switch to zot

charts/ippool/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/ippool/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/ippool/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/ippool/templates/ipaddresspool.yaml

@@ -0,0 +1,11 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  addresses:
+  - {{ .Values.ipPool }}
+  autoAssign: true
+  avoidBuggyIPs: false

charts/ippool/values.yaml

@@ -0,0 +1 @@
+ipPool: 0.0.0.0-1.1.1.1

charts/network-base/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/network-base/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: network-base
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/network-base/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "network-base.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "network-base.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "network-base.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "network-base.labels" -}}
+helm.sh/chart: {{ include "network-base.chart" . }}
+{{ include "network-base.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "network-base.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "network-base.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/network-base/templates/certificate.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  dnsNames:
+  - {{ .Values.domain }}
+  - "*.{{ .Values.domain }}"
+  issuerRef:
+    kind: Issuer
+    name: {{ include "network-base.fullname" . }}
+  secretName: {{ include "network-base.fullname" . }}-cert

charts/network-base/templates/gateway.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: grpc-web
+      number: 8080
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: http
+      number: 80
+      protocol: HTTP2
+    tls:
+      httpsRedirect: true
+  - hosts:
+    - {{ .Values.domain }}
+    - "*.{{ .Values.domain }}"
+    port:
+      name: https
+      number: 443
+      protocol: HTTPS
+    tls:
+      credentialName: {{ include "network-base.fullname" . }}-cert
+      mode: SIMPLE

charts/network-base/templates/issuer.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "network-base.fullname" . }}
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+spec:
+  acme:
+    email: {{ .Values.certificate.email }}
+    privateKeySecretRef:
+      name: {{ include "network-base.fullname" . }}-priv-key
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            key: value
+            name: {{ include "network-base.fullname" . }}-clf-token
+          email: {{ .Values.certificate.email }}

charts/network-base/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "network-base.fullname" . }}-clf-token
+  # namespace: cert-manager
+  labels:
+    {{- include "network-base.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  value: {{ .Values.certificate.cloudflareToken }}

charts/network-base/values.yaml

@@ -0,0 +1,4 @@
+certificate:
+  email: email@email.email
+  cloudflareToken: token
+domain: test.io

charts/softplayer-backend/templates/vs.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
@@ -7,7 +6,7 @@ metadata:
     {{- include "softplayer-backend.labels" . | nindent 4 }}
 spec:
   gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
   hosts:
   - {{ .Values.config.hostname }}
   http:

charts/softplayer-backend/values.yaml

@@ -1,12 +1,16 @@
 config:
   hostname: softplayer.dev.badhouseplants.net
+  # hostname: softplayer-backend.badhouseplants.net
 replicaCount: 1
-
+istio:
+  gateway: istio-system/network-base
+  # gateway: istio-system/badhouseplants-net
 image:
   repository: git.badhouseplants.net/softplayer/softplayer-backend
   pullPolicy: Always
   tag: latest
 
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -66,17 +70,20 @@ autoscaling:
   # targetMemoryUtilizationPercentage: 80
 
 # Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
+volumes:
+  - name: tmp
+    emptyDir: {}
+  - name: tmpsoftplayer
+    emptyDir: {}
 
 # Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
+volumeMounts: 
+  - name: tmp
+    mountPath: "/tmp"
+    readOnly: false
+  - name: tmpsoftplayer
+    mountPath: "/tmpsoftplayer"
+    readOnly: false
 
 nodeSelector: {}
 

charts/softplayer-web/templates/vs.yaml

@@ -7,7 +7,7 @@ metadata:
     {{- include "softplayer-web.labels" . | nindent 4 }}
 spec:
   gateways:
-  - istio-system/badhouseplants-net
+  - {{ .Values.istio.gateway }}
   hosts:
   - {{ .Values.config.hostname }}
   http:

charts/softplayer-web/values.yaml

@@ -1,5 +1,7 @@
 config:
   hostname: dev.badhouseplants.net
+istio:
+  gateway: istio-system/network-base
 
 replicaCount: 1
 

charts/tekton-pipelines/templates/pipelines/hetzner-cleanup.yaml

@@ -28,6 +28,7 @@ spec:
           value: $(params.environment)
         - name: namespace
           value: $(params.namespace)
+    
     - name: cleanup-dns-records
       retries: 3
       taskRef:

charts/tekton-pipelines/templates/tasks/bootstrap-k3s.yml

@@ -55,6 +55,7 @@ spec:
       script: |
         #!/bin/sh
         ansible-playbook /src/playbooks/systems/system-bootstrap/playbook.yml
+    
     - name: prepare-k3s
       env:
         - name: SP_ENV
@@ -71,7 +72,9 @@ spec:
       script: |-
         #!/bin/sh
         ansible-playbook /src/playbooks/systems/k3s-bootstrap/playbook.yml
-    - name: prepare-kubeconfig
+    
+    - name: get-config
+      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
         - name: SP_ENV
           value: $(params.environment)
@@ -83,10 +86,12 @@ spec:
           value: /tmp/outputs/ssh_key
         - name: ANSIBLE_HOST_KEY_CHECKING
           value: "false"
-      image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
-      script: |-
+      script: |
         #!/bin/sh
-        ansible-playbook /src/playbooks/other/k8s-create-user/playbook.yml
+        ansible-playbook /src/playbooks/other/k3s-save-config/playbook.yml
+        export SERVICE_ENTRYPOINT=$(cat /tmp/outputs/inventory.yaml | yq '.servers.vars.service_entrypoint')
+        sed -i "s/127.0.0.1/${SERVICE_ENTRYPOINT}/" /tmp/outputs/config
+
     - name: save-kubeconfig
       image: alpine/k8s:1.29.2
       script: |-
@@ -97,9 +102,10 @@ spec:
         kubectl create secret generic \
           "$(params.environment)"-config \
           --namespace "$(params.namespace)" \
-          --from-file=value=/tmp/outputs/admin-default-config
+          --from-file=value=/tmp/outputs/config
+
   workspaces:
-    - name: outputs
+    - name: outputs 
       description: A folder to store outputs
       optional: false
       mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/cleanup-dns-records.yml

@@ -13,13 +13,6 @@ spec:
     - name: environment
       type: string
   steps:
-    - name: get-provider-outputs
-      image: alpine/k8s:1.29.2
-      script: |-
-        #!/bin/sh
-        kubectl get configmap "$(params.environment)"-provider-outputs \
-          --namespace "$(params.namespace)" -o yaml \
-          | yq '.data."provider_outputs.yaml"' > /tmp/outputs/provider_outputs.yaml
     - name: setup-dns
       image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
@@ -32,9 +25,3 @@ spec:
       script: |-
         #!/bin/sh
         ansible-playbook /src/playbooks/other/cloudflare/playbook.yml
-        
-  workspaces:
-    - name: outputs
-      description: A folder to store outputs
-      optional: false
-      mountPath: /tmp/outputs

charts/tekton-pipelines/templates/tasks/deploy-helmfile-base.yml

@@ -30,6 +30,11 @@ spec:
           "$(params.environment)" \
           --namespace "$(params.namespace)" \
           "softplayer.net/status=installing-dependencies"
+    - name: get-yq
+      image: mikefarah/yq
+      script: |-
+        #!/bin/sh
+        cp $(which yq) /tmp/outputs/yq
     - name: deploy-helmfile
       image: ghcr.io/helmfile/helmfile:v0.163.1
       env:
@@ -37,6 +42,7 @@ spec:
           value: /tmp/outputs/config
       script: |-
         #!/bin/sh
+        cp /tmp/outputs/yq /usr/bin/yq
         mkdir -p /src
         git clone https://git.badhouseplants.net/softplayer/softplayer-helmfile.git /src/helmfile
         cd /src/helmfile/workload && helmfile sync

charts/tekton-pipelines/templates/tasks/install-app.yml

@@ -44,4 +44,7 @@ spec:
           --chart=helmrelease \
           --values-from Secret/$SP_APPLICATION-config \
           --kubeconfig-secret-ref=$SP_ENV-config \
-          --target-namespace=default
+          --target-namespace=default --export \
+          | yq '.spec.storageNamespace="helm-installations"' \
+          | kubectl create -f -
+        flux reconcile helmrelease --namespace=$SP_ACCOUNT $SP_APPLICATION

charts/tekton-pipelines/templates/tasks/prepare-hetzner-infra.yml

@@ -30,6 +30,15 @@ spec:
           "$(params.environment)" \
           --namespace "$(params.namespace)" \
           "softplayer.net/status=infra-bootstrapping"
+    - name: get-dotenv-from-configmap
+      image: alpine/k8s:1.29.2
+      script: |-
+        #!/bin/sh
+        kubectl get configmap -o yaml \
+          $(params.environment) \
+          --namespace "$(params.namespace)" \
+          | yq '.data.vars' > /tmp/outputs/dotenv
+
     - name: create-hetzner-infra
       image: git.badhouseplants.net/softplayer/softplayer-coskgne:latest
       env:
@@ -42,7 +51,9 @@ spec:
         - name: SOPS_AGE_KEY
           value: {{ .Values.providers.hetzner.ageKey }}
       script: |-
-        #!/bin/sh
+        #!/bin/bash
+        export $(grep -v '^#' /tmp/outputs/dotenv | xargs -0)
+        env
         ansible-playbook /src/playbooks/providers/hetzner/playbook.yml
     - name: save-inventory
       image: alpine/k8s:1.29.2

helmule/bitnami/build_charts.sh

@@ -0,0 +1,24 @@
+#! /usr/bin/env bash
+
+export REPO_NAME=bitnami
+export REPO_URL=https://charts.bitnami.com/bitnami
+
+WORKDIR=$(mktemp -d)
+
+envsubst < ./helmule.yaml > "${WORKDIR}/helmule.yaml"
+
+cat "${WORKDIR}/helmule.yaml"
+
+helm repo add $REPO_NAME $REPO_URL
+helm repo update
+
+for chart in $(helm search repo bitnami -o yaml | yq '.[].name' | sed -e 's/.*\///'); do
+	export CHART_NAME=$chart
+	envsubst < ./charts.yaml.tpl > "$WORKDIR/$chart.yaml"
+	cat <<EOF >> $WORKDIR/helmule.yaml
+  - kind: Charts
+    path: "./$chart.yaml"
+EOF
+done
+cat "${WORKDIR}/helmule.yaml"
+helmule --config "${WORKDIR}/helmule.yaml"

helmule/bitnami/charts.yaml.tpl

@@ -0,0 +1,4 @@
+name: $CHART_NAME
+repository: $REPO_NAME
+mirrors:
+  - zot

helmule/bitnami/helmule.yaml

@@ -0,0 +1,15 @@
+mirrors:
+  - name: zot
+    custom_command:
+      package:
+        - helm package -d package .
+      upload:
+        - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/bitnami
+
+repositories:
+  - name: $REPO_NAME
+    helm:
+      url: $REPO_URL
+
+include:
+

helmule/helmule.yaml

@@ -2,6 +2,9 @@ repositories:
   - name: cdf
     helm:
       url: https://cdfoundation.github.io/tekton-helm-chart/
+  - name: keel
+    helm:
+      url: https://charts.keel.sh
   - name: istio
     helm:
       url: https://istio-release.storage.googleapis.com/charts
@@ -47,6 +50,9 @@ repositories:
       url: https://git.badhouseplants.net/allanger/helm-charts
       git_ref: add-shadowsocks
       path: charts
+  - name: kubernetes-dashboard
+    helm:
+      url: https://kubernetes.github.io/dashboard/
 
 mirrors:
   - name: custom-commands
@@ -54,7 +60,7 @@ mirrors:
       package:
         - helm package -d package .
       upload:
-        - helm push ./package/{{ name }}-{{ version }}.tgz oci://git.badhouseplants.net/softplayer/helm
+        - helm push ./package/{{ name }}-{{ version }}.tgz oci://registry.badhouseplants.net/softplayer/helm
         - rm -rf ./package
 
 charts:
@@ -127,7 +133,7 @@ charts:
     repository: fluxcd-community
     mirrors:
       - custom_command
-  
+
   - name: helmrelease
     repository: softplayer
     mirrors:
@@ -137,3 +143,14 @@ charts:
     repository: allanger-charts
     mirrors:
       - custom_command
+
+  - name: keel
+    repository: keel
+    mirrors:
+      - custom_command
+
+  - name: kubernetes-dashboard
+    repository: kubernetes-dashboard
+    mirrors:
+      - custom_command
+

service/helmfile.yaml

@@ -1,6 +1,6 @@
 repositories:
   - name: zot
-    url: git.badhouseplants.net/softplayer/helm
+    url: registry.badhouseplants.net/softplayer/helm
     oci: true
 
 releases:
@@ -81,8 +81,8 @@ releases:
       - ./values/cert-mangager.yaml
 
   - name: metallb
-    chart: metallb/metallb
-    version: 0.14.3
+    chart: zot/metallb
+    version: 0.14.5
     namespace: metallb-system
     createNamespace: false
     needs:
@@ -134,8 +134,45 @@ releases:
     values:
       - ./values/values.istiod.yaml
 
+  - name: keel
+    chart: zot/keel
+    version: 1.0.3
+    namespace: kube-system
+
+  - name: network-base
+    namespace: istio-system
+    createNamespace: false
+    chart: ../charts/network-base/
+    values:
+      - ./values/network-base.yaml
+    secrets:
+      - ./secrets/network-base.yaml
+    needs:
+      - istio-system/istio-ingressgateway
+      - cert-manager/cert-manager
+  
+  - name: ippool
+    namespace: metallb-system
+    createNamespace: false
+    chart: ../charts/ippool
+    values:
+      {{ $ip4 := trim (exec "bash" (list "-c" "cat /tmp/outputs/provider_outputs.yaml | yq '.user_entrypoint'")) }}
+      - ipPool: "{{- printf "%s-%s" $ip4 $ip4 -}}"
+    needs:
+      - istio-system/istio-ingressgateway
+      - metallb-system/metallb
+      - cert-manager/cert-manager
+      - softplayer-backend/softplayer-backend
+      - softplayer-backend/softplayer-web
+
   - name: softplayer-backend
     chart: ../charts/softplayer-backend
     namespace: softplayer-backend
     needs:
       - istio-system/istio-ingressgateway
+
+  - name: softplayer-web
+    chart: ../charts/softplayer-web
+    namespace: softplayer-backend
+    needs:
+      - istio-system/istio-ingressgateway

service/secrets/network-base.yaml

@@ -0,0 +1,22 @@
+certificate:
+    cloudflareToken: ENC[AES256_GCM,data:82Y0qs40zEv9UY/Zp1BjSl/90UQCG6sUd6a6MIZW12NY9Os0k48W3w==,iv:THZC/Xf2JhQP2UUMTj2vZVfMe4oCmlQWaVsPssBSgnk=,tag:Ek29sys6S1DcihPwc0fXHA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1mrdee45qq36trja45u0wcem7c2mgydw35zkuhh97khgc7veanaaq29wzh4
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0SVVDcFlFZ3l2cExqTHVJ
+            T0JLeHNubENpdmpmRkFBRjdLVWFWUzMvR0ZrCkVrV01acUJvcUtQSkhYcHpadlRH
+            UGFWZzliaXZ0dWt4RTl6V3NSYi85U2cKLS0tIGxxYWFNOGRrOExwdHArak1HaXNn
+            ZlU2WUwvRUNKWVVJVTRNaVA5d2EyMXcKfEPSd6MPfVHjYUgT5fMbiHfwvGXd9o+f
+            xW8rQMXUQ8d5Dojjw3GHgajE52kN4WuAMEVlPAC4tn7FbXD5Rz80gw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-05T10:02:48Z"
+    mac: ENC[AES256_GCM,data:C30vhqgW+aTTQxv8OuU1fGf8aUB5HsJaQEK7aaE/SVndFWBxgww+eKubdRqJ/jojClZxwH1lOlRTZe+v+8qnHGF9mMM6cqf2fsNuo8CuKKfrVDYuEd/eGszCYVOGv1Bo6zv6ZInzXhfUQBoPkpAuraJpuMG81RZOSnRQZ0qK25s=,iv:p8gPjjWSeHXcjzHNjJVpbo0GQ7jNbb2lxiEqkLn2ZwM=,tag:Bqxfd7Te3yEbGtAUxOMhYA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

service/values/network-base.yaml

@@ -0,0 +1,4 @@
+certificate:
+  email: allanger@badhouseplants.net
+domain: dev.badhouseplants.net
+ipPool: 0.0.0.0-1.1.1.1