/badhouseplants/org-badhouseplants/app-vaultwarden/secrets.yaml
@ -0,0 +1,31 @@
 config:
    env:
        secrets:
            enabled: ENC[AES256_GCM,data:hwTU7Q==,iv:1/GEM3RSfu11iQVA5uEm/PoZm3Vr6CZ1w7Qc4edUqgc=,tag:gAUwZ4IekLiyyPZoM8FlLQ==,type:bool]
            sensitive: ENC[AES256_GCM,data:tbFk/g==,iv:FaKXMZxlcdGB3YI5+RC9LZR7S9FNZ87yPrJZsDJlhqw=,tag:+V77+cV4fRLTzi75o5OYQg==,type:bool]
            data:
                SMTP_USERNAME: ENC[AES256_GCM,data:Bq10,iv:h17Bam1uR/dhz9um0ixzVPKHlqY5GtU6V2+CjTPvuaw=,tag:x+WCQVTySTyHAkoooZg2NA==,type:str]
                ADMIN_PASSWORD: ENC[AES256_GCM,data:eeJY2z6+Is3+PtZsRC6oyrJ9ArPMBpa2VQ==,iv:hHf/6AYUT3wHbKHPd3dfiTbmoaWr5OSnnRC68/15A90=,tag:qEQyvC+MiAdy3GcpYBIWFQ==,type:str]
                ADMIN_TOKEN: ENC[AES256_GCM,data:pMh4vnJ6t80okBE5ywe+8LBSb5U9owebWuavCYPwqQ7bpB7qNfYijTbWS0afZGag4wEeTe4t49dNeFTEZ0ztrfm4yXyKcLFCV1E=,iv:RmV55yv8ytW/LvuuK9IPTsKPPdgiIdKX5PnkF5YCKBc=,tag:uRsiwnhYm/1lRfhDjDKqJA==,type:str]
                DATABASE_URL: null
                SMTP_PASSWORD: ENC[AES256_GCM,data:xx56/9ha07j5fcwDBuzOuFiS6PG1JHE7rQ==,iv:bT47zy9xk5eNz/CCRV5WEy0PAiFsBBxUxkZTCRASfE0=,tag:h3V9peXifp9lT/84TzWKLw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaG8vRkM1cll5VDlUVW5v
            WVA0SjdaOWkrTVoydERvcmFjN3ppTjFQdEZvClZENVpYWXMwTVoyOXFYL0xSRGFw
            NnZDWUM1MGNla3daMU42dEptZzkrWUEKLS0tIG0reXRYMmpuOVZWbXJTbXYyaWJK
            TE1rZDJ0QmY4VXJSZXoxMTRkNFgrZncK2AL7+jWWeEiV4ERoaCN9M4H1qlzz9i+F
            23w3rtioCm2hJcBCnswU8Bs7OsBZqC8++35V1U54WktynWnPUcjcrw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-12-29T11:38:09Z"
    mac: ENC[AES256_GCM,data:d9902N6sfF3aMokh9rZemL97i2hkwoPdAaJOoy/xFvFyDa2pxKuhwGJH4QU6JRnoqtay1HtnHsDXLggdxHgmUbUtNReVQdPbJhSHRhlDsuAM2ed+GCnecFQE9ggpRnwDn1wjemBqpn40uo9ka4XyMtuLJ9uaHqXRuFR+8y8oW18=,iv:EspFcGUXPgtgXzEWB1fE5O3ig0JJBIca+b6LLb9wJ0s=,tag:6UexlW0uVZUUG/zleiXnZQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/values/badhouseplants/org-badhouseplants/app-vaultwarden/values.yaml
+++ b/values/badhouseplants/org-badhouseplants/app-vaultwarden/values.yaml
@ -0,0 +1,63 @@
 shortcuts:
  hostname: vaultwarden.badhouseplants.net
 base:
  workload:
    kind: Deployment
    strategy:
      type: RollingUpdate
    containers:
      vaultwarden:
        envFrom:
          raw:
            - secretRef:
                name: app-vaultwarden-db-creds-17
 ingress:
  main:
    class: traefik
    metadata:
      annotations:
        kubernetes.io/ingress.class: traefik
        traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
        kubernetes.io/tls-acme: "true"
        kubernetes.io/ingress.allow-http: "false"
        kubernetes.io/ingress.global-static-ip-name: ""
        cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
 config:
  env:
    main:
      enabled: true
      sensitive: false
      data:
        SMTP_HOST: stalwart.badhouseplants.net
        SMTP_SECURITY: "starttls"
        SMTP_PORT: 587
        SMTP_FROM: bot@badhouseplants.net
        SMTP_FROM_NAME: Vault Warden
        SMTP_AUTH_MECHANISM: "Plain"
        SMTP_ACCEPT_INVALID_HOSTNAMES: "false"
        SMTP_ACCEPT_INVALID_CERTS: "false"
        SMTP_DEBUG: false
        DOMAIN: "{{ .Values.shortcuts.hostname }}"
        LOG_FILE: /app/logs/log.txt
 extra:
  templates:
    - |-
      apiVersion: kinda.rocks/v1beta1
      kind: Database
      metadata:
        name: "{{ .Release.Name }}-postgres17"
      spec:
        secretName: "{{ .Release.Name  }}-db-creds-17"
        instance: postgres17
        deletionProtected: true
        backup:
          enable: false
          cron: 0 0 * * *
        credentials:
          templates:
            - name: DATABASE_URL
              template: "{{ `{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}` }}"
              secret: true
--- a/values/badhouseplants/secrets.external-dns.yaml
+++ b/values/badhouseplants/secrets.external-dns.yaml
@ -1,6 +1,6 @@
 env:
-  - name: ENC[AES256_GCM,data:RLLp8toAkoWLWRjp,iv:UUP3i5QkNBw/pgYmxHtRUDx0E6i42e/Ioh1z6WnLESk=,tag:+PEinrzkisEQx5gVCpdJ3g==,type:str]
+    - name: ENC[AES256_GCM,data:iUkU/BNlitD6f6RQ,iv:x5aENGi0aw9gDh2a7h92DfxwQgdbacM3hHtnPVdIKWA=,tag:4vyOlP7XcC1F6pjnUieAuA==,type:str]
-    value: ENC[AES256_GCM,data:RKiCvUOctYha7fusMWNrOKHPgmMMjuejDCip470QMHQcxY1S+yJfXA==,iv:ESfZNZimJkD5T4tzRPMu53H+ushbhOuXaOdX73MaWV0=,tag:F516VFRCw6k589vClX8Jfw==,type:str]
+      value: ENC[AES256_GCM,data:cFypu5mF+ktwjNFCBcy0U/1UIt4Fc/CAtH/SngvaaBXY0yinYzaiOQ==,iv:2VQ1Cpmppkz2ylt5NMP84o+0EQkI43jz267HNRjMugg=,tag:co3LJzwxbmxT09km65MVuw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -10,14 +10,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eE5LTURCa1pyRjBocVpP
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMXNsQjEwYXdaR0Y3bktt
-        ZGxXMUZkUC9XK0xNb2duRnJiOHNzNGp0YXdrCkNvNWMvYWkyTHhQU1ZZeng2bmlz
+            UGFYS09Nc29IR0w0YmpweUtyV2pPbXFPeFJnCjZkclRSVjREanorbk5MKzJybWJI
-        bGRrd3p2dmx6MjBuc0lYakhMNERMOVUKLS0tIGpsRHcxdUFtTHlXVGZLTEZ0c0ov
+            UDlwdlVqWGZockVVeFVrNnZlZGp1NUkKLS0tIDhnUzgxdlFWa1NicVJEUk81cXp5
-        b0RMSlFCM250MXJHbWhRTWtGbkxHc0kKpyzba8yp0xN1KjcUACcmlznH9vQtYAsL
+            M2xvSjRrNUx5OFRqbUFpSXdyZ04xVzgKMsBwKA8dVSW9BR2jSTBxMPKevual5P8I
-        3bm7Cw2AZO7nkdCxky/ITd8N3rbqAVGeM2CeTAxpcMbEXKq66/yqDA==
+            V+YUcIIUAP1sFjs4jVhTduBSMI/ZSArWYIEX+dQ46oGDLcRzODm9xQ==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-15T15:21:16Z"
+    lastmodified: "2025-02-16T14:21:33Z"
-  mac: ENC[AES256_GCM,data:aIXlmeiqaFu9Jn0zI1qyU3iAkhLKgqMwwLcLDlr+LeYX/88cZtzgP683jW3MYC/LxnNh4LG7v8EK/HViNnCkrvZ5iC9cibRPQYZJrkR3B3oGk4L+RxPws2VUa72pJsG0bQ8M2DDCoDO2T9OuuflqYENPLyYLL7D7CaeSj9w8G0A=,iv:EDaGmWFUnzp0vkIeR1J8iZ9+PjOMuRi4YltoqJAN0P0=,tag:DsSd6Nplvy0nIWaCJgnhgg==,type:str]
+    mac: ENC[AES256_GCM,data:5nE5vx69ESp0HW0/uxYGp8Lq35Cjb5UpSmNkx1H4ux67K3xs3zEBSrupDuUqzrrj/WFFgTf8fIAnfu//bEUvRqtqkIOb7eTqBlQTCzdKWLMvfwhv3WnfXLljJvZZH+e430z7ayw6psfNbwm5sPr+/sPSijg31xv8x9wN8LfZqno=,iv:BKyKMqQ/eLiDspSlvMh0/I7hKb3xn2BUQhuHwrl+Pfc=,tag:is4SHDuAT2c3Ip2O5ifgWw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.4
--- a/values/badhouseplants/secrets.minio.yaml
+++ b/values/badhouseplants/secrets.minio.yaml
@ -1,30 +1,33 @@
-rootPassword: ENC[AES256_GCM,data:GEqZhh9YWYxdezI+rDS7EL/Fa2A=,iv:pjinEGyjUfncqE+SX/a5YjojfjvUIaTVzp4I79+nNK0=,tag:3dx+oUo51OWDAu1FtjcypA==,type:str]
+rootPassword: ENC[AES256_GCM,data:CtIVMGYDrJ55wS6ZfLipEur8VeM=,iv:Vz4o+1JInlowgKwYN1bI9oxhTm/Yq8B5uhxIBh3SZ10=,tag:xyH66UMou4nalSzGps60Kw==,type:str]
 users:
-  - accessKey: ENC[AES256_GCM,data:QHs/0+txnek=,iv:M0lIhbdn27xFa0f/goOZbIzN00RBlVCsmZJS0x4QvoE=,tag:NrDFXGxWA1arY52l3a7Osw==,type:str]
+    - accessKey: ENC[AES256_GCM,data:wqwCa8NXAns=,iv:3oVMHIJ06q8OdpdufDH2R1CnV83ltweluMIFEplnoGw=,tag:1uLJAU0u+gMXHxBRbJ7mrg==,type:str]
-    secretKey: ENC[AES256_GCM,data:zN25a8xFwea3GtAMMcyDYMRrIg==,iv:2CVp3ADF8RMsmXO/86ShTvb4ruS0jbIHxvBeQRahbzA=,tag:fhvM5yixaice2BCNoPgpLg==,type:str]
+      secretKey: ENC[AES256_GCM,data:JnqlayhzqKro+tdDY70//ty9pg==,iv:2Vu8ZxKR3gMHQ99AbP5HAjAJJY4hnnXLtlBzShzgdjg=,tag:zk+tFw7sURDE+T4dDF3Bqg==,type:str]
-    policy: ENC[AES256_GCM,data:1XOH/+U/9uY=,iv:9/c98UTB4NBUFsxj86YUFxhiJenuNEZGiuMl9YFF53s=,tag:NUil97HloEMFS1x6ZxduMg==,type:str]
+      policy: ENC[AES256_GCM,data:KOonZYe6MYk=,iv:o62YxxnBcpDhcnp6qrbJxDpm8GMzFl85QOw4Fd9Ask0=,tag:UBsKKdw5JLmOA5N9HHaVCA==,type:str]
-  - accessKey: ENC[AES256_GCM,data:aTKN,iv:SAxc5SRZMP8G7/SdW6IFZwC9SNcadwT3gGBvd3wh38c=,tag:Szno9wz255HyeRwyDPiJMg==,type:str]
+    - accessKey: ENC[AES256_GCM,data:hQkz,iv:eJrFbiYcuRrZYRtk1UN3fL4+48nNUEdIKcCqH5RUShQ=,tag:HxnFCMdIB8HfixkUvE+LGw==,type:str]
-    secretKey: ENC[AES256_GCM,data:PZ0ge+5Db7gnOodUlUDiDD0dZ6gckwOQRQ==,iv:Em9tBkzLbD5FPDMDXxjwC3PP4PUZVqoZI3xpLTIyCh0=,tag:o/S05Z0qmM9L9/BEFV2p0w==,type:str]
+      secretKey: ENC[AES256_GCM,data:R5uGEV5xGu2nCk4H18B7rXWyD+S3huHgig==,iv:WFjo+mHK5z6wXZZicezTlPwnlyU2mu7WljKz8lft9dg=,tag:P91sHa0yG88ka6fTIGrXEA==,type:str]
-    policy: ENC[AES256_GCM,data:wJO4,iv:ZeoJKeczcS3B5+wKUx7XXytYH79bUgF2UvWgOlTunxc=,tag:xeUL9zdLyMCkya9F3gkldA==,type:str]
+      policy: ENC[AES256_GCM,data:qeqH,iv:VrawQSqW+rhiS7NXdI7l81fy+c6GJkxYyfLEHYfrayc=,tag:JGQ7uxkPPzH4uUA0ZicKPg==,type:str]
-  - accessKey: ENC[AES256_GCM,data:ByU5F/5UzgHI,iv:+cLnf5oApiG9ZsR5TFeRfhnkPheMQxJ8sZKrhfxXfZ4=,tag:HwMAV4FkKRfEgNgzVlEfRA==,type:str]
+    - accessKey: ENC[AES256_GCM,data:CSzeTJP1kUMA,iv:VoD9gDtPUTQzWCxXMVfMH55M+OCrOtTzI5SgQUpUCpY=,tag:B4pjW91ENd66sPbh3JOxuA==,type:str]
-    secretKey: ENC[AES256_GCM,data:Cqu6qHxj054sO6kv6VV4mfbbxZ8=,iv:TQlrh5aJDwRcU4b7vPPH9fWkQnB3ZD+zGlmBHIwdzME=,tag:lnNeclEvB85O1pZLm/5a2Q==,type:str]
+      secretKey: ENC[AES256_GCM,data:rJu+Fo+SgZrGQ9nwEXih9gSZJqo=,iv:4RRUgquy8J3OODzktlGfIPwkVtCZa6SCsegYuTCsPyk=,tag:DjTKVpvzL0WlWKEVzAiiyw==,type:str]
-    policy: ENC[AES256_GCM,data:G8Js4e7VdBlk,iv:Ur1+a0meAHtD7Whjf5wSL9M6ZT0USqp8lbeBWa6mE7I=,tag:f5qnTV/zyxpbTWNjhg4MJw==,type:str]
+      policy: ENC[AES256_GCM,data:ZLRECDxDQcRQ,iv:x6qIPiRmIEdugU5WtFoErBbvpvS5QklaM6VzQlfSwcM=,tag:ZLbqfthesZmmfh4GVL+JTQ==,type:str]
-  - accessKey: ENC[AES256_GCM,data:LBjJl8U=,iv:h3Hncfvw44bi/3d+fUXgyH2gxjHu/WglSHBVlY9IY7I=,tag:U/FYmzdAoeHXI1FPKrvw/A==,type:str]
+    - accessKey: ENC[AES256_GCM,data:JnhlVBg=,iv:TBkM5z4ZeVxHyOnsAoMmWg6I/V7f962NbzqcvKtTkBE=,tag:di+TL5BRI1hLxnBLoB3P/g==,type:str]
-    secretKey: ENC[AES256_GCM,data:WE8Tgo5qjELpcmnPndNIDg1P2hMC0Su07w==,iv:bSSGbCNXdJFZi2ej5eavC/16a5YNuE4yHkCH+UiXfiA=,tag:BBu1uQWq7JURr1VBI+4aLA==,type:str]
+      secretKey: ENC[AES256_GCM,data:v00te7PKaNYXJ9C7eaN+w0Etl90qCShjsw==,iv:zIYh3qoDXp9ZOMPMGEzye3eu4bFHie5W58WrXRZdxME=,tag:C9Pq60Z4hQeIPJ2iIb5YMw==,type:str]
-    policy: ENC[AES256_GCM,data:6XCF/6M=,iv:5OkoexjDekMgJM1HHuWn1h+s9D87odUtOFlqBmusizA=,tag:/MZcxjK6SDonoPr7HLRIjg==,type:str]
+      policy: ENC[AES256_GCM,data:H4WdjEk=,iv:WY52cXnGTug6I/F+ybQOtHED2fkoSULpJa/rP9smacw=,tag:GfoAGESDyb/oKmPU2N+IsQ==,type:str]
-  - accessKey: ENC[AES256_GCM,data:BLhlKdFIAbW9,iv:4okVf620xRYu6I6/Jd4ikNKO1NzsP2d8Md527hUrQZQ=,tag:NCV47PfvhHb2K3+rykI90Q==,type:str]
+    - accessKey: ENC[AES256_GCM,data:F3Y/yMIvFPWX,iv:6qj9h1amuusGuOon9h/DKPjT7dk/akMVKMSLuKR80Bs=,tag:f2pEP3pYju2EbMYPZg+ijA==,type:str]
-    secretKey: ENC[AES256_GCM,data:lNDMsuPm5taDUd9kdMPC8/7fG9tJmhZl2w==,iv:wXVq0oRe6E8XzR+X7XjwSGCiYoFfQBvTu4i2NRx3dBs=,tag:5+OsaFxPbS6tzK877SodHg==,type:str]
+      secretKey: ENC[AES256_GCM,data:krN8EIKt9cjd3EsKIAmdoSQ9y+IHy1LIeg==,iv:dk3wH2yY/IDBTEahYACAYsImNfiq9Zd697BcLvD0QzU=,tag:LYhBXJ1rml4ts7kEtfnJ7A==,type:str]
-    policy: ENC[AES256_GCM,data:eOvVqkefvxa4,iv:u02DHDp5RogxLU+417KVNMyV6z8PU6Vj92Ut2Rxmb1k=,tag:qT2kjWxheinLSdLWzYC5JQ==,type:str]
+      policy: ENC[AES256_GCM,data:sdydid+WXGxv,iv:P7plZmbxi3egYqYqzxc01T9/1edpZf1+RFTDCcezNn8=,tag:dLtii9vqw6s3lVXGO4KAMg==,type:str]
    - accessKey: ENC[AES256_GCM,data:hHjmZVAqUlY=,iv:liIg6UHUUl6B6eyFuWog2yu9UwrCP7hRHj4RRCnFdi4=,tag:UeEmUEm9ky6QvCc2KE5GEQ==,type:str]
      secretKey: ENC[AES256_GCM,data:Gw3TRUHOkxYKCLh8giPOsC7n,iv:Kr9qbns7RI2kTFIphwIwJT9M6H2pCFKs+dRbnFdz8Jo=,tag:rKEQ7+5wt2mqK7QjVLJR7g==,type:str]
      policy: ENC[AES256_GCM,data:c8J+dTNf+TU=,iv:yWxrOJvuSFPByV0vDcAVZSAhsiE/1m/PdjsqdJQv+zE=,tag:aQwQThS+FeeoxJWdDGG4JQ==,type:str]
 oidc:
-  enabled: ENC[AES256_GCM,data:3tHt2Q==,iv:0FgDbZEuhW1Wkh9In/JVmsiuu78C/reapgdWW+U4nHw=,tag:GdCPBOdsaDoLj4jmH0+Hyw==,type:bool]
+    enabled: ENC[AES256_GCM,data:iZ4KHw==,iv:tqyJs/qDfsn8hzGlBf7QZlfBpqImkSHgcDAjlGpleWw=,tag:v9qEwW0eOInDMGf1RMf6LQ==,type:bool]
-  configUrl: ENC[AES256_GCM,data:4W89kL0pq8uTsyXcZGLqjGL1tyquypWpMIbLSQzdep5keD7LolY6ywpyFIhVYO0VcQwoDoW8ISC+obKXruAk1QFuHgyNLhNq3YhrDqnwOdi63Zd1Mm/G6as=,iv:7fbK4s26w1Ijq0cxLBCO9YFh/qLL3biKI9vTgbH8yOQ=,tag:3nnORzg3oS7QKMn3bp5wlA==,type:str]
+    configUrl: ENC[AES256_GCM,data:meUwpcosuZ30Q+T9XhdhDV5u8UNY6QeEjHvvjc+4+bw5prPz7UpvanwvY2kz87kxjh/Jbr8vBe5BqCF1av1QlkLcpIRzVI/L3Fh3YInsuvNSdR1NITNZCM0=,iv:Is0pXDLvGInFiwbYgAi8vWvMRnoGcWsYqa1PWr7ks3w=,tag:qwAP3iBq8oj7DCDhH3V5AQ==,type:str]
-  clientId: ENC[AES256_GCM,data:lsiy1i0=,iv:M6+WHUOxPCmXAmAWG4HfVHQpHavMvIBq0BoI1B10Nbs=,tag:4VYwGCH0dnGbGK20UKLFpg==,type:str]
+    clientId: ENC[AES256_GCM,data:tXLjOTg=,iv:bZqJa1VIcW3ohIACqruhDz+W49AX03qwCS5JniX7FWY=,tag:kcd6p07kflnOs/0huSUe3Q==,type:str]
-  clientSecret: ENC[AES256_GCM,data:S/yGKXyz0uhNKuiR+fYCuR+fy3/LkFphliJ34ocbJgnJnMwzayiknCTKxEcaOeK99fzpAmsEQL48Ow3Znm+WrUpsCleXavt1yck48eNFT53fnnCdlZv3eLoy0FHovDti9VgJmc4oxXDv3k54XLwy3ZhJkwihafdnjJSksU8dE9I=,iv:adCVwAO0ptkrkrhcfKoKpCKqd6nQIh0voeSvVHOt3BQ=,tag:wIi4N0N8gBrKh01FSu452w==,type:str]
+    clientSecret: ENC[AES256_GCM,data:iR8vf8S4WYxRw5d26ROva1dWRa8VjbXEG6CT3TYiVTe0GJxzeihmD3kes7D2Ps94TsWChUho73GVlNrwMFyDLmC63xiwIRTYLsmxEjH2hxpRa0ickzzJ7yYiSm63TV7nMh87hq+ZZvBWA8W4NCA036uNSVNYUg5p/traBo7250M=,iv:28LxFf7QUtW3t2hVH+bFVSqemLozy43Ii2AJJ715TGc=,tag:GATqHiD3f+3sYtpGHlpMcQ==,type:str]
-  claimName: ENC[AES256_GCM,data:/pejm+pH,iv:mKK58CmCvMK+RYXdkOdDLNfrI1ThBDolrQCfyGQXYp0=,tag:HDS1Yds+3ymNCntcsfFGrw==,type:str]
+    claimName: ENC[AES256_GCM,data:JPQZn+sE,iv:R7POgpEIk0l/5LD7viJ2CYpNNdGuUEUa35190UEzcgo=,tag:7fNRwiTx2s8ep8Ij2J0ekw==,type:str]
-  redirectUri: ENC[AES256_GCM,data:9I9YCP91QdYz70b7j1+ZZ94Cgx0qsI2l9HL6Vylcfg8a7sSn4XkHgWeevm19Kj4=,iv:1Vqmtk0Qa2AFalLnb+js6AbFQ8E+Br5ykHMWaZ4xOuE=,tag:msvWckcpfuTlGLxu05nrvA==,type:str]
+    redirectUri: ENC[AES256_GCM,data:M4PIfUybd3oEsRl8NOnDaWqWKfJPady/n76RD/jYTwpQs2f7Yk4hKbAJo6HAghw=,iv:wGM0+MldvRrf5kJjepEIJcQwzr0B/NhHJaranZI3/4s=,tag:PPOiO85oYW2Y0wuZgEtkNA==,type:str]
-  comment: ENC[AES256_GCM,data:stVuHIZCtW8RYzEjDrRg87rxyuM=,iv:eF+M2p8T7bI5pgP5kQSXGvhF58u4vaIueraCGIt7ims=,tag:RCq8yrIFLYE3ERayU7VFCg==,type:str]
+    comment: ENC[AES256_GCM,data:L1MieehjgkbmkzoZPfKcZneiDAc=,iv:/yHluidYeCmGZu2XiEH0XyC3/GIThFHQbTblmKWShe8=,tag:oAd34cZnaULR2wnLGyzMEA==,type:str]
    claimPrefix: ""
-  scopes: ENC[AES256_GCM,data:J2OFtmd8guKLa11wMxIqssqMdpoB7P7NtejO,iv:LXr0zpnQ7p2DbSFsg6cI4AN9CqhFGwinjHU41auAfOw=,tag:2FKy+WHUbkteCsk7QFD6ug==,type:str]
+    scopes: ENC[AES256_GCM,data:JDHNBeFHOnU6atZ2bChXlcOKQdsvCWBNNpCQ,iv:jSUNd0I32fvDbaIE5OYvyXRu/cvYnPn8H0j5bbfYzh8=,tag:DmzMYBN5VFCejbLYh8En9w==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -34,14 +37,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmS0RuNGxQZm80TUx2VkpB
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGwvaUl5T2swV2I0ODMv
-        MlRSWUdMWVBlRitPWWNmMVNPWjdlL1lvVFRZCnNKMm5TV01SQlgrQ1FZUkFaSDAy
+            VmZtUFJYQVNUc3hUTHZjOGxHUjhqMEdKNUFFCjgwUjhaT2hGQTRSd3NNMnhkUHFO
-        Vzhoci9uQ1dPR1lmeHFRa1Q5QXlzTVkKLS0tIGNXWnkyUjdsaVBJRnpscEt4dVc4
+            bS9QZDZtVE5oV3dmR1RkcVpPTVAvQ1kKLS0tIFdaNnRqVGJCMk5zVkNBRWN6TWNv
-        Y2dldGZYNEs5KzVSWkR2bGpMQlIrc2cKRHiTbSMZtshXVq1fNWsXcQHfBUE++yQJ
+            TlBsSmVENGw0TFhmemxmOXp1MHhseVkKwwpMCzto0h5CgE/xBX1rLlqhCzGRfOTu
-        CWXSmgoSZhzj8vmU4kvMtbuKE+S7fsiUJibtIx1y/Tl2EFtpsiMMvg==
+            JHvvn7OffKO0XDHBw/BRVJFtd9nbZPvlj/PNi5I7voFY8aJmxh5rfQ==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-16T16:50:30Z"
+    lastmodified: "2025-02-15T23:35:02Z"
-  mac: ENC[AES256_GCM,data:VDJdUUtfLCw3ZD+IWgVh159zhUtjVfYTs9nWDNIUDVW26Jtaz00dDr30QCrCIHzRy5g88vYDfUrLdRE5+EfM5cZRKVV0TruF6KBYP+4Un7fQG/oRtHZu8CgDYVpEoUcVutRg4V6xJhT7mRPlPH48/8wt1aL1FId4HIl2jvO6MYA=,iv:eARUMEHSsUKhEm/7iMw8MRT1EWg9s4C9Qikk5uVuYpY=,tag:o2SgX2UE2VYNyvGVWT/OZg==,type:str]
+    mac: ENC[AES256_GCM,data:C0/AtGBnOsnky+yGVLuUquN7mdyewemGcaXu39H81CCjYgPx2sgheIMW14FjzCbAsVazoWaK0/cReTl0Pzlgjev1C7C+BE3RgVLMP7VtlLhPjJO8Qu7YKCxS3QCUh0UqDq/apoZoxtL1sKRBvfbpTOHa9xYfVzPrXcIcxuM/FC0=,iv:t12yHlPHy3CW6btSaI4d1yeIb+Giwh2WzBaxhavf6U8=,tag:oMG2zgRps18oPUtR642CJg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.4
--- a/values/badhouseplants/secrets.navidrome-private.yaml
+++ b/values/badhouseplants/secrets.navidrome-private.yaml
@ -0,0 +1,28 @@
 files:
    rclone-config:
        enabled: ENC[AES256_GCM,data:3y4DCg==,iv:n+Pfj4j405WR17aY7RbF6lpOQ58ZQmWrH6dgUTQ0jX4=,tag:xbKEnPnASJTl27ch1Hi00g==,type:bool]
        sensitive: ENC[AES256_GCM,data:DGby8Q==,iv:nibU4CkdcYlT1F7OkgqE1apUuyJA5M9Vj5x40F9zt3w=,tag:oW+jPP7F1vWY5gf0JyrPdw==,type:bool]
        remove: []
        entries:
            rclone.conf:
                data: ENC[AES256_GCM,data:m4K3yt7no9mnUOzn/iGtaKqBrDXoLCgxEWV8NacXlOvh7c5ngmTmwoxzTaNxbsCQA7dECYb0dFtPvhF33AqgpcbRnqGrK54v8V+NaldQrgT2up4iQfdYA+sh+yNG3QAXU7eOEBvyFctJ+9dEaBII1sF/xFSkcTwrWkQFTQKLDdNIYU9a8ttEysz0cBWWXL3h9Y7C/mBjPdWIhpaf6Z63hy5P0hnYFftZsVM=,iv:qBBk9xMlZl3FriY2oYk4DQB1EKTsl7/qUj4s8naVvts=,tag:tDUKvK8ZuIxVeJjyUUqeXQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxalE3bUtCWmFVejBJMlZq
            dUg0U0R2VytsZHZ5QlQ4UGdrRmdsWGhWbEI4Clk1WEZ4U1lEdTJoRVBTbEFXaE1O
            TW1wb0dycS9HeWdQcUx3KzJKb2kwTVUKLS0tIDU1bE9JWnp3Q3U4V0pVOGs4Z3Rq
            Q1VsM3orOUZmS3lDaFpNN2g0cnllVWMKqZlPfiIFKn8h56gspbbUhpv9RkL5gF73
            NzqtFJJwQOGaD3lk2ocaLLkvywJ/DKNf7JupTWlmggHijId4hmpytw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-20T15:04:15Z"
    mac: ENC[AES256_GCM,data:XRmw86oJLHXMAY/SPv6ptQLV1Eocbig6CQSG1SdOO9scMpfgD3tMY43z5aB16DkW+6AG1ti+TS4JRgXKLaSsAmORqRN0yTwGEktiLs0GxhtDvMYwnclj/Cx76WbZyMkgVzCHe7ZsAI+9DrejSFYbB/CzA+8yq1KmMf/L5NWcv7o=,iv:AcYK48ywr2pzNw/HEY5hWOcjdnmnG2/eWp+r/o15Lbk=,tag:HLKLFYFV+7SWUaFYiNUS3g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/values/badhouseplants/secrets.server-xray-public-edge.yaml
+++ b/values/badhouseplants/secrets.server-xray-public-edge.yaml
--- a/values/badhouseplants/secrets.server-xray-public.yaml
+++ b/values/badhouseplants/secrets.server-xray-public.yaml
--- a/values/badhouseplants/secrets.stalwart.yaml
+++ b/values/badhouseplants/secrets.stalwart.yaml
@ -1,24 +0,0 @@
 env:
  secrets:
    data:
      SW_ADMIN_SECRET: ENC[AES256_GCM,data:SsReruQ9zGMiDcgfcjscnUH/4JBvGDNOyCH0vs75xXdSEPhERR+jju4aHGfd+mRcwvc=,iv:Oz3evN/OXUvEAWeYsP4wIVMwA2qwuB+Ny2Xy0EchrJM=,tag:C7CpSzG3RR1WhsDr6BfQAw==,type:str]
 sops:
  kms: []
  gcp_kms: []
  azure_kv: []
  hc_vault: []
  age:
    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
      enc: |
        -----BEGIN AGE ENCRYPTED FILE-----
        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUjdWR3pubjRuT3M5TEM4
        eHhycWdZdTlRbFBaRnE1a3BqWDBCcHNIcUZFCjcwZ0tmVWZ6RkppNExWVFlJK2Ju
        ZkEwam5PRXNQTUcveUE3c3NWdFE0amcKLS0tIGFnZ1dNRWppTEVURXVpN1F2Um9L
        dm1HZ291WWhBbEtmdDB6aWJETUNLRGMKuP5y1lzxs3vusvJZLqlnTR+mWnC7YmNo
        dhGpvh+W3nIrgb50OJV64xDU9Hqc2jVETmFq4RWqwEQTwSRv14grwg==
        -----END AGE ENCRYPTED FILE-----
  lastmodified: "2024-10-14T08:08:21Z"
  mac: ENC[AES256_GCM,data:+/WrvENJ/B5YjRb2K5D9V90ziuEOmP4a1D6CfdQHRShRPp4BZHtBFb5vr2kRIIY88eiv9cZm29G4U4X/46wi0SotxTpVOrefmM1ZQ7cV1J9o/mf2mnguno7WAsxEyTkk+MZoCgZEWbLEKZ+zqlHgRTN0VfBgBjbLR5bP39fd5xg=,iv:otaCp/LxQVUIZLAmLzceDQpvAY4bnPUm3MlyWUMW78M=,tag:6CXYN6/uAbetm7i8OeZA7g==,type:str]
  pgp: []
  unencrypted_suffix: _unencrypted
  version: 3.9.1
--- a/values/badhouseplants/secrets.tandoor-recipes.yaml
+++ b/values/badhouseplants/secrets.tandoor-recipes.yaml
@ -0,0 +1,25 @@
 env:
    secrets:
        data:
            SECRET_KEY: ENC[AES256_GCM,data:EUJXsWqV8l2YN5NkXvKqQRT86P3TS9d5fca8/vhN,iv:lFIhGFtCW9vAYwc5dSmkBYOqo6B5YcZygu6zAZ1qsrc=,tag:tIVk7YyN+bciP2wl/zMZOQ==,type:str]
            SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:ZOHbv2LiZFBpxwCwD3we2U/NN1WW5vT14Fata5mA0amjPiXMuGgZYjUhA78ukZPbVVtZ4NTrOj/xLT1SfIzqDi0noDFmFuLVvQ6kjZ7/qdjPXUS5BV+63Bd9aZcrsyAWGujDhzMcjJe7ravIh6ChuIdqq1tkP6FL7fKcpg8Y1PFkIy2PfPjtxogmiOEbakmIJJ56ykPn8O6g5zFa69o7MsVueJAKk7fR1n9SBeZg/bKGC/iY5i1bnAqRdpQO5zRliZfNvrtz0Dk7Cl+jwCjl3cn4lp1u1sBINvAE5x0vrxWKPLkW23hgMIaRAvFB99FiBdY8UjBNM30NNiQKr051S8IgMyTE7w54yZZQZrFprqE1VplKSuuF5ope5CRS1mu/FxiZFjl0T4cYGxJt49S6cVlL2ihKO8Kkw+Jw7FRe+1hfaF/3i1S4O2g6adbAStlnaFvJgXRUiZt7grQDsSqy6tr6hemlOOpVp+b9//NBxb+rXWqUSph1dmo03viRAW3OZKzl7tohrJbirMxHUN6gAIBAvnd0go3qbaWjNg==,iv:nfSnL0kLCvM6d5UtMqp//7FCoWBVdftRPJAWRTtu8Fc=,tag:o7S4B6rMP6bZnHguw/w2Cw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NnFEV3ZJQ1Z4Z1FGb3Fj
            bzRkVjUrTUFIYjVmRXVYMFVsaWtKc1lWU3lZCnp5QzAvR0FXalR2QlhNOWcxZ0Rh
            OHJzak9vdWU0WlZYSVE2ZW5hUVcwdDAKLS0tIFZsNURiSjU4ZjZtNmh0K0xRaUpv
            UjA3U3FDL200V3JPQ2Zmb1c0V0hYcDAKbq2ywx3x9aiG+pCA/e87ja/1HfuA1o+n
            BNeRIrOo6y4DBoCfaYVZc8U8m46Ul18RyGePsGUTVp1SSX54XfPb0w==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-12-25T12:38:20Z"
    mac: ENC[AES256_GCM,data:yGvodMxMZWnExrWayPH0tRdDHvzeVf4dLi/AlEU/Smfh16K1rM2vnVLuo2EhBbaGj4nPl+VHGFdMgz+AhnnUhTtV0ez2uIPyGDLBJL5JhDG2937FjvJ7qduT9b/h7u+y9V4jxquaFruCAOX+uRLmsKuEucEuAAkMydRmRAM3HBk=,iv:KJpcAWasTALTBDgTYV4dh9QR8NIUmu5O5vhbZiknLyw=,tag:esfjk8CBlNByqU21l6zW4g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/values/badhouseplants/secrets.team-fortress-2.yaml
+++ b/values/badhouseplants/secrets.team-fortress-2.yaml
@ -0,0 +1,47 @@
 env:
    secrets:
        sensitive: ENC[AES256_GCM,data:QKu+Xg==,iv:eAP8PIvxGq7UOwNJQnyHOYE+mKLnbjEUrZSFk8uPqyA=,tag:htZqjETH91yEhAX/6Xgl/w==,type:bool]
        enabled: ENC[AES256_GCM,data:hGszyg==,iv:xqmXykt3WPrVDwxMNxm6BZhJTbIpD+G8/eQv8MG7HI4=,tag:IJn6m6+hPD4eM1WwTLxLYA==,type:bool]
        data:
            SRCDS_TOKEN: ENC[AES256_GCM,data:2ilNJSRy8F1kl1GMr2Ad8bnK2ZHbgpDZqPEUfb/0J/0=,iv:0IJeLqOT9m3q2Lief6TLxHqRFJeMr5m6MEClziQfOZ4=,tag:i3czXPc5EhARHYt1HbhHnw==,type:str]
            SRCDS_WORKSHOP_AUTHKEY: ENC[AES256_GCM,data:hOUKQ5+qulrM4iqbZhzYM/bU09eB5B4pyLZ0EhbtT+c=,iv:zL82fYER9gA7zVRxoagMad2UNjusSuLVlbGaUrirvbg=,tag:2VDaRFeWo1dci/hQIhS/+w==,type:str]
            SRCDS_RCONPW: ENC[AES256_GCM,data:cwvHxhCZ6Wk=,iv:LVklzE2DY5JZH5QTd73f6HERrUVH6+Ee/r+Mo2lVe+8=,tag:yUYF8a25KjUabvOO1nWp8g==,type:str]
            SRCDS_PW: ENC[AES256_GCM,data:IxgvQ+tj5Ss=,iv:jYA07esoyKfUfc5fCllehoM+wkjVZOOaEu3g+xNp8tI=,tag:dsgr+UGU/dXuqliiBn8erw==,type:str]
 files:
    servercfg:
        sensitive: ENC[AES256_GCM,data:/2rGjA==,iv:0+CWB1FdaI7e95NlyjZ5sZs9U/7J5JYZx+WcFfj4CQM=,tag:lzO9Gmeoz38gsiYu9eLMsQ==,type:bool]
        entries:
            server.cfg:
                data: ENC[AES256_GCM,data:dZBrwvsHXMq5TEb4ctGWKuNQGmifv9ylgJ9ffwf08TglE5Rhxs6pzu+GApEG8wo4xm/rkZZ34bVViuXSiqmtELToj4zuk3mlApQeSgixEngKDYceZwxdsZwFYrE6T9P8x4JfL8S+DbupD+hMV8qRVeceAcaXBm9Y/ZgD8yCt5r4YCrlgWcvEnG6PyG4SAsS5M18VpB25Qhb9JaVYj/MiwkgX1500igFDHlWdFEfvRPBQYQ2kEZsK/aSB1PvEnlflhFgOKnqW1aGWHQdJ3u9PhWh4LLM2j7hydb6sGLlDg2hiDw7qVUbI2taRhzjTYCPnumvpsGoscCQKJE3n8wQ5qcfbB0WBhjnrHWWEXOPNFS3coFpHEXV4A73drairYSoZIQIvsgiyB1Fo4tqbkFUOYrUpCn9a4+rvOgmdr88i7V4U9FwckQ0KUYSHT6UjiAUHwTm2/SqLGEZPq7RX+asU6vRPrPYu4VMzFOOy6//Z9sfEcEGEE4AXBrintJ07HxBsLi2C8twWUuMyu9CJIBl/p0Fijsbxvz0jXBvnPbsH4BkBk66Dp/9tkiZPjh15OCBB7TtPTDnYuLCXJUN1DwpC+HEEpbgD5phTsuBeMPJ+8zv9U46P8y/OYweXfD8w0O/rWUyw+ocohBjkYvMBr3UDzPmNr1p5AGFqhbNOZJPxQ3ciEv/J3GZZn5iq88Kj0Vo4TM8lmPHAZVqCqDW4aUsnCCqJQ7GkPpNz6IS60l+JXNSBPtL+80serwNXwBccgpyB9fFRixLdGAbGcG847/g0q3Rk3IDkipzYyIiZX2lR5+0ov8WkZUXAUHpqFAEu0rZpFuc3HtuozVqjw4Mibrd2WjaSa6O3zVwvMrdUVXyLLzSIp8TH2GvdbH1VcKj+AhMzK7r01IllNaumA6BAH/RKh6XWOwyrlL0fGZloaQYcD1vz7krMjXwe0DXsWr0srHbr9yqTY6508jI7YUI9byvYsjfe4DxJJkiZo4LHDSaXnvZLKePcRFaipNgZWxGwCkaH/OW72ySM0zleuAhsAygFl6fgL48onv6M+S0jx5QAr8KG593XyLiCoh7afHCBZ1j+EiQ7AHW9e4MDsR7COjHUe2AHSNyGMCwoR43sY4c6vBtpoZHBKoevJEpLICsbAjkVB5yYkxzDR9u7+wmXzMS8109hViF2YtXeQ9/H+h1/eGohUvHeu2PWFQmW16NCCzPt8ZJASagmAOz1nSUz+owCva5UOahPm9VRckUYriRfcLazrC0IyrBJyNLDiXkvD7iXWVuUm2VwdPXefhlrIn0ZungssiyalxZHkEUAGDbc7CBLmwiB5fEDDaTokVpPZnJOx57mdMADcxA6+qKW4Ooi4IbFHsuxFMYGpXD3csmSFDc8Nmbau+RATz5NsjiDBmyGRGpSFG/79awjeihQHBL65jyKP3zrLUJHDeP+0Inkk/XXKNmVw+YNSvpNu+ga4PANkOZFk9fhrZg+sD2HOHzKIwXxihyZHIHDMUzv1a1jLKpTACa1i+0mdih/rtbNg8D/5uIpAuSUMZo=,iv:yakHdGa4RzyPeDfbiCZoGTFhnFgxCNcdwUtP1dsGhms=,tag:MyOtEHAfPDmlinQwS8JNQw==,type:str]
    motd:
        sensitive: ENC[AES256_GCM,data:t5cbqiE=,iv:WwHSfvG5eQURQTVP2KQ9OFvCKw9vqtlzZbEmn/lv+cg=,tag:OuPlOUptQOChYcC1Ept3PA==,type:bool]
        enabled: ENC[AES256_GCM,data:4EEw/Q==,iv:cv3ixxGCCn3bLd5RR36ZhdDp1F3s03YIAjmyuDZenkE=,tag:wQi2l6GUI9OklirAlY1gaw==,type:bool]
        entries:
            motd.txt:
                data: ENC[AES256_GCM,data:4zcQEGgc/wIkrJnYBw+ZxkNb7Prnch1zFiMOR0lDDR6/raeY4/e1lEeKGot1ZB98RXzohvZirHCPeQ==,iv:uvIW4dLDP3zWyOTSCIN/hb0GIHtIAEYy97dhCp6Y+b8=,tag:vS7/CXWK5SQu4IjLOXDuGQ==,type:str]
    maps:
        sensitive: ENC[AES256_GCM,data:7WsG5R0=,iv:HdTgsE4DhX0knJYdXbQ2T9Q21YucYwVM4DrcAhiFyK0=,tag:LqVuR20023UEa1V4AE0LWA==,type:bool]
        enabled: ENC[AES256_GCM,data:JPpi+A==,iv:chn+v7RCtEJ+MfEAu66OHc1Nbl6nU3GS+ieTmT7G7dA=,tag:/7tBL/TIPDGvxObE2rAvvQ==,type:bool]
        entries:
            pl_maps.txt:
                data: ENC[AES256_GCM,data:WN/YFxdUy4/WYYrzywYYpMA7EEVPlb95Hz+asvV1myFzAJJ2ew27s8D5nIcg0S9eZyyvzTV2qoI3fkXYR5e9F7ItVAuEgZIT7rKLFczr2m1K5r8by8fH+oHvCxmfbK6WuqY9mDwdYZEYn1iBpOyfb+qvEEr2g6rjNYESnpu0Bf25EHWZq2L84qaoYjLDa4m0BBMlvy9xdKl0fOrqHAPQR4hzCMSRdSLRbKBMLhNybhzytgbWV+1sw+oyNs4iEmAayz+AglHgHketzDSXEwEVMA/zfFqv22lBpPjSzmm/QRdIjXI6i77u2W+mNn+OZ/6m16QEKBHM4EdMoJE96Eu8cC3KnrdYvwyqoiz5t9HcaL6ucp9Sbqq0tvfp8U1X3gEo093yonxtcXIy79/PBJAboo8frzg6mMqntYgNEigsrk73dL754Qgs7b9bHRA2DpWqin8LF4lS4zMKiREFGaQb1fGlNVgpM5ES3TEQ4JyhnVTQHXjnr97On+ebri0u5YOxYoyTpiXEdNwM3lxlb1mEiEFr8k1h67yixrFFZOcM9XUGnQBpYdwXY+bWpwgtulTRKI/iVGaof4uKsaZvkOZGkESR1IOZHlm4NOdshGP1etnprBMTozsrnA3/R2Z/JWVISRlAdgwLDuNawgY2GKn9Bbe3nWU+a8FwifTpKnIk/AB9BwZE4dSvpz7GqY80BVtG7PHj4RiKY8nDO4e1y3wZO7yCPXW4wum6dsmtcR2m2MB+lCDUEbFKLIiuCu2YDo6yvDs2FOF4ht+WmfZnQZmSPa1e1In8IKMbpUvyXp+odVjHqgdGBVv1+M+4VDIHE0Xb4HTm5bpn6/cGi5xQQQtj,iv:+PG9OEQKYZE8dcWtdtXZ6qhsr1P3iTB8XqLVtqHqDgY=,tag:cU1TNcFmarl0e/JtLYPNpg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcXNQRjZCQUpka0RFYXNm
            RVRsQU0wWFBKQXpMcGIwZnEwUFJoUkdWL1RJCjhoWTBjSEdwUktINm5XcFQ0TFZ6
            QmxIN0Z1c3hiVGFhNWRwVHRmWUlNR00KLS0tIERJemJTNENXM29xb2d3cVRkRzRZ
            Zkg5QUhtM3lLeWZGbCt5WldXRVljemsKT4DIMJfAVRpedIcjUoA1QWz0AoWcwM3T
            GEoeTRyzxM/913pQ2TzVfl99ilg+AXJddr/P5Av9NebU5SBRRL0/AA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-12-07T15:50:40Z"
    mac: ENC[AES256_GCM,data:aaQG5T1nOmp8uaC0UDfXRNOsxRc+5D3ctQ1rU3GL3Tzm+xdRNgGI0JNPoihZv3/lkZACGWJe68/y6aEGw14AMMzEjVVw0tvuHdvkVblSBkE9guvkrCzv7uDvbei5Miy0vBpdmTN0AeiQ52l/OYa5Dkb6MhDDDyd6X89dxtAq+P8=,iv:KnDue0Qv/tjNapFeZ91drHi+shXvWjTQJd45mpHPxUI=,tag:ntmZ8u3qCwbjPygLv3PAZw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/values/badhouseplants/secrets.velero.yaml
+++ b/values/badhouseplants/secrets.velero.yaml
@ -1,8 +1,9 @@
 credentials:
-  useSecret: ENC[AES256_GCM,data:0MmoGA==,iv:5JH+WACPOYjYX5zd7HSRILMf2fnzYVTV3CrRQmnzS3Q=,tag:LimgSe1UfQOGLxzT4FMC6g==,type:bool]
+    useSecret: ENC[AES256_GCM,data:7gOgTQ==,iv:Wiutik5u1CZ3jkI5lL4JLwvKDQrjNPSfmnyet7SBVzo=,tag:SYm+fm393zhqNMKejQfYKw==,type:bool]
-  name: ENC[AES256_GCM,data:AFewGIKXXnGErcA5KUN6,iv:vbICaeY0dB+pwKPjKgHNUWVTc1dMsjQIWaHCkTEzQm8=,tag:eHbWbam4BPnhZQRNoz7KRQ==,type:str]
+    name: ENC[AES256_GCM,data:NKs3qbFPKGIhXI7lzGTq,iv:MWumBc7eHro/P1oLZxQArvfoWmdJN+S0d/Qxb+ohI9E=,tag:pxJQzB82Us+UflGc271wGg==,type:str]
    secretContents:
-    data: ENC[AES256_GCM,data:uKF7+MPKh2vRGOxVHk9O3e5gjaV7/6RgJXa018pARGM2a5KknPTwgbRr0iatG2losd/vtmcFXDb1QJ6HFoktPd+UYqmlvRz64P8i6R6mmgiR9WI=,iv:kuG1X+1siz1X7DvzaJw6z8jJHxN5ZOvmCOqmkklMI1o=,tag:9DcebfcVD12tFGeKFNAYyQ==,type:str]
+        hetzner: ENC[AES256_GCM,data:tlumlKIfwugQj5Dj8Lu9HuEcKRv8v/JhTTz4oOvRavxmeBIGElfn/MyWbK68pagfDatyKsrYjqPTutYykJWVOWdHFOCIXunnI8vkDbzpxAH0BqyZQrek3s4mkTOPJkjfW6V1MNr5AvWMYLwptcIp2Q==,iv:E3jBlMgIXzuLCNVxEBlTiiVpLCdEolJuv96bSYamwLI=,tag:4zkhZUu+on0K1zF4/8tiWQ==,type:str]
        etersoft: ENC[AES256_GCM,data:/kQ9eCnHIfDSzHxy2tbVgwe7C0cF+l5LaKCgksodxUJgxTQs2pJHyx4cluoW62RwOQKHxMCy3IaqphD2zZOIVKbR0q3xVmBoxcBxrKE5UIlSxbQ=,iv:YcJF8OMiFMz147c8lXVU+ccjq1okYnHiwUvJLmJHi20=,tag:hnwtfAkBCpZUy4TEGtMOOw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -12,14 +13,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUnBqKzNmWDlDUVRwN0xL
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiaW9NQVR6OGtLV3ZqMThn
-        Nm0vcG05YjI1SCs5VURiNGhUZWlPSStrNkZZCkxtU2g5WGRYdUNzeHNrazdHbVdi
+            bWsrcGZKNVk1cXB2aDc5RnRNbTMwZVoyRERVCnEyQ2tFSlZmTnhRdGQxNW1BVGNs
-        eDB2ZVhVSkxhRzhFNHJTYURjM0ZhWXMKLS0tIG5RQk8wZWNYTExKYW9LS1ZFV0Qz
+            QzBjM2tXWnhQYTBaR1pUZnUzMWpYTmMKLS0tIGQ1emdDNlVGdzNWRlRQcU5xSWxB
-        cGZ0c1hRalE4TXVQeWRLcDBFVkVsamMKhe9OHXaRCCHOq08gh4ynqTC0gfzVM3tP
+            bWdPdVF3RjU0Z0RQWXZWVUVocVBTeWsKogQ3kmwrShfBOwMC+JHNiavRHryv+WNY
-        +uXTkCrC4BLhm2f3xhfBwSeAQuF3eufHFC93mE1/dhz2eA91ltRZjQ==
+            dkUkONkUH5HEWN/6M7bsMMqjkH0D/upD5UXOXr4fiibcM/w+XI/BpA==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-14T08:08:22Z"
+    lastmodified: "2024-12-16T14:51:45Z"
-  mac: ENC[AES256_GCM,data:pcI5iUhUvs2gkZe+dh/BBqoKazRLG0JLfPdFwLRM6iM0Koi/TaRuETYhK+/U3UsMr/zLten8jhBpXR+6YwX359VFqKhBitBaTVcqXmMf9mEBArPtGQAql3HbnnCAt8vkW1sswc3MfWSS4MQAp5w6W+CxxAblWHQxsYWMS+VOAJw=,iv:VI5FZuAYqsNnUboGEu9dkVjzu9w1wEA/UX+nqDqFSlg=,tag:2XtEEud3+ykIq55/m2jMqg==,type:str]
+    mac: ENC[AES256_GCM,data:65vGxoFLwH9WpxvqKYi1FEb8DhRWpq4K5cTjfqQEXDxbzKDk/RjTtHpFZ2iLnAOcL2ECvL+JU9yPeM7fS06nTW/TC/oP3yNGfyJp84IWNzrBVBE8HCTaXthxcRSIbGwvdCihViT4gZU7VkMaDt1WnEesjq/KQqcK/TSpCxhSyjI=,iv:HPfV3MRyeilrAFprdsLT6H//V74YzRiGM8O7TmU/g5c=,tag:tQHA6JW5ELAUXzIlJdLYFA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.2
--- a/values/badhouseplants/secrets.zot.yaml
+++ b/values/badhouseplants/secrets.zot.yaml
@ -1,8 +1,8 @@
 configFiles:
-  config.json: ENC[AES256_GCM,data:/fAmvOe5kzboNsk/qhDrQ+wutaK1YE2W44MspKTwtOCVQLggGInfTCzlvTCgJibpeSXh7T8KF1IbIzG/pvIAB5zbXL/GxycU35iwhEC4llayb5aNovGmI5WdyhoRh7ldX0aSD6msKtvU1L5G9eTV0IZ9e2Td1/6CRnFr1a6DruFzPyIv+RLWaFUmTZzWbnFHM3zOvNFQ6Hr9L/niLIKvdhiTRzaqglfFgbNJzNfFQCKph3Y9P8K8YFtKST0G++xjI0GePhJdquQ4iwilq6Z9Khed9F+DpH/5k+wCBnPdt/Oto5mKc3d+XFMNznx3taKsVfR43hVdc6Z4qdu0YnHdHH5y++eI7MD0dVJPSl0QdkSN8yIcxj0VIoSFejhlwjQeZ47ySIDtNenkL75VCeZhPbahfwPIiIUDaLe2Gn6KFMDa7Q6VDi0atr3Lh6h2BYDrzf1wVEQhZFSChdS89T5okm7vUTMPIjFc43ag0uPjN3qLdHBRniMHzOIUnue/5h6ok9IkTD7veGpYkbPvQFWYJsl2sEDJ+lTlTc5t6QRFoL01J23YkzoIz9nRwe3h8SX+0VYsXXsS27OHlfY6laP++GPvdpTmAhTsmvDIyjMSUv1WpzETnaxm8Ym2MB/9rJloIpGhgsdLN2MxOrAaYMMJZeiQJZxnEWiKTl9moB0BtHM7Bs7/NeSU84yO9QZRvGoGWi0A0Hh9VbdPkpgMQbyL6wpCrQQ5msPTXef3K9MetiMLXbORrFyVE9BuxrGXVzF0d7DQOUiYzqSltW5Bf1eZ9uDrcHI1y3Hmn8Uh2Ga+ua2K5qT+XLjyybDwd4IlAUtaTnxcFBXALwuSrb6JYJZqeHZ7oxEfTMHDYcWviJA6xII1TzGRN8uJVKp14yTAcR3yVa/UcSOXdI7kBimS5oZPzUeE7KJeFZwcJiJdmsWEq3MExeJQ2o6ffdVdrR2AVH/VhYNJNG/Mrq3Vc+9WVQNQxapR6vapNx7FjQlFeDP5+YLzAzwCjgQcAi2i2gDqCIypfKJLFAJQidTEy10AG6Jx6hvUiQJfupazBvt2n/Snuyh/BQmdoIWYWlFhTspXMXrYAl9wV6a7H4QPa7Ijza+hZSpOa+vclfHXrBEIBo/KPt+k1Ly9sZZR1DFnVsR4BSxdTAvnLgJlr/qrgIw8j30Tczj5QOAjUNF3UeOVycODGoPlW+8jm96IaL+Ez3tTxDSFPR45BywVK06MRqKF4lL+h2nNOebTQDkQqVBglXOuXZrKA2UdKRFA/GaoGUjAaOGvG1ARpmU4oujECEaTkiCa1naCMs9Jx2PvKdHwPR97QE7nXrsgv7YhnYGKKfrgZRBz0v7259ZtZ9zShr0tOI8psVA6GRgg5Ly9Wz7j761get+VFCK6toOW3VQ1wBfEr++CfhvFfoWPQszfvjAqESvXcW16ScliWm4FoNm2XqtQi/q/R84sXSDNZq0dpauZEL70kuOGU4xSFNZQQSQ9AGDjv1wJYZuGp9T6M/GWUlplQaEj72DwZxDK7l5EWGa2FI/NZzUi/KxGI6c1YSR4bZQ02uOgDRHd679NnXUwsGyZ+kbwhvgOEQLIYzCJhtjvz7/l8weHkVn0MDm0Jnn4nk09FH4xkULr3kH/+eknSTVI1HB72GlOSnAR1v4dJfxzNRmRCmfqlPNS2PYWBjhRf5HbqdCAHhb2BYkijDS2JQlCW+0Yxdlem+7ScLCapidg5B5riP59NqVa+ZNoB34bw6rFCj4Pg165BMPezG8j1OYe8I133/zAuaQg4HwSY0O1M5O7xU3W2SftbBh0T0C23e/7aARvx+FFWXD0WtK1IaSmeXiJo/SclgQa+KkVd5JRB3GYvDwsP7Eens9lX63F73mub56v6hCZ0p2+rm7DVn2U/zUHTKmoy0YMkAU4Sg2aR1Gy9ZenX9Qkja3Tvw539GtvI9XYbHFgajuDnvmDOcq2+QKVHJtHk3rQ/h8ShB6KgzmIiQp7FW3otvwWN2WS7yXYNwJtQy2hf5fbQwnd/fO54vS/xQ0XiEJeOrjpVImAbJJDoy1YlP/tzVZj2SOHkuKw12m0Zvk78Oj0fPwx0SwRLe2GFkmBS+WJhPNp2y6lWJpVPxBt5DRhZGuwsJQxx/5vhVZpJQGGt7ojo31++IZYtG7GkcnyMPJvBJSgAZ7LpAsqIZHwWFpL+1kjcHcmQ0O0goNL0JFNfWYUEH1z8SF1cFjFv57XnyWcNwepgia5o0JZSOwtDlbrfsYhrc9rvqk36xxXSnpiqUYHUNskOF2lUcPPJZZmLTJE4pXt0AA7itP69OtLo47qeP+5F3rN51X804LSzE5h5tUMG0+t4u0fR/+MiJhwj+C4iDJ0kYb7lkyIYFLrkJ7TB5eIPfECbwCIdpHI5ylBD/ZYVetJnCtd1pTNFuP8BBxS2yjq2/AzuGDYYG7Cn+AB9ISmVI285t+8wGmweArXNXmzkeiwFE915WnpsDHPYp8wEYfASWx2oDx+CbMQzAEM6vmaxM92BizZDb5cjRqSpZN3uzjG8SaCI6L6UOJaCu19YGRWNp3O3vetsV7YVaSFPjPaAMS2p9UWzJETPBXY+GA9LI94rwfhreRTCEAK0abxbUyqc9NRLcdGmM7i5gwD+zBu9hjPqDJWxwNnUP/Dt2qXcPK1qXvAdJRDSAm4724CtyuuDshukL/F/x+oB1PNNnqzUrszTSjuzx834x9DzRG+KBB94RRuePsWksEPr5i5LhImb8BLz7AD7GCl/OsgCWF4VrwlS4cPvvChnaWV6CyGMjwUXHu0xt0tNBjQYPVF8gB7sjDo1AwP3tvcP9bqIu1KpzXPlrs53NpOgoRdETSW+P3Eh3pu5/WfT1Q6iRvhDmcSKRmtdUB+cd8yodTbTSKl2Dd1CQ5qEVR8+GvlqdTo+f2vtB3LDx1Kn544KNSwS9GF60PJmsSDHJf1BEkewQIt/LWeJrerXY3N/QgNR4+hz4BkVumh6zRjQTjetuFWznZKZQG6gHaatQGPeffL9n8xfORruhQUPeSrnbyOr9+91LJ1K0pnfIMRByUM/VK04/zekenh88x/Aj1DfQ/ELQ1tOfZJgCUBy3ox5jttYqNsyU2NRhKx+KYd0U1PJVLf0PBPfjFTqCBjG5bL/zJnAxx4eUgC1nTlswuRqlnkhHHjUcSumPcFjgbwspd43mC3HkX40XcGtzw4iPC1bv3JwQyfXb7cOPHRXFw2YnXiBWtOMXtF/piMILb+EE4gxWVWxFKHxwQhhnOrzXnS1sQMbbBb5/0U0K0UGnZygKAfptkFHzgPg24lxQGl54x0EtvNCJFhumq/wbauhX5TczitO8okgiJaH6hWuSASzHVqVPc3M5DNDZ4iBkOOOn1UPVpd0UnN28sjVv7ogPwcjNGJ6mK9BYCyNP+64HlpyYFbtCCF4A6u/PCI8ZBPhcgnnLxvGEW9m73fFI+xUWxzVvsVKZX/JHuOGu8RwN25/WaRr6wnN9sLkbUpkoQFisGrT8w78EZIVVmo5DgawJR/XDi0FjUkf2Gmmmvl5JuGq+HDpnswF8uPNMoXWJlACmn4LKV2Zl/aaYxa6vBfjAGFADtpP9JJS62iJyZ/+uBhYpw0x/NfDLnqbcGWKAwYP5vmrPlbTRB8irIUErcVW2bm8geEstj0W4UnYsAW1LX1vn9fajDW8yHPyI+3ejvAL39mAQ7csSqfI5uTEJGWDSJ3r9BYKydE/lvfKH+Pqfd/QEVD8Y5wSnfG3P0GlYYd2nEgAaM07ziPZ3BrA/+sAYF3o6+m+JXVKDW0vNqHymS1E6gdsur03vPFnIrolMwlOFq7DUdBf138r+fcBL9kqQVKpcLsRsFsduKeqC/pZwB79hKXp5kaR/S12jCTD9gGNhxS+xiRafpBF9kYoy6P2R6sHk4c+3k8iBEJr1iPsPvfPWMOrLJuP972tpmvYgi3llEJZp9usblT3Dr8CiTh1/DmHn7qAg==,iv:Ly38JP1MKsdms6UotTYCUCHDzTpc0LHNcU1rz4opPc0=,tag:9o6NALA1c/gAbnLcWlysAg==,type:str]
+    config.json: ENC[AES256_GCM,data:AmfyqvKW4RhxD3mbFNP9Qt6oKzvpPY78ysCwCDoQAHW2exl9p7JtQh/8M66HyE5dogTyKYfl5cpKrgafWu7ndfN6gCF6puHPC5uELFmJLpla/hrhivpBBjcSj5n4Nc3mgJVSndJvyvkOa4c8N7NInr41LDh+Ndv6kbEelyTOQw9gng5eeI/jSzYX6y3Zrt7oc+5FBbOABihBbz8Yfxww1QHnY6YDyuoSVrjf9Z3kQKxW4sJRviBNJGE+OCWB9oJ3RQ2RecamlX0XkmZyuqDCXU52OAIm8c5qDVd6QJR2so5wvrN0o2OWC8BMKLDWLw/TLO4AS9K4OWoJUlOGE2z3qxUG8moMxzHw2rCzBq1rMJaeho0/CZGiVPQWWzoruRurVCQoLXt6L5+oQSQj4ibpeJkP/Wnq3inT0EzEr41uas8kj7DdEJ+pKKy5tUdJXm5CRQfgFB8QdSbq/VE0alrsZ43iYNCj+CKWwnjPJ4ZGQJkNQKpRaBqrhnaGpuRDbJASSffSksrRxCunv1O2aqzY/gyrRieTU11SpCnQZ4ll/mhW6lhyuvLb741rV6vAHzaRnranhzLBECVIo/dy84tqNZ5OXUdXHBPRMzr+UX+2GdvcfGgzfaAJIeMul5Nl+nQAS/PmQOfejNTBGNQKKbz/i0+Mv/AwJvdpWA2laYjABPubFVM4671LPjVhEcFRsjnfYWs2MY43woTXVrjKZFghH5h4frwFAs/OhsYcPR0bOHMhF8brQgPHCsPWp5NhyhwRq7310krGyca1xdBvj+2oZHOohIvXk6hEHO7MFTOrn9iAeiGOnCn22GQZaK7EE2aKMleMJwfIo2Dyy6X+s007K+3Jjbt4yvUruB7hHkcVYyfHUABJLbkXPNUJ7xLgbcRXIaHJHlZ11prhBp2UDUgw9oSt/1kUHI2ZU46AfglWlGyd4xd4SgGmhs4R++P/O6GviVJXbIDGEA7UA5h6hlMNx3vuKRnjRl4OpSZbWQZh23dK1Kh1E5hV8TqbaPI8Wv7mvGd5QVRWMhwJp5dW004waifhrZNlZm4xEld1GFupK+ForBX0QLkk8juD1GBuYbawO8YTKDg5xlAKQtlVUmEPvVsAiGArYuPWuN34OqazWLvzXM1UFK9sztEPHwXgA+sOitOAOjEBfnFY0tYe6m3xrnHRNqLV2L1YK1F1V6g/+j60YHc3lofw87KpaaVJD7xF+HR9Ly2VskOmu2KTVD+j/ZIJWjGw96Asf0K5mKzBkyFGaFFYNpeHw9A3cGVYCYy7S9bFMVlPhoCJzAY4fyTw9GtpYKrXzL/u6hSOa0FRW5uvfvbCcK0spfT/CqFHkeRhNxleCvAkONZUfdKWdwvySUuRlV8rZfLOHX6IgosepvyH0WVaJpp6GBD1jyricfvp3eLocEY9Ih2eTB3j6IML10qMItdWv377B4Jnch/e3enNruivvptxAvq+rseiN+IHA/m6+xB9ZNmhIphTCfLyn1/pNb4uLfcMCldKqjzaIkAWcO+BhHJWLWvbms40uWsQ5tzdaZRcmvKonPGSKiOfouCOKZvos7uVmyTsXDFZu/2JweYu7DqrrxcJ4+dVzwcPA+FXI7DSV08n2DyOAMY8KjWkCw4pXIrT4BRCXjZaJbU5YE/25P/u9o3wjyv0+MICiGKGnNj869VG58CHjx+cjQegAAxC6XAk7egCXkRGZMJS0vnIlIAU7bDf6fYsTiOZ5BUtnjflFOA+z0apdzDjtA3aMdhzYjNmk2kLMo5w5h8k3k/GJKJFes/FiGJGQInaYizJDU1NewKZbm9kMNZsjUCVJG9aH2gXTngfRBGhgYAZG3ENBHR0wexsbBu8YpSzHduyzvrhvIlYFkdHVL4Pj6kdBeqA6FMWb9pVbIMlqW8tJeo+6TgBWUR9mWzEtGcUVpm9VxHorE9A7ten40ZR1nOpIDv4549LbxsqCrX3+VMUgVl/8eVj0iLCsKvThhuCRWB9gUfNBlHw4bxvteXMLiqhiuHY4X+8y9N9IlJKLtW6Pf2SedvrPNuTbJvPBog5YaKN63au7q6MNQZdAWhkKgcpgSwPwT4bK/uTsvrk0VAChThsMYUvgGY9NnN0qLlgZzQspFAhnBbnM3kCMjV8zgw8sPh3m8jfei+Hxz3CVF2gFGgcgG259hNjORZDqTXRiRZkVc/TtFXJKsPCuOK1ieGc4m+yqPUMp58tjL09tfAO3jmS4FY/FW4YohLPgtlvs+IFsJ+gh2VHGNNDuHUMwjRsBG/Mg9Ayz37jEphtRbE5Z09BN2b9v9aqzVrmMPW5N1DcaF5+aO8qqumUg3GC1dP7meybanfSF0qGtPH9VE8upqFqUWmaNDlPgPZ6KNwEDJyiAdRtnb2CA9B9ejM1A3BizjzcXMK/nTOs2+b79lmpXs0ziesNvDHuB3hyW8JePmmgBQF0GWx1lPNErBLYCeGKINSpUXn87OE7egKNlhjIEm//GqmPFA565uVkyhFgx/k0yw1FKLFP9M2ToJGScwV/wfIRXtcPioZ92uvrchKK2b756SDNIIR624jeHZioYmXvQMeG+S4vRPFz/QXKKdQ2OVaLhhWz3nocv9FivKb4rGRLm9FxcuGsY6DsiAjyYKkXIfcT/qXgMOnyj1BHBReFcrDHWb8CwMNSJ/tOewmToyIbe/lwbDUB5fOKO11tiXmLvaoSIJDU6k3Ls5z+A3IY/7wQbfwQb7Dnd+4w414ajfdJDJ7SqlBpTCjlrhJzmUXsqd14mlgmcmPBu4I9x8/kiYaIzHXUh3vS9URX2+3ifoXJm+KaiPTiGPJQIhoEH1kDFGm3PTxeFizgqlmQd3nPSDSUDaeE1fg3H2fn4/QxCJYTK2MZhTl52aswDwa8UWiv1zfCmtVLW2/MasVyjcPxu1PfCdGF59VKUQHQg1QJKSCYZ2tZmd+JiRLVSyXoUtyqJ5V4u4lSzhaUv+8ApaHRCVOEh5HwPtaDYVLrdcigxKmiMiqCAGdYEpPD6pn1N+KKCSQx/nhUTRBQ+4CEIEJBz7Yv+LLgkWD0T8tZb9pTAjt8MLNzeglomsAPX/LRkxgXbLUIvlcTH0jvDMPmvLCshzDvtckIzOj4bFdxVEdLo0JA8URFp3oP5pTqZGJXR4fx4Kgl/cXJwyX43VttNDPyc96KIBF33oy8c+z17OyQplcoFzFBpvaqA0cvmcl2BBtI1On4jYsx0VSbqKyOU4JawLcLcAOOTjYyYAC2iGxnn8gSoZF1DK83G/GRF1y23XDeoWSl9WMVgOiK35od3ZRjeaH/5Rq0Nq54bbJE4sN4DyjFJXkDbP10Rj3/BZp88AlFMCZk+9O2bUCbTzyqP9YO9QrgsnWxnms92BRXu/KBL+G9Ya3MH8DOMjXuFkuhN47PeZpMohW9ECVx1jHuC4eIpihh0oZKVBd2mULx48pYIHf8Fp2Ab4fafqUD7Tka4pN9apcZo/u04z5DW9q2S3T+c4G+r4O0y0R1GLDcTvTzVRxyzm2D1t87C9tZ1X3uPkQlechr86l5I4ylNghutX5wPlFSwjxKMy+ZUd09cKKDeG1GMvf5dXmhY4dvxxynFue1Ykq+ymLETogIdn7MZigUs0hjd2QgaQ5H/uarpjb8apovRPqyXUgfGQ06JjZcSCVLTuBeGahi1mI/WR2eM399idK5arUYhmjBIINVu2Wm47tgKiwYYJYdoV3MwbbNudMZDr4MP8HK+TTHmf03CXQId9htKOgJDosnNMiB+QcGGPaV2W5hv4bQ/QwGeFE7ZR+4h4NnrezE1OGfiqLYnCGZcmUl5G8WjMj5DW0nyQ5gHJwS1kitwxYzFwwKPYUv7Y5Sq182HdQ7Ox8wP74XAjlW+1ha5+tcJymNe8H9viPU/Z1QipmuZTgpNop/tLH6gc0qNkTlT2qpM0EY81lqQAB4j3IB9AFk91x+gOBszTXp/w+T1ZgfJ9+btxQnK03EqAPaI6G1n1ifpRg=,iv:O08z9Dz3ywRjsFu3Uu22+87/ZoElw0hmvsYPKYaBFuY=,tag:ph4Zi+Br9cdGIlldKw4TGg==,type:str]
 secretFiles:
-  htpasswd: ENC[AES256_GCM,data:ypD56yI24fQKQpnjVwI8gdU5CrVhXiCGADUfNuv4a0pQ1LoRgPAHQRdzo5lnUd3qYt6EMytVzREr8UNMuYMOgVqLagcMWysC2oGYSc4x+DiBxmNgvfFmOEW8o/CF4qou7ev2SArKuMyuRX90qzkiMp8o3le6eLwbshL/74GNbjwxeKIgq0cx5Q==,iv:nRs/PJSjiE9VBjhzXuWLSPIX0oyJXyexRAyxI9Ex6AY=,tag:MMoAZP9VUO1k3Uzmo/FQAQ==,type:str]
+    htpasswd: ENC[AES256_GCM,data:qdx8p+CfYhStN+gKUI5Zt5KD5R0AfZQUiERw+SVXgp7+zxYbcj/ZcdKgxLi06U2HJs1QTNdoTx5eDW5QY0CNUMxKdoGM7JSZwr0dckRAT3xGKyMUbzz4CTdi5UOSRX3EtI8F65tCDLWlneFWrWRzGgIOq6gNQV0TqGyzNfQClZ470AanPcpWFg==,iv:vZJF925Zq7xPsV9OLOF5eSMqNwtCc7FNfWNV/AQFdjQ=,tag:P/IezO7b4vYKA82OJUusVw==,type:str]
-authHeader: ENC[AES256_GCM,data:Xgix86b5wpqxLN8q/NecVtJ+cpRyYqdxNpFWTz+/yS49gmAzzVBgA56QqZDUKdkw,iv:5HcLyVlmSV6gG74xfewjEFxnqCQuYoiQslqL9gDxFhQ=,tag:R9y3LwvizL9snTXcBaUZ3Q==,type:str]
+authHeader: ENC[AES256_GCM,data:pa9BRXRwPJHQyD0vzQjkgKu8YCbQwFAFgz3swq+Ofl12r5t5JFfKkU35zEKb7wJq,iv:xL2e/6sFxO4/FZRDsBxgzNujsLnIXO4LeEHsscjMIXk=,tag:oeb368hj+PWh9y4pLN2mNg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -12,14 +12,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYRHQ3OWNzYm5uWE51ZExY
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QkNnYjFxN0xVVUFHOEJB
-        ZU5tWHVnVlFiQS84TXovNllza25GUTdramxvCkwycHR6RXZUSUtZVjZSclJHWlht
+            NnZicWVWOTg1Z1hGSmNjQU43RG9PNTR5Y2lnCmJLOTQvQndxN1dKV3pyZWdKOFpo
-        bXcrOS8wREtla3p0eHBqZFVUdERtU00KLS0tIHNHenRiLzBwQzBOeEpCSWlPVVRi
+            V0ZZbjRhK0tIaXVERnBFSFpybUEvNWsKLS0tIEY3d25aTlNCaVpxUCtkdGduN056
-        bGRLRkphQnlHeWlPRysxS1JhSmpqd3MKOTrVSZCfw43CTmkUjZ94xHTGRDpdIOCC
+            VFRWdXhMYmd6am9aTXNUYXRaWllpYncKxYAq1sg0mAvAjX7mfekZOcR9y9e5gSF1
-        turoYL+HZAeT81pI6cE4V6id7ep5kjJOVbXY3sLJ1nBNrYw5dscxpQ==
+            L74UaXFN/OeQwzqlA0W+EuBeMvj5Xrp7ENconJ0P3ecAFa/t8VujPg==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-14T08:08:22Z"
+    lastmodified: "2025-02-12T16:13:40Z"
-  mac: ENC[AES256_GCM,data:UmIKltGrKM5geOIDHAykozPUKeW5fm0rIAb4TO8DZlhx2HA9esT+pWPQRKp8IiS1HogcXdoKT8wJisCZtlJ8xLDyl8dJZitsJ+DQI85QqsxaGzMhK1VnLwIja27MnzapNXplBdZ7wFRON09poY9lfN00QIE8UPqEpHy4aT+OLCE=,iv:m7ao4dl1qfj/FPIBrSaLeWbrJO4t7ssm6ssoYuFzm3g=,tag:cGMrLk99Ac3hFYn6VDytdw==,type:str]
+    mac: ENC[AES256_GCM,data:N6uiTszn+I+L2HmWDLG9/h1sttQQltvfM/7Lq3tdRei6fn6Erog6u8IKbr0guRe/sJdt0SMB0xE9gB46Ldwyv7U+Ut5gMSxrxz7FEZSBeH5ZKegGvmkPIqafwL8frZqwlR/3Kmbegs9yAM9VEZ/qcprx2M4gpffiKTATxbm0rI4=,iv:8OMSYrUxcOeuVnbOXoPgs42QPTXLOICnLvXuSbQBz6k=,tag:QPqwsHn1ktM9O2rsohMIIA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.4
--- a/values/badhouseplants/values.external-dns.yaml
+++ b/values/badhouseplants/values.external-dns.yaml
@ -1,4 +1,15 @@
 provider:
  name: cloudflare
-domainFilter:
+domainFilters:
  - badhouseplants.net
 excludeDomains:
  - ru.badhouseplants.net
 policy: sync
 txtOwnerId: badhp
 txtPrefix: badhp-ext-dns-
 logFormat: json
 logLevel: info
 sources:
  - service
  - ingress
  - crd
--- a/values/badhouseplants/values.gitea.yaml
+++ b/values/badhouseplants/values.gitea.yaml
@ -40,16 +40,15 @@ replicaCount: 1
 clusterDomain: cluster.local
 resources:
  limits:
    cpu: 512m
    memory: 1024Mi
  requests:
    cpu: 512m
-    memory: 256Mi
+    memory: 1024Mi
 persistence:
  enabled: true
  size: 15Gi
  accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
 # ------------------------------------------
 # -- Main Gitea settings
 # ------------------------------------------
--- a/values/badhouseplants/values.local-path-provisioner.yaml
+++ b/values/badhouseplants/values.local-path-provisioner.yaml
@ -0,0 +1,6 @@
 storageClass:
  create: true
  defaultClass: false
  defaultVolumeType: local
  reclaimPolicy: Delete
  volumeBindingMode: Immediate
--- a/values/badhouseplants/values.loki.yaml
+++ b/values/badhouseplants/values.loki.yaml
@ -63,6 +63,10 @@ distributor:
  replicas: 0
 compactor:
  replicas: 0
 gateway:
  replicas: 1
  affinity:
    podAntiAffinity: ~
 indexGateway:
  replicas: 0
 bloomCompactor:
--- a/values/badhouseplants/values.memos.yaml
+++ b/values/badhouseplants/values.memos.yaml
@ -0,0 +1,26 @@
 shortcuts:
  hostname: notes.badhouseplants.net
 ext-database:
  enabled: true
  name: memos-postgres16
  instance: postgres16
  credentials:
    MEMOS_DRIVER: postgres
    MEMOS_DSN: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
 workload:
  containers:
    memos:
      envFrom:
        - main
        - secretRef:
            name: memos-postgres16-creds
 ingress:
  main:
    annotations:
      kubernetes.io/ingress.class: traefik
      kubernetes.io/tls-acme: "true"
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
--- a/values/badhouseplants/values.minio.yaml
+++ b/values/badhouseplants/values.minio.yaml
@ -1,22 +1,3 @@
 # ------------------------------------------
 # -- Istio extenstion. Just because I'm
 # --  not using ingress nginx
 # ------------------------------------------
 istio:
  enabled: true
  istio:
    - name: minio-http
      gateway: istio-system/badhouseplants-net
      kind: http
      hostname: minio.badhouseplants.net
      service: minio-console
      port: 9001
    - name: s3-http
      gateway: istio-system/badhouseplants-net
      kind: http
      hostname: s3.badhouseplants.net
      service: minio
      port: 9000
 ingress:
  enabled: true
  ingressClassName: ~
@ -119,6 +100,10 @@ buckets:
    policy: false
    purge: false
    versioning: false
  - name: stalwart
    policy: false
    purge: false
    versioning: false
 metrics:
  serviceMonitor:
    enabled: false
@ -197,3 +182,10 @@ policies:
          - 'arn:aws:s3:::states/*'
        actions:
          - 's3:*'
  - name: stalwart
    statements:
      - resources:
          - 'arn:aws:s3:::stalwart'
          - 'arn:aws:s3:::stalwart/*'
        actions:
          - 's3:*'
--- a/values/badhouseplants/values.namespaces.yaml
+++ b/values/badhouseplants/values.namespaces.yaml
@ -1,13 +1,17 @@
 namespaces:
  - name: kyverno
  - name: velero
  - name: observability
  - name: databases
  - name: istio-system
  - name: applications
    labels:
      istio-injection: disabled
  - name: platform
  - name: games
  - name: team-fortress-2
  - name: pipelines
  - name: public-xray
  - name: teleport-cluster
    labels:
-      pod-security.kubernetes.io/enforce: baseline
+      istio-injection: disabled
  - name: org-badhouseplants
--- a/values/badhouseplants/values.navidrome-private.yaml
+++ b/values/badhouseplants/values.navidrome-private.yaml
@ -0,0 +1,48 @@
 shortcuts:
  hostname: navidrome.badhouseplants.net
 ingress:
  main:
    annotations:
      kubernetes.io/ingress.class: traefik
      kubernetes.io/tls-acme: "true"
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 env:
  main:
    enabled: true
    sensitive: false
    remove: []
    data:
      ND_MUSICFOLDER: /app/music
      ND_DATAFOLDER: /app/data
      ND_LOGLEVEL: info
      ND_BASEURL: 'https://{{ .Values.shortcuts.hostname }}'
 files:
  rclone-config:
    enabled: true
    sensitive: true
    remove: []
    entries:
      rclone.conf:
        data: |
          [music-data]
          type = s3
          provider = Minio
          endpoint = s3.badhouseplants.net
          location_constraint = us-west-1
          access_key_id = allanger
          secret_access_key = fPN3Nv6yDWVnZ7V7eRZ
  rclone-script:
    enabled: true
    sensitive: false
    remove: []
    entries:
      rclone-script:
        data: |
          #!/usr/bin/sh
          while true; do
            rclone --config /app/rclone.conf sync -P music-data:/music /app/music
            sleep 10
          done
--- a/values/badhouseplants/values.navidrome.yaml
+++ b/values/badhouseplants/values.navidrome.yaml
@ -36,6 +36,7 @@ env:
      ND_ENABLEFAVOURITES: false
      ND_ENABLESTARRATING: false
      ND_ENABLEEXTERNALSERVICES: false
      ND_ENABLESHARING: true
 files:
  rclone-config:
    enabled: true
--- a/values/badhouseplants/values.server-xray-public-edge.yaml
+++ b/values/badhouseplants/values.server-xray-public-edge.yaml
@ -1,31 +1,73 @@
 certificate:
  enabled: true
  certificate:
    - name: xray-public-edge.badhouseplants.net
      secretName: xray-public-edge.badhouseplants.net
      issuer:
        kind: ClusterIssuer
        name: badhouseplants-issuer-http01
      dnsNames:
        - xray-public-edge.badhouseplants.net
        - 195.201.249.91
 workload:
  replicas: 1
  containers:
    server-xray:
      ports:
        shadowsocks-tcp: tcp
        shadowsocks-udp: udp
 traefik:
  enabled: true
  tcpRoutes:
    - name: server-xray-public-edge
-      service: server-xray-public-xray-https
+      service: server-xray-public-edge-xray-https
      match: HostSNI(`*`)
      entrypoint: xray-edge
      port: 443
    - name: server-shadowsocks-public-edge-tcp
      service: server-xray-public-edge-shadowsocks-tcp
      match: HostSNI(`*`)
      entrypoint: ssocks-etcp
      port: 8443
  udpRoutes:
    - name: server-shadowsocks-public-edge-udp
      service: server-xray-public-edge-shadowsocks-udp
      match: HostSNI(`*`)
      entrypoint: ssocks-eudp
      port: 8443
 shortcuts:
  hostname: xray-public-edge.badhouseplants.net
 ingress:
  main:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      meta.helm.sh/release-name: xray
      meta.helm.sh/release-namespace: xray
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 extraVolumes:
  certs:
    secret:
      secretName: xray-public-edge.badhouseplants.net
-workload:
+service:
-  replicas: 1
+  shadowsocks-tcp:
    enabled: true
    type: ClusterIP
    ports:
      tcp:
        port: 8443
        targetPort: 8443
        protocol: TCP
  shadowsocks-udp:
    enabled: true
    type: ClusterIP
    ports:
      udp:
        port: 8443
        targetPort: 8443
        protocol: UDP
 ext-cilium:
  enabled: true
  ciliumNetworkPolicies:
--- a/values/badhouseplants/values.server-xray-public.yaml
+++ b/values/badhouseplants/values.server-xray-public.yaml
@ -1,14 +1,3 @@
 istio:
  enabled: true
  istio:
    - name: server-xray-public
      gateway: istio-system/xray-public-dyn
      kind: tcp
      port_match: 27015
      hostname: "*"
      service: server-xray-public-xray-https
      port: 443
 certificate:
  enabled: true
  certificate:
@ -20,18 +9,7 @@ certificate:
      dnsNames:
        - xray-public-dyn.badhouseplants.net
        - xray-public.badhouseplants.net
-
+        #- 195.201.249.91
 istio-gateway:
  enabled: true
  gateways:
    - name: xray-public-dyn
      servers:
        - hosts:
            - "*"
          port:
            name: xray
            number: 27015
            protocol: TCP
 traefik:
  enabled: true
@ -58,8 +36,10 @@ extraVolumes:
  certs:
    secret:
      secretName: xray-public.badhouseplants.net
 workload:
  replicas: 2
 ext-cilium:
  enabled: true
  ciliumNetworkPolicies:
--- a/values/badhouseplants/values.stalwart.yaml
+++ b/values/badhouseplants/values.stalwart.yaml
@ -1,218 +0,0 @@
 shortcuts:
  hostname: stalwart.badhouseplants.net
 workload:
  strategy:
    type: Recreate
  initContainers:
    prepare-config:
      image:
        registry: registry.hub.docker.com
        repository: stalwartlabs/mail-server
        tag:
        pullPolicy: Always
      mounts:
        files:
          config:
            path: /app/config/config.toml
            subPath: config.toml
        extraVolumes:
          etc:
            path: /app/etc
      command:
        - sh
      args:
        - -c
        - cp /app/config/config.toml /app/etc/config.toml
  containers:
    stalwart:
      args:
        - --config
        - /app/etc/config.toml
      mounts:
        storage:
          data:
            path: /app/data
        extraVolumes:
          certs:
            path: /app/certs
          logs:
            path: /app/logs
          etc:
            path: /app/etc
      envFrom:
        - secrets
 storage:
  data:
    enabled: true
    storageClassName: openebs-hostpath
    size: 1Gi
    accessModes:
      - ReadWriteMany
 extraVolumes:
  certs:
    secret:
      secretName: stalwart.badhouseplants.net
  etc:
    emptyDir: {}
  logs:
    emptyDir: {}
 ingress:
  main:
    annotations:
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 traefik:
  enabled: true
  tcpRoutes:
    - name: stalwart-smtp
      service: stalwart-smtp
      match: HostSNI(`*`)
      entrypoint: smtp
      port: 25
      proxyProtocolVersion: 2
    - name: stalwart-smpt-startls
      match: HostSNI(`*`)
      service: stalwart-submission
      entrypoint: smtp-startls
      port: 587
      proxyProtocolVersion: 2
    - name: stalwart-imap
      match: HostSNI(`*`)
      service: stalwart-imap
      entrypoint: imap
      port: 143
      proxyProtocolVersion: 2
    - name: stalwart-imaps
      match: HostSNI(`*`)
      service: stalwart-imaptls
      entrypoint: imaps
      port: 993
      proxyProtocolVersion: 2
    - name: stalwart-pop3
      match: HostSNI(`*`)
      service: stalwart-pop3
      entrypoint: pop3
      proxyProtocolVersion: 2
      port: 110
    - name: stalwart-pop3s
      match: HostSNI(`*`)
      service: stalwart-pop3s
      entrypoint: pop3s
      port: 995
      proxyProtocolVersion: 2
 files:
  config:
    enabled: true
    sensitive: false
    remove: []
    entries:
      # Ref: https://github.com/stalwartlabs/mail-server/blob/main/resources/config/config.toml
      config.toml:
        data: |
          [lookup.default]
          hostname = "stalwart.badhouseplants.net"
          [server.listener."smtp"]
          bind = ["[::]:25"]
          protocol = "smtp"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."submission"]
          bind = ["[::]:587"]
          protocol = "smtp"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."submissions"]
          bind = ["[::]:465"]
          protocol = "smtp"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."imap"]
          bind = ["[::]:143"]
          protocol = "imap"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."imaptls"]
          bind = ["[::]:993"]
          protocol = "imap"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener.pop3]
          bind = "[::]:110"
          protocol = "pop3"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener.pop3s]
          bind = "[::]:995"
          protocol = "pop3"
          tls.implicit = true
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."sieve"]
          bind = ["[::]:4190"]
          protocol = "managesieve"
          proxy.override = true
          proxy.trusted-networks.0 = "192.168.0.0/16"
          [server.listener."https"]
          protocol = "https"
          bind = ["[::]:443"]
          tls.implicit = false
          [server.listener."http"]
          bind = "[::]:8080"
          protocol = "http"
          hsts = true
          [storage]
          data = "rocksdb"
          fts = "rocksdb"
          blob = "rocksdb"
          lookup = "rocksdb"
          directory = "internal"
          [store."rocksdb"]
          type = "rocksdb"
          path = "/app/data"
          compression = "lz4"
          [directory."internal"]
          type = "internal"
          store = "rocksdb"
          [tracer."stdout"]
          type = "stdout"
          level = "info"
          ansi = false
          enable = true
          [authentication.fallback-admin]
          user = "overlord"
          secret = "%{env:SW_ADMIN_SECRET}%"
          [tracer.console]
          type = "console"
          level = "info"
          ansi = true
          enable = true
          [certificate."default"]
          cert = "%{file:/app/certs/tls.crt}%"
          private-key = "%{file:/app/certs/tls.key}%"
 env:
  secrets:
    enabled: true
    sensitive: true
--- a/values/badhouseplants/values.tandoor-recipes.yaml
+++ b/values/badhouseplants/values.tandoor-recipes.yaml
@ -0,0 +1,57 @@
 shortcuts:
  hostname: tandoor.badhouseplants.net
 ext-database:
  enabled: true
  name: tandoor-postgres16
  instance: postgres16
  credentials:
    POSTGRES_HOST: "{{ .Hostname }}"
    POSTGRES_PORT: "{{ .Port }}"
 workload:
  kind: Deployment
  strategy:
    type: RollingUpdate
  containers:
    tandoor:
      securityContext:
        runAsUser: 1001
        runAsGroup: 1001
        fsGroup: 1001
      envFrom:
        - main
        - secrets
        - secretRef:
            name: tandoor-postgres16-creds
          extraVolumes:
            common:
              path: /opt/recipes
      livenessProbe:
        httpGet:
          path: /
          port: 8080
        initialDelaySeconds: 10
        failureThreshold: 30
        periodSeconds: 10
 ingress:
  main:
    class: traefik
    annotations:
      kubernetes.io/ingress.class: traefik
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
      kubernetes.io/tls-acme: "true"
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
 extraVolumes:
  common:
    emptyDir: {}
 env:
  main:
    enabled: true
    sensitive: false
    data:
      DB_ENGINE: django.db.backends.postgresql
      SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
      REMOTE_USER_AUTH: 1
      SOCIAL_DEFAULT_ACCESS: 1
      SOCIAL_DEFAULT_GROUP: guest
--- a/values/badhouseplants/values.team-fortress-2.yaml
+++ b/values/badhouseplants/values.team-fortress-2.yaml
@ -0,0 +1,40 @@
 workload:
  kind: Deployment
  containers:
    tf2:
      mounts:
        files:
          maps:
            mode: 420
            path: /home/steam/tf-dedicated/tf/cfg/pl_maps.txt
            subPath: pl_maps.txt
          motd:
            mode: 420
            path: /home/steam/tf-dedicated/tf/cfg/motd.txt
            subPath: motd.txt
 traefik:
  enabled: true
  tcpRoutes:
    - name: team-fortress-2
      service: team-fortress-2-tf2-rcon
      match: HostSNI(`*`)
      entrypoint: tf2-rcon
      port: 27015
  udpRoutes:
    - name: team-fortress-2
      service: team-fortress-2-tf2
      match: HostSNI(`*`)
      entrypoint: tf2-main
      port: 27015
 storage:
  data:
    size: 16G
 env:
  environment:
    sensitive: false
    data:
      SRCDS_STARTMAP: "pl_goldrush"
      SRCDS_HOSTNAME: "I hate CS2"
--- a/values/badhouseplants/values.teleport-cluster.yaml
+++ b/values/badhouseplants/values.teleport-cluster.yaml
@ -1,24 +0,0 @@
 validateConfigOnDeploy: false
 clusterName: teleport.badhouseplants.net
 proxyListenerMode: multiplex
 acme: false
 acmeEmail: allanger@badhouseplants.net
 service:
  type: ClusterIP
 ingress:
  enabled: true
  suppressAutomaticWildcards: true
 proxy:
  annotations:
    ingress:
      kubernetes.io/tls-acme: "true"
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
      #tls:
    #existingSecretName: teleport.badhouseplants.net
    #publicAddr:
    #  - teleport.badhouseplants.net:443
 tls:
  existingSecretName: teleport.badhouseplants.net
--- a/values/badhouseplants/values.traefik.yaml
+++ b/values/badhouseplants/values.traefik.yaml
@ -16,7 +16,6 @@ ports:
    proxyProtocol:
      trustedIPs:
        - "192.168.0.0/16"
      insecure: true
  ssh:
    port: 22
    expose:
@ -101,15 +100,38 @@ ports:
    proxyProtocol:
      trustedIPs:
        - "192.168.0.0/16"
  minecraft:
    port: 25565
    protocol: TCP
    exposedPort: 25565
    expose:
      default: true
-  shadowsocks:
+
-    port: 8388
+  game-udp:
-    protocol: TCP
+    port: 37015
-    exposedPort: 8388
+    protocol: UDP
    exposedPort: 37015
    expose:
      default: true
      #  tf2-rcon:
      #    port: 37015
      #    protocol: TCP
      #    exposedPort: 37015
      #    expose:
      #      default: true
      #  ssocks-etcp:
      #    port: 8444
      #    protocol: TCP
      #    exposedPort: 8443
      #    expose:
      #      default: true
      #
      #  ssocks-eudp:
      #    port: 8445
      #    protocol: UDP
      #    exposedPort: 8443
      #    expose:
      #      default: true
--- a/values/badhouseplants/values.uptime-kuma.yaml
+++ b/values/badhouseplants/values.uptime-kuma.yaml
@ -0,0 +1,20 @@
 ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: traefik
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
    cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
  hosts:
    - host: uptime.badhouseplants.net
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: uptime.badhouseplants.net
      hosts:
        - uptime.badhouseplants.net
--- a/values/badhouseplants/values.vaultwarden.yaml
+++ b/values/badhouseplants/values.vaultwarden.yaml
@ -32,7 +32,10 @@ ingress:
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
-storage: {}
+storage:
  data:
    accessModes:
      - ReadWriteOnce
 env:
  main:
    enabled: true
--- a/values/badhouseplants/values.velero.yaml
+++ b/values/badhouseplants/values.velero.yaml
@ -1,28 +1,53 @@
 initContainers:
  - name: velero-plugin-for-aws
-    image: velero/velero-plugin-for-aws:v1.7.0
+    image: velero/velero-plugin-for-aws:v1.11.0
    imagePullPolicy: IfNotPresent
    volumeMounts:
      - mountPath: /target
        name: plugins
 configuration:
-  features: EnableCSI
+  logLevel: error
  repositoryMaintenanceJob:
    requests:
      cpu: 250m
      memory: 256Mi
    limits:
      memory: 256Mi
    latestJobsCount: 2
  backupStorageLocation:
-    - name: default
+    - name: hetzner
      provider: aws
-      plugin: velero/velero-plugin-for-aws:v1.2.1
+      plugin: velero/velero-plugin-for-aws:v1.11.0
      bucket: badhouseplants-backups
      accessMode: ReadWrite
      credential:
        name: velero-s3-creds
        key: hetzner
      config:
        region: nbg1
        s3ForcePathStyle: true
        s3Url: https://nbg1.your-objectstorage.com
        publicUrl: https://nbg1.your-objectstorage.com
        checksumAlgorithm: ""
    - name: etersoft
      provider: aws
      plugin: velero/velero-plugin-for-aws:v1.11.0
      bucket: velero
      accessMode: ReadWrite
      credential:
        name: velero-s3-creds
-        key: data
+        key: etersoft
      config:
-        region: us-east-1
+        region: us-east1
        s3ForcePathStyle: true
-        s3Url: https://s3.e.badhouseplants.net:443
+        s3Url: https://s3.ru.badhouseplants.net
-        publicUrl: https://s3.e.badhouseplants.net:443
+        publicUrl: https://s3.ru.badhouseplants.net
  volumeSnapshotLocation:
-    - name: aws
+    - name: hetzner
      provider: aws
      config:
        region: nbg1
    - name: etersoft
      provider: aws
      config:
        region: us-east-1
@ -32,63 +57,119 @@ schedules:
    disabled: false
    labels:
      backups: daily
      storage: hetzner
    schedule: "0 0 * * *"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "240h"
-      storageLocation: default
+      storageLocation: hetzner
      volumeSnapshotLocations:
        - hetzner
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
        - org-badhouseplants
  weekly:
    disabled: false
    labels:
      backups: weekly
      storage: hetzner
    schedule: "0 1 * * 0"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "672h"
-      storageLocation: default
+      storageLocation: hetzner
      volumeSnapshotLocations:
        - hetzner
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
-  montly:
+        - org-badhouseplants
  monthly:
    disabled: false
    labels:
      backups: monthly
      storage: hetzner
    schedule: "0 3 1 * *"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "1344h"
-      storageLocation: default
+      storageLocation: hetzner
      volumeSnapshotLocations:
        - hetzner
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
        - org-badhouseplants
  regular:
    disabled: false
    labels:
      backups: regular
      storage: hetzner
    schedule: "0 */3 * * *"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "24h"
-      storageLocation: default
+      storageLocation: hetzner
      volumeSnapshotLocations:
        - hetzner
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
        - org-badhouseplants
  offsite-weekly:
    disabled: false
    labels:
      backups: regular
      storage: etersoft
    schedule: "0 2 * * 1"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "1344h"
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
        - org-badhouseplants
      storageLocation: etersoft
      volumeSnapshotLocations:
        - etersoft
  offsite-daily:
    disabled: false
    labels:
      backups: regular
      storage: etersoft
    schedule: "0 3 * * *"
    useOwnerReferencesInBackup: true
    paused: false
    template:
      defaultVolumesToFsBackup: true
      ttl: "240h"
      includedNamespaces:
        - platform
        - applications
        - games
        - databases
        - org-badhouseplants
      storageLocation: etersoft
      volumeSnapshotLocations:
        - etersoft
--- a/values/common/values.coredns.yaml
+++ b/values/common/values.coredns.yaml
@ -1,6 +1,12 @@
 service:
  clusterIP: 10.43.0.10
-
+replicaCount: 2
 resources:
  limits:
    cpu: 100m
    memory: 256Mi
  requests:
    memory: 128Mi
 servers:
  - zones:
      - zone: .
--- a/values/common/values.tcp-route.yaml
+++ b/values/common/values.tcp-route.yaml
@ -21,3 +21,20 @@ traefik:
              version: {{ .proxyProtocolVersion }}
            {{- end }}
      {{- end }}
    - |
      {{ range .Values.udpRoutes }}
      ---
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteUDP
      metadata:
        name: {{ .name }}
      spec:
        entryPoints:
        - {{ .entrypoint }}
        routes:
        - match: {{ .match }}
          services:
          - name: {{ .service }}
            nativeLB: true
            port: {{ .port }}
      {{- end }}
--- a/values/common/values.traefik.yaml
+++ b/values/common/values.traefik.yaml
@ -3,7 +3,7 @@ globalArguments:
  - "--providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik"
 ports:
  web:
-    redirectTo:
+    redirections:
      port: websecure
 deployment:
  replicas: 2
--- a/values/common/values.udp-route.yaml
+++ b/values/common/values.udp-route.yaml
@ -1,7 +1,7 @@
-traefik-udp:
+traefik:
  templates:
    - |
-      {{ range .Values.tcpRoutes }}
+      {{ range .Values.udpRoutes }}
      ---
      apiVersion: traefik.io/v1alpha1
      kind: IngressRouteUDP
--- a/values/etersoft/secrets.external-dns.yaml
+++ b/values/etersoft/secrets.external-dns.yaml
@ -1,6 +1,6 @@
 env:
-  - name: ENC[AES256_GCM,data:RLLp8toAkoWLWRjp,iv:UUP3i5QkNBw/pgYmxHtRUDx0E6i42e/Ioh1z6WnLESk=,tag:+PEinrzkisEQx5gVCpdJ3g==,type:str]
+    - name: ENC[AES256_GCM,data:I+XVWWOUmm7Cd4mQ,iv:rfUzb5HMPVyNfzkCP2frVDxD+v4lTPzILRifcS3uG6s=,tag:1sXONdAjMZ85S8abMVZM1A==,type:str]
-    value: ENC[AES256_GCM,data:RKiCvUOctYha7fusMWNrOKHPgmMMjuejDCip470QMHQcxY1S+yJfXA==,iv:ESfZNZimJkD5T4tzRPMu53H+ushbhOuXaOdX73MaWV0=,tag:F516VFRCw6k589vClX8Jfw==,type:str]
+      value: ENC[AES256_GCM,data:h8sYBvFfm7uFoklqXE7QLNkikl1ihHz/KN4uYiZlRJBZkiUBbTk/Vg==,iv:/y6RdHVWwwBym5HiBaxEatTWG7I/gNY9ZIaQc4bk9h0=,tag:PytkOjvY3fy6XeLNmGPrXA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -10,14 +10,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eE5LTURCa1pyRjBocVpP
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBra0RUWVFDUXN0ejAxemE2
-        ZGxXMUZkUC9XK0xNb2duRnJiOHNzNGp0YXdrCkNvNWMvYWkyTHhQU1ZZeng2bmlz
+            VFlRcEtLNDJUblA3ZmoyMExPWWpjZzlVYjJzCnZVZDNSbnpjcFRUQ0hOMWxLNUZi
-        bGRrd3p2dmx6MjBuc0lYakhMNERMOVUKLS0tIGpsRHcxdUFtTHlXVGZLTEZ0c0ov
+            RTg5Z2JVZzVoVFVYSVErcWdnbHVvVVkKLS0tIHdZMjVsc3lHRzlJODRWSEh0Wm8w
-        b0RMSlFCM250MXJHbWhRTWtGbkxHc0kKpyzba8yp0xN1KjcUACcmlznH9vQtYAsL
+            M09rOXZ3OHZVUUVlWWIwaTN0Z2RqRmcKe1ny6FJIFwR6Un0HBFZK2KXkzUQA63rU
-        3bm7Cw2AZO7nkdCxky/ITd8N3rbqAVGeM2CeTAxpcMbEXKq66/yqDA==
+            JR7mpEzr2h2oXxOmyc7HeFFi2R66zendFzfhNcvSlm2L5td2Pnxyxg==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-15T15:21:16Z"
+    lastmodified: "2025-02-16T14:21:42Z"
-  mac: ENC[AES256_GCM,data:aIXlmeiqaFu9Jn0zI1qyU3iAkhLKgqMwwLcLDlr+LeYX/88cZtzgP683jW3MYC/LxnNh4LG7v8EK/HViNnCkrvZ5iC9cibRPQYZJrkR3B3oGk4L+RxPws2VUa72pJsG0bQ8M2DDCoDO2T9OuuflqYENPLyYLL7D7CaeSj9w8G0A=,iv:EDaGmWFUnzp0vkIeR1J8iZ9+PjOMuRi4YltoqJAN0P0=,tag:DsSd6Nplvy0nIWaCJgnhgg==,type:str]
+    mac: ENC[AES256_GCM,data:SNHNvmPCt/6Xwd6xoCh5uHF1erhWpTfzEQ/krTvYtByvT7XvDtXjtslJqAa8RkNPl2QV34epWcj/Ff6xud9tvLdAR4Gj4MPJD8WBLUUFul4rvoXfaHyHhSanYmiOhdF0mArE81qsBY918LFS5fdWMrxCNDrHbDtW76KBoLcDUto=,iv:8/ZxjrER1151RGjSdICVjj8ptyQn60SInakqABXWQZE=,tag:/bQsE3TCXoMbXoAF1UErOw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.4
--- a/values/etersoft/secrets.minio-self.yaml
+++ b/values/etersoft/secrets.minio-self.yaml
@ -0,0 +1,38 @@
 rootPassword: ENC[AES256_GCM,data:4rs7judCzIEqSRfGi8HLmzVftOinmHRAGA==,iv:t6bRBgKOQ+kGn9v0tixllqyeyEWuQTzBMLq36rixY8o=,tag:SZuW/gvFFI+nn/vtKSmc0w==,type:str]
 users:
    - accessKey: ENC[AES256_GCM,data:wJ+sB2Jlt84=,iv:lrhvu5BfIRl6kmmVp/SzDHkS7KlZ/bB8Al5hKUOzmNY=,tag:XuC2cM6Twl/KaOPbEphgWw==,type:str]
      secretKey: ENC[AES256_GCM,data:n5SSGB1AhxZm2uOrdW5kVLbUid8sACwyQw==,iv:hrMcDAWiXz14Q6Wf+bnxxJxFLL1QJBEr0JjWqTPBLN0=,tag:vekhUJFpIv4QmXFTuupOOA==,type:str]
      policy: ENC[AES256_GCM,data:javfx3iMs44=,iv:naNJLTEs62JDgUgKWSRcCclsslJZkiazyJ0iyhTO3cM=,tag:7yOHyC0BfV/41zWDd0m4sg==,type:str]
    - accessKey: ENC[AES256_GCM,data:oRP+H3vA,iv:N6XQ34NYrCfFci5dw6nQroc/tqByz4ilnQCDh4ZKL5A=,tag:2UFZDLdjBUN0HqRLXh87lw==,type:str]
      secretKey: ENC[AES256_GCM,data:LPzli0O0ePL2vghWNsf07P41G3+aXUdBUQ==,iv:vu/TI1jU9/m30DegKxUAaObUq9FyB1IXUB1vqL5kKoI=,tag:1Ar6MNR5pTCzeBlH7yl2hQ==,type:str]
      policy: ENC[AES256_GCM,data:gj1EGs4L,iv:N9J+yXcG3fLyg7dPlICi7tdTk6OPLpVpC0IFprfbGaM=,tag:65lRXTg0R76y23QXNLD5pA==,type:str]
 oidc:
    enabled: ENC[AES256_GCM,data:ar/fBw==,iv:rs1ESCu8noZhU5nKkU6HS+qysYGQfFXo96uliAY+9xw=,tag:MvgSVLelQSlk1Swx47+s6g==,type:bool]
    configUrl: ENC[AES256_GCM,data:195i1omIYscB5Qo+p+S0LBEI0CAHMaVz8smR7c4l57Yw05R4GfBJR16DswMgoF8FC+UFBlp46/WFYA5f1CZIlaVFipqBTYeEflDGQ59IJWVUo9Apw06Hfw43HrLC7POQL3w=,iv:x9WmZvzI3Gkf+2BMdIVkL/UxK6hIHJPVgOOVyDoPQHk=,tag:euHGWXq5PNLj55XuU3amGQ==,type:str]
    clientId: ENC[AES256_GCM,data:DGIVa81hjIMmotzffms=,iv:mtuMKY07CKQD7GMyKJkUs3sQdbwnXCm3n78cfyxIvIY=,tag:sRQJXhOY4LPTry6TMtoqcg==,type:str]
    clientSecret: ENC[AES256_GCM,data:HaRln7Az/+lP/01RFtlTCLSReAQ2OYxRlmQ3LSi9r1tVWZD501RaCif9/68BIOnhGUFGbZPobbRWOfQDULycXHdqK5nms5S0YOFNOwxUCPkttlljZ3fyw157lmFGUrivzMjWpIp5clqoWtIWE71q3UDJ95FoOBjG0HRtFoDo4d4=,iv:73/N0JSCwLd//HHOIjuPkHCY5lKtEuRahx93lG8Bipo=,tag:Tltx2XXeJYGQczCvb7rqBA==,type:str]
    claimName: ENC[AES256_GCM,data:AnMUWTj8,iv:6tV4XKIT+utrSIbUVGHJVXjPI/i9mJrzki2zC4n+4Dc=,tag:iHnClGYFTHpUry/x/wZuTg==,type:str]
    redirectUri: ENC[AES256_GCM,data:F30Q9PQvXb+bmkNib2/END1/E/my3kOo8RTvoN+/OJMCz/nDRR6lgoA3LYHXh88=,iv:47dIKSJW/5xQdmASUiPOfHo7193LfAQ/R/F+saAzSWg=,tag:SLREgi2vBl5mvh0J1K3nCw==,type:str]
    comment: ENC[AES256_GCM,data:t/1OqmIDiudE536CpZUYIgIq9gI=,iv:uwzrEwQUO+eVpCTYYXHjfdnJmKm/mEwre7zTtbwO0Q0=,tag:J/vmOjueOqdUq8Kuq5Ke6Q==,type:str]
    claimPrefix: ""
    scopes: ENC[AES256_GCM,data:wqLHN7dmjg4Tly8wOIm/3zZyzx1Mw3NLNqpl,iv:p1iC127avWNcGV8Qj9WLFeAZTrZokF467nAqSwEe43k=,tag:SilNPiK+t2xvgvuTfQwhFQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1cWJpMDFLTHZlTlZPMW8r
            ZFpqM3VnM3dQeThqb1pOdHlVbHkyeVo1ZlFvCmhDV01rZklMME12NVl4YmthWEd4
            RndOYkgwSkwwaGhMNE1NZVFxaWZnbXcKLS0tIENqa0RwR3B1MEk0cjJhbkIxdW1W
            bFRMQm9QOFRQaFVpaFpqMmdjRTAvODAKhhEOX3d51JWmAYMZdT2LZpkLkuCOcpEz
            8sfofHVU+5gCOTZj6fTvIm0wvnVC7lmTaRkZBEKnuPavjTDfXKluGQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-02-01T18:57:37Z"
    mac: ENC[AES256_GCM,data:JzgKhfxs3QI6um/3xFlik6B7vgWAcIoswucE0j6h4Z7smHgP+FuuJxXEeqJQaAhSGEQnm7XhJRoJ3HfIaPK87D8cU8g0GeOOQMF2ZZL5gQ3YxWDsI5g9HayoCYqRQHd6uq4x6zGKQ+zodnHBBQnujnDWwOykfyANav6eloW5tnI=,iv:jkxc313m9KCoUjdHfUqpwLzFJe6bmSlM4kGdqEsUbMw=,tag:SDEnSkv8jB/RfUGj4zX+4w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/values/etersoft/secrets.minio.yaml
+++ b/values/etersoft/secrets.minio.yaml
@ -1,21 +1,21 @@
-rootPassword: ENC[AES256_GCM,data:vU0zmO5OP3Jl9ghspbna0qGfxcQTIXq8hg==,iv:MOstbypO5Fjaq8Ij5G9uZ/t16sUfXIz9yY8zPx6NKAE=,tag:DaCG0HLK+vn3gnrtP2+JYg==,type:str]
+rootPassword: ENC[AES256_GCM,data:OjZ/T/pAAotJvTUjkJ1yGooWnz6NfLZR2w==,iv:uG8cnfJJsx8yrAo1PONBPNF4pDC0PQz6LDpb97FRf58=,tag:/1KQ7Zp+UqA7TCloNkI5Xw==,type:str]
 users:
-  - accessKey: ENC[AES256_GCM,data:JO6q6GX2ykc=,iv:w+DUGbaDO2B4cq0mPfd9cRTb+mksCUFN6NnzIiy1/XI=,tag:5ek5vvSzr3kWap1Xb2GLGg==,type:str]
+    - accessKey: ENC[AES256_GCM,data:xaBSF0dMBQQ=,iv:1q33eR4d4Fw2m2m7d+gdT29/X8HKJAOyNcNO1vlNf+k=,tag:mcMkLEVqP7IgN6DcLjTagw==,type:str]
-    secretKey: ENC[AES256_GCM,data:OUkTOob4sKEP3JoYopE7mEQfDIHWriqCfw==,iv:qfR/iE1Z7Rq1H4sIQ86+QLdcYBIO9eMGj+a5WhSAZ80=,tag:mQKsdDVfQd3ddSxR1DImsA==,type:str]
+      secretKey: ENC[AES256_GCM,data:GSjy0MYT5DAAIN86CATL68kqJGy7RApNLw==,iv:mVjOAzqLFB30plV2ZAHGNrphuwHhVY0gga2SH995NUM=,tag:rPxGHyfJIdzA10I1rhwb/Q==,type:str]
-    policy: ENC[AES256_GCM,data:YHP1l+0yRNc=,iv:56HOoQnFknLx15Cs70QOLzi8BxUctZMby51+/cVGqX4=,tag:pZEUovYQ/H+VN2zCFCcqhw==,type:str]
+      policy: ENC[AES256_GCM,data:SRhftF+GquY=,iv:b3kR9lbrz85Ji/9kcOwAtDJXhoSLa/ujiMAUHWrabRQ=,tag:Pg1YnFxUfFZeeda/Hc2OZw==,type:str]
-  - accessKey: ENC[AES256_GCM,data:Rp0qfNek,iv:F5DnYAtnOceF0SybkNwD+kvCpeSp84iPHyyDFr4OKEM=,tag:ZNhC7nHHPSc45iaN7lRl3g==,type:str]
+    - accessKey: ENC[AES256_GCM,data:De9lLs2l,iv:KL2afECLR7M5566v9aUzEr+vzOgld3yMJzjbP4wRpcQ=,tag:wXv33DjN+wm0FCa3/fQYfw==,type:str]
-    secretKey: ENC[AES256_GCM,data:UVfxJaayD087KZUSYtlwOLXSqknSdJ8jgw==,iv:CQoU55CLi/xfyVmbUSXgwYCt5Tz6en53gOc2l+lqpmI=,tag:g6kp+RIi4gSU5efcowElPg==,type:str]
+      secretKey: ENC[AES256_GCM,data:FZDF6R2m0Z/UX9ywn4jgCsj+NcFh9v0aXA==,iv:Vr3icnAhYDZwyQVVHXnmZavP/8VEbIQs4nTOQNb8uyM=,tag:CowIx47b8T+kf/qhpBuqIg==,type:str]
-    policy: ENC[AES256_GCM,data:KZ5i8lna,iv:pKvuyP98Gw5/cEyMsLQ4asTX5iVqvx14DqqyL/de7Qs=,tag:tnk0hQ0nOUyYWqFq7S3P1w==,type:str]
+      policy: ENC[AES256_GCM,data:87m39jSs,iv:H2Yv8c8S13cm+Pi26UNeeS5f76ewskLsnT3aKyIAAT8=,tag:ixKsbZbZyVk5kS/Jqh35Cg==,type:str]
 oidc:
-  enabled: ENC[AES256_GCM,data:eRgTwg==,iv:B6FOHTR6zCLhurd8XfEwKZxUoed88Dfg5uCcRYCrdAQ=,tag:9sv+V9jMqFlrbymSnd190g==,type:bool]
+    enabled: ENC[AES256_GCM,data:P8GEXQ==,iv:qeB8rYpZny+1NX/fLQi3Uu1rwdHHDC2VZSCl2HbbqYU=,tag:N+zfQUX6onM+YCJRUiFImw==,type:bool]
-  configUrl: ENC[AES256_GCM,data:2okf8YvqC2GFxA1Qmd4QkvsKUCXM3mO3Rgo77cr0fgALkRlSPHvF2HyvV0oXptn38hlZ6X3aIUzBvQBCXTUeDEtBSChMCQesjMc6G0CEICfhpVaf3ddsIB12Z3VtkgQdj5U=,iv:vk1a878wLlvgNVNfVe1wr13DxNL6FNLLz/QkFsPCPJk=,tag:SE+v3ZAs9g+d/PoX+8a3ig==,type:str]
+    configUrl: ENC[AES256_GCM,data:u0u2AxsupS4rC/C3PWZgNNrTyO12T/De81QHRa7NkiC/bb8hKJVutchNBpVr0zNg+Y9aRPo8cSlbepUVhFx5sZtdkaz98GeI5QmUzsi39LM7S9Mmp6fKP4aJTo4/vhXYF/A=,iv:d/g4Yxnpf4KlrAr1WjBNkKiobKHDYqgh7YwmTwpos60=,tag:CiOLeDM74ZOJav6Pmzzunw==,type:str]
-  clientId: ENC[AES256_GCM,data:TZWnWHTSvyKmnGVd+Ps=,iv:pnTu+4L7lXo03ugt75uIbj2kd/bLf4ZUHIWCkPZPmEQ=,tag:91ZAT3tHaUiENE2pVRGvHg==,type:str]
+    clientId: ENC[AES256_GCM,data:doeMKUeB2L01bKiOjJw=,iv:Up3TS5W+ksedwN/lZRvSjBQ8QOty/0CCOQGzYZ6R9fE=,tag:vVuoKODoutu+oZPq8klJXw==,type:str]
-  clientSecret: ENC[AES256_GCM,data:t5MSbnQc8Tw3XN+vdk6SkVmfOB8fhTtiyVfdB3Gll29jSadsySUKC5knpwEHVyAId43lFYUNdf5+a2PDhSyrQcDZTK4yPh4Esop6DFHwauKiSZGRWfvF55lj9oK1l9wcsZB4lcTBOLTW68wL0vnKcVYO4KVUaBb6e5R1flckMBc=,iv:1rW7pkQaZRuXrc2eGJi/2Sj9AEOpaxHCsf5d1omSd7I=,tag:ATi+7VGLDWcGA3TLLDURkA==,type:str]
+    clientSecret: ENC[AES256_GCM,data:YTg+KYc6oioRt5prvHTkA4GIhQgS/Oi3rpwpOSX/ImH9DHLxXcJnPDKzmW8DWTmG1YIkpJEfLWT+SAa3xz6jpd4EB0y5f86j8h0Ih00z5CS6HyfvFdwqSvKpK6B6b7LIE1x1wSbS4+0un1x6/zUKeqgkes3WMXfHzZCTnalWmqY=,iv:oas5s8SZauwoZHGPKQ1Kj0inn403ZSIrfUORBCAuPcw=,tag:+cB21h3D0jmDAO+MN5eU6A==,type:str]
-  claimName: ENC[AES256_GCM,data:j216kTHX,iv:a8WophteKTg8W6xKC6h9C5Cu1w2Ocb8igbbQrtMowDw=,tag:AjiAO9EGqFqwoXpWiqjSjw==,type:str]
+    claimName: ENC[AES256_GCM,data:GzxNUVk1,iv:SULbiq6jxrILbpVhxxxfUSsCfK2PvQ3cgrwefL4HykM=,tag:9vQ397kbTqP2hRetfCY+OA==,type:str]
-  redirectUri: ENC[AES256_GCM,data:K8aoqUxtWtmAjgdwlpRGbsxhdVjIuY2GEvsWYAws0XtR8TVZATiCv3UejWXkr6A=,iv:jClqqipxJWrsmPwrNF7XqXbehzQCju6ZvTWm1lOg23A=,tag:wiG6xZl44j1q6oHenE3Sug==,type:str]
+    redirectUri: ENC[AES256_GCM,data:goPjtLTzVlwNcibzNS7ys9MwvyxC0Zod6oI6Ubnh3EQvPMVbV8jqR9VveHmNiLo=,iv:Bk3Ul5icqIi04knqBvTH7osv8GLqmX5YFe0Y8lE03UM=,tag:W2sSoLEe88/r8WRLIdtl1g==,type:str]
-  comment: ENC[AES256_GCM,data:PDvxtwyZxDO9c4ZQ9PyoTN4+mrU=,iv:YuarYR5LAkJWfDlbjdfMS/rmnmZ72H1TQl+ki1BGl1M=,tag:QFIoMaKQcxYN1mWjkdZstw==,type:str]
+    comment: ENC[AES256_GCM,data:03n7KL8FN+RVac2Q6CDrGExDeXE=,iv:CKkwPr8qRkDKcWaSeSqRMeZCbnI67QKN2yQiVDTjTUs=,tag:A7PwDaoCvuHAdmYYDSYsSw==,type:str]
    claimPrefix: ""
-  scopes: ENC[AES256_GCM,data:2sSuylsNbRbiLcgyLXWdGs3ilbd1T9iG+9zc,iv:Jg3Kkzk1S8DPork5+VL0774fyzxxGQRV38kgKxX7Ga4=,tag:gQR0ckrdADrazudjHnwmoA==,type:str]
+    scopes: ENC[AES256_GCM,data:06/xU5KnOnzSNksTrJxP31n+yL/uhm6oM6y+,iv:G84tDpX+qzWRYiQHaQDO9kHzK/15XRBLu2BGPmCeh7Y=,tag:kmdsIpB+BgejOxhuOy2XHQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -25,14 +25,14 @@ sops:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdmU0Z3lNVWhiUkxwcnBS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUkJLbjYrYXAvSDZLeWo3
-        T0x3alIxS29BL3JFeXZUWjZ6N0oraThuWWk4CnNQMWNQeWI1d21yWjl2cy9SaHJo
+            NGdNSDcxSTltd29oWmpiRXZxUE5NSE1jSUNnCjVnK2M5OEtaTjJDdDkwSzlDMHRv
-        UHE4VS9qNVJzeHc2WjAzUm5RU29DQ3MKLS0tIHlDSXppajNkMnRGYmZvNDgwNm1p
+            b1ZRUDh2UUF5b0xsNjE3V1JpYTJIc3MKLS0tIFVLcXh2c05aNGY1TlNzRy9SVXV2
-        dXRxNUVuTFl0SnpyOWpOcEorOEI5dm8KNQEW7Vj5rmCorzZT1Ha55h12zdAOfpBc
+            ZFM2eDBOZkdiV2p4d2tXYnZXRWJidjgKAL4Y+39jbNZo8cXZ7vmfxbfnrmOluE3A
-        OSc3+7R34U6JFvv00StnMwgSyzq2cHolNicwDyycGoHpPf3BxVSYdA==
+            XWl5Udebr3cJ14UwP59mYFVL6A/0GaYuRqOwN3omJX4NEMKmzvJf4g==
            -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-10-16T16:50:08Z"
+    lastmodified: "2025-02-08T19:47:27Z"
-  mac: ENC[AES256_GCM,data:Vr+ktFIhFszFVJvoRzqzzzrgyxSCqc48Pkm1ZnYSP8E1DNoJ3Vfvub4Z8IbD1VtSjL5r5LVLha6u+dGLIuVpzTY6c8MhmswVhD+XzGfaedutj7po+SGGyw4ZNmGgJ0hlUULM4/7dCwB47SVtv8IvDos1ZVPz40L8W3sAh4fF8Ns=,iv:MuLfFd+jI0dq2192Sipp4cAmUFeyfF4dr7Chm300UYg=,tag:Udsoo5T6nPcrPDJpq/7wtQ==,type:str]
+    mac: ENC[AES256_GCM,data:hq8mAa0SIALlMh7xCAJ17l1IIHTStP5EAkqri9ueGDjLMDPdO2ewRL70SiNpP3CZgBvvqx2y/iwHrl8TKUGG1oiMK+CpKBZZG5JG53S4cDfvjk9koP0ZKek55MsqFVnhFNjoDhJUCKWnKmm+X4YuntmtNfsmkgWKuVGIDWcJ07Q=,iv:27ITELnJRW1M9XR02q2eEGSdUNWYCtBvameZBVo9iFo=,tag:gAOZsUZmSXcrlNLZVphVqA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-  version: 3.9.1
+    version: 3.9.4
--- a/values/etersoft/secrets.server-xray-public-bridge.yaml
+++ b/values/etersoft/secrets.server-xray-public-bridge.yaml
--- a/values/etersoft/secrets.server-xray-public.yaml
+++ b/values/etersoft/secrets.server-xray-public.yaml
@ -0,0 +1,37 @@
 files:
    config:
        enabled: ENC[AES256_GCM,data:QJdNMQ==,iv:m8KcSZ1Qi9lmCUTfJkceKMu1iWMBin2Y8P+6g7pSU4g=,tag:z4N53rRhoTNdlMK5nu8rYw==,type:bool]
        sensitive: ENC[AES256_GCM,data:8ltdENw=,iv:qeBWpMCAxo0OwRc4B/6CAbkxn7Bal7iDfgidvqtEmpg=,tag:3ipWGmcf1ZjsNTP1zJuXhw==,type:bool]
        remove: []
        entries:
            config.json:
                data: ENC[AES256_GCM,data:8Lcjs0itPOyEy/ZQJS8KZBwFW5BEC039JJJCVhUjL29+NF31Os5vo8jLoCayW9e8tasVVhP8BQlGFq/ABQajXmLoLCSQI0yAOGdVSvQEXy4HjBxsDnPIvNq1/4dk0FsoQwTJYaVW0QxSUWkipyZD0cbzssJ9Zd+KnIIs4MGreXfibuyZI+HinrYlxP8CXNTn6o2eUSx3zXodD0K2IO7tUOlIbYK2PwIBvhz1JxUhqXIXfoEF2FoVU7ca6YCHA4b8kLLep9gz6z2yHrM6CMk2AUi6H90jGfUPu1dn+H0zBc9JsnVpbGp1KGtx5V6UAk8i4Ed1Iv8zVlvv/i8mmWhY2ue0doFj2cY6QgKc0fqgfkqTgy0k1IeTbxfWDH69KEKMpqk5UotvI31R6ZQlYNgc29IzdMDzXU9UVvDzwwP6bl10VYZp0pwwgV8nqOnr+ZTNR4Hy3Xrmq99SUAq1fc7/CPebj+g9v+PfjKMrOAL9kOVTNK7EJMMp7JQXTrtgifkz21HkfjMVKh3JMFs6gJla21zgYqHqpgU4t1dtA2+Y2OCJV43dZsNNnuEqvBVJhCMta/Lh6xoqtaLoC3TYRrkp1PWGNvP277UJnvS1RekDAl/RjFFOlOLHOrbQpFd5zTWeM6K8iOPcmugPreE8p9FQIFN9tyYW0SryrZ7V6dRb9qrEYbFXMqjLX9voTJyD7K6xX9omgX4OHC9RJA3P0hbsidwooZZBUDGs842LI5hCoEeEOYz1h5ZQV0tLUP8omIwZOvm5B9cXt3GmVvcWYw0Cy5h/1neuzZzQipveQoQkartZuvg+WjjJMOASdMuSqdvw+wCdGCGlNH8ACtFR3pvnXn3NIN5WaQukWpkpSWNGtr/teW/5KtFvICwg95ieNoAOar3T0txR4DQ4oHw8gh7JK/57E0HzC6q6gqCeqQGZYKt/0QVnQCMKHh7rD6nz1aiFgh15vzAU3sjWMlszt5Q6pNQCb9Ib8txJA3gvI2AuMr/614NwyN2WHtuangVBg/nLUQW/0IL0FZWYWAmjvn+e0Ucsx+gNt9XVzvJv8782gnt3LXMz9QqT+NbNW0lzrac5AQ5Ka/uImDFNmzKunk/3yTb9K2q2kzOx0QCBYGcvvCjeX4SP2cDOJkSQV7qB9AqiKJP4h/oDkrNHH+b6n624c9C/IDAqWu5Gr9RUbhADVbRsLJjbzNdQj9Feacvw2UDjE9BNz42RN5K+Nz8Cw72B3iUg/3gcAhhjUvI/liuZCf1Py6nxi1Hl4MpoAinKabIUGvoIt5fBv+iXKXmhe+qulKDuJj+maIAKKmcnVFxcl1waWLrVPLO4gSNVCTp8b7tCwGuLIcynPGCLxSOnis4YJi7ux5oA3pn9pq5jop3kXQTpU8AexU4bmDFF4pzqXogNSDbiy/fKQV2pFnMW3KwOSXCBTzS9RmnGm+X8zQbXxnX1cP/vSmh9Pqs/4FEVlg79P5uEY+0YGmKRqmzBFZEQgXaYhOMWWsIMCzES2wNe5LuHEYiVF0fXK0GsYswPejH2Y8kg4jT5gynzfHuQzNO2P9id/o+q/Ptf9w5fizPZOBeOLMPpDP5LzYA8mPyb3WMryUj6agYk/CnEc07R0Xqk62gh9l0kmmDJneciwUz9bcGQGwfZVDwJeHyI2cS1huU6Ay6s8D1XyZnzWRAk0uAdY1a7oYhs0X0XioG0jsz6NBhUfRMNTqxITmxLnrrC3RbZfHtKizBnBDZ/OsSvMcUDg+wxz84PKM3p+gXUzxXypWCBFxHUoAy5x1V9rVINha9LUdtWiYD3JeoUbmgTIWKGOTXuXGlDdqkVedAtLyqIwAxCRgLWra/NoLJ3ZSVjWB/bpsrDc6suVKTn2LXSk+QSHE/2mzIvO1XBDd2QvG0VnVXNwFFRP8321hERwgNDQgh2AlcPBFJX1VaP6EHqa/VjX3bIrXxZMmq3UKH+wxR1pn+D0x1npIk1lAOW9yvJH/CUpbXJcNzSRTy2OR2MFTJcW432KKdcm7VoWhmUciCfOnvcvJekH/1yjoXRd3D0T/2hdPnxdkcFyoM9QZ7/5T3NXnNxVwaZwqlzg5vKGf8YkqWL2PhsbqxkRk62oPYEAfamyyszn2WT8mxp1MjYmYxAxAxIiVBuZR/Vn/pU/Abpar+7hTUChKSz/hiR0vF6MiblMcyjLA4hZ0SRdkDDaofpvkg4qo4cAjTtIBHj4doPWPdieXYvxLp0SCUe41WnBj3Z4Cmxkc+V9UaFhRxmxCU18Q4eOZ5DMOikB9BbQooHQ/eqrkel8pT1ObtqxAmQmuFyiP5RvByEdyvM4R9hZ+nO/C9m4msoIxr0Zl3VR0oNZEjtIMS+RGfofK4Su611pkRk2nHVG9fJqvNjX30SZts7BZarrj3IZJNx0OGfXOEVAR2AftV0UlEIyjJm9oB/WTLlecUAXZgaVCkebB5R1rSB3Bxu4tFkb3AUdCFz9CpNH2IFVGaTPlQK9cowc+2s1fPVpDiVFU4NBPgPGKD3X7Reu/U0Z13J7gC9zcbPt+39GRomH/XhubjyWps1CQZRQ0XadiimQhlmiM+da9Gpy5VSUNCapr8+rw0SJhHP3oKbpPscBxjcaI5Q1wCMHzSfuF/rvGxeah2M/RHW8nFXWrZGMXHqjRQeDPagkRM782/wx1JBX5o0P1vbjV7pTRtySC9ukQPEoepjcGxR0eso1WHPO+oxaAc56ViORdfEBVMSdgVYJQJeCayIqYcQxFY1As0WT6JgQ9FyITIwJcPW8AQ6vzz6mDaBCpibNqWkv7SRe3vvivIaW+prQS+mujqsbgwtLq71LtGkjAbe5ANyBP9OfhIvYYY/yuENKfTe1pOnzQL1THyrfVTWhqsB9Smu7L3VCaULTLVxL/fELnunWNSWqzhAWLm3YP907phKt84bd/4vI/eN7RO6WpB/J0XpAbBfwVWB5A2fxToe9pfw9zJ//nJZg+iP0kX9aJkENV17YYINsd7QHgwWnAFgxcaQgco9VwugJz2B6mNAmhc3ahi6zdOon/E/mC7hKzKPIsf9Ll87L+1pcYO1yGdzKLl/vx6EcjqzIk/GnUnkr/8h6qNSUBPUzWqMce6DsxvbRYc07C3g/CjcS8SLoxLwHCsQhQev3vtSOT0VC3vuOKOu3f0zHJRyeyG2Ppn5hNtv3J6WWUOL3N8oVbOdH42JQnNxDrbXJNE93jN1YTgTUwhne4ZboqudGoZTnwzZo/1E0GvKA7aXq049isY9UdCU+LGb8pvJL/XjWXWApMiXDRMVAoG6+VxyIaDrrlSWoPdaSwhxNZM8Gzy0Y74=,iv:BdIS18qQNBFdjwlv0IH/t2L/R0FywZiu8+ExA7X2HIc=,tag:AiCzrJzmxzocT/fnshUttA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OXIrRVJJS2hlZUQ0a3I5
            SCtVeHFiWExFM1F5K1ZzVENOMGtvOWlJOEF3ClJTRXJ5NCtHT08zWkluL3oydkJR
            aHd5ZmZKY0ZHcXdhaExiVE9tUVg4S0UKLS0tIEliYkxrck9tc2F2amF1TDVXZlZR
            eU1ENGZHaUgwSXViNEY2cnhneUEvbDAKW4Ynu3DBBXRGn8l+yIMKTFp1+qnEEwhz
            ZCX0RkdBusfX9IU+EZjAh6L0t+RKUf5vvC4giHbd4g0Fhui2E/NWpw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUVNJN0VQSHlHVzRyem9H
            a1pDT1lQZGRjRTcwUzFWSEgrdlljZDlnOEN3CktYakY5YWEvTloyaHBPR3hqVUph
            WXFMb2krZnBWNWJhRWJBOFloNEFPUUUKLS0tIFRjYlNRb21TanF3SDkxRDk0N2k0
            ZTZBWkxUbVZpYjdUZFZDK1JOREpDcmMKyBU5+qvwshU6LBzSPptQtqIY3X+gKgur
            nhkMcV6g5z40EwfvuJvfAzqZrsuKOejungXunKV3Q/QyiTn+/RrJoA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-02-08T20:27:36Z"
    mac: ENC[AES256_GCM,data:JT/yRb2b+wKSS66ZkqqzbTOQWs1dOjXSEKZeBP6hcaVwmPcFld4bOZgPmJeYl8ZTWJyIjNc5cwBB/VP95DdSBroFy2WCJeVjdSEWxQT37AvwJSXwHeODr5JOI+pwwubqzhorNKip/MDvZw3qnIUuFEaXWlwKMfMR01/M3nGB2HI=,iv:dfWIeGuk7S6jS12OOAzYVmDWFQmaiQP83roR1GxulaA=,tag:ZocnLTP4PO1QAw9F6oK1wQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4
--- a/values/etersoft/values.external-dns.yaml
+++ b/values/etersoft/values.external-dns.yaml
@ -1,5 +1,7 @@
 provider:
  name: cloudflare
-domainFilter:
+policy: sync
-  - badhouseplants.net
+txtOwnerId: eter
-  - nrodionov.info
+txtPrefix: eter-ext-dns
 logFormat: json
 logLevel: info
--- a/values/etersoft/values.minio-self.yaml
+++ b/values/etersoft/values.minio-self.yaml
@ -0,0 +1,119 @@
 ingress:
  enabled: true
  ingressClassName: traefik
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
    cert-manager.io/issuer: my-ca-issuer
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
    - s3eself.badhouseplants.net
  tls:
    - secretName: s3eself.badhouseplants.net
      hosts:
        - s3eself.badhouseplants.net
 consoleIngress:
  enabled: true
  ingressClassName: traefik
  annotations:
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
    cert-manager.io/issuer: my-ca-issuer
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
    - min.self.badhouseplants.net
  tls:
    - secretName: min.self.badhouseplants.net
      hosts:
        - min.eself.badhouseplants.net
 rootUser: "overlord"
 replicas: 1
 mode: standalone
 environment:
  MINIO_SERVER_URL: "https://s3eself.badhouseplants.net"
 tls:
  enabled: false
  certSecret: ""
  publicCrt: public.crt
  privateKey: private.key
 persistence:
  annotations:
    volume.kubernetes.io/selected-node: yekaterinburg
  storageClass: local-path
  enabled: true
  accessMode: ReadWriteOnce
  size: 60Gi
 service:
  type: ClusterIP
  clusterIP: ~
  port: "9000"
 consoleService:
  type: ClusterIP
  clusterIP: ~
  port: "9001"
 resources:
  requests:
    memory: 2Gi
 buckets:
  - name: velero
    policy: none
    purge: false
    versioning: false
  - name: xray-public
    policy: download
    purge: false
    versioning: false
 metrics:
  serviceMonitor:
    enabled: false
    public: true
    additionalLabels: {}
 policies:
  - name: allanger
    statements:
      - resources:
          - "arn:aws:s3:::*"
        actions:
          - "s3:*"
      - resources: []
        actions:
          - "admin:*"
      - resources: []
        actions:
          - "kms:*"
  - name: velero
    statements:
      - resources:
          - "arn:aws:s3:::velero"
        actions:
          - "s3:*"
      - resources:
          - "arn:aws:s3:::velero/*"
        actions:
          - "s3:*"
  - name: Admins
    statements:
      - resources:
          - "arn:aws:s3:::*"
        actions:
          - "s3:*"
      - resources: []
        actions:
          - "admin:*"
      - resources: []
        actions:
          - "kms:*"
  - name: DevOps
    statements:
      - resources:
          - "arn:aws:s3:::badhouseplants-net"
        actions:
          - "s3:*"
      - resources:
          - "arn:aws:s3:::badhouseplants-net/*"
        actions:
          - "s3:*"
--- a/values/etersoft/values.minio.yaml
+++ b/values/etersoft/values.minio.yaml
@ -9,11 +9,11 @@ ingress:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
-    - s3.e.badhouseplants.net
+    - s3.ru.badhouseplants.net
  tls:
-    - secretName: s3.e.badhouseplants.net
+    - secretName: s3.ru.badhouseplants.net
      hosts:
-        - s3.e.badhouseplants.net
+        - s3.ru.badhouseplants.net
 consoleIngress:
  enabled: true
  ingressClassName: traefik
@ -25,19 +25,19 @@ consoleIngress:
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
  path: /
  hosts:
-    - min.e.badhouseplants.net
+    - minio.ru.badhouseplants.net
  tls:
-    - secretName: min.e.badhouseplants.net
+    - secretName: minio.ru.badhouseplants.net
      hosts:
-        - min.e.badhouseplants.net
+        - minio.ru.badhouseplants.net
-rootUser: 'overlord'
+rootUser: "overlord"
 replicas: 1
 mode: standalone
 environment:
-  MINIO_SERVER_URL: "https://s3.e.badhouseplants.net:443"
+  MINIO_SERVER_URL: "https://s3.ru.badhouseplants.net"
 tls:
  enabled: false
-  certSecret: ''
+  certSecret: ""
  publicCrt: public.crt
  privateKey: private.key
 persistence:
@ -46,15 +46,15 @@ persistence:
  storageClass: local-path
  enabled: true
  accessMode: ReadWriteOnce
-  size: 40Gi
+  size: 60Gi
 service:
  type: ClusterIP
  clusterIP: ~
-  port: '9000'
+  port: "9000"
 consoleService:
  type: ClusterIP
  clusterIP: ~
-  port: '9001'
+  port: "9001"
 resources:
  requests:
    memory: 2Gi
@ -63,6 +63,10 @@ buckets:
    policy: none
    purge: false
    versioning: false
  - name: xray-public
    policy: download
    purge: false
    versioning: false
 metrics:
  serviceMonitor:
    enabled: false
@ -72,7 +76,7 @@ policies:
  - name: allanger
    statements:
      - resources:
-          - 'arn:aws:s3:::*'
+          - "arn:aws:s3:::*"
        actions:
          - "s3:*"
      - resources: []
@ -84,17 +88,17 @@ policies:
  - name: velero
    statements:
      - resources:
-          - 'arn:aws:s3:::velero'
+          - "arn:aws:s3:::velero"
        actions:
          - "s3:*"
      - resources:
-          - 'arn:aws:s3:::velero/*'
+          - "arn:aws:s3:::velero/*"
        actions:
          - "s3:*"
  - name: Admins
    statements:
      - resources:
-          - 'arn:aws:s3:::*'
+          - "arn:aws:s3:::*"
        actions:
          - "s3:*"
      - resources: []
@ -106,10 +110,10 @@ policies:
  - name: DevOps
    statements:
      - resources:
-          - 'arn:aws:s3:::badhouseplants-net'
+          - "arn:aws:s3:::badhouseplants-net"
        actions:
          - "s3:*"
      - resources:
-          - 'arn:aws:s3:::badhouseplants-net/*'
+          - "arn:aws:s3:::badhouseplants-net/*"
        actions:
          - "s3:*"
--- a/values/etersoft/values.qbittorrent.yaml
+++ b/values/etersoft/values.qbittorrent.yaml
@ -24,13 +24,13 @@ ingress:
      traefik.ingress.kubernetes.io/router.middlewares: applications-torrentauth@kubernetescrd
    enabled: true
    hosts:
-      - host: tor.e.badhouseplants.net
+      - host: tor.ru.badhouseplants.net
        paths:
          - path: /
    tls:
-      - secretName: tor.e.badhouseplants.net
+      - secretName: tor.ru.badhouseplants.net
        hosts:
-          - tor.e.badhouseplants.net
+          - tor.ru.badhouseplants.net
 persistence:
  config:
    annotations:
--- a/values/etersoft/values.server-xray-public-bridge.yaml
+++ b/values/etersoft/values.server-xray-public-bridge.yaml
@ -0,0 +1,39 @@
 certificate:
  enabled: true
  certificate:
    - name: xray-public-bridge.e.badhouseplants.net
      secretName: xray-public-bridge.e.badhouseplants.net
      issuer:
        kind: ClusterIssuer
        name: badhouseplants-issuer-http01
      dnsNames:
        - xray-public-bridge.e.badhouseplants.net
        - 91.232.225.63
 traefik:
  enabled: true
  tcpRoutes:
    - name: server-xray-public-bridge
      service: server-xray-public-bridge-xray-https
      match: HostSNI(`*`)
      entrypoint: xray-edge
      port: 443
 shortcuts:
  hostname: xray-public-bridge.e.badhouseplants.net
 ingress:
  main:
    enabled: true
    annotations:
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      meta.helm.sh/release-name: xray
      meta.helm.sh/release-namespace: xray
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 extraVolumes:
  certs:
    secret:
      secretName: xray-public-bridge.e.badhouseplants.net
 workload:
  replicas: 1
--- a/values/etersoft/values.server-xray-public.yaml
+++ b/values/etersoft/values.server-xray-public.yaml
@ -0,0 +1,271 @@
 certificate:
  enabled: true
  certificate:
    - name: xray-public.ru.badhouseplants.net
      secretName: xray-public.ru.badhouseplants.net
      issuer:
        kind: ClusterIssuer
        name: badhouseplants-issuer-http01
      dnsNames:
        - xray-public.ru.badhouseplants.net
 traefik:
  enabled: true
  tcpRoutes:
    - name: server-xray-public
      service: server-xray-public-xray-https
      match: HostSNI(`*`)
      entrypoint: xray-internal
      port: 443
 shortcuts:
  hostname: xray-public.ru.badhouseplants.net
 ingress:
  main:
    enabled: true
    annotations:
      kubernetes.io/ingress.allow-http: "false"
      kubernetes.io/ingress.class: traefik
      kubernetes.io/ingress.global-static-ip-name: ""
      kubernetes.io/tls-acme: "true"
      meta.helm.sh/release-name: xray
      meta.helm.sh/release-namespace: xray
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 extraVolumes:
  certs:
    secret:
      secretName: xray-public.ru.badhouseplants.net
 workload:
  replicas: 2
 ext-cilium:
  enabled: true
  ciliumNetworkPolicies:
    - name: xray-public
      endpointSelectors:
        app.kubernetes.io/instance: server-xray-public
        app.kubernetes.io/name: server-xray
      egress:
        - toEntities:
            - cluster
        - toPorts:
            - ports:
                - port: "53"
                  protocol: ANY
        - toEntities:
            - world
      egressDeny:
        - toCIDR:
            - 93.158.213.92/32
            - 93.158.213.92/32
            - 185.243.218.213/32
            - 91.216.110.53/32
            - 23.157.120.14/32
            - 94.243.222.100/32
            - 208.83.20.20/32
            - 156.234.201.18/32
            - 209.141.59.16/32
            - 34.89.51.235/32
            - 109.201.134.183/32
            - 83.102.180.21/32
            - 185.230.4.150/32
            - 45.9.60.30/32
            - 5.181.156.41/32
            - 156.234.201.18/32
            - 34.89.51.235/32
            - 83.6.102.25/32
            - 51.222.82.36/32
            - 125.227.79.123/32
            - 193.42.111.57/32
            - 135.125.202.143/32
            - 176.56.7.44/32
            - 185.87.45.163/32
            - 181.214.58.63/32
            - 143.198.64.177/32
            - 5.255.124.190/32
            - 52.58.128.163/32
            - 15.204.57.168/32
            - 34.94.76.146/32
            - 211.23.142.127/32
            - 64.23.195.62/32
            - 23.153.248.83/32
            - 82.156.24.219/32
            - 37.235.176.37/32
            - 176.123.1.180/32
            - 35.227.59.57/32
            - 62.210.114.129/32
            - 185.216.179.62/32
            - 34.94.76.146/32
            - 121.199.16.229/32
            - 23.163.56.66/32
            - 176.99.7.59/32
            - 207.241.231.226/32
            - 207.241.226.111/32
            - 27.151.84.136/32
            - 104.244.77.14/32
            - 5.102.159.190/32
            - 184.61.17.58/32
            - 125.227.79.123/32
            - 181.214.58.63/32
            - 95.217.167.10/32
            - 159.148.57.222/32
            - 15.204.57.168/32
            - 211.23.142.127/32
            - 34.94.76.146/32
            - 187.56.163.73/32
            - 109.71.253.37/32
            - 5.182.86.242/32
            - 104.244.77.14/32
            - 190.146.242.81/32
            - 89.110.76.229/32
            - 138.124.183.78/32
            - 209.126.11.233/32
            - 167.99.185.219/32
            - 37.59.48.81/32
            - 27.151.84.136/32
            - 142.132.183.104/32
            - 193.53.126.151/32
            - 74.48.17.122/32
            - 93.158.213.92/32
            - 156.234.201.18/32
            - 35.227.59.57/32
            - 34.89.51.235/32
            - 34.94.76.146/32
            - 184.61.17.58/32
            - 125.227.79.123/32
            - 104.21.58.176/32
            - 172.67.162.102/32
            - 181.214.58.63/32
            - 93.185.165.29/32
            - 95.217.167.10/32
            - 159.148.57.222/32
            - 15.204.57.168/32
            - 211.75.210.220/32
            - 125.227.79.123/32
            - 211.23.142.127/32
            - 172.67.165.72/32
            - 104.21.57.182/32
            - 35.227.59.57/32
            - 34.89.51.235/32
            - 34.94.76.146/32
            - 187.56.163.73/32
            - 109.71.253.37/32
            - 5.182.86.242/32
            - 104.244.77.14/32
            - 193.53.126.151/32
            - 104.19.22.31/32
            - 104.19.22.22/32
            - 104.19.22.27/32
            - 104.19.22.23/32
            - 104.19.22.30/32
            - 104.19.22.24/32
            - 104.19.22.26/32
            - 104.19.22.29/32
            - 104.19.22.32/32
            - 104.19.22.28/32
            - 104.19.22.25/32
            - 74.48.17.122/32
            - 184.61.17.58/32
            - 104.21.62.230/32
            - 172.67.139.235/32
            - 172.67.135.244/32
            - 104.21.26.114/32
            - 104.21.72.244/32
            - 172.67.136.175/32
            - 172.67.183.130/32
            - 104.21.64.112/32
            - 104.26.10.105/32
            - 104.26.11.105/32
            - 172.67.70.119/32
            - 172.67.144.128/32
            - 104.21.71.114/32
            - 172.67.161.130/32
            - 104.21.65.89/32
            - 172.67.156.75/32
            - 104.21.40.186/32
            - 65.21.91.32/32
            - 184.61.17.58/32
            - 104.21.82.111/32
            - 172.67.200.173/32
            - 104.21.13.129/32
            - 172.67.200.14/32
            - 104.21.89.147/32
            - 172.67.160.224/32
            - 172.67.139.235/32
            - 104.21.62.230/32
            - 93.158.213.92/32
            - 185.243.218.213/32
            - 91.216.110.53/32
            - 23.157.120.14/32
            - 94.243.222.100/32
            - 208.83.20.20/32
            - 156.234.201.18/32
            - 209.141.59.16/32
            - 34.94.76.146/32
            - 35.227.59.57/32
            - 34.89.51.235/32
            - 109.201.134.183/32
            - 83.102.180.21/32
            - 185.230.4.150/32
            - 45.9.60.30/32
            - 5.181.156.41/32
            - 83.6.102.25/32
            - 54.39.48.3/32
            - 51.222.82.36/32
            - 125.227.79.123/32
            - 193.42.111.57/32
            - 135.125.202.143/32
            - 176.56.7.44/32
            - 185.87.45.163/32
            - 93.185.165.29/32
            - 181.214.58.63/32
            - 143.198.64.177/32
            - 5.255.124.190/32
            - 52.58.128.163/32
            - 15.204.57.168/32
            - 35.227.59.57/32
            - 34.89.51.235/32
            - 34.94.76.146/32
            - 211.23.142.127/32
            - 211.75.210.220/32
            - 125.227.79.123/32
            - 64.23.195.62/32
            - 51.81.222.188/32
            - 23.153.248.83/32
            - 82.156.24.219/32
            - 37.235.176.37/32
            - 51.15.41.46/32
            - 176.123.1.180/32
            - 104.244.77.87/32
            - 34.94.76.146/32
            - 34.89.51.235/32
            - 35.227.59.57/32
            - 62.210.114.129/32
            - 185.216.179.62/32
            - 34.94.76.146/32
            - 34.89.51.235/32
            - 35.227.59.57/32
            - 121.199.16.229/32
            - 35.227.59.57/32
            - 34.89.51.235/32
            - 34.94.76.146/32
            - 23.163.56.66/32
            - 176.99.7.59/32
            - 207.241.231.226/32
            - 207.241.226.111/32
            - 27.151.84.136/32
            - 51.159.54.68/32
            - 104.244.77.14/32
            - 5.102.159.190/32
            - 190.146.242.81/32
            - 89.110.76.229/32
            - 89.47.160.50/32
            - 138.124.183.78/32
            - 209.126.11.233/32
            - 167.99.185.219/32
            - 27.151.84.136/32
            - 37.59.48.81/32
            - 27.151.84.136/32
            - 142.132.183.104/32
            - 159.148.57.222/32
            - 159.148.57.222/32
--- a/values/etersoft/values.traefik.yaml
+++ b/values/etersoft/values.traefik.yaml
@ -5,3 +5,19 @@ ports:
      default: true
    exposedPort: 1194
    protocol: TCP
  xray-public:
    port: 27015
    expose:
      default: true
    exposedPort: 27015
    protocol: TCP
  xray-internal:
    port: 27016
    expose:
      default: true
    exposedPort: 27016
    protocol: TCP
 providers: # @schema additionalProperties: false
  kubernetesCRD:
    enabled: true
    allowExternalNameServices: true
--- a/values/etersoft/values.uptime-kuma.yaml
+++ b/values/etersoft/values.uptime-kuma.yaml
@ -0,0 +1,20 @@
 ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: traefik
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.allow-http: "false"
    kubernetes.io/ingress.global-static-ip-name: ""
    cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
    external-dns.alpha.kubernetes.io/ingress-hostname-source: defined-hosts-only
  hosts:
    - host: uptime.ru.badhouseplants.net
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: uptime.ru.badhouseplants.net
      hosts:
        - uptime.ru.badhouseplants.net
--- a/values/etersoft/values.vaultwardentest.yaml
+++ b/values/etersoft/values.vaultwardentest.yaml
@ -1,5 +1,5 @@
 shortcuts:
-  hostname: vaulttest.badhouseplants.net
+  hostname: vaulttest.ru.badhouseplants.net
 ext-database:
  enabled: true
  name: vaultwardentest-postgres16
@ -35,7 +35,7 @@ ingress:
      kubernetes.io/ingress.global-static-ip-name: ""
      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
    rules:
-      - host: vaulttest.badhouseplants.net
+      - host: vaulttest.ru.badhouseplants.net
        http:
          paths:
            - backend:
@ -47,8 +47,8 @@ ingress:
              pathType: Prefix
    tls:
      - hosts:
-          - vaulttest.badhouseplants.net
+          - vaulttest.ru.badhouseplants.net
-        secretName: vaulttest.badhouseplants.net
+        secretName: vaulttest.ru.badhouseplants.net
 extraVolumes:
  logs:
    emptyDir: {}
@ -64,7 +64,7 @@ env:
    enabled: true
    sensitive: false
    data:
-      DOMAIN: https://vaulttest.badhouseplants.net
+      DOMAIN: https://vaulttest.ru.badhouseplants.net
      #SMTP_HOST: mail.badhouseplants.net
      #SMTP_SECURITY: "starttls"
      #SMTP_PORT: 587
--- a/values/etersoft/values.xray-docs.yaml
+++ b/values/etersoft/values.xray-docs.yaml
@ -0,0 +1,38 @@
 workload:
  metadata:
    annotations:
      keel.sh/policy: force
      keel.sh/trigger: poll
      keel.sh/initContainers: 'true'
 ingress:
  main:
    metadata:
      annotations:
        kubernetes.io/ingress.class: traefik
        traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
        kubernetes.io/tls-acme: "true"
        kubernetes.io/ingress.allow-http: "false"
        kubernetes.io/ingress.global-static-ip-name: ""
        cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
        traefik.ingress.kubernetes.io/router.middlewares: public-xray-xraydocsauth@kubernetescrd
 extra:
  templates:
    - |-
      apiVersion: v1
      kind: Secret
      metadata:
        name: xray-docs-auth
      stringData:
        users: |
          ilove:$apr1$N65S3o4r$Yc9pJnHPN4tUE1ZLzJsGI.
    - |-
      apiVersion: traefik.io/v1alpha1
      kind: Middleware
      metadata:
        name: xraydocsauth
      spec:
        basicAuth:
          secret: xray-docs-auth
--- a/values/xray-1/secrets.promtail.yaml
+++ b/values/xray-1/secrets.promtail.yaml
@ -1,27 +0,0 @@
 config:
    clients:
        - url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str]
          tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str]
          basic_auth:
            username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str]
            password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr
            V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr
            Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz
            ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC
            Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-17T16:09:55Z"
    mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/values/xray-1/secrets.server-xray-public.yaml
+++ b/values/xray-1/secrets.server-xray-public.yaml
@ -1,37 +0,0 @@
 files:
    config:
        enabled: ENC[AES256_GCM,data:KhdaSQ==,iv:/RR/lub7n1fYtAntHcy4Ul0R9bxrfDJs1KlED+8tH/Y=,tag:VhQ6pjrRai9HD0nH1dqO9g==,type:bool]
        sensitive: ENC[AES256_GCM,data:4WIq3z8=,iv:JMNb5dUGVWBUO4ymsp4MULD3kPMAmUzedSxB8IHCXtA=,tag:Xj8ItxuhgY5se8jAyFne5A==,type:bool]
        remove: []
        entries:
            config.json:
                data: ENC[AES256_GCM,data:XqWiy83f0OxEMu5exDowE3wkPz5/MARnsIhdq3dcZlK7NXZJERHO1UXr6emVnn8W9Wcg+BDl17FkA7A4DZNuAChRHNg3AqcX1dZYBGcU44VG5r8qS76o1+in7TrSN56TgEBEBcifsV6TE/snilq+SpRgLoPy0196XgBM+0FZasRHY/Feda/JTLubvrHYW/zY2ACxAEfaxQzqGt80SlZgvfVN+xk1vu7mR8TdQXQjE64Y9vSL+94UoeRSOUHLjdGNndtP5p62IfZS6QChA78f8s/yfYW8/oQZ2/WPPQFNCb2ZEJT7S/exUDzt5UpXVgLo+m5c3VpmDuR+Zj+uTBzWHs46Nw538xzJaDA6Xz60zhL7SSm8/qdkPc4TT04zGqPXmA2wftBjHFm3M3yM4KZix2C8ILfZiQoBLg9LV9In2kj60kyxwiASd8hyCrTWO6j9rnReBQwVIvmYFvU/A6CUvkrflJcIQ3ETnxQH9bkJEd1y+3Znqdn3rlkGFd2UJ/erLqowJPkLDFHMzs3RZHevrBMunuF4WSCggeXeIeZcqRcJzEjsUeSATUoot+T88XC/6B8xbqinn4Z7rlGajQdp+OIIU/5daMj7wMHZ99N6g0Mfpf331TzbUtDVBZj83VlIslVd6XXCLaBHswWBplMgBC5u/5kTy+cNK7Tif3ltWZLyAsafvchR1vJLmf3MaxUURZ5uqTQIvd4CB39i/Yju9CSuUoIgBR/LUEM9ErqXP52IapEEg2csepGBru5gjLR30SP1tGBPbszo7KuIN6MwtBxtxLqa9zBY+IVW19nDD6LoXZR463IYle2JuOEhpeOLIZcEpx/4vpWAeJSdVcA63ndTqWJ3lvzLUCXIK8XhoHxOAeGn4S6lGb+sNMNNIKQr7p3a7RvRq0zLTiC20bW6JoYj6BqQBC35w+mx9f6Qq3Bv8PggHzp5KSVUSOFWssrzFdGF7pOqnB+vK15VSu2IWa2vozcQlRG5xPnnN/OhiPXYcyvgxeL8a66pltrmrAm+NE4vn08OurE0nglAKJLz5lSWzkXyQtTs4TP8XcXdKMP5ZQv+Y1fH50D5Ubr9Sjbl0XHsG3uv1A5Ad+SaZiw7bJNRL8uuEIBOm52PoWczdI+ZM/uX6bntrZvWpj8Cy660y6iIeyIXuJHTxLpqJU6M4PdjXmEX2RIC14YAFqErzxk+o8sHNwrfHAaLDL3e80jET1kTq/UvQkkAYn8cudEIkOsyRo3hX1Gb+YifMGhFZC2TnvVG0Sh+seIKoQer8lSKJroVoOFB6V4i2isoq0k1gJK3ImqJb8Jn8RGMFill4izGFdlmSI0EPQO0FI5LEIrZpCfyuZdjVSyuiMwIXMpz8DPcAONETdgjRgIKFfKnVMNOqqSK+07asL+N7a2JsUPve2t7VinTXv6RpuQ92UqMtv+KtsrqRq1+b2JW1wl6ScI7ZTby0r1zaR8da1suxmpbSvUzp22hYj2gMJyFRklYF5QVm8qc4+CoARrsjAZDv6P4bZin8OBzFvLt4a0RDPa5I+rjTH8ZIUxYM75kMcIaziUESXeFaC9XGUUTaSiBWmZfe8oETe08S1tQB2kT2oZZCbMHW1JNBWwe8ujcQjRWL8s8bKJNRbmRqtEo8BpUQQBE+Y4QzQVYgsp7vj9fqYZeTIpWvpsI+TmScExGhkwqOSJC9+Cd51SBx/Op7IWhjL3quEr89KXSH5zva8aokM3/2LkYyYGq+RPOZyxwMdJXgHPMCqbuu9ephhD4wLFDbiDOKAkxUb7TBNS/wONt4wAzoRdZ78fxY/pbPOXhJ3470Z5K7fiXeL9JD7595kQM2pcNEI6JdFk+pPLSa3r6q8c6CaHH035TXCUhuJQzO1L0aXi+DSuj418gc1TyQxoXsZfoe9ZnnUO6qHZRALboitn2b2jENP79XeN62LVcko30LJ1nzfcNoqDaflGmwaH+24vdFsDC5WoONoQ9hX519pyeHHc7tKtPS0NLcKkljLckIaTN1OIEHIhsbm0Z3Vhdkymq7k3h5sp5nveBXmWcRoZgd7EJdB9aZDDEuLaGImtYhexyqcckzjyN5YroHOaKdEDtMIkfSDj/+Z9TVnfd0RFTV4emdzW/o0VTPpkKohTIOoavW3Axi95z/uqflIJL7C1gOwIQ0aaE2pvLf+BTj99Tt3aCZRpYf1mftoo7YKCQscr6+aEFgO0Kk0XEGjpIz1+JWhlm768QY7ZemZrMAuxT5CsqbfncZah5EV/iHIPWmjsUMckN7ff6OxK7jOjTIvDZJVCWFE1aeqiN9zHQhb2VX1r0cKyhjPEHhpEagxWGVmCMG1iyv/+FZWKcT+arvaNTyTwc2wKm9OHpJ3dckTO31bYnXYi/jGdoxN5u1lnkFJ2ERtnCRzCt4SCOUoejTb3+tI+rn/+Qg/Y6BIvx2LmpnFvSuw3/fEqZnI9gSObKjVJNywjkLYLvQoedwYaR0RVXhz1NQ0tyGQH5Z/ydEm0vcXOtzFqmGqHr6f1p9j7DEi7aK+0KDI/nTsrvDlUFp8oZBUpVjbwMrwm3a8CQWuF6JpadU8tbp0qllj6fOuLm2Tj1AEQzeCSRnZHIup+9k+Jh+U2rmx7ofpwJGYXiCOGUWQsSldscW2NEo5HOUPLRge7bUFNmZ9Kd9p/gon5cXdE4zgmf+c4XZ1zAvUsi74bJZTzYPay8OLurD8r5vIHYlHCQcScOvuh6i7qday3Wqw3jd4S7HxbQ19YqtBw2eGQj2A4iZqizdIhYPbmvJ65mponevIrPDiEgBmmQdXxYlpl/xUiv8hcFOB0RO6Plt6yyNxWhEtf0vuD8bR8UsZKuWAH2db1NHtFNBxn2g/nmnBpcFGgHkF30e3RHQ0DIMpiTAXDFoHMtCwlyiuTJjaAubg3KwVR4bOmmigz1Q40t09EZJNfnK9JEWaJlnUJOgiDlKlovq+cr+YVbqnGMDLa5tBCDLz2C3AoSTGbLuZ3A91pVHl6kTLrY4N5zRZstbDny4KXsAapIwCH7IfJd/9gBa/VCPetXB/ReTrYi6Y7Y25YhqEL1hks9IlO7Iz56DHk2spbBkJ8C4a525doBmKQ8AS2vwZ2BRJhYXFxaVP47o4+R+duDZzfhqZy1pT9HAMuBPUmEQDs+KxqgoKLiAyRYvcHgO/mBj1Oftu0SwzEMYan1fzyqCfCrZTO6EVcH4M3dmIbzTyCoyJvOCHS1HNqPNrTR5DMahVc527CImS4pBCv1vXvN/IXshrymJF5Z1seZ1HgGtU4rwcMEFvVGTgya4Z9Je9fa2SSG4S7YeV4urJME9xhoSyG58VWK7pJMI4kLfm6RPtQyT6i2pCGCzAujFwYoa0fl5tBhGO1kZkOMfXcaCOG3ymcEdQagvVcIa9hbNSvgkcT4VGnT4zA1QFazRfsi1n4vTTDk8yMq7jLQNn6aEgbewLq4wHNIZBli+gnijCNVts6bfPOTb82OVYirwtn+2IyMhO9kT1sqH4PEsxl20onYTatTP7Qk41RogLLP1IHvhwAj00DFPxg3iIWbzk4zATAkiZCe0Emb3+ci74uSnjDeVbVVZXprfcrjt+zAoZABCza4sHudp4fJcemHm69LV8yCZRz7HrnxcjQig7cDz12ma/9IVNV0wBCFxlT5NgVp9tZS+lWPtEI6bia1vtLVarEfm068+NRIs+GziTadip7c8QdGUKaonLjdR2G8o7x2k4X5fn65qYLqsOlEu0fWz8LhiC3bc2nwtQxVZ/qRKF0stdFvN9Lgqrf860QE6ubw2RE7MW/k8hLG0gjLctQqpTWrzW7C4KUBGBnOa9w5HyDwFNqvkV01tomjPvvkiHCC4qCiE/yQvDiNEFdWe3NGV0e1IdONmy8qdOs6ZWeSJ8MMQ+j+EP2Wh9ap1ntK1/Gg80pOw/UDldzQg3Duld+Rm4imLJAGNfB2NEOQd/S+SsbW4wg/vfT9VXkSahaWn2u0YG5hBHI=,iv:YE2VLQd+7RCULF/DRvrni6lM52jkpJJA5HlmUleNZZo=,tag:mGjeVtozDL3X8n37frkIPQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveXp2aTlkcXkwelVCenlW
            U1d3R0VxNFNyMGJYbHZtMTRrbDlkQWdFczJRCjVyd1V0OVJTNEkzUjBIZmJXejFX
            WmVNcVM1SFRrN1Vna25DU2pua09HZWcKLS0tIEk4MEFjb3FGZHhzMHNuSXhJRXNv
            ZVE2RExscWxhejV2YnBFTUxTVEFVSTAKxHqBMIgPFDESbmxip5sJDmZriijPqjjw
            9JFRSrGYCZE2cnMwu8BuHQzQnTTNZBrRzqWKJ2q+HygxvIbki8EOpQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTmxnUzFVbGtRbGY0a1Av
            aEtUanBJVTcrSm5weFkxSnptSGNUM0dQZUFnCnNLdUhiektTQmEwUXY0bWZycTht
            T20xdDJwdVAzdGdUMzFoVFBaSHNKNzAKLS0tIEYvVnF5a2VpMWVJNTV5TytIYUZZ
            eWUvblIxK3pzV3ExTVpES2x3ZmVGV1kKA2sYyBydUNnN7V1o+PR5tL+pNQKUK8HP
            /bRbyvQhx0V45LBdiJheNAenMo7DA6J5INsMt0X26k8wobqrTSEi0w==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-20T03:07:02Z"
    mac: ENC[AES256_GCM,data:t5qbsQu1PmRxw4C8pQuSWXPB6ojZpszsWnaBlcxvqOYoCMsdk6HAFfyIv1MTCOaA4zI53jy+u2wDwcQ72lCLicfQppce2ZeveIuBFUoKJ9AZdKKDJfQr1BeNbqu8/J+XO61teT7TCteiQARiI29xtwr3gyDX3SzIoKWlt6ySjq4=,iv:Cg+giduUBZCbBJuPtNoOaRSWWdEu7Wo0jolR0GMG3uc=,tag:TSR5jeF+v+4I6Z7NL7/3RA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/values/xray-1/values.namespaces.yaml
+++ b/values/xray-1/values.namespaces.yaml
@ -1,3 +0,0 @@
 namespaces:
  - name: public-xray
  - name: promtail
--- a/values/xray-1/values.promtail.yaml
+++ b/values/xray-1/values.promtail.yaml
@ -1,7 +0,0 @@
 config:
  snippets:
    pipelineStages:
      - match:
          pipeline_name: "drop-all"
          selector: '{namespace!~"public-xray"}'
          action: drop
--- a/values/xray-1/values.roles.yaml
+++ b/values/xray-1/values.roles.yaml
@ -1 +0,0 @@
 roles: []
--- a/values/xray-1/values.server-xray-public.yaml
+++ b/values/xray-1/values.server-xray-public.yaml
@ -1,26 +0,0 @@
 ext-self-signed-cert:
  enabled: true
  name: xray.badhouseplants.net
  domain: xray.badhouseplants.net
 ingress:
  main:
    enabled: false
 service:
  xray-https:
    enabled: true
    type: NodePort
    ports:
      https:
        port: 443
        targetPort: 443
        nodePort: 30015
        protocol: TCP
  xray-http:
    enabled: true
    type: NodePort
    ports:
      http:
        port: 80
        targetPort: 80
        protocol: TCP
        nodePort: 30014
--- a/values/xray-2/secrets.promtail.yaml
+++ b/values/xray-2/secrets.promtail.yaml
@ -1,27 +0,0 @@
 config:
    clients:
        - url: ENC[AES256_GCM,data:CFq8x1jLDO8aLitEOlCOXeG1yp8RqKHdeqf8x7o9YESOmTAKFTuLpcBUDeESNTv9,iv:68uLarfOiS4oTcvEQu4uHMQUzRhXhqAZb5c4ik4U2E4=,tag:GhkkzriBYhWmTxt0KNwMkg==,type:str]
          tenant_id: ENC[AES256_GCM,data:Iad0xh30fhwNiDh8SRU=,iv:A9o5brTa/2YbdYCIg5D4RHY2LXkMauIZBfygGsyV8gM=,tag:vNbcRImDSRCkM34B03MiMQ==,type:str]
          basic_auth:
            username: ENC[AES256_GCM,data:kUgLwA==,iv:5rAxU463ynXXZQfmGykocKmWm+VKahatT2KokSux16E=,tag:vYe9g0mePeYAapJlHAOWVw==,type:str]
            password: ENC[AES256_GCM,data:2Zb4d8Aj5M27V7YNvcdFIkHHAl5dvNIlB46sP2sJ,iv:wW31BhjGvN2ii60p+/hSs2IqaIhLbDgl70KFfGiTbXM=,tag:50DB7GxuuAl+8GJ7K2ePvA==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdjR0eFRDS2dCVTNENUFr
            V0k4T2Q2cmxua05QeDlzdnB2WWJLQ2hQbUdZCndjT0cxcytPUW0zOWtxVy9sazlr
            Z3RKSkFVeGx2UkdtWmhLQXhNUnpKeUEKLS0tIGV3L1pRNXlZMG92K1N6aGlvSVBz
            ZVV1d3R6KzJtT0drOVNHSThDdjAxekkK1RXCHM6QhNXto5D6yFTlvANN3E4iYfOC
            Bf8s76p0ynI3tqfH6IgA9NFRPxYPzMGC/1zsQ95n5N6fMXh/KouRqg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-17T16:09:55Z"
    mac: ENC[AES256_GCM,data:EM9kmYq/6en0XwMtmDcx5yO6VflugTbqDgPvvIBl7m6EvFi9EkMx/Aa9jkVYS+VFvS+pJ9pVe8+F/TL5+o/K0O9rkgZ8+ciAYXoRDBb1o9qUMoy2+ZjbjI7FMXDp8c8UED0MK+SZYNZ2C+44C9kohX5cPwOQCHd+0HxJKOTzH8U=,iv:The91sevo/IqJIXBt8BAta5RYDtv1oFaGQRyqzrm+tM=,tag:fKduoewHPG/N1qGr76r/8A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/values/xray-2/secrets.server-xray-public.yaml
+++ b/values/xray-2/secrets.server-xray-public.yaml
@ -1,37 +0,0 @@
 files:
    config:
        enabled: ENC[AES256_GCM,data:yOJqDw==,iv:p4YUaymPlFvDKex//IBK14xG82ekakbvXbdQ7wnXLkw=,tag:iVbfnbdtLZyf8ux4kw/JNg==,type:bool]
        sensitive: ENC[AES256_GCM,data:XkpvCgA=,iv:vWxJBv0xhr0tcJvrW8E6OwAPQNlb/cGHeZULBHO51QU=,tag:XwbCtmnH5a59FmGrOXmA/w==,type:bool]
        remove: []
        entries:
            config.json:
                data: ENC[AES256_GCM,data:xOqEXdNdjjDvDVxrujUSaeUE8lTzW6tx3DE4NRL0FmJm/TibDR4uDpQPhHtXkLzwlKlongyal6/ts62Ord80ZfhqAcILp4zS6vfWqsZb1mJaHZMNrbeTqqvM8160bRHoHO6Cm48ANAK0qL3hxNoxzjoogpAKpXkYil+Puy8GvS6TshIUFFzpRYc0ROmdadUFdC4Nv2UxQW9tE8ZVLaHzdopBfSmE5rVAZqYeycj3ykSmRIu71JEdsF1ZLK6Fkv/L9l3XIf8TWFh9ztAGd940VCplwNv8iA/OgEokR8SNe5MdJvgTxabN+qZ4SwZy6Z1e8RsmVR4cah3vvIfa2YvvapKIwYLoVgC1VwDwdGxHRurg3czrzdgxi9vbbuX3Hz8Zxs/dyj7Twriftwu4KQeNCsn4Uvnkmz5V1Yo4scrtAkh6GViiat/pGtaF0oJgEEtMfUkDPiWdDVJpNS8vFUOEUo//8ftduc73lzqOuh08/YiCWAoovggJVweSX1ZglOg3KEUjBMgCW/Xj5Q8JZG6Yw4D4p7CImGLHgD1Ie/+xjjA/tdJtSpBtnCNybb55wNOBgrr9KwIyNLMBRLjXgQl5OgaNsh97DbaI7hxLdwQW1vJBmDUBYGVR0DLM42bGZzO6yJsphcQw6thvKQEZ+GExeDZKc/ic9y/2qP3K6A6xgkKe9hQWe45NfK5BFtTDeOS7U02y3lmEotV4+KicNILnetTHuGT9+XywocUew/BH/dWbaOdvQWmMGsecPz2F4R0jbVycKaITIaqn5C6IG4rOQ2lbI7nesLz9x6yFiiQDCURUY7kiSdFGl+F5Y+ydl1I8qus1bP0eKR54iYu2rms7EfapkBG04RJ3e0jix986QLG8kcXxxUlNixrTxH5H8HyK2eo38ZdYyCJTcHYoZ+/htbgUuI3iTuBI/u4mZvFrugbNHZrChOMaUpPgbMhtaLQ6X7OjkLzshV1/OPkXzNQXqXMMZxUn4ybL2yw2fImXwGfevXzx63nE1EVob+iph1q+EO0tGGn/n5d2WXEZ7Qopwdwhhl4oYA1co2DKb3rVd5PSgTrlBqhOsEbPjo5TdKHEHufkO60Kse6t5EMK2/fjN/6WOnSypzgqmMaCrZExB5GFh5BqwMAoa/xtw5dhLwgav5lZLckAxXucMH2p533WzHN0V5PM0DhRsrdm3EGT7gpG3E5avWw+pDexaja3uWp5wqvQOW6q5ImwkgZ+lAbKnArwqFBnnb9eOjgriTMYd9s79xpfJqCjGNbDWKy1mnuRR2EUVt3v1RIFQiIdtovyqB5KrSvukyIyUYDuqZhPAqc7nR0ATecvgiYnalL9xgr0L0x4Z9KNqOu1LqrykD3giNtcWnlXTQ9h4dwGwRAvzxzjANx9B6uJYSkN6k2kl6ScjSoIndhr2b8tEIIGLwM9TXMeNhg4OsOTm844rmweAOsCzaQqm++I8wtDY8l9OUnwVN+fbYdRsBntHO9fqliK2KRFs5rnl97GLqW5MjDl7gCgLKDULQp9yvuoTStnZ2qvgIWVKTvEDEybxutGvPVDuam34qSp80YlzR4MacHUgOshJbQ0nbTNNc+qjYi4DxEOj/T1OoRlS6UJmsrqec8uglfIYWd9ZqRSRazpsy1jLzPeUTY5OWjpkHFryjFFEhxy6tlpEHJr4FQbDA5taHI3TcfsBby8DNC1h3/maLBZMlHswxDolEPw4qQw7lqqmvY69CFTkUmZv7gAuOSyNSueVTnlccEnJNH5MNFzvJZLSYOlWuYW1GosnQT6EkNTM+Vu99nqiRnfs9jn8ObRdhsQMBTKKFN4mrdWsIhuw4WE1egi1HQP5ZT+/4944X1nAk4fWHmVgCrY4WTt+fxxjRr7NYGX+aXF7ploJydPtyI7IwPITBRQNoCizV5Z4ecMmj64PPDAXESO4427FMIC5qfGBtOIdEyKL1doOkCcYSrWZ1ngHu06HV69wECZumYmPE3+81F/QuSzoPw/5eLmkKmd/NDHhfai3064opCB+xQFvS7awoApzP91+nE0gd39xQQNbCCpmzFFMDwPp1uhxr60LcmwTE2anRjggUmqtqzraM7TATJWdTMlnov8KBoKwImpCA7fj+3N97FV1f+b/30uE+tC4bOW5RFjgY3MdA50P4PjoH0xiskAFXbrgD4BWm58vJT21gJP2cIXp1HfHjGxgpAX1W52wsnDwQs7bD+SdNVmR+h2IxH64DjKpbm3HIWTgSQ0xiXgjkqJIRKNXeDDGf4S7inkN6WtQH9v2KtWB2QeWJt+gAcqHKA3RbGGOyvVwxpBalrNMdV+dSqAF2jKOvJ5CEmWmyxpAREA9yKevSp7vjLpuFxhtT99N5NvM2K+iDKLH0VCJsp6WsPSbqnOwW8qvqzH7DXSW4LGdCgPFniJJ2zmwI1o2BkwwDxvbEk0sEAt8eSlZC1qb361AWBmIceHIXgtePRgHgrB1uUW7lMBLl+5Noj1SoszggAohUG0R8HFyZceGiHh9yW7+HxKcOUEzEH83WLZmlfKXmNlalVD3l2h1KKSEd5LEOPlE3AORQv89JBmDrAv3WAFPU1Fl7bej69Q9jOJuAmpOozi2qVxCVhJETfAvwj//2Z2cAZHqpEAEHdqfhqOR4EFFTLuUWsF9gIFfAxCBvjtb6n8zaQufYHfOk25So8GTtBtqSj59ZpwiG3R/wnQxFgJUx2otCn1sAC7w7Nr8PdbsIoxMJzAEsJfWddA/m77Bj7ckwMVw18Hneo18f7XDxf2PjdUpSGwbQ6PCSotWXsDol7jIQ3gAa5etVJ4J7q+7ban3JAGyCF7xnRRcCgK0QENS1bVeNoxKNsPzlLnNeirnnWwCHr3Fz4+eN04WhHEq1X3i0ftvnA0K7D7dTm0iXAsqZAXQeVZ/CN0ejdvtdjWNS23h+cPt63QeLflyZe6mHw8/wWPP0i3B8Y6ld/0R4OGiqORlV1S+SUzbUkSCgL9UuK4T6igGda5gLqgj32OYAH67iBsF29TNfjQ2/pOQyNf9dhJASWVuJAWy6B8QA/mVayqHFlKh9opQJHVhj8D27v2nAjN9YJOiz3RDbrBUOkTNGTRCL8YuOVXfpN6PVDVBXnR90X7AmXKi+wqZBfAIU1wdGoNq0Af8c+XuRxK+WrGpAhk0B72H4J7ATZl2vGb6+731s4tdW1b4LClhq6LJrn9TeXt1S/OyGSZY1tp/v5ShyeDSVq1XpTVDVn4dSLLVuigT6m8GK4WJRLzwQQ6sMZ1k8HmJNcoVjQxhPdp1SLP6z+kVcuRJpiGTTeF6bvH7OlxPnUKNLj2VJzQ9fisrR+vZ6TgrHAAu3xbMCgSg1Y0yV1xjYKyHudQ1WMqsbbkb9LugwPbLPCedyEmScER80Vvf4uTVh2DDYxMG1Y2FIAtInsAGg86b+t3zenOJWZNmD+EKNmud8vcl8ByIz/MS7sRtBlGaU4y1MzVWyCmQFTDhov1E2fuiMCYWSNsUa/lf7h9/yW9U1R0ZLYescgUfnHda10N6DprhNP/XiczIT07BesYRrAd/Dc1aNEAX5MrcouOK4OpSA9Fm+JI9R7qF2GLpptmIhAaUQs6U7paY9kxoqsVlpRTCylNczNdNkKQL+bfZklyefdMgdPN/XeOtVYUS0wZ/Ert6oXXVDa4MwNUOpOFwsj01j6bzLBzQ28zeneiW59ESKTplvBjZwx33BwYo49+MLksSJjjox4IspAHdFAI85ijqDHf2gbfvarjQ9vVpkgqQ0/Ff4e+oQ3sKvgjMd3edfHusezPr8N9nhzgp7DRNTkW/yt2jZkE+XIiLh7gkUc0BJvhXBfwwSp9JI0Db84qilmkitucI6eoHX9q+ycIVlO84SzrzBbzLW69IjNmUYytPzXm+9s0pg7mQH72Q11qvgLp5QLMLnnszbFRWVWkQhOSDY9wN9mqvJ1Xv0yM980ZvdTM6LhgXr95sTcsJ2u6pZo/Gir2B2I=,iv:aLUnJ9/VjkEbNa097xFNUyeFEzTqs2Pxgye/05TmgSI=,tag:sXp48SCtbCGRyVrZZHZv9g==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWHcxNDNucmt1THVHLytL
            ZHdoMWI2SGF6bjJvQ0lKT0g2UklLS2xnRzNVCk1FcGxaa3hIbHpnTGtRRE9BT3do
            a3ZlL0pLaXRibkc5bW1pL0xzMzlxUmsKLS0tIFUvV0F3QVozajZXb05MYXZjWVpT
            OHJ3a1ZOLzEzS1N2Tis1L3pQVnhZYUkKRSEWDMZdaHsZeblED32ZUgtKlB1E5cTJ
            c4k/tXW+KiwG2h2SVgTrsl/hIZiT98K0gKq0N/OCdA8CKiREA5Fa1Q==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age17fyzv5mezck364lvyepp9pa3tnjn7jvsgcpykhhz2smnxyq6fdusvl7waf
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4M3dXQys2VVFXcExVNHhj
            eWJvU01BUExpSzZPVFBXbWk1UFRzSVJ3OFh3ClJ5ZEdVcWVEeG4yRFhLQndGcFBk
            dWMxWlNjeEszMXFTZUx3RVcwNnR0L28KLS0tIDA4bVcvdjVBcnNQeHp0Q1RhTlZQ
            R2t4Y1YycmpPT2JZdUxsUUdUMUdDT2cKyFvSZWn+0e058lRqTTN7DCRrp2gn77BX
            4cT52WV+t4Ik621Eg/o7ZfdUUJimjS3dbuMg9A1ieGO2FcgxoNPkzg==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-11-20T03:00:02Z"
    mac: ENC[AES256_GCM,data:K0U7maV2lt8cUxkX/kNgily376Y2YbNnHoG92jWVCzjsw/wyE8jwMRW6cFVQqAWgnX5maScT+AJITRvvuM2CQTTItcCYe3FrTHw0WxJui3uzn85TViACo8YTj5DGYW890CBfBTSm9IgQPMtCIjQx/AazFtnhl7kOe7W68xpbAtQ=,iv:niMD6YjXxvY2OxQlXn5aoH8hf+5IhPogS5/F1JQFglk=,tag:z4X8npY1dAiit3Op0Iv3AQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/values/xray-2/values.namespaces.yaml
+++ b/values/xray-2/values.namespaces.yaml
@ -1,3 +0,0 @@
 namespaces:
  - name: public-xray
  - name: promtail
--- a/values/xray-2/values.promtail.yaml
+++ b/values/xray-2/values.promtail.yaml
@ -1,7 +0,0 @@
 config:
  snippets:
    pipelineStages:
      - match:
          pipeline_name: "drop-all"
          selector: '{namespace!~"public-xray"}'
          action: drop
--- a/values/xray-2/values.roles.yaml
+++ b/values/xray-2/values.roles.yaml
@ -1 +0,0 @@
 roles: []
--- a/values/xray-2/values.server-xray-public.yaml
+++ b/values/xray-2/values.server-xray-public.yaml
@ -1,26 +0,0 @@
 ext-self-signed-cert:
  enabled: true
  name: xray.badhouseplants.net
  domain: xray.badhouseplants.net
 ingress:
  main:
    enabled: false
 service:
  xray-https:
    enabled: true
    type: NodePort
    ports:
      https:
        port: 443
        targetPort: 443
        nodePort: 30015
        protocol: TCP
  xray-http:
    enabled: true
    type: NodePort
    ports:
      http:
        port: 80
        targetPort: 80
        protocol: TCP
        nodePort: 30014
Author	SHA1	Message	Date
Nikolai Rodionov	7bc0e0e5b1	Remove the storage installation	2025-02-17 22:52:23 +01:00
Devops Bot	e9aa8d1326	chore(deps): update redis docker tag to v20.7.1	2025-02-17 21:48:14 +00:00
Devops Bot	2a36d36147	chore(deps): update helm release renovate to v39.171.0	2025-02-17 21:48:09 +00:00
Nikolai Rodionov	9402a894d8	A huge amount of untrackable changes	2025-02-17 22:47:33 +01:00
Nikolai Rodionov	927c06a184	Install kyverno to the etersoft cluster too	2025-02-11 15:39:19 +01:00
Nikolai Rodionov	9a4706a9d3	Fix traefik	2025-02-09 16:41:53 +01:00
Nikolai Rodionov	e845e73de8	Install uptime-kuma	2025-02-09 11:41:45 +01:00
Devops Bot	8aec909237	chore(deps): update helm release woodpecker to v3	2025-02-09 10:41:00 +00:00
Devops Bot	4a2c7a8b8e	chore(deps): update helm release traefik to v34	2025-02-09 10:40:54 +00:00
Devops Bot	f21cad0dff	chore(deps): update helm release velero to v8.3.0	2025-02-09 10:40:40 +00:00
Devops Bot	fd7d48291b	chore(deps): update helm release renovate to v39.164.0	2025-02-09 10:40:33 +00:00
Devops Bot	9e3d8b6468	chore(deps): update helm release loki to v6.25.1	2025-02-09 10:40:25 +00:00
Devops Bot	479401927b	chore(deps): update helm release kube-prometheus-stack to v68.5.0	2025-02-09 10:40:18 +00:00
Devops Bot	d6e5a09d65	chore(deps): update helm release grafana to v8.9.0	2025-02-09 10:40:12 +00:00
Devops Bot	c0e2b45c11	chore(deps): update helm release zot to v0.1.66	2025-02-09 10:40:07 +00:00
Devops Bot	93839914ea	chore(deps): update helm release minecraft to v4.23.7	2025-02-09 10:39:59 +00:00
Devops Bot	73a92ce856	chore(deps): update helm release kyverno-policies to v3.3.4	2025-02-09 10:39:49 +00:00
Devops Bot	2dc3fe3445	chore(deps): update helm release kyverno to v3.3.6	2025-02-08 22:36:39 +00:00
Devops Bot	35e41114f3	chore(deps): update helm release authentik to v2024.12.3	2025-02-08 09:47:35 +00:00
Devops Bot	0bb7a2cf52	chore(deps): update helm release external-dns to v1.15.1	2025-02-08 01:01:11 +00:00
Devops Bot	4382d0b6d2	chore(deps): update helm release openebs to v4.1.3	2025-02-07 13:46:14 +00:00
Devops Bot	7d825ab2d6	chore(deps): update helm release renovate to v39.163.0	2025-02-07 13:46:05 +00:00
Devops Bot	7580508a05	chore(deps): update helm release coredns to v1.39.0	2025-02-07 13:45:56 +00:00
Devops Bot	2a4d253ae8	chore(deps): update helm release cert-manager to v1.17.0	2025-02-07 13:45:50 +00:00
Devops Bot	348431ecc4	chore(deps): update helm release cilium to v1.17.0	2025-02-07 13:45:33 +00:00
Nikolai Rodionov	57465c4fb5	Remove IP from xray cert	2025-02-07 14:44:57 +01:00
Nikolai Rodionov	fe83461ee1	Deploy new apps	2025-02-06 08:49:54 +01:00
Devops Bot	1f923778de	chore(deps): update helm release kube-prometheus-stack to v68	2025-01-25 01:01:15 +00:00
Nikolai Rodionov	48eee21619	Add etersoft xray and increase gitea memory	2025-01-22 22:04:34 +01:00
Nikolai Rodionov	71c6161ad3	Update woodpecker	2025-01-15 16:03:42 +01:00
Nikolai Rodionov	c27a5e1bfd	New ports for xray	2025-01-15 15:43:40 +01:00
Devops Bot	acfb954e4e	chore(deps): update helm release authentik to v2024.12.2	2025-01-13 08:35:57 +00:00
Nikolai Rodionov	6cc25e2ab3	Update xray blocked domains	2025-01-13 09:03:53 +01:00
Devops Bot	879d15457a	chore(deps): update helm release renovate to v39.99.0	2025-01-10 16:58:21 +00:00
Devops Bot	578c64afc6	chore(deps): update helm release db-operator to v1.32.0	2025-01-10 16:58:01 +00:00
Devops Bot	c4ae193540	chore(deps): update server-xray docker tag to v0.5.0	2025-01-10 16:57:37 +00:00
Devops Bot	35c3d40cb8	chore(deps): update redis docker tag to v20.6.2	2025-01-09 01:01:18 +00:00
Nikolai Rodionov	116ba59b57	Add xray user	2025-01-06 21:06:09 +01:00
Nikolai Rodionov	379274809b	Update xray-edge	2025-01-04 23:23:32 +01:00
Nikolai Rodionov	1c6e2d4fb7	Add the family account to xray	2025-01-04 23:14:32 +01:00
Devops Bot	0ca09ccde4	chore(deps): update helm release minio to v5.4.0	2025-01-04 15:19:33 +00:00
Devops Bot	cbf4076854	chore(deps): update helm release renovate to v39.90.3	2025-01-04 01:01:32 +00:00
Devops Bot	59fde35280	chore(deps): update helm release renovate to v39.87.0	2025-01-02 01:01:18 +00:00
Devops Bot	620a78d671	chore(deps): update helm release renovate to v39.86.1	2024-12-31 19:16:44 +00:00
Devops Bot	bdb358c071	chore(deps): update helm release velero to v8.2.0	2024-12-31 01:01:26 +00:00
Nikolai Rodionov	2f1dca5941	Install vaultwarden in the new ns	2024-12-29 22:27:12 +01:00
Nikolai Rodionov	df5dbf104d	Install new vaultwarden and enabled istio	2024-12-27 12:50:46 +01:00
Devops Bot	a79d85bc2a	chore(deps): update helm release renovate to v39.83.1	2024-12-27 09:30:40 +00:00
Devops Bot	e2fbd60995	chore(deps): update stalwart docker tag to v0.5.0	2024-12-27 01:01:31 +00:00
Devops Bot	18faad62b6	chore(deps): update helm release kube-prometheus-stack to v67.5.0	2024-12-26 01:02:16 +00:00
Nikolai Rodionov	e95ddada11	Clean up the applications helmfile	2024-12-25 19:56:58 +01:00
Nikolai Rodionov	28aff10917	Add more backups to etersfoft	2024-12-25 18:17:21 +01:00
Nikolai Rodionov	ecb0ab1b78	Fix coredns limits Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>	2024-12-25 13:57:53 +01:00
Nikolai Rodionov	ba165eb8af	Install tandoor Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>	2024-12-25 13:44:23 +01:00
Devops Bot	7ce1033ab4	chore(deps): update helm release renovate to v39.82.7	2024-12-25 10:06:34 +00:00
Devops Bot	137d4e4c2c	chore(deps): update helm release kyverno to v3.3.4	2024-12-25 10:05:55 +00:00
Devops Bot	6c7e10f1cc	chore(deps): update helm release grafana to v8.8.2	2024-12-25 10:04:17 +00:00
Devops Bot	5febfef418	chore(deps): update helm release cilium to v1.16.5	2024-12-25 10:03:06 +00:00
Devops Bot	606b0ad690	chore(deps): update helm release keel to v1.0.5	2024-12-25 10:01:40 +00:00
Devops Bot	36ba22151a	chore(deps): update helm release metallb to v0.14.9	2024-12-25 09:46:59 +00:00
Devops Bot	749b4809c7	chore(deps): update helm release woodpecker to v2.0.3	2024-12-25 09:39:37 +00:00
Devops Bot	eb09727a26	chore(deps): update helm release authentik to v2024.12.1	2024-12-25 09:39:15 +00:00
Devops Bot	282fcff775	chore(deps): update helm release db-operator to v1.31.0	2024-12-25 09:38:22 +00:00
Devops Bot	f29c8c1466	chore(deps): update helm release loki to v6.24.0	2024-12-25 09:37:32 +00:00
Devops Bot	8aec0e7c4d	chore(deps): update helm release traefik to v33.2.1	2024-12-25 09:36:47 +00:00
Devops Bot	ae7c0970a3	chore(deps): update redis docker tag to v20.6.1	2024-12-25 09:36:24 +00:00
Devops Bot	59c51247b0	chore(deps): update helm release kube-prometheus-stack to v67	2024-12-25 01:03:16 +00:00
Nikolai Rodionov	e612a718a7	install-memos (#199 )	2024-12-24 18:46:32 +00:00
Nikolai Rodionov	1ba2a0de4b	Add a couple of XRAY users Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>	2024-12-21 21:54:51 +01:00
Nikolai Rodionov	d41945f05d	Persist external service config for XRAY	2024-12-18 21:57:49 +01:00
Nikolai Rodionov	78d1ba91e3	Update velero config	2024-12-16 15:56:10 +01:00
Nikolai Rodionov	aa2177297b	Add kyverno policy to pipelines	2024-12-16 15:43:12 +01:00
Nikolai Rodionov	c1e7fe0fc7	A whole lot of updates and fixes	2024-12-16 12:56:02 +01:00
Devops Bot	4b8a0fee0d	chore(deps): update helm release kyverno-policies to v3.3.2	2024-12-15 20:57:50 +00:00
Devops Bot	ea9978ec79	chore(deps): update helm release minecraft to v4.23.6	2024-12-15 01:01:11 +00:00
Nikolai Rodionov	6b6f24a764	XRAY: Add Nikita Kolomiets	2024-12-12 16:30:06 +01:00
Nikolai Rodionov	3f797316bc	WIP: Installing tandoor	2024-12-12 15:51:02 +01:00
Nikolai Rodionov	1bf05611f2	Add song sharing to navidrome	2024-12-12 15:50:47 +01:00
Nikolai Rodionov	56d2576666	Add team-fortress-2 server	2024-12-12 15:50:20 +01:00
Nikolai Rodionov	561824536d	Update xray config and cleanup	2024-12-12 14:56:04 +01:00
Samara Roman	c2e16dc840	Morozov Xray	2024-12-12 16:42:58 +03:00
Nikolai Rodionov	13e6071dcc	Migrate to bitnami OCI	2024-12-12 13:36:11 +01:00
Devops Bot	729a3a75c2	chore(deps): update helm release kube-prometheus-stack to v66.3.1	2024-12-11 12:28:56 +00:00
Devops Bot	726e18dea6	chore(deps): update helm release coredns to v1.37.0	2024-12-11 12:28:30 +00:00
Devops Bot	41584e3e96	chore(deps): update helm release authentik to v2024.10.5	2024-12-11 01:01:33 +00:00
Devops Bot	a2babd18ba	chore(deps): update helm release redis to v20.4.0	2024-12-09 16:52:12 +00:00
Devops Bot	e28e66ae58	chore(deps): update qbittorrent docker tag to v0.4.0	2024-12-09 16:51:52 +00:00
Devops Bot	34faff57d2	chore(deps): update helm release traefik to v33.1.0	2024-12-09 12:42:49 +00:00
Devops Bot	6757c15bcb	chore(deps): update helm release loki to v6.23.0	2024-12-09 12:41:10 +00:00
Devops Bot	546889f7f9	chore(deps): update helm release renovate to v39.57.4	2024-12-09 01:01:34 +00:00
Devops Bot	14f05ee2d7	chore(deps): update helm release renovate to v39.42.4	2024-12-02 08:42:16 +00:00
Devops Bot	3abd385d6e	chore(deps): update helm release db-operator to v1.30.0	2024-12-02 01:02:08 +00:00
Nikolai Rodionov	81bac51801	install navidrome private	2024-12-01 23:15:52 +01:00
Devops Bot	e67a6f76a1	chore(deps): update helm-library docker tag to v0.1.5	2024-12-01 22:14:48 +00:00
Devops Bot	44196bba3e	chore(deps): update helm release cilium to v1.16.4	2024-12-01 22:14:24 +00:00
Devops Bot	ccefbec453	chore(deps): update helm release grafana to v8.6.4	2024-12-01 22:14:01 +00:00
Devops Bot	c261eae56a	chore(deps): update helm release kube-prometheus-stack to v66.3.0	2024-12-01 22:13:38 +00:00
Devops Bot	d45eb15c1c	chore(deps): update helm release velero to v8.1.0	2024-12-01 22:13:15 +00:00
Devops Bot	d61cd84633	chore(deps): update helm release woodpecker to v2	2024-12-01 22:12:48 +00:00
Devops Bot	56f241da94	chore(deps): update helm release renovate to v39.42.2	2024-12-01 01:01:24 +00:00
Devops Bot	35dbf1d46c	chore(deps): update helm release authentik to v2024.10.4	2024-11-22 09:19:03 +00:00
Devops Bot	2a71aee8ec	chore(deps): update helm release loki to v6.21.0	2024-11-22 09:18:28 +00:00
Devops Bot	1cc8734d38	chore(deps): update helm release renovate to v39.25.4	2024-11-22 09:18:11 +00:00
Devops Bot	4a01a60339	chore(deps): update helm release cert-manager to v1.16.2	2024-11-21 01:01:19 +00:00
Devops Bot	50787e41d8	chore(deps): update helm release loki to v6.20.0	2024-11-20 21:46:30 +00:00