add barman

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.gitea/workflows/lint-test.yaml

@@ -0,0 +1,38 @@
+name: lint-and-test-charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: latest
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+          check-latest: true
+
+      - name: Set up Chart Testing
+        uses: helm/chart-testing-action@v2.7.0
+
+      - name: Run Chart Testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ gitea.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run Chart Testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ gitea.event.repository.default_branch }}

.gitea/workflows/release-charts-barman-cloud.yml

@@ -0,0 +1,66 @@
+name: release-charts-cloudfbarman-cloudlared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/barman-cloud/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/barman-cloud"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/release-charts-cloudflared.yml

@@ -0,0 +1,66 @@
+name: release-charts-cloudflared
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/cloudflared/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/cloudflared"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/release-charts-generic-device-plugin.yml

@@ -0,0 +1,66 @@
+name: release-charts-generic-device-plugin
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/generic-device-plugin/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/generic-device-plugin"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.gitea/workflows/release-charts-postgres-cluster.yml

@@ -0,0 +1,66 @@
+name: release-charts-postgres-cluster
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "charts/postgres-cluster/**"
+
+  workflow_dispatch:
+
+env:
+  WORKFLOW_DIR: "charts/postgres-cluster"
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Package Helm Chart
+        run: |
+          cd $WORKFLOW_DIR
+          helm dependency build
+          echo "PACKAGE_PATH=$(helm package . | awk '{print $NF}')" >> $GITEA_ENV
+
+      - name: Publish Helm Chart to Harbor
+        run: |
+          helm registry login ${{ vars.REGISTRY_HOST }} -u ${{ vars.REGISTRY_USER }} -p ${{ secrets.REGISTRY_SECRET }}
+          helm push ${{ env.PACKAGE_PATH }} oci://${{ vars.REGISTRY_HOST }}/helm-charts
+
+      - name: Publish Helm Chart to Gitea
+        run: |
+          helm plugin install https://github.com/chartmuseum/helm-push
+          helm repo add --username ${{ gitea.actor }} --password ${{ secrets.REPOSITORY_TOKEN }} helm-charts https://${{ vars.REPOSITORY_HOST }}/api/packages/alexlebens/helm
+          helm cm-push ${{ env.PACKAGE_PATH }} helm-charts
+
+      - name: Extract Chart Metadata
+        run: |
+          cd $WORKFLOW_DIR
+          echo "CHART_VERSION=$(yq '.version' Chart.yaml)" >> $GITEA_ENV
+          echo "CHART_NAME=$(yq '.name' Chart.yaml)" >> $GITEA_ENV
+
+      - name: Release Helm Chart
+        uses: akkuman/gitea-release-action@v1
+        with:
+          name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          tag_name: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}
+          files: |-
+            ${{ env.PACKAGE_PATH }}
+
+      - name: Actions Ntfy
+        run: |
+          curl \
+            -H "Authorization: Bearer ${{ secrets.NTFY_CRED }}" \
+            -H "Title: Chart Released: ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}" \
+            -H "Content-Type: text/plain" \
+            -d $'Repo: ${{ gitea.repository }}\nCommit: ${{ gitea.sha }}\nRef: ${{ gitea.ref }}\nStatus: ${{ job.status}}' \
+            ${{ secrets.NTFY_URL }}

.github/renovate-update-notification/Dockerfile

@@ -1,2 +0,0 @@
-# This file is processed by Renovate bot so that it creates a PR on new major Renovate versions
-FROM renovate/renovate:37

.github/renovate.json

@@ -1,112 +0,0 @@
-{
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": [
-        "config:recommended",
-        "mergeConfidence:all-badges",
-        ":rebaseStalePrs"
-    ],
-    "timezone": "US/Mountain",
-    "schedule": [
-        "every weekday"
-    ],
-    "labels": [],
-    "packageRules": [
-        {
-            "description": "Disables for non major Renovate version",
-            "matchPaths": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "minor",
-                "patch",
-                "pin",
-                "digest",
-                "rollback"
-            ],
-            "enabled": false
-        },
-        {
-            "description": "Generate for major Renovate version",
-            "matchPaths": [
-                ".github/renovate-update-notification/Dockerfile"
-            ],
-            "matchUpdateTypes": [
-                "major"
-            ],
-            "addLabels": [
-                "upgrade"
-            ],
-            "automerge": false
-        },
-        {
-            "description": "Label service images",
-            "matchPackageNames": [
-                "ghcr.io/alex1989hu/kubelet-serving-cert-approver",
-                "ghcr.io/cloudnative-pg/postgresql",
-                "redis/redis-stack-server"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "service",
-                "image"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label service charts",
-            "matchPackageNames": [
-                "elasticsearch",
-                "redis"
-            ],
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "serivce",
-                "chart"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application images",
-            "matchPackageNames": [
-                "bbilly1/tubearchivist-jf",
-                "bbilly1/tubearchivist",
-                "freshrss/freshrss",
-                "ghcr.io/gethomepage/homepage",
-                "homeassistant/home-assistant",
-                "linuxserver/calibre",
-                "linuxserver/code-server",
-                "linuxserver/cops",
-                "outlinewiki/outline",
-                "rmcrackan/libation"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "addLabels": [
-                "application",
-                "image"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        },
-        {
-            "description": "Label application charts",
-            "matchPackageNames": [],
-            "matchDatasources": [
-                "helm"
-            ],
-            "addLabels": [
-                "application",
-                "chart"
-            ],
-            "automerge": false,
-            "minimumReleaseAge": "3 days"
-        }
-    ]
-}

.github/workflows/lint-test.yaml

@@ -1,37 +0,0 @@
-name: lint-and-test-charts
-
-on: pull_request
-
-jobs:
-  lint-test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.13.3
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: "3.10"
-          check-latest: true
-
-      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-
-      - name: Run chart-testing (list-changed)
-        id: list-changed
-        run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
-          if [[ -n "$changed" ]]; then
-            echo "changed=true" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Run chart-testing (lint)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct lint --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/release-charts.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "charts/**"
 
 jobs:
   release:
@@ -22,6 +24,6 @@ jobs:
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -1,3 +1,6 @@
+# Archived
+charts/**/archive
+
 # Compiled Helm chart dependencies
 charts/**/Chart.lock
 charts/**/charts/
@@ -6,4 +9,4 @@ charts/**/charts/
 __snapshot__/
 
 # Docs
-_site/
+_site/

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-yaml
+        exclude: 'charts/'
+        args:
+          - --multi
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.14.2
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=charts
+          - --template-files=./_templates.gotmpl
+          - --template-files=README.md.gotmpl

charts/barman-cloud/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: barman-cloud
+version: 0.2.5
+description: Barman Cloud Plugin
+keywords:
+  - barman-cloud
+  - cloudnative-pg
+sources:
+  - https://github.com/cloudnative-pg/plugin-barman-cloud
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.0.1
+icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
+appVersion: v.0.4.0

charts/barman-cloud/README.md

@@ -0,0 +1,33 @@
+# barman-cloud
+
+![Version: 0.2.5](https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square) ![AppVersion: v.0.4.0](https://img.shields.io/badge/AppVersion-v.0.4.0-informational?style=flat-square)
+
+Barman Cloud Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudnative-pg/plugin-barman-cloud>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/cloudnative-pg/plugin-barman-cloud","tag":"v0.4.0"}` | Default image |
+| name | string | `"barman-cloud"` | Name override of release |
+| service | object | `{"listenPort":9090}` | Default service |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/barman-cloud/templates/certificate.yaml

@@ -0,0 +1,46 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.name }}-client
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  commonName: {{ .Values.name }}-client
+  duration: 2160h
+  isCA: false
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: selfsigned-issuer
+  renewBefore: 360h
+  secretName: {{ .Values.name }}-client-tls
+  usages:
+    - client auth
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Values.name }}-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  commonName: {{ .Values.name }}
+  dnsNames:
+    - {{ .Values.name }}
+  duration: 2160h
+  isCA: false
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: selfsigned-issuer
+  renewBefore: 360h
+  secretName: {{ .Values.name }}-server-tls
+  usages:
+    - server auth

charts/barman-cloud/templates/cluster-role-binding.yaml

@@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-auth-rolebinding
+  labels:
+    app.kubernetes.io/name: metrics-auth-rolebinding
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: plugin-barman-cloud-binding
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: plugin-barman-cloud
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}

charts/barman-cloud/templates/cluster-role.yaml

@@ -0,0 +1,157 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+  labels:
+    app.kubernetes.io/name: metrics-auth-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+  labels:
+    app.kubernetes.io/name: metrics-reader
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: objectstore-editor-role
+  labels:
+    app.kubernetes.io/name: objectstore-editor-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: objectstore-viewer-role
+  labels:
+    app.kubernetes.io/name: objectstore-viewer-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: plugin-barman-cloud
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - barmancloud.cnpg.io
+    resources:
+      - objectstores/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - postgresql.cnpg.io
+    resources:
+      - backups
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - rolebindings
+      - roles
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - update
+      - watch

charts/barman-cloud/templates/common.yaml

@@ -0,0 +1,99 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "barman-cloud.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: deployment
+    labels:
+      app: {{ .Values.name }}
+    replicas: 1
+    strategy: Recreate
+    serviceAccount:
+      name: {{ .Release.Name }}-barman-cloud
+    pod:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      selector:
+        matchLabels:
+          app: {{ .Values.name }}
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - operator
+          - --server-cert=/server/tls.crt
+          - --server-key=/server/tls.key
+          - --client-cert=/client/tls.crt
+          - --server-address=:{{ .Values.service.listenPort }}
+          - --leader-elect
+          - --log-level=debug
+        env:
+          - name: SIDECAR_IMAGE
+            valueFrom:
+              secretKeyRef:
+                key: SIDECAR_IMAGE
+                name: plugin-barman-cloud-m76km67hd7
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 10001
+          runAsUser: 10001
+          seccompProfile:
+            type: RuntimeDefault
+serviceAccount:
+  barman-cloud:
+    enabled: true
+service:
+  main:
+    controller: main
+    annotations:
+      cnpg.io/pluginPort: "{{ .Values.service.listenPort }}"
+      cnpg.io/pluginClientSecret: {{ .Values.name }}-client-tls
+      cnpg.io/pluginServerSecret: {{ .Values.name }}-server-tls
+    labels:
+      app: {{ .Values.name }}
+      cnpg.io/pluginName: barman-cloud.cloudnative-pg.io
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+        protocol: TCP
+        targetPort: {{ .Values.service.listenPort }}
+persistence:
+  server-tls:
+    enabled: true
+    type: secret
+    name: {{ .Values.name }}-server-tls
+    advancedMounts:
+      main:
+        main:
+          - path: /server
+            readOnly: true
+            mountPropagation: None
+  client-tls:
+    enabled: true
+    type: secret
+    name: {{ .Values.name }}-client-tls
+    advancedMounts:
+      main:
+        main:
+          - path: /client
+            readOnly: true
+            mountPropagation: None
+
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "barman-cloud.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/barman-cloud/templates/custom-resource-definition.yaml

@@ -0,0 +1,627 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.18.0
+  name: objectstores.barmancloud.cnpg.io
+spec:
+  group: barmancloud.cnpg.io
+  names:
+    kind: ObjectStore
+    listKind: ObjectStoreList
+    plural: objectstores
+    singular: objectstore
+  scope: Namespaced
+  versions:
+  - name: v1
+    schema:
+      openAPIV3Schema:
+        description: ObjectStore is the Schema for the objectstores API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: |-
+              Specification of the desired behavior of the ObjectStore.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+            properties:
+              configuration:
+                description: The configuration for the barman-cloud tool suite
+                properties:
+                  azureCredentials:
+                    description: The credentials to use to upload data to Azure Blob
+                      Storage
+                    properties:
+                      connectionString:
+                        description: The connection string to be used
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      inheritFromAzureAD:
+                        description: Use the Azure AD based authentication without
+                          providing explicitly the keys.
+                        type: boolean
+                      storageAccount:
+                        description: The storage account where to upload data
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      storageKey:
+                        description: |-
+                          The storage account key to be used in conjunction
+                          with the storage account name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      storageSasToken:
+                        description: |-
+                          A shared-access-signature to be used in conjunction with
+                          the storage account name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                    type: object
+                  data:
+                    description: |-
+                      The configuration to be used to backup the data files
+                      When not defined, base backups files will be stored uncompressed and may
+                      be unencrypted in the object store, according to the bucket default
+                      policy.
+                    properties:
+                      additionalCommandArgs:
+                        description: |-
+                          AdditionalCommandArgs represents additional arguments that can be appended
+                          to the 'barman-cloud-backup' command-line invocation. These arguments
+                          provide flexibility to customize the backup process further according to
+                          specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-backup' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                      compression:
+                        description: |-
+                          Compress a backup file (a tar file per tablespace) while streaming it
+                          to the object store. Available options are empty string (no
+                          compression, default), `gzip`, `bzip2`, and `snappy`.
+                        enum:
+                        - bzip2
+                        - gzip
+                        - snappy
+                        type: string
+                      encryption:
+                        description: |-
+                          Whenever to force the encryption of files (if the bucket is
+                          not already configured for that).
+                          Allowed options are empty string (use the bucket policy, default),
+                          `AES256` and `aws:kms`
+                        enum:
+                        - AES256
+                        - aws:kms
+                        type: string
+                      immediateCheckpoint:
+                        description: |-
+                          Control whether the I/O workload for the backup initial checkpoint will
+                          be limited, according to the `checkpoint_completion_target` setting on
+                          the PostgreSQL server. If set to true, an immediate checkpoint will be
+                          used, meaning PostgreSQL will complete the checkpoint as soon as
+                          possible. `false` by default.
+                        type: boolean
+                      jobs:
+                        description: |-
+                          The number of parallel jobs to be used to upload the backup, defaults
+                          to 2
+                        format: int32
+                        minimum: 1
+                        type: integer
+                    type: object
+                  destinationPath:
+                    description: |-
+                      The path where to store the backup (i.e. s3://bucket/path/to/folder)
+                      this path, with different destination folders, will be used for WALs
+                      and for data
+                    minLength: 1
+                    type: string
+                  endpointCA:
+                    description: |-
+                      EndpointCA store the CA bundle of the barman endpoint.
+                      Useful when using self-signed certificates to avoid
+                      errors with certificate issuer and barman-cloud-wal-archive
+                    properties:
+                      key:
+                        description: The key to select
+                        type: string
+                      name:
+                        description: Name of the referent.
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  endpointURL:
+                    description: |-
+                      Endpoint to be used to upload data to the cloud,
+                      overriding the automatic endpoint discovery
+                    type: string
+                  googleCredentials:
+                    description: The credentials to use to upload data to Google Cloud
+                      Storage
+                    properties:
+                      applicationCredentials:
+                        description: The secret containing the Google Cloud Storage
+                          JSON file with the credentials
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      gkeEnvironment:
+                        description: |-
+                          If set to true, will presume that it's running inside a GKE environment,
+                          default to false.
+                        type: boolean
+                    type: object
+                  historyTags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      HistoryTags is a list of key value pairs that will be passed to the
+                      Barman --history-tags option.
+                    type: object
+                  s3Credentials:
+                    description: The credentials to use to upload data to S3
+                    properties:
+                      accessKeyId:
+                        description: The reference to the access key id
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      inheritFromIAMRole:
+                        description: Use the role based authentication without providing
+                          explicitly the keys.
+                        type: boolean
+                      region:
+                        description: The reference to the secret containing the region
+                          name
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      secretAccessKey:
+                        description: The reference to the secret access key
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                      sessionToken:
+                        description: The references to the session key
+                        properties:
+                          key:
+                            description: The key to select
+                            type: string
+                          name:
+                            description: Name of the referent.
+                            type: string
+                        required:
+                        - key
+                        - name
+                        type: object
+                    type: object
+                  serverName:
+                    description: |-
+                      The server name on S3, the cluster name is used if this
+                      parameter is omitted
+                    type: string
+                  tags:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      Tags is a list of key value pairs that will be passed to the
+                      Barman --tags option.
+                    type: object
+                  wal:
+                    description: |-
+                      The configuration for the backup of the WAL stream.
+                      When not defined, WAL files will be stored uncompressed and may be
+                      unencrypted in the object store, according to the bucket default policy.
+                    properties:
+                      archiveAdditionalCommandArgs:
+                        description: |-
+                          Additional arguments that can be appended to the 'barman-cloud-wal-archive'
+                          command-line invocation. These arguments provide flexibility to customize
+                          the WAL archive process further, according to specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                      compression:
+                        description: |-
+                          Compress a WAL file before sending it to the object store. Available
+                          options are empty string (no compression, default), `gzip`, `bzip2`,
+                          `lz4`, `snappy`, `xz`, and `zstd`.
+                        enum:
+                        - bzip2
+                        - gzip
+                        - lz4
+                        - snappy
+                        - xz
+                        - zstd
+                        type: string
+                      encryption:
+                        description: |-
+                          Whenever to force the encryption of files (if the bucket is
+                          not already configured for that).
+                          Allowed options are empty string (use the bucket policy, default),
+                          `AES256` and `aws:kms`
+                        enum:
+                        - AES256
+                        - aws:kms
+                        type: string
+                      maxParallel:
+                        description: |-
+                          Number of WAL files to be either archived in parallel (when the
+                          PostgreSQL instance is archiving to a backup object store) or
+                          restored in parallel (when a PostgreSQL standby is fetching WAL
+                          files from a recovery object store). If not specified, WAL files
+                          will be processed one at a time. It accepts a positive integer as a
+                          value - with 1 being the minimum accepted value.
+                        minimum: 1
+                        type: integer
+                      restoreAdditionalCommandArgs:
+                        description: |-
+                          Additional arguments that can be appended to the 'barman-cloud-wal-restore'
+                          command-line invocation. These arguments provide flexibility to customize
+                          the WAL restore process further, according to specific requirements or configurations.
+
+                          Example:
+                          In a scenario where specialized backup options are required, such as setting
+                          a specific timeout or defining custom behavior, users can use this field
+                          to specify additional command arguments.
+
+                          Note:
+                          It's essential to ensure that the provided arguments are valid and supported
+                          by the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended
+                          behavior during execution.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                required:
+                - destinationPath
+                type: object
+                x-kubernetes-validations:
+                - fieldPath: .serverName
+                  message: use the 'serverName' plugin parameter in the Cluster resource
+                  reason: FieldValueForbidden
+                  rule: '!has(self.serverName)'
+              instanceSidecarConfiguration:
+                description: The configuration for the sidecar that runs in the instance
+                  pods
+                properties:
+                  env:
+                    description: The environment to be explicitly passed to the sidecar
+                    items:
+                      description: EnvVar represents an environment variable present
+                        in a Container.
+                      properties:
+                        name:
+                          description: Name of the environment variable. Must be a
+                            C_IDENTIFIER.
+                          type: string
+                        value:
+                          description: |-
+                            Variable references $(VAR_NAME) are expanded
+                            using the previously defined environment variables in the container and
+                            any service environment variables. If a variable cannot be resolved,
+                            the reference in the input string will be unchanged. Double $$ are reduced
+                            to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                            "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                            Escaped references will never be expanded, regardless of whether the variable
+                            exists or not.
+                            Defaults to "".
+                          type: string
+                        valueFrom:
+                          description: Source for the environment variable's value.
+                            Cannot be used if value is not empty.
+                          properties:
+                            configMapKeyRef:
+                              description: Selects a key of a ConfigMap.
+                              properties:
+                                key:
+                                  description: The key to select.
+                                  type: string
+                                name:
+                                  default: ""
+                                  description: |-
+                                    Name of the referent.
+                                    This field is effectively required, but due to backwards compatibility is
+                                    allowed to be empty. Instances of this type with an empty value here are
+                                    almost certainly wrong.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  type: string
+                                optional:
+                                  description: Specify whether the ConfigMap or its
+                                    key must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            fieldRef:
+                              description: |-
+                                Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                              properties:
+                                apiVersion:
+                                  description: Version of the schema the FieldPath
+                                    is written in terms of, defaults to "v1".
+                                  type: string
+                                fieldPath:
+                                  description: Path of the field to select in the
+                                    specified API version.
+                                  type: string
+                              required:
+                              - fieldPath
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            resourceFieldRef:
+                              description: |-
+                                Selects a resource of the container: only resources limits and requests
+                                (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                              properties:
+                                containerName:
+                                  description: 'Container name: required for volumes,
+                                    optional for env vars'
+                                  type: string
+                                divisor:
+                                  anyOf:
+                                  - type: integer
+                                  - type: string
+                                  description: Specifies the output format of the
+                                    exposed resources, defaults to "1"
+                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                  x-kubernetes-int-or-string: true
+                                resource:
+                                  description: 'Required: resource to select'
+                                  type: string
+                              required:
+                              - resource
+                              type: object
+                              x-kubernetes-map-type: atomic
+                            secretKeyRef:
+                              description: Selects a key of a secret in the pod's
+                                namespace
+                              properties:
+                                key:
+                                  description: The key of the secret to select from.  Must
+                                    be a valid secret key.
+                                  type: string
+                                name:
+                                  default: ""
+                                  description: |-
+                                    Name of the referent.
+                                    This field is effectively required, but due to backwards compatibility is
+                                    allowed to be empty. Instances of this type with an empty value here are
+                                    almost certainly wrong.
+                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                  type: string
+                                optional:
+                                  description: Specify whether the Secret or its key
+                                    must be defined
+                                  type: boolean
+                              required:
+                              - key
+                              type: object
+                              x-kubernetes-map-type: atomic
+                          type: object
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  resources:
+                    description: Resources define cpu/memory requests and limits for
+                      the sidecar that runs in the instance pods.
+                    properties:
+                      claims:
+                        description: |-
+                          Claims lists the names of resources, defined in spec.resourceClaims,
+                          that are used by this container.
+
+                          This is an alpha field and requires enabling the
+                          DynamicResourceAllocation feature gate.
+
+                          This field is immutable. It can only be set for containers.
+                        items:
+                          description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                          properties:
+                            name:
+                              description: |-
+                                Name must match the name of one entry in pod.spec.resourceClaims of
+                                the Pod where this field is used. It makes that resource available
+                                inside a container.
+                              type: string
+                            request:
+                              description: |-
+                                Request is the name chosen for a request in the referenced claim.
+                                If empty, everything from the claim is made available, otherwise
+                                only the result of this request.
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: |-
+                          Limits describes the maximum amount of compute resources allowed.
+                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        description: |-
+                          Requests describes the minimum amount of compute resources required.
+                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                        type: object
+                    type: object
+                  retentionPolicyIntervalSeconds:
+                    default: 1800
+                    description: |-
+                      The retentionCheckInterval defines the frequency at which the
+                      system checks and enforces retention policies.
+                    type: integer
+                type: object
+              retentionPolicy:
+                description: |-
+                  RetentionPolicy is the retention policy to be used for backups
+                  and WALs (i.e. '60d'). The retention policy is expressed in the form
+                  of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -
+                  days, weeks, months.
+                pattern: ^[1-9][0-9]*[dwm]$
+                type: string
+            required:
+            - configuration
+            type: object
+          status:
+            description: |-
+              Most recently observed status of the ObjectStore. This data may not be up to
+              date. Populated by the system. Read-only.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+            properties:
+              serverRecoveryWindow:
+                additionalProperties:
+                  description: |-
+                    RecoveryWindow represents the time span between the first
+                    recoverability point and the last successful backup of a PostgreSQL
+                    server, defining the period during which data can be restored.
+                  properties:
+                    firstRecoverabilityPoint:
+                      description: |-
+                        The first recoverability point in a PostgreSQL server refers to
+                        the earliest point in time to which the database can be
+                        restored.
+                      format: date-time
+                      type: string
+                    lastSuccussfulBackupTime:
+                      description: The last successful backup time
+                      format: date-time
+                      type: string
+                  type: object
+                description: ServerRecoveryWindow maps each server to its recovery
+                  window
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

charts/barman-cloud/templates/issuer.yaml

@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned-issuer
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selfSigned: {}

charts/barman-cloud/templates/role-binding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: plugin-barman-cloud
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-barman-cloud
+  namespace: {{ .Release.Namespace }}

charts/barman-cloud/templates/role.yaml

@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: leader-election-role
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

charts/barman-cloud/templates/secret.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: plugin-barman-cloud-m76km67hd7
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Values.name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+type: Opaque
+data:
+  SIDECAR_IMAGE: |
+    Z2hjci5pby9jbG91ZG5hdGl2ZS1wZy9wbHVnaW4tYmFybWFuLWNsb3VkLXNpZGVjYXI6dj
+    AuNC4w

charts/barman-cloud/values.yaml

@@ -0,0 +1,12 @@
+# -- Name override of release
+name: barman-cloud
+
+# -- Default image
+image:
+  repository: ghcr.io/cloudnative-pg/plugin-barman-cloud
+  tag: "v0.4.0"
+  pullPolicy: IfNotPresent
+
+# -- Default service
+service:
+  listenPort: 9090

charts/calibre-server/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: calibre-server
-version: 0.0.7
-description: Chart for Calibre content database
-keywords:
-  - media
-  - books
-sources:
-  - https://github.com/kovidgoyal/calibre
-maintainers:
-  - name: alexlebens
-icon: https://raw.githubusercontent.com/kovidgoyal/calibre/master/resources/images/lt.png
-appVersion: 7.5.1

charts/calibre-server/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Calibre](https://calibre-ebook.com/)
-
-calibre is an e-book manager. It can view, convert, edit and catalog e-books in all of the major e-book formats. It can also talk to e-book reader devices. It can go out to the internet and fetch metadata for your books. It can download newspapers and convert them into e-books for convenient reading.
-
-This chart bootstraps a [Calibre](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/calibre-server/templates/deployment.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: calibre-server
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: calibre-server
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: calibre-server
-      automountServiceAccountToken: true
-      containers:
-        - name: calibre-server
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-            - name: content
-              containerPort: {{ .Values.service.content.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: calibre-server-config
-            - mountPath: /books
-              name: calibre-server-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: calibre-server-config
-          persistentVolumeClaim:
-            claimName: calibre-server-config
-        - name: calibre-server-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/calibre-server/templates/ingress-route.yaml

@@ -1,34 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: calibre-server
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.http.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}
-{{- end }}

charts/calibre-server/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/calibre-server/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: calibre-server-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/calibre-server/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: calibre-server

charts/calibre-server/templates/service.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: calibre-server-content
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.content.port }}
-      targetPort: content
-      protocol: TCP
-      name: content
-  selector:
-    app.kubernetes.io/name: calibre-server
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/calibre-server/values.yaml

@@ -1,42 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/calibre
-    tag: v7.5.1-ls269
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1001"
-    PUID: "1001"
-    TZ: UTC
-    UMASK_SET: "022"
-    CUSTOM_USER: calibre
-    TITLE: Calibre Server
-    NO_DECOR: true
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8080
-  content:
-    port: 8081
-ingressRoute:
-  enabled: true
-  http:
-    host:
-  authentik:
-    outpost:
-    port: 9000
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/cloudflared/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: cloudflared
+version: 1.15.0
+description: Cloudflared Tunnel
+keywords:
+  - cloudflare
+  - tunnel
+sources:
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.0.1
+icon: https://avatars.githubusercontent.com/u/314135?s=48&v=4
+appVersion: "2025.5.0"

charts/cloudflared/README.md

@@ -0,0 +1,35 @@
+# cloudflared
+
+![Version: 1.15.0](https://img.shields.io/badge/Version-1.15.0-informational?style=flat-square) ![AppVersion: 2025.5.0](https://img.shields.io/badge/AppVersion-2025.5.0-informational?style=flat-square)
+
+Cloudflared Tunnel
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/cloudflare/cloudflared>
+* <https://github.com/bjw-s-labs/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s-labs.github.io/helm-charts/ | common | 4.0.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| existingSecretKey | string | `"cf-tunnel-token"` | Name of key that contains the token in the existingSecret |
+| existingSecretName | string | `"cloudflared-secret"` | Name of existing secret that contains Cloudflare token |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"cloudflare/cloudflared","tag":"2025.5.0"}` | Default image |
+| name | string | `"cloudflared"` | Name override of release |
+| resources | object | `{"requests":{"cpu":"10m","memory":"128Mi"}}` | Default resources |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/cloudflared/templates/common.yaml

@@ -0,0 +1,41 @@
+{{- include "bjw-s.common.loader.init" . }}
+
+{{- define "cloudflared.hardcodedValues" -}}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: deployment
+    strategy: Recreate
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - tunnel
+          - --protocol
+          - http2
+          - --no-autoupdate
+          - run
+          - --token
+          - $(CF_MANAGED_TUNNEL_TOKEN)
+        env:
+          - name: CF_MANAGED_TUNNEL_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.existingSecretName }}
+                key: {{ .Values.existingSecretKey }}
+        resources:
+        {{- with .Values.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{ end }}
+{{- end -}}
+{{- $_ := mergeOverwrite .Values (include "cloudflared.hardcodedValues" . | fromYaml) -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/cloudflared/values.yaml

@@ -0,0 +1,20 @@
+# -- Name override of release
+name: cloudflared
+
+# -- Name of existing secret that contains Cloudflare token
+existingSecretName: cloudflared-secret
+
+# -- Name of key that contains the token in the existingSecret
+existingSecretKey: cf-tunnel-token
+
+# -- Default image
+image:
+  repository: cloudflare/cloudflared
+  tag: "2025.5.0"
+  pullPolicy: IfNotPresent
+
+# -- Default resources
+resources:
+  requests:
+    cpu: 10m
+    memory: 128Mi

charts/cops/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: cops
-version: 0.0.3
-description: Chart for Calibre OPDS (and HTML) PHP Server
-keywords:
-  - calibre
-  - OPDS
-sources:
-  - https://github.com/seblucas/cops
-maintainers:
-  - name: alexlebens
-appVersion: 1.1.3

charts/cops/README.md

@@ -1,22 +0,0 @@
-## Introduction
-
-[Calibre OPDS (and HTML) PHP Server](https://github.com/seblucas/cops)
-
-COPS's main advantages are :
-
- - No need for many dependencies.
- - No need for a lot of CPU or RAM.
- - Not much code.
- - Search is available.
- - It was fun to code.
-
-This chart bootstraps a [COPS](https://github.com/seblucas/cops) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/cops/templates/deployment.yaml

@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - mountPath: /config
-              name: cops-config
-            - mountPath: /books
-              name: cops-books
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}            
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 5
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 5
-            failureThreshold: 30
-            periodSeconds: 10
-            timeoutSeconds: 1
-      volumes:
-        - name: cops-config
-          persistentVolumeClaim:
-            claimName: cops-config
-        - name: cops-books
-          persistentVolumeClaim:
-            claimName: {{ .Values.persistence.books.claimName }}

charts/cops/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/cops/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: cops-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/cops/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/cops/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/cops/templates/service.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  externalTrafficPolicy:
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/cops/values.yaml

@@ -1,36 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: linuxserver/cops
-    tag: 2.3.1-ls185
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "1000"
-    PUID: "1000"
-    TZ: UTC
-  envFrom:        
-  resources:    
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-serviceAccount:
-  create: true
-service:
-  http:
-    port: 80
-ingress:
-  enabled: false
-  annotations:
-  className:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/freshrss/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: freshrss
-version: 0.0.3
-description: Chart for Freshrss
-keywords:
-  - rss
-sources:
-  - https://github.com/FreshRSS/FreshRSS
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/9414285?s=48&v=4
-appVersion: "1.23.1"

charts/freshrss/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[FreshRSS](https://github.com/FreshRSS/FreshRSS)
-
-FreshRSS is a self-hosted RSS feed aggregator.
-
-It is lightweight, easy to work with, powerful, and customizable.
-
-This chart bootstraps a [FreshRSS](https://github.com/FreshRSS/FreshRSS) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/freshrss/templates/deployment.yaml

@@ -1,76 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          volumeMounts:
-            - name: {{ .Release.Name }}-config
-              mountPath: /config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          env:
-            - name: LISTEN
-              value: "0.0.0.0:{{ .Values.service.http.port }}"
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-      volumes:
-        - name: {{ .Release.Name }}-config
-          persistentVolumeClaim:
-            claimName: {{ .Release.Name }}-config

charts/freshrss/templates/ingress.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.className }}
-  tls:
-    - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Release.Name }}-secret-tls
-  rules:
-    - host: {{ .Values.ingress.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: http
-{{- end }}

charts/freshrss/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/freshrss/templates/pod.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ .Release.Name }}-test-connection"
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  restartPolicy: Never
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ .Release.Name }}:{{ .Values.service.http.port }}']
-      resources:
-        limits:
-          cpu: 500m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 256Mi

charts/freshrss/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/freshrss/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/freshrss/values.yaml

@@ -1,33 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: freshrss/freshrss
-    tag: 1.23.1
-    imagePullPolicy: IfNotPresent
-  env:
-    PGID: "568"
-    PUID: "568"
-    TZ: UTC
-    FRESHRSS_ENV: production
-  envFrom:
-  resources:
-    limits:
-      cpu: 500m
-      memory: 1Gi
-    requests:
-      cpu: 50m
-      memory: 256Mi
-service:
-  http:
-    port: 80
-ingress:
-  enabled: true
-  className:
-  annotations:
-  host:
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 5Gi
-    volumeMode: Filesystem

charts/generic-device-plugin/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: generic-device-plugin
+version: 0.1.10
+description: Generic Device Plugin
+keywords:
+  - generic-device-plugin
+  - device
+  - plugin
+sources:
+  - https://github.com/squat/generic-device-plugin
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.7.3
+appVersion: 0.1.10

charts/generic-device-plugin/README.md

@@ -0,0 +1,37 @@
+# generic-device-plugin
+
+![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![AppVersion: 0.1.10](https://img.shields.io/badge/AppVersion-0.1.10-informational?style=flat-square)
+
+Generic Device Plugin
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| alexlebens |  |  |
+
+## Source Code
+
+* <https://github.com/squat/generic-device-plugin>
+* <https://github.com/bjw-s/helm-charts/tree/main/charts/library/common>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts/ | common | 3.7.3 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| config | object | `{"data":"devices:\n  - name: serial\n    groups:\n      - paths:\n          - path: /dev/ttyUSB*\n      - paths:\n          - path: /dev/ttyACM*\n      - paths:\n          - path: /dev/tty.usb*\n      - paths:\n          - path: /dev/cu.*\n      - paths:\n          - path: /dev/cuaU*\n      - paths:\n          - path: /dev/rfcomm*\n  - name: video\n    groups:\n      - paths:\n          - path: /dev/video0\n  - name: fuse\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/fuse\n  - name: audio\n    groups:\n      - count: 10\n        paths:\n          - path: /dev/snd\n  - name: capture\n    groups:\n      - paths:\n          - path: /dev/snd/controlC0\n          - path: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC1\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC1D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC2\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC2D0c\n            mountPath: /dev/snd/pcmC0D0c\n      - paths:\n          - path: /dev/snd/controlC3\n            mountPath: /dev/snd/controlC0\n          - path: /dev/snd/pcmC3D0c\n            mountPath: /dev/snd/pcmC0D0c\n","enabled":true}` | Config map |
+| config.data | string | See [values.yaml](./values.yaml) | generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage) |
+| deviceDomain | string | `"squat.ai"` | Domain used by devices for identifcation |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/squat/generic-device-plugin","tag":"latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5"}` | Default image |
+| name | string | `"generic-device-plugin"` | Name override of release |
+| resources | object | `{"limit":{"cpu":"100m","memory":"20Mi"},"requests":{"cpu":"50m","memory":"10Mi"}}` | Default resources |
+| service | object | `{"listenPort":8080}` | Service port |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/generic-device-plugin/templates/common.yaml

@@ -0,0 +1,82 @@
+{{ include "bjw-s.common.loader.init" . }}
+
+{{ define "genericDevicePlugin.hardcodedValues" }}
+{{ if not .Values.global.nameOverride }}
+global:
+  nameOverride: {{ .Values.name }}
+{{ end }}
+controllers:
+  main:
+    type: daemonset
+    pod:
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: "Exists"
+          effect: "NoExecute"
+        - operator: "Exists"
+          effect: "NoSchedule"
+    containers:
+      main:
+        image:
+          repository: {{ .Values.image.repository }}
+          tag: {{ .Values.image.tag }}
+          pullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          - --config=/config/config.yaml
+        env:
+          - name: LISTEN
+            value: :{{ .Values.service.listenPort }}
+          - name: PLUGIN_DIRECTORY
+            value: /var/lib/kubelet/device-plugins
+          - name: DOMAIN
+            value: {{ .Values.deviceDomain }}
+        probes:
+          liveness:
+            type: HTTP
+            path: /health
+          readiness:
+            type: HTTP
+            path: /health
+          startup:
+            type: HTTP
+            path: /health
+        securityContext:
+          privileged: True
+configMaps:
+  config:
+    enabled: {{ .Values.config.enabled }}
+    data:
+      config.yaml: {{ toYaml .Values.config.data | nindent 8 }}
+service:
+  main:
+    controller: main
+    ports:
+      http:
+        port: {{ .Values.service.listenPort }}
+persistence:
+  config:
+    enabled: true
+    type: configMap
+    name: {{ .Values.name }}-config
+  device-plugins:
+    enabled: true
+    type: hostPath
+    hostPath: /var/lib/kubelet/device-plugins
+  dev:
+    enabled: true
+    type: hostPath
+    hostPath: /dev
+serviceMonitor:
+  main:
+    serviceName: generic-device-plugin
+    endpoints:
+      - port: http
+        scheme: http
+        path: /metrics
+        interval: 30s
+        scrapeTimeout: 10s
+{{ end }}
+{{ $_ := mergeOverwrite .Values (include "genericDevicePlugin.hardcodedValues" . | fromYaml) }}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

charts/generic-device-plugin/values.yaml

@@ -0,0 +1,80 @@
+# -- Name override of release
+name: generic-device-plugin
+
+# -- Default image
+image:
+  repository: ghcr.io/squat/generic-device-plugin
+  tag: latest@sha256:d7d0951df7f11479185fd9fba1c1cb4d9c8f3232d38a5468d6fe80074f2b45d5
+  pullPolicy: Always
+
+# -- Domain used by devices for identifcation
+deviceDomain: squat.ai
+
+# -- Service port
+service:
+  listenPort: 8080
+
+# -- Default resources
+resources:
+  limit:
+    cpu: 100m
+    memory: 20Mi
+  requests:
+    cpu: 50m
+    memory: 10Mi
+
+# -- Config map
+config:
+  enabled: true
+  # -- generic-device-plugin config file [[ref]](https://github.com/squat/generic-device-plugin#usage)
+  # @default -- See [values.yaml](./values.yaml)
+  data: |
+    devices:
+      - name: serial
+        groups:
+          - paths:
+              - path: /dev/ttyUSB*
+          - paths:
+              - path: /dev/ttyACM*
+          - paths:
+              - path: /dev/tty.usb*
+          - paths:
+              - path: /dev/cu.*
+          - paths:
+              - path: /dev/cuaU*
+          - paths:
+              - path: /dev/rfcomm*
+      - name: video
+        groups:
+          - paths:
+              - path: /dev/video0
+      - name: fuse
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/fuse
+      - name: audio
+        groups:
+          - count: 10
+            paths:
+              - path: /dev/snd
+      - name: capture
+        groups:
+          - paths:
+              - path: /dev/snd/controlC0
+              - path: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC1
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC1D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC2
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC2D0c
+                mountPath: /dev/snd/pcmC0D0c
+          - paths:
+              - path: /dev/snd/controlC3
+                mountPath: /dev/snd/controlC0
+              - path: /dev/snd/pcmC3D0c
+                mountPath: /dev/snd/pcmC0D0c

charts/home-assistant/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: home-assistant
-version: 0.1.12
-description: Chart for Home Assistant
-keywords:
-  - home-automation
-sources:
-  - https://github.com/home-assistant
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
-appVersion: v2024.4.4

charts/home-assistant/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Home Assistant](https://www.home-assistant.io/)
-
-Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
-
-This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/home-assistant/templates/deployment.yaml

@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: home-assistant
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ .Release.Name }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: {{ .Release.Name }}
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - mountPath: /config
-              name: home-assistant-config
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          readinessProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            initialDelaySeconds: 0
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
-        {{- if .Values.codeserver.enabled }}
-        - name: codeserver
-          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
-          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
-          ports:
-            - containerPort: {{ .Values.codeserver.service.http.port }}
-              name: codeserver-http
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.codeserver.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.codeserver.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          securityContext:
-            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
-          volumeMounts:
-            - mountPath: /config/home-assistant
-              name: home-assistant-config
-        {{- end }}
-      volumes:
-        - name: home-assistant-config
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-config"

charts/home-assistant/templates/ingress-route.yaml

@@ -1,70 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}           
-      priority: 10
-      services:
-        - kind: Service
-          name: {{ .Release.Name }}
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}    
-{{- end }}
-
----
-{{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}      
-      priority: 10
-      services:
-        - kind: Service
-          name: "{{ .Release.Name }}-codeserver"
-          port: {{ .Values.codeserver.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}          
-{{- end }}

charts/home-assistant/templates/middleware.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.ingressRoute.enabled }}
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
-{{- end }}

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -1,19 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: "{{ .Release.Name }}-config"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/home-assistant/templates/prometheus-rule.yaml

@@ -1,18 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  groups:
-    - name: {{ .Release.Name }}
-      rules:
-        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
-{{- end }}

charts/home-assistant/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}

charts/home-assistant/templates/service-monitor.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ .Release.Name }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: http
-      interval: {{ .Values.metrics.serviceMonitor.interval }}
-      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
-      path: /api/prometheus
-      bearerTokenSecret:
-        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
-        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
-{{- end }}

charts/home-assistant/templates/service.yaml

@@ -1,46 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-
----
-{{- if .Values.codeserver.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}-codeserver"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.codeserver.service.http.port }}
-      targetPort: codeserver-http
-      protocol: TCP
-      name: codeserver-http
-  selector:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

charts/home-assistant/values.yaml

@@ -1,74 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: homeassistant/home-assistant
-    tag: 2024.4.4
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-  envFrom:
-  resources:
-    requests:
-      memory: 512Mi
-      cpu: 50m
-    limits:
-      memory: 1Gi
-      cpu: 500m
-service:
-  http:
-    port: 8123
-ingressRoute:
-  enabled: true
-  host:
-  authentik:
-    outpost:
-    port: 9000
-metrics:
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    ## See https://www.home-assistant.io/docs/authentication/ for where to find
-    ## long lived access token creation under your account profile, which is
-    ## needed to monitor Home Assistant
-    bearerTokenSecret:
-      name: ""
-      key: ""
-  prometheusRule:
-    enabled: false
-    rules:
-      - alert: HomeAssistantAbsent
-        annotations:
-          description: Home Assistant has disappeared from Prometheus service discovery.
-          summary: Home Assistant is down.
-        expr: |
-          absent(up{job=~".*home-assistant.*"} == 1)
-        for: 5m
-        labels:
-          severity: critical
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-codeserver:
-  enabled: false
-  image:
-    repository: linuxserver/code-server
-    tag: 4.23.1
-    imagePullPolicy: IfNotPresent
-  env:
-    TZ: UTC
-    PUID: 1000
-    PGID: 1000
-    DEFAULT_WORKSPACE: /config
-  envFrom:
-  securityContext:
-    runAsUser: 0
-  service:
-    http:
-      port: 8443
-  ingressRoute:
-    enabled: false
-    host:

charts/homepage/Chart.yaml

@@ -1,12 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 0.0.13
-description: Chart for benphelps homepage
-keywords:
-  - dashboard
-sources:
-  - https://github.com/gethomepage/homepage
-maintainers:
-  - name: alexlebens
-icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.12

charts/homepage/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Homepage](https://github.com/benphelps/homepage)
-
-A modern (fully static, fast), secure (fully proxied), highly customizable application dashboard with integrations for more than 25 services and translations for over 15 languages. Easily configured via YAML files (or discovery via docker labels).
-
-This chart bootstraps a [Homepage](https://github.com/benphelps/homepage) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- Traefik v2 / IngressRoute
-- Authentik / Auth
-
-## Parameters
-
-See the [values files](values.yaml).

charts/homepage/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Release.Name }}
-subjects:
-  - kind: ServiceAccount
-    name: homepage
-    namespace: {{ .Release.Namespace }}

charts/homepage/templates/cluster-role.yaml

@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - traefik.containo.us
-      - traefik.io
-    resources:
-      - ingressroutes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - metrics.k8s.io
-    resources:
-      - nodes
-      - pods
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions/status
-    verbs:
-      - get

charts/homepage/templates/config-map.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: homepage-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-data:
-  bookmarks.yaml: {{- if .Values.config.bookmarks }} |
-{{- .Values.config.bookmarks | toYaml | nindent 4}}
-{{- else }} ""
-{{- end }}
-  docker.yaml: {{- if .Values.config.docker }} |
-{{- .Values.config.docker | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  kubernetes.yaml: {{- if .Values.config.kubernetes }} |
-{{- .Values.config.kubernetes | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  services.yaml: {{- if .Values.config.services }} |
-{{- .Values.config.services | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  settings.yaml: {{- if .Values.config.settings }} |
-{{- .Values.config.settings | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}
-  widgets.yaml: {{- if .Values.config.widgets }} |
-{{- .Values.config.widgets | toYaml | nindent 4 }}
-{{- else }} ""
-{{- end }}

charts/homepage/templates/deployment.yaml

@@ -1,99 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-  annotations:
-    {{- with .Values.deployment.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}    
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: homepage
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: homepage
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: homepage
-      automountServiceAccountToken: true
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.http.port }}
-              protocol: TCP
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          volumeMounts:
-            - name: homepage-config
-              subPath: bookmarks.yaml
-              mountPath: /app/config/bookmarks.yaml
-            - name: homepage-config
-              subPath: docker.yaml
-              mountPath: /app/config/docker.yaml
-            - name: homepage-config
-              subPath: kubernetes.yaml
-              mountPath: /app/config/kubernetes.yaml
-            - name: homepage-config
-              subPath: services.yaml
-              mountPath: /app/config/services.yaml
-            - name: homepage-config
-              subPath: settings.yaml
-              mountPath: /app/config/settings.yaml
-            - name: homepage-config
-              subPath: widgets.yaml
-              mountPath: /app/config/widgets.yaml
-            - name: logs
-              mountPath: /app/config/logs
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 0
-            periodSeconds: 10
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-          startupProbe:
-            failureThreshold: 30
-            initialDelaySeconds: 0
-            periodSeconds: 5
-            tcpSocket:
-              port: {{ .Values.service.http.port }}
-            timeoutSeconds: 1
-      volumes:
-        - name: homepage-config
-          configMap:
-            name: homepage-config
-        - name: logs
-          emptyDir: {}

charts/homepage/templates/ingress-route.yaml

@@ -1,32 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`)"
-      middlewares:
-        - name: "authentik-{{ .Release.Name }}"
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: homepage
-          port: {{ .Values.service.http.port }}
-    - kind: Rule
-      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: {{ .Values.ingressRoute.authentik.outpost }}
-          port: {{ .Values.ingressRoute.authentik.port }}

charts/homepage/templates/middleware.yaml

@@ -1,27 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: "authentik-{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version

charts/homepage/templates/secret.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/service-account-token
-metadata:
-  name: "{{ .Release.Name }}-sa-token"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-  annotations:
-    kubernetes.io/service-account.name: homepage

charts/homepage/templates/service-account.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-secrets:
-  - name: "{{ .Release.Name }}-sa-token"

charts/homepage/templates/service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: homepage
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.service.http.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/homepage/values.yaml

@@ -1,33 +0,0 @@
-deployment:
-  annotations: {}
-  replicas: 1
-  strategy: Recreate
-  image:
-    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.12
-    imagePullPolicy: IfNotPresent
-  env:
-  envFrom:
-  resources:
-    requests:
-      memory: 256Mi
-      cpu: 50m
-    limits:
-      memory: 512Mi
-      cpu: 500m
-service:
-  http:
-    port: 3000
-ingressRoute:
-  host:
-  authentik:
-    outpost:
-    port: 9000
-config:
-  bookmarks:
-  services:
-  widgets:
-  kubernetes:
-    mode: cluster
-  docker:
-  settings:

charts/kubelet-serving-cert-approver/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: kubelet-serving-cert-approver
-version: 0.0.4
-description: Kubelet Serving TLS Certificate Signing Request Approver
-keywords:
-  - kubernetes
-  - certificate
-sources:
-  - https://github.com/alex1989hu/kubelet-serving-cert-approver
-  - https://github.com/alexlebens/helm-charts/charts/homepage
-maintainers:
-  - name: alexlebens
-appVersion: 0.8.1

charts/kubelet-serving-cert-approver/README.md

@@ -1,16 +0,0 @@
-## Introduction
-
-[Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)
-
-Kubelet Serving Certificate Approver is a custom approving controller which approves kubernetes.io/kubelet-serving Certificate Signing Request that kubelet use to serve TLS endpoints.
-
-This chart bootstraps a [Kubelet Serving Certificate Approver](https://github.com/alex1989hu/kubelet-serving-cert-approver) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-
-## Parameters
-
-See the [values files](values.yaml).

charts/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "certificates:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: {{ .Release.Name }}
-    namespace: {{ .Release.Namespace }}

charts/kubelet-serving-cert-approver/templates/cluster-role.yaml

@@ -1,61 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "certificates:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-rules:
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests/approval
-    verbs:
-      - update
-  - apiGroups:
-      - authorization.k8s.io
-    resources:
-      - subjectaccessreviews
-    verbs:
-      - create
-  - apiGroups:
-      - certificates.k8s.io
-    resourceNames:
-      - kubernetes.io/kubelet-serving
-    resources:
-      - signers
-    verbs:
-      - approve
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approverv
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch

charts/kubelet-serving-cert-approver/templates/deployment.yaml

@@ -1,88 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kubelet-serving-cert-approver
-      app.kubernetes.io/instance: {{ .Release.Name }}
-
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: kubelet-serving-cert-approver
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - preference:
-                matchExpressions:
-                  - key: node-role.kubernetes.io/master
-                    operator: DoesNotExist
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: DoesNotExist
-              weight: 100
-      containers:
-        - name: {{ .Release.Name }}
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - containerPort: 8080
-              name: health
-            - containerPort: 9090
-              name: metrics
-          args:
-            - serve
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: health
-            initialDelaySeconds: 6
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: health
-            initialDelaySeconds: 3
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-      priorityClassName: {{ .Values.deployment.priorityClassName }}
-      securityContext:
-        fsGroup: 65534
-        runAsGroup: 65534
-        runAsUser: 65534
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: kubelet-serving-cert-approver
-      tolerations:
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/master
-          operator: Exists
-        - effect: NoSchedule
-          key: node-role.kubernetes.io/control-plane
-          operator: Exists

charts/kubelet-serving-cert-approver/templates/namespace.yaml

@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kubelet-serving-cert-approver
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
-    pod-security.kubernetes.io/warn: restricted

charts/kubelet-serving-cert-approver/templates/role-binding.yaml

@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: "events:{{ .Release.Name }}"
-  namespace: default
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: "events:{{ .Release.Name }}"
-subjects:
-  - kind: ServiceAccount
-    name: kubelet-serving-cert-approver
-    namespace: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/templates/service-account.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver

charts/kubelet-serving-cert-approver/templates/service.yaml

@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: kubelet-serving-cert-approver
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: server
-    app.kubernetes.io/part-of: kubelet-serving-cert-approver
-spec:
-  ports:
-    - name: metrics
-      port: 9090
-      protocol: TCP
-      targetPort: metrics
-  selector:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
-    app.kubernetes.io/instance: {{ .Release.Name }}

charts/kubelet-serving-cert-approver/values.yaml

@@ -1,15 +0,0 @@
-deployment:
-  replicas: 1
-  strategy: Recreate
-  priorityClassName: system-cluster-critical
-  image:
-    repository: ghcr.io/alex1989hu/kubelet-serving-cert-approver
-    tag: main
-    imagePullPolicy: Always
-  resources:
-    limits:
-      cpu: 250m
-      memory: 32Mi
-    requests:
-      cpu: 10m
-      memory: 16Mi

charts/libation/Chart.yaml

@@ -1,13 +0,0 @@
-apiVersion: v2
-name: libation
-version: 0.0.6
-description: Import library from audible
-keywords:
-  - audiobooks
-  - job
-sources:
-  - https://github.com/rmcrackan/Libation
-maintainers:
-  - name: alexlebens
-icon: https://getlibation.com/images/libation-logo.png
-appVersion: "11.1.0"

charts/libation/README.md

@@ -1,18 +0,0 @@
-## Introduction
-
-[Libation](https://github.com/rmcrackan/Libation)
-
-Libation: Liberate your Library. Import library from audible, including cover art
-
-
-This chart bootstraps a [Libation](https://github.com/benphelps/homepage) CronJob on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes
-- Helm
-- CronJob
-
-## Parameters
-
-See the [values files](values.yaml).

charts/libation/templates/job.yaml

@@ -1,39 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: libation
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: job
-    app.kubernetes.io/part-of: libation
-spec:
-  schedule: {{ .Values.job.schedule }}
-  successfulJobsHistoryLimit: 3
-  failedJobsHistoryLimit: 3
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          restartPolicy: Never
-          containers:
-            - name: libation
-              image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-              imagePullPolicy: {{ .Values.image.pullPolicy }}
-              env:
-                - name: SLEEP_TIME
-                  value: "-1"
-              volumeMounts:
-                - name: libation-config
-                  mountPath: /config
-                - name: libation-books
-                  mountPath: /data
-          volumes:
-            - name: libation-config
-              persistentVolumeClaim:
-                claimName: libation-config
-            - name: libation-books
-              persistentVolumeClaim:
-                claimName: {{ .Values.persistence.books.claimName }}

charts/libation/templates/persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: libation
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.persistence.config.storageSize }}
-  storageClassName: {{ .Values.persistence.config.storageClassName }}
-  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/libation/values.yaml

@@ -1,13 +0,0 @@
-job:
-  schedule: "0 * * * *"
-image:
-  repository: rmcrackan/libation
-  tag: "11.1.0"
-  pullPolicy: IfNotPresent
-persistence:
-  config:
-    storageClassName: default
-    storageSize: 1Gi
-    volumeMode: Filesystem
-  books:
-    claimName:

charts/matrix-hookshot/Chart.yaml

@@ -1,14 +0,0 @@
-apiVersion: v2
-name: matrix-hookshot
-version: 0.1.1
-description: Chart for Matrix Hookshot
-keywords:
-  - matrix
-  - matrix-hookshot
-  - webhook
-sources:
-  - https://github.com/matrix-org/matrix-hookshot
-maintainers:
-  - name: alexlebens
-icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
-appVersion: "5.3.0"

charts/matrix-hookshot/templates/_helpers.tpl

@@ -1,43 +0,0 @@
-{{/*
-Helper for secret name
-*/}}
-{{- define "hookshot.secretName" -}}
-{{- if .Values.hookshot.existingSecret }}
-{{- printf "%s" .Values.hookshot.existingSecret -}}
-{{- else }}
-{{- printf "matrix-hookshot-config-secret" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Helper for registration secret name
-*/}}
-{{- define "hookshot.registrationSecretName" -}}
-{{- if .Values.hookshot.existingRegistrationSecret }}
-{{- printf "%s" .Values.hookshot.existingRegistrationSecret -}}
-{{- else }}
-{{- printf "matrix-hookshot-registration-secret" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Helper for passkey secret name
-*/}}
-{{- define "hookshot.passkeySecretName" -}}
-{{- if .Values.hookshot.existingPasskeySecret }}
-{{- printf "%s" .Values.hookshot.existingPasskeySecret -}}
-{{- else }}
-{{- printf "matrix-hookshot-passkey-secret" }}
-{{- end }}
-{{- end }}
-
-{{/*
-Helper for passkey file name
-*/}}
-{{- define "hookshot.passFile" -}}
-{{- if .Values.hookshot.config.passFile }}
-{{- printf "%s" .Values.hookshot.config.passFile -}}
-{{- else }}
-{{- printf "passkey.pem" }}
-{{- end }}
-{{- end }}

charts/matrix-hookshot/templates/deployment.yaml

@@ -1,79 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: matrix-hookshot
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: matrix-hookshot
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  revisionHistoryLimit: 3
-  replicas: {{ .Values.deployment.replicas }}
-  strategy:
-    type: {{ .Values.deployment.strategy }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: matrix-hookshot
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: matrix-hookshot
-        app.kubernetes.io/instance: {{ .Release.Name }}
-    spec:
-      serviceAccountName: matrix-hookshot
-      automountServiceAccountToken: true
-      containers:
-        - name: matrix-hookshot
-          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
-          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
-          ports:
-            - name: webhook
-              containerPort: {{ .Values.service.webhook.port }}
-              protocol: TCP
-            - name: metrics
-              containerPort: {{ .Values.service.metrics.port }}
-              protocol: TCP
-            - name: appservice
-              containerPort: {{ .Values.service.appservice.port }}
-              protocol: TCP
-            - name: widgets
-              containerPort: {{ .Values.service.widgets.port }}
-              protocol: TCP              
-          env:
-          {{- range $k,$v := .Values.deployment.env }}
-            - name: {{ $k }}
-              value: {{ $v | quote }}
-          {{- end }}
-          {{- with .Values.deployment.envFrom }}
-          envFrom:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.deployment.resources | nindent 12 }}
-          volumeMounts:
-            - name: config
-              mountPath: /data/config.yml
-              subPath: config.yml
-              readOnly: true
-            - name: registration
-              mountPath: /data/registration.yml
-              subPath: registration.yml
-              readOnly: true
-            - name: passkey
-              mountPath: "/data/{{ template "hookshot.passFile" . }}"
-              subPath: {{ template "hookshot.passFile" . }}
-              readOnly: true
-      volumes:
-        - name: config
-          secret:
-            secretName: {{ template "hookshot.secretName" . }}
-        - name: registration
-          secret:
-            secretName: {{ template "hookshot.registrationSecretName" . }}
-        - name: passkey
-          secret:
-            secretName: {{ template "hookshot.passkeySecretName" . }}

charts/matrix-hookshot/templates/ingress.yaml

@@ -1,100 +0,0 @@
-{{- if .Values.ingress.webhook.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: matrix-hookshot-webhook
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: matrix-hookshot-webhook
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.webhook.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.webhook.className }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.webhook.host }}
-      secretName: {{ .Release.Name }}-webhook-secret-tls
-  rules:
-    - host: {{ .Values.ingress.webhook.host }}
-      http:
-        paths:
-          - path: /webhook/
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: webhook
-{{- end }}
-
----
-{{- if .Values.ingress.appservice.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: matrix-hookshot-appservice
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: matrix-hookshot-appservice
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.appservice.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.appservice.className }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.appservice.host }}
-      secretName: {{ .Release.Name }}-appservice-secret-tls
-  rules:
-    - host: {{ .Values.ingress.appservice.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: appservice
-{{- end }}
-
----
-{{- if .Values.ingress.widgets.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: matrix-hookshot-widgets
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: matrix-hookshot-widgets
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    {{- toYaml .Values.ingress.widgets.annotations | nindent 4 }}
-spec:
-  ingressClassName: {{ .Values.ingress.widgets.className }}
-  tls:
-    - hosts:
-        - {{ .Values.ingress.widgets.host }}
-      secretName: {{ .Release.Name }}-widgets-secret-tls
-  rules:
-    - host: {{ .Values.ingress.widgets.host }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Release.Name }}
-                port:
-                  name: widgets
-{{- end }}