add lazy-librarian

add penpot
change postgres settings to import only password from secret
2024-04-21 03:59:25 -06:00 · 2024-04-19 21:34:56 -06:00 · 2024-04-19 05:41:38 -06:00 · 2024-04-19 05:32:28 -06:00 · 2024-04-19 05:22:14 -06:00 · 2024-04-19 05:05:10 -06:00
54 changed files with 5039 additions and 527 deletions
--- a/charts/home-assistant/Chart.yaml
+++ b/charts/home-assistant/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: home-assistant
-version: 0.1.9
+version: 0.1.10
 description: Chart for Home Assistant
 keywords:
  - home-automation
--- a/charts/home-assistant/values.yaml
+++ b/charts/home-assistant/values.yaml
@@ -56,7 +56,7 @@ codeserver:
  enabled: false
  image:
    repository: linuxserver/code-server
-    tag: 4.23.0
+    tag: 4.23.1
    imagePullPolicy: IfNotPresent
  env:
    TZ: UTC
--- a/charts/homepage/Chart.yaml
+++ b/charts/homepage/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.10
+version: 0.0.11
 description: Chart for benphelps homepage
 keywords:
  - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: v0.8.11
+appVersion: v0.8.12
--- a/charts/homepage/values.yaml
+++ b/charts/homepage/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.11
+    tag: v0.8.12
    imagePullPolicy: IfNotPresent
  env:
  envFrom:
--- a/charts/kyoo/Chart.yaml
+++ b/charts/kyoo/Chart.yaml
@@ -0,0 +1,23 @@
 apiVersion: v2
 name: kyoo
 version: 0.1.9
 description: Chart for Kyoo
 keywords:
  - media
 sources:
  - https://github.com/zoriya/Kyoo
  - https://github.com/rabbitmq/rabbitmq-server
  - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
  - https://github.com/meilisearch/meilisearch
  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
 maintainers:
  - name: alexlebens
 icon: https://raw.githubusercontent.com/zoriya/Kyoo/master/icons/icon-256x256.png
 dependencies:
  - name: rabbitmq
    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
  - name: meilisearch
    version: 0.6.1
    repository: https://meilisearch.github.io/meilisearch-kubernetes  
 appVersion: v4.4.0
--- a/charts/kyoo/README.md
+++ b/charts/kyoo/README.md
@@ -0,0 +1,17 @@
 ## Introduction
 [Kyoo](https://github.com/zoriya/Kyoo)
 A portable and vast media library solution.
 This chart bootstraps a [Kyoo](https://github.com/zoriya/Kyoo) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/kyoo/templates/_helpers.tpl
+++ b/charts/kyoo/templates/_helpers.tpl
@@ -0,0 +1,155 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "kyoo.name" -}}
  {{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "kyoo.fullname" -}}
  {{- if .Values.global.fullnameOverride -}}
    {{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
  {{- else -}}
    {{- $name := default .Chart.Name .Values.global.nameOverride -}}
    {{- if contains $name .Release.Name -}}
      {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
    {{- else -}}
      {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label
 */}}
 {{- define "kyoo.chart" -}}
  {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels
 */}}
 {{- define "kyoo.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Common labels for specific components
 */}}
 {{- define "kyoo.autosync.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-autosync
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.back.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-back
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.front.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-front
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.matcher.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-matcher
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.migrations.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-migrations
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.scanner.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-scanner
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{- define "kyoo.transcoder.labels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-transcoder
 helm.sh/chart: {{ template "kyoo.chart" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
 */}}
 {{- define "kyoo.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.autosync.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-autosync
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.back.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-back
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.front.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-front
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.matcher.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-matcher
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.migrations.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-migrations
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.scanner.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-scanner
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "kyoo.transcoder.matchLabels" -}}
 app.kubernetes.io/name: {{ template "kyoo.name" . }}-transcoder
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "kyoo.serviceAccountName" -}}
  {{- if .Values.serviceAccount.create -}}
    {{ default (include "kyoo.fullname" .) .Values.serviceAccount.name }}
  {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the back persistent volume
 */}}
 {{- define "kyoo.backVolumeName" -}}
  {{- if .Values.persistence.back.existingClaim -}}
    {{ .Values.persistence.back.existingClaim }}
  {{- else -}}
    {{ printf "%s-back" (include "kyoo.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
 {{/*
 Create the name of the metadata persistent volume
 */}}
 {{- define "kyoo.metadataVolumeName" -}}
  {{- if .Values.persistence.metadata.existingClaim -}}
    {{ .Values.persistence.metadata.existingClaim }}
  {{- else -}}
    {{ printf "%s-metadata" (include "kyoo.fullname" .) | trunc 63 | trimSuffix "-" }}
  {{- end -}}
 {{- end -}}
--- a/charts/kyoo/templates/deployment-autosync.yaml
+++ b/charts/kyoo/templates/deployment-autosync.yaml
@@ -0,0 +1,75 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-autosync
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.autosync.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.autosync.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.autosync.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.autosync.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-autosync
      annotations:
        {{- with .Values.autosync.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.autosync.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.autosync.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.autosync.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.autosync.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-autosync
          image: "{{ .Values.autosync.image.repository }}:{{ .Values.autosync.image.tag }}"
          imagePullPolicy: {{ .Values.autosync.image.pullPolicy }}
          resources:
            {{ toYaml .Values.autosync.resources | nindent 12 }}
          env:
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
          {{ if .Values.config.secretAPIKey.existingSimklSecretKey }}
            - name: OIDC_SIMKL_CLIENTID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingSimklSecretKey }}"
          {{ end }}
          {{- with .Values.autosync.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
--- a/charts/kyoo/templates/deployment-back.yaml
+++ b/charts/kyoo/templates/deployment-back.yaml
@@ -0,0 +1,173 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.back.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.back.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.back.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-back
      annotations:
        {{- with .Values.back.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.back.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.back.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.back.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.back.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-back
          image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
          imagePullPolicy: {{ .Values.back.image.pullPolicy }}
          resources:
            {{ toYaml .Values.back.resources | nindent 12 }}
          ports:
            - name: kyoo-back
              containerPort: {{ .Values.back.service.port }}
              protocol: TCP
          volumeMounts:
            - name: kyoo-back
              mountPath: /kyoo
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: REQUIRE_ACCOUNT_VERIFICATION
              value: "{{ .Values.config.requireAccountVerification }}"
            - name: UNLOGGED_PERMISSIONS
              value: "{{ .Values.config.unloggedPermissions }}"
            - name: DEFAULT_PERMISSIONS
              value: "{{ .Values.config.defaultPermissions }}"
            - name: AUTHENTICATION_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAuthenticationKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAuthenticationKey.existingSecretKey }}"
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: PUBLIC_URL
              value: "{{ .Values.config.publicUrl }}"
            - name: POSTGRES_USER
              value: "{{ .Values.config.postgresql.username }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              value: "{{ .Values.config.postgresql.database }}"
            - name: POSTGRES_SERVER
              value: "{{ .Values.config.postgresql.host }}"
            - name: POSTGRES_PORT
              value: "{{ .Values.config.postgresql.port }}"
          {{ if .Values.config.oidc.enabled }}
            - name: OIDC_SERVICE_NAME
              value: "{{ .Values.config.oidc.name }}"
            - name: OIDC_SERVICE_LOGO
              value: "{{ .Values.config.oidc.logo }}"
            - name: OIDC_SERVICE_AUTHORIZATION
              value: "{{ .Values.config.oidc.authorization }}"
            - name: OIDC_SERVICE_TOKEN
              value: "{{ .Values.config.oidc.token }}"
            - name: OIDC_SERVICE_PROFILE
              value: "{{ .Values.config.oidc.profile }}"
            - name: OIDC_SERVICE_SCOPE
              value: "{{ .Values.config.oidc.scope }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.oidc.existingSecretName }}"
                  key: "{{ .Values.config.oidc.clientIDKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.oidc.existingSecretName }}"
                  key: "{{ .Values.config.oidc.secretIDKey }}"
          {{ end }}
            - name: MEILI_HOST
              value: http://{{ template "kyoo.fullname" . }}-meilisearch.{{ .Release.Namespace }}:{{ .Values.meilisearch.service.port }}
            - name: MEILI_MASTER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.meilisearch.auth.existingMasterKeySecret }}"
                  key: MEILI_MASTER_KEY
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
          {{- if .Values.back.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: {{ .Values.back.livenessProbe.path }}
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.back.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: {{ .Values.back.livenessProbe.path }}
              port: {{ .Values.back.service.port }}
            initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
          {{- end }}
      volumes:
        - name: kyoo-back
      {{- if .Values.persistence.back.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "kyoo.backVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/deployment-front.yaml
+++ b/charts/kyoo/templates/deployment-front.yaml
@@ -0,0 +1,90 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.front.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.front.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.front.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-front
      annotations:
        {{- with .Values.front.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.front.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.front.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.front.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.front.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-front
          image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
          imagePullPolicy: {{ .Values.front.image.pullPolicy }}
          resources:
            {{ toYaml .Values.front.resources | nindent 12 }}
          ports:
            - name: kyoo-front
              containerPort: {{ .Values.front.service.port }}
              protocol: TCP
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
          {{- if .Values.front.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: {{ .Values.front.livenessProbe.path }}
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
          {{- end }}
          {{- if .Values.front.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: {{ .Values.front.livenessProbe.path }}
              port: {{ .Values.front.service.port }}
            initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
            successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
          {{- end }}
--- a/charts/kyoo/templates/deployment-matcher.yaml
+++ b/charts/kyoo/templates/deployment-matcher.yaml
@@ -0,0 +1,92 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-matcher
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.matcher.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.matcher.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.matcher.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.matcher.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-matcher
      annotations:
        {{- with .Values.matcher.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.matcher.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.matcher.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.matcher.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.matcher.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-matcher
          image: "{{ .Values.matcher.image.repository }}:{{ .Values.matcher.image.tag }}"
          imagePullPolicy: {{ .Values.matcher.image.pullPolicy }}
          resources:
            {{ toYaml .Values.matcher.resources | nindent 12 }}
          command:
            - matcher
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
          {{- if .Values.config.secretAPIKey.existingKyooSecretKey }}
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
          {{- end }}
          {{- if .Values.config.secretAPIKey.existingTMDBSecretKey }}
            - name: THEMOVIEDB_APIKEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingTMDBSecretKey }}"
          {{- end }}
            - name: LIBRARY_LANGUAGES
              value: "{{ .Values.config.libraryLanguages }}"
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
--- a/charts/kyoo/templates/deployment-migrations.yaml
+++ b/charts/kyoo/templates/deployment-migrations.yaml
@@ -0,0 +1,133 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-migrations
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.migrations.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.migrations.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.migrations.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.migrations.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-migrations
      annotations:
        {{- with .Values.migrations.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.migrations.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.migrations.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.migrations.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.migrations.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-migrations
          image: "{{ .Values.migrations.image.repository }}:{{ .Values.migrations.image.tag }}"
          imagePullPolicy: {{ .Values.migrations.image.pullPolicy }}
          resources:
            {{ toYaml .Values.migrations.resources | nindent 12 }}
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: REQUIRE_ACCOUNT_VERIFICATION
              value: "{{ .Values.config.requireAccountVerification }}"
            - name: UNLOGGED_PERMISSIONS
              value: "{{ .Values.config.unloggedPermissions }}"
            - name: DEFAULT_PERMISSIONS
              value: "{{ .Values.config.defaultPermissions }}"
            - name: AUTHENTICATION_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAuthenticationKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAuthenticationKey.existingSecretKey }}"
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
            - name: PUBLIC_URL
              value: "{{ .Values.config.publicUrl }}"
            - name: POSTGRES_USER
              value: "{{ .Values.config.postgresql.username }}"
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.postgresql.existingSecretName }}"
                  key: "{{ .Values.config.postgresql.passwordKey }}"
            - name: POSTGRES_DB
              value: "{{ .Values.config.postgresql.database }}"
            - name: POSTGRES_SERVER
              value: "{{ .Values.config.postgresql.host }}"
            - name: POSTGRES_PORT
              value: "{{ .Values.config.postgresql.port }}"
          {{ if .Values.config.oidc.enabled }}
            - name: OIDC_SERVICE_NAME
              value: "{{ .Values.config.oidc.name }}"
            - name: OIDC_SERVICE_LOGO
              value: "{{ .Values.config.oidc.logo }}"
            - name: OIDC_SERVICE_AUTHORIZATION
              value: "{{ .Values.config.oidc.authorization }}"
            - name: OIDC_SERVICE_TOKEN
              value: "{{ .Values.config.oidc.token }}"
            - name: OIDC_SERVICE_PROFILE
              value: "{{ .Values.config.oidc.profile }}"
            - name: OIDC_SERVICE_SCOPE
              value: "{{ .Values.config.oidc.scope }}"
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.oidc.existingSecretName }}"
                  key: "{{ .Values.config.oidc.clientIDKey }}"
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.oidc.existingSecretName }}"
                  key: "{{ .Values.config.oidc.secretIDKey }}"
          {{ end }}
            - name: MEILI_HOST
              value: http://{{ template "kyoo.fullname" . }}-meilisearch.{{ .Release.Namespace }}:{{ .Values.meilisearch.service.port }}
            - name: MEILI_MASTER_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.meilisearch.auth.existingMasterKeySecret }}"
                  key: MEILI_MASTER_KEY
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
--- a/charts/kyoo/templates/deployment-scanner.yaml
+++ b/charts/kyoo/templates/deployment-scanner.yaml
@@ -0,0 +1,108 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-scanner
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.scanner.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.scanner.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.scanner.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.scanner.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-scanner
      annotations:
        {{- with .Values.scanner.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.scanner.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.scanner.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.scanner.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.scanner.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-scanner
          image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag }}"
          imagePullPolicy: {{ .Values.scanner.image.pullPolicy }}
          resources:
            {{ toYaml .Values.scanner.resources | nindent 12 }}
          volumeMounts:
            - name: kyoo-library
              mountPath: "{{ .Values.persistence.library.mountPath }}"
          command:
            - scanner
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
            - name: KYOO_URL
              value: http://{{ template "kyoo.fullname" . }}-back.{{ .Release.Namespace }}:{{ .Values.back.service.port }}
          {{- if .Values.config.secretAPIKey.existingKyooSecretKey }}
            - name: KYOO_APIKEYS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingKyooSecretKey }}"
          {{- end }}
          {{- if .Values.config.secretAPIKey.existingTMDBSecretKey }}
            - name: THEMOVIEDB_APIKEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.config.secretAPIKey.existingSecretName }}"
                  key: "{{ .Values.config.secretAPIKey.existingTMDBSecretKey }}"
          {{- end }}
            - name: LIBRARY_LANGUAGES
              value: "{{ .Values.config.libraryLanguages }}"
            - name: LIBRARY_IGNORE_PATTERN
              value: "{{ .Values.config.libraryIgnorePattern }}"
            - name: SCANNER_LIBRARY_ROOT
              value: "{{ .Values.persistence.library.mountPath }}"
            - name: RABBITMQ_HOST
              value: {{ template "kyoo.fullname" . }}-rabbitmq
            - name: RABBITMQ_DEFAULT_USER
              value: "{{ .Values.rabbitmq.auth.username }}"
            - name: RABBITMQ_DEFAULT_PASS
              valueFrom:
                secretKeyRef:
                  name: "{{ .Values.rabbitmq.auth.existingPasswordSecret }}"
                  key: "{{ .Values.rabbitmq.auth.existingSecretPasswordKey }}"
      volumes:
        - name: kyoo-library
      {{- if .Values.persistence.library.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.library.existingClaim }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/deployment-transcoder.yaml
+++ b/charts/kyoo/templates/deployment-transcoder.yaml
@@ -0,0 +1,114 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "kyoo.fullname" . }}-transcoder
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.transcoder.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  revisionHistoryLimit: 3
  replicas: {{ .Values.transcoder.replicas }}
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "kyoo.transcoder.matchLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "kyoo.transcoder.labels" . | nindent 8 }}
        app.kubernetes.io/component: {{ template "kyoo.name" . }}-transcoder
      annotations:
        {{- with .Values.transcoder.podAnnotations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
    spec:
      affinity:
        {{- with .Values.transcoder.affinity }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      nodeSelector:
        {{- with .Values.transcoder.nodeSelector }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      tolerations:
        {{- with .Values.transcoder.tolerations }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "kyoo.serviceAccountName" . }}
      securityContext:
        {{- with .Values.transcoder.securityContext }}
        {{ toYaml . | nindent 8 }}
        {{- end }}
      containers:
        - name: {{ template "kyoo.fullname" . }}-transcoder
          image: "{{ .Values.transcoder.image.repository }}:{{ .Values.transcoder.image.tag }}"
          imagePullPolicy: {{ .Values.transcoder.image.pullPolicy }}
          resources:
            {{ toYaml .Values.transcoder.resources | nindent 12 }}
          ports:
            - name: kyoo-transcoder
              containerPort: {{ .Values.transcoder.service.port }}
              protocol: TCP
          volumeMounts:
            - name: kyoo-metadata
              mountPath: "{{ .Values.persistence.metadata.mountPath }}"
            - name: kyoo-cache
              mountPath: "{{ .Values.persistence.cache.mountPath }}"
            - name: kyoo-library
              mountPath: "{{ .Values.persistence.library.mountPath }}"
          env:
          {{- with .Values.back.extraVars }}
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- if eq .Values.config.transcoderProfile "vaapi" }}
            - name: GOCODER_HWACCEL
              value: "vaapi"
            - name: GOCODER_VAAPI_RENDERER
              value: "{{ .Values.config.transcoderRenderPath }}"
          {{- else if eq .Values.config.transcoderProfile "qsv" }}
            - name: GOCODER_HWACCEL
              value: "qsv"
            - name: GOCODER_QSV_RENDERER
              value: "{{ .Values.config.transcoderRenderPath }}"
          {{- else if eq .Values.config.transcoderProfile "nvidia" }}
            - name: GOCODER_HWACCEL
              value: "nvidia"
          {{- else }}
            - name: GOCODER_HWACCEL
              value: "disabled"
          {{- end }}
            - name: GOCODER_PRESET
              value: "{{ .Values.config.transcoderPreset }}"
            - name: GOCODER_METADATA_ROOT
              value: "{{ .Values.persistence.metadata.mountPath }}"
            - name: GOCODER_CACHE_ROOT
              value: "{{ .Values.persistence.cache.mountPath }}"
      volumes:
        - name: kyoo-metadata
      {{- if .Values.persistence.metadata.enabled }}
          persistentVolumeClaim:
            claimName: {{ include "kyoo.metadataVolumeName" . }}
      {{- else }}
          emptyDir: {}
      {{- end }}
        - name: kyoo-cache
          emptyDir:
            sizeLimit: {{ .Values.persistence.cache.size }}
        - name: kyoo-library
      {{- if .Values.persistence.library.enabled }}
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.library.existingClaim }}
      {{- else }}
          emptyDir: {}
      {{- end }}
--- a/charts/kyoo/templates/ingress.yaml
+++ b/charts/kyoo/templates/ingress.yaml
@@ -0,0 +1,44 @@
 {{- if .Values.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ template "kyoo.fullname" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- toYaml .Values.ingress.annotations | nindent 4 }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.ingress.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  ingressClassName: {{ .Values.ingress.className }}
  tls:
    - hosts:
      - {{ .Values.ingress.host }}
      secretName: {{ template "kyoo.fullname" . }}-secret-tls
  rules:
    - host: {{ .Values.ingress.host }}
      http:
        paths:
          - path: /
            backend:
              service:
                name: "{{ template "kyoo.fullname" . }}-front"
                port:
                  name: kyoo-front
            pathType: ImplementationSpecific
          - path: /api
            backend:
              service:
                name: "{{ template "kyoo.fullname" . }}-back"
                port:
                  name: kyoo-back
            pathType: ImplementationSpecific
 {{- end }}
--- a/charts/kyoo/templates/persistent-volume-claim.yaml
+++ b/charts/kyoo/templates/persistent-volume-claim.yaml
@@ -0,0 +1,54 @@
 {{- if and .Values.persistence.back.enabled (not .Values.persistence.back.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "kyoo.backVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.back.retain }}
    helm.sh/resource-policy: keep
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.back.storageClass }}
  accessModes:
    - {{ .Values.persistence.back.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.back.size }}
 {{- end }}
 ---
 {{- if and .Values.persistence.metadata.enabled (not .Values.persistence.metadata.existingClaim) }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "kyoo.metadataVolumeName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- if .Values.persistence.metadata.retain }}
    "helm.sh/resource-policy": keep
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
 spec:
  storageClassName: {{ .Values.persistence.metadata.storageClass }}
  accessModes:
    - {{ .Values.persistence.metadata.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.metadata.size }}
 {{- end }}
--- a/charts/kyoo/templates/service-account.yaml
+++ b/charts/kyoo/templates/service-account.yaml
@@ -0,0 +1,20 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ template "kyoo.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.serviceAccount.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/kyoo/templates/service.yaml
+++ b/charts/kyoo/templates/service.yaml
@@ -0,0 +1,100 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kyoo.fullname" . }}-back
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.back.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.back.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.back.service.type }}
  ports:
    - port: {{ .Values.back.service.port }}
      targetPort: kyoo-back
      protocol: TCP
      name: kyoo-back
  selector:
    {{- include "kyoo.back.matchLabels" . | nindent 4 }}
    {{- with .Values.back.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "kyoo.fullname" . }}-front
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.front.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.front.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.front.service.type }}
  ports:
    - port: {{ .Values.front.service.port }}
      targetPort: kyoo-front
      protocol: TCP
      name: kyoo-front
  selector:
    {{- include "kyoo.front.matchLabels" . | nindent 4 }}
    {{- with .Values.front.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: transcoder
  namespace: {{ .Release.Namespace }}
  annotations:
    {{- with .Values.global.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.transcoder.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  labels:
    {{- include "kyoo.transcoder.labels" . | nindent 4 }}
    {{- with .Values.global.labels }}
    {{ toYaml . | nindent 4 }}
    {{- end }}
    {{- with .Values.transcoder.service.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  type: {{ .Values.transcoder.service.type }}
  ports:
    - port: {{ .Values.transcoder.service.port }}
      targetPort: kyoo-transcoder
      protocol: TCP
      name: kyoo-transcoder
  selector:
    {{- include "kyoo.transcoder.matchLabels" . | nindent 4 }}
    {{- with .Values.transcoder.service.extraSelectorLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
--- a/charts/kyoo/values.yaml
+++ b/charts/kyoo/values.yaml
@@ -0,0 +1,892 @@
 ## Global
 ##
 global:
  # -- Set an override for the prefix of the fullname
  nameOverride:
  # -- Set the entire name definition
  fullnameOverride:
  # -- Set additional global labels. Helm templates can be used.
  labels: {}
  # -- Set additional global annotations. Helm templates can be used.
  annotations: {}
 ## Service Account
 ##
 serviceAccount:
  # -- Specifies whether a service account should be created
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- Labels to add to the service account
  labels: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 ## Config options
 ##
 config:
  ## Secret key
  ## Specificy the secret name and the key containg a strong secret key
  ##
  secretAuthenticationKey:
    existingSecretName: ""
    existingSecretKey: ""
  ## API keys
  ## Specificy the secret name and the key containg an API key for that service
  ##
  secretAPIKey:
    existingSecretName: ""
    # -- Kyoo
    existingKyooSecretKey: ""
    # -- The Movie Database
    existingTMDBSecretKey: ""
    # -- Simkl: https://simkl.docs.apiary.io/#
    existingSimklSecretKey: ""
  # Langauges
  libraryLanguages: en
  # A pattern (regex) to ignore video files, ie ".*/[dD]ownloads?/.*"
  libraryIgnorePattern: ""
  # If this is true, new accounts wont have any permissions before you approve them in your admin dashboard.
  requireAccountVerification: true
  # Specify permissions of guest accounts, default is no permissions,
  # but you can allow anyone to use your instance without account by doing:
  # UNLOGGED_PERMISSIONS=overall.read,overall.play
  # You can specify this to allow guests users to see your collection without behing able to play videos for example:
  # UNLOGGED_PERMISSIONS=overall.read
  unloggedPermissions: overall.read
  # Specify permissions of new accounts.
  defaultPermissions: overall.read,overall.play
  # Hardware transcoding (equivalent of --profile docker compose option).
  # cpu (no hardware acceleration) or vaapi or qsv or nvidia
  transcoderProfile: cpu
  # Path to the hardware device for the specificied transcoder profile
  transcoderRenderPath: /dev/dri/renderD128
  # the preset used during transcode. faster means worst quality, you can probably use a slower preset with hwaccels
  # warning: using vaapi hwaccel disable presets (they are not supported).
  transcoderPreset: fast
  # The url you can use to reach your kyoo instance. This is also used during oidc to redirect users to your instance.
  publicUrl: ""
  ## OIDC authentication
  ##
  oidc:
    enabled: false
    # Name of the OIDC provider, ie Authentik, Keycloak, Authelia, etc
    name: ""
    # URL to the an image of the provider logo
    logo: ""
    # Urls to access the provider
    authorization: ""
    token: ""
    profile: ""
    # Scopes space separeted
    scope: "openid profile email"
    # Generated from the provider, these are expected to be stored in a secret
    existingSecretName: ""
    clientIDKey: ""
    secretIDKey: ""
  ## Postgresql
  ##
  postgresql:
    username: ""
    database: ""
    host: ""
    port: ""
    # -- Use a secret to store the pasword
    existingSecretName: ""
    passwordKey: ""
 ## Configure the ingress resource that allows you to access the
 ## kyoo installation. Set up the URL
 ## ref: http://kubernetes.io/docs/user-guide/ingress/
 ##
 ingress:
  # -- Enables or disables the ingress
  enabled: false
  # -- Provide additional annotations which may be required.
  annotations: {}
  # -- Provide additional labels which may be required.
  labels: {}
  # -- Set the ingressClass that is used for this ingress.
  className: ""
  ## Configure the hosts for the ingress
  host: chart-example.local
 ## Enable persistence using Persistent Volume Claims
 ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 ##
 persistence:
  back:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
  metadata:
    # -- Enables or disables the persistence item. Defaults to true
    enabled: true
    # -- Storage Class for the config volume.
    # If set to `-`, dynamic provisioning is disabled.
    # If set to something else, the given storageClass is used.
    # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
    storageClass: ""
    # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
    existingClaim: ""
    # -- AccessMode for the persistent volume.
    # Make sure to select an access mode that is supported by your storage provider!
    # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
    accessMode: ReadWriteOnce
    # -- The amount of storage that is requested for the persistent volume.
    size: 5Gi
    # -- Set to true to retain the PVC upon `helm uninstall`
    retain: false
    # -- Mount path inside container
    mountPath: /metadata
  cache:
    # -- Transcoder cache will be mounted as an emptyDir, specificy a limit to the cache size
    size: 10Gi
    # -- Mount path inside container
    mountPath: /cache
  library:
    enabled: false
    # -- Provide an existing claim to you media library
    existingClaim: ""
    # -- Mount path inside container, used as the root path for the library
    mountPath: /video
 ## Auto Sync
 ##
 autosync:
  ## Kyoo Auto Sync image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_autosync/tags
  ##
  image:
    repository: zoriya/kyoo_autosync
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Back
 ##
 back:
  ## Kyoo Back image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_back/tags
  ##
  image:
    repository: zoriya/kyoo_back
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    path: /health
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    path: /health
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 5000
 ## Front
 ##
 front:
  ## Kyoo Front image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_front/tags
  ##
  image:
    repository: zoriya/kyoo_front
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Configure extra options for liveness and readiness probes
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
  ##
  livenessProbe:
    enabled: false
    path: /
    initialDelaySeconds: 20
    periodSeconds: 10
    timeoutSeconds: 5
    successThreshold: 1
    failureThreshold: 3
  readinessProbe:
    enabled: false
    path: /
    initialDelaySeconds: 5
    periodSeconds: 10
    timeoutSeconds: 1
    successThreshold: 1
    failureThreshold: 3
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 8901
 ## Matcher
 ##
 matcher:
  ## Kyoo Matcher image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_matcher/tags
  ##
  image:
    repository: zoriya/kyoo_scanner
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Migrations
 ##
 migrations:
  ## Kyoo Migrations image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_migrations/tags
  ##
  image:
    repository: zoriya/kyoo_migrations
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Scanner
 ##
 scanner:
  ## Kyoo Scanner image version
  ## ref: https://hub.docker.com/r/zoriya/zoriya/kyoo_scanner/tags
  ##
  image:
    repository: zoriya/kyoo_scanner
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
 ## Transcoder
 ##
 transcoder:
  ## Kyoo Transcoder image version
  ## ref: https://hub.docker.com/r/zoriya/kyoo_transcoder/tags
  ##
  image:
    repository: zoriya/kyoo_transcoder
    tag: "4.4.0"
    ## Specify a imagePullPolicy
    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
    ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    ##
    pullPolicy: IfNotPresent
  ## Define the number of pods the deployment will create
  ## Do not change unless your persistent volume allows more than one writer, ie NFS
  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
  ##
  replicas: 1
  ## Pod annotations
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  ##
  podAnnotations: {}
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext: {}
  ## kyoo containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    limits: {}
    #  cpu: 2
    #  memory: 1Gi
    requests: {}
    #  cpu: 1
    #  memory: 1Gi
  ## Extra environment variables
  ##
  extraVars:
  #  - name: EXAMPLE
  #    value: "example"
  ## Service
  ##
  service:
    # -- Set the service type
    type: ClusterIP
    # -- Provide additional annotations which may be required.
    annotations: {}
    # -- Provide additional labels which may be required.
    labels: {}
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
    # -- HTTP port number
    port: 7666
 ## Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
 rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
    ##
    username: kyoo
    ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (existing secret must contain a value for `rabbitmq-password` key or override with setting auth.existingSecretPasswordKey)
    ## e.g:
    ## existingPasswordSecret: name-of-existing-secret
    ##
    existingPasswordSecret: ""
    existingSecretPasswordKey: ""
    ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key or override with auth.existingSecretErlangKey)
    ## e.g:
    ## existingErlangSecret: name-of-existing-secret
    ##
    existingErlangSecret: ""
    ## @param auth.existingSecretErlangKey [default: rabbitmq-erlang-cookie] Erlang cookie key to be retrieved from existing secret
    ## NOTE: ignored unless `auth.existingErlangSecret` parameter is set
    ##
    existingSecretErlangKey: ""
  ## @param configurationExistingSecret Existing secret with the configuration to use as rabbitmq.conf.
  ## Must contain the key "rabbitmq.conf"
  ## Takes precedence over `configuration`, so do not use both simultaneously
  ## With providing an existingSecret, extraConfiguration and extraConfigurationExistingSecret do not take any effect
  ##
  configurationExistingSecret: ""
  ## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration
  ## Use this instead of `configuration` to add more configuration
  ## Do not use simultaneously with `extraConfigurationExistingSecret`
  ##
  extraConfiguration: |-
    default_vhost = '/'
    default_permissions.configure = .*
    default_permissions.read = .*
    default_permissions.write = .*
 ## Meilisearch
 ## https://github.com/meilisearch/meilisearch-kubernetes/blob/main/charts/meilisearch/values.yaml
 ##
 meilisearch:
  environment:
    # -- Deactivates analytics
    MEILI_NO_ANALYTICS: true
    # -- Sets the environment. Either **production** or **development**
    MEILI_ENV: production
    # For production deployment, the environment MEILI_MASTER_KEY is required.
    # If MEILI_ENV is set to "production" without setting MEILI_MASTER_KEY, this
    # chart will automatically create a secure MEILI_MASTER_KEY and push it as a
    # secret. Otherwise the below value of MEILI_MASTER_KEY will be used instead.
    # MEILI_MASTER_KEY: ""
  auth:
    # -- Use an existing Kubernetes secret for the MEILI_MASTER_KEY
    existingMasterKeySecret: ""
  service:
    # -- Kubernetes Service type
    type: ClusterIP
    # -- Kubernetes Service port
    port: 7700
    # -- Additional annotations for service
    annotations: {}
  persistence:
    enabled: false
    # -- PVC Access Mode
    accessMode: ReadWriteOnce
    ## Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # -- PVC Storage Class
    storageClass: "-"
    ## Data Persistent Volume existing claim name
    ## Requires persistence.enabled: true
    ## If defined, PVC must be created manually before volume will be bound
    # -- Existing PVC
    existingClaim: ""
    # -- PVC Storage Request
    size: 10Gi
  resources: {}
    # limits:
    #  cpu: 100m
    #  memory: 128Mi
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
  serviceMonitor:
    enabled: false
--- a/charts/lazy-librarian/Chart.yaml
+++ b/charts/lazy-librarian/Chart.yaml
@@ -0,0 +1,18 @@
 apiVersion: v2
 name: lazy-librarian
 version: 0.1.0
 description: A Helm chart for deploying LazyLibrarian
 keywords:
  - lazylibrarian
  - ebooks
 sources:
  - https://gitlab.com/LazyLibrarian/LazyLibrarian.git
  - https://lazylibrarian.gitlab.io
 maintainers:
  - name: alexlebens
 dependencies:
  - name: common
    repository: https://bjw-s.github.io/helm-charts/
    version: 3.1.0
 icon: https://lazylibrarian.gitlab.io/logo.svg
 appVersion: version-1152df82
--- a/charts/lazy-librarian/README.md
+++ b/charts/lazy-librarian/README.md
@@ -0,0 +1,85 @@
 # lazylibrarian
 ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: version-b3a081ec](https://img.shields.io/badge/AppVersion-version--b3a081ec-informational?style=flat-square)
 A Helm chart for deploying LazyLibrarian
 **This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/alexlebens/helm-charts/issues/new/choose)**
 ## Source Code
 * <https://gitlab.com/LazyLibrarian/LazyLibrarian.git>
 * <https://lazylibrarian.gitlab.io>
 ## Requirements
 Kubernetes: `>=1.16.0-0`
 ## Dependencies
 | Repository | Name | Version |
 |------------|------|---------|
 | https://github.com/bjw-s/helm-charts | common | 3.1.0 |
 ## TL;DR
 ```console
 helm repo add alexlebens-helm-charts http://alexlebens.github.io/helm-charts
 helm repo update
 helm install lazy-librarian alexlebens-helm-charts/lazy-librarian
 ```
 ## Installing the Chart
 To install the chart with the release name `lazy-librarian`
 ```console
 helm install lazy-librarian alexlebens-helm-charts/lazy-librarian
 ```
 ## Uninstalling the Chart
 To uninstall the `lazy-librarian` deployment
 ```console
 helm uninstall lazy-librarian
 ```
 The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
 ## Configuration
 Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
 Other values may be used from the [values.yaml](https://github.com/alexlebens/helm-charts/blob/main/charts/lazy-librarian/values.yaml) from the [common library](https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml).
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 ```console
 helm install lazy-librarian \
  --set env.TZ="US/Mountain" \
    alexlebens-helm-charts/lazy-librarian
 ```
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
 ```console
 helm install lazy-librarian alexlebens-helm-charts/lazy-librarian -f values.yaml
 ```
 ## Values
 **Important**: When deploying an application Helm chart you can add more values from the common library chart [here](https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml)
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | env | object | See below | environment variables. |
 | env.PGID | string | `"1001"` | Specify the group ID the application will run as |
 | env.PUID | string | `"1001"` | Specify the user ID the application will run as |
 | env.TZ | string | `"UTC"` | Set the container timezone |
 | env.DOCKER_MODS | string | `"linuxserver/mods:universal-calibre|linuxserver/mods:lazylibrarian-ffmpeg"` | Add linuxserver docker mods |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
 | image.repository | string | `"linuxserver/lazylibrarian"` | image repository |
 | image.tag | string | `"version-b3a081ec"` | image tag |
 | ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. |
 | persistence | object | See values.yaml | Configure persistence settings for the chart under this key. |
 | service | object | See values.yaml | Configures service settings for the chart. |
--- a/charts/lazy-librarian/values.yaml
+++ b/charts/lazy-librarian/values.yaml
@@ -0,0 +1,323 @@
 common:
  global:
    # -- Set an override for the prefix of the fullname
    nameOverride:
    # -- Set the entire name definition
    fullnameOverride:
    # -- Set additional global labels. Helm templates can be used.
    labels: {}
    # -- Set additional global annotations. Helm templates can be used.
    annotations: {}
  defaultPodOptions:
    # -- Defines affinity constraint rules.
    # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
    affinity: {}
    # -- Set annotations on the Pod. Pod-specific values will be merged with this.
    annotations: {}
    # -- Specifies whether a service account token should be automatically mounted.
    automountServiceAccountToken: true
    # -- Configuring the ndots option may resolve nslookup issues on some Kubernetes setups.
    dnsConfig: {}
    # -- Defaults to "ClusterFirst" if hostNetwork is false and "ClusterFirstWithHostNet" if hostNetwork is true.
    dnsPolicy: ""
    # -- Enable/disable the generation of environment variables for services.
    # [[ref]](https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#accessing-the-service)
    enableServiceLinks: false
    # -- Allows specifying explicit hostname setting
    hostname: ""
    # -- Use hostAliases to add custom entries to /etc/hosts - mapping IP addresses to hostnames.
    # [[ref]](https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/)
    hostAliases: []
    # -- Use the host's ipc namespace
    hostIPC: false
    # -- When using hostNetwork make sure you set dnsPolicy to `ClusterFirstWithHostNet`
    hostNetwork: false
    # -- Use the host's pid namespace
    hostPID: false
    # -- Set image pull secrets
    imagePullSecrets: []
    # -- Set labels on the Pod. Pod-specific values will be merged with this.
    labels: {}
    # -- Node selection constraint
    # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
    nodeSelector: {}
    # -- Custom priority class for different treatment by the scheduler
    priorityClassName: ""
    # -- Set Container restart policy.
    # @default -- `Always`. When `controller.type` is `cronjob` it defaults to `Never`.
    restartPolicy: ""
    # -- Allow specifying a runtimeClassName other than the default one (ie: nvidia)
    runtimeClassName: ""
    # -- Allows specifying a custom scheduler name
    schedulerName: ""
    # -- Configure the Security Context for the Pod
    securityContext:
      runAsUser: 1000
      runAsGroup: 1000
      fsGroup: 1000
      fsGroupChangePolicy: "OnRootMismatch"
    # -- Duration in seconds the pod needs to terminate gracefully
    # -- [[ref](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#lifecycle)]
    terminationGracePeriodSeconds:
    # -- Specify taint tolerations
    # [[ref]](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
    tolerations: []
    # -- Defines topologySpreadConstraint rules.
    # [[ref]](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/)
    topologySpreadConstraints: []
  controllers:
    main:
      # -- enable the controller.
      enabled: true
      # -- Set the controller type.
      # Valid options are deployment, daemonset, statefulset, cronjob or job
      type: deployment
      # -- Set annotations on the deployment/statefulset/daemonset/cronjob/job
      annotations: {}
      # -- Set labels on the deployment/statefulset/daemonset/cronjob/job
      labels: {}
      # -- Number of desired pods. When using a HorizontalPodAutoscaler, set this to `null`.
      replicas: 1
      # -- Set the controller upgrade strategy
      # For Deployments, valid values are Recreate (default) and RollingUpdate.
      # For StatefulSets, valid values are OnDelete and RollingUpdate (default).
      # DaemonSets/CronJobs/Jobs ignore this.
      strategy: Recreate
      # -- ReplicaSet revision history limit
      revisionHistoryLimit: 3
      # -- Container
      containers:
        main:
          # -- Override the container name
          nameOverride:
          # -- Specify if this container depends on any other containers
          # This is used to determine the order in which the containers are rendered.
          dependsOn: []
          # -- Image
          image:
            # -- image repository
            repository: lscr.io/linuxserver/lazylibrarian
            # -- image tag
            tag: version-b3a081ec
            # -- image pull policy
            pullPolicy: IfNotPresent
          # -- Override the command(s) for the default container
          command: []
          # -- Override the args for the default container
          args: []
          # -- Override the working directory for the default container
          workingDir:
          # -- Environment variables. Template enabled.
          env:
            PUID: 1000
            PGID: 1000
            TZ: US/Mountain
            DOCKER_MODS: linuxserver/mods:universal-calibre|linuxserver/mods:lazylibrarian-ffmpeg
          # -- Secrets and/or ConfigMaps that will be loaded as environment variables.
          envFrom: []
          # -- Set the resource requests / limits for the container.
          resources:
            ## We usually recommend not to specify default resources and to leave this as a conscious
            ## choice for the user. This also increases chances charts run on environments with little
            ## resources, such as Minikube. If you do want to specify resources, uncomment the following
            ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
            limits:
              cpu: 500m
              memory: 512Mi
            requests:
              cpu: 10m
              memory: 256Mi
  serviceAccount:
    # -- Specifies whether a service account should be created
    create: true
    # -- Annotations to add to the service account
    annotations: {}
    # -- Labels to add to the service account
    labels: {}
    # -- The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name: ""
  service:
    main:
      # -- Enables or disables the service
      enabled: true
      # -- Override the name suffix that is used for this service
      nameOverride: ""
      # -- Configure which controller this service should target
      controller: main
      # -- Make this the primary service for this controller (used in probes, notes, etc...).
      # If there is more than 1 service targeting the controller, make sure that only 1 service is
      # marked as primary.
      primary: true
      # -- Set the service type
      type: ClusterIP
      # -- Specify the externalTrafficPolicy for the service. Options: Cluster, Local
      # -- [[ref](https://kubernetes.io/docs/tutorials/services/source-ip/)]
      externalTrafficPolicy:
      # -- Specify the ip policy. Options: SingleStack, PreferDualStack, RequireDualStack
      ipFamilyPolicy:
      # -- The ip families that should be used. Options: IPv4, IPv6
      ipFamilies: []
      # -- Provide additional annotations which may be required.
      annotations: {}
      # -- Provide additional labels which may be required.
      labels: {}
      # -- Allow adding additional match labels
      extraSelectorLabels: {}
      # -- Configure the Service port information here.
      # Additional ports can be added by adding a dictionary key similar to the 'http' service.
      # @default -- See below
      ports:
        http:
          # -- Enables or disables the port
          enabled: true
          # -- Make this the primary port (used in probes, notes, etc...)
          # If there is more than 1 service, make sure that only 1 port is marked as primary.
          primary: true
          # -- The port number
          port: 5299
          # -- Port protocol.
          # Support values are `HTTP`, `HTTPS`, `TCP` and `UDP`.
          # HTTP and HTTPS spawn a TCP service and get used for internal URL and name generation
          protocol: HTTP
          # -- Specify a service targetPort if you wish to differ the service port from the application port.
          # If `targetPort` is specified, this port number is used in the container definition instead of
          # the `port` value. Therefore named ports are not supported for this field.
          targetPort:
          # -- Specify the nodePort value for the LoadBalancer and NodePort service types.
          # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport)
          nodePort:
          # -- Specify the appProtocol value for the Service.
          # [[ref]](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol)
          appProtocol:
  ingress:
    # -- An example is shown below
    main:
      # -- Enables or disables the ingress
      enabled: true
      # -- Override the name suffix that is used for this ingress.
      nameOverride:
      # -- Provide additional annotations which may be required.
      annotations: {}
      # -- Provide additional labels which may be required.
      labels: {}
      # -- Set the ingressClass that is used for this ingress.
      className:
      # -- Configure the defaultBackend for this ingress. This will disable any other rules for the ingress.
      defaultBackend:
      ## Configure the hosts for the ingress
      hosts:
        - # -- Host address. Helm template can be passed.
          host: chart-example.local
          ## Configure the paths for the host
          paths:
            - # -- Path.  Helm template can be passed.
              path: /
              pathType: Prefix
              service:
                # -- The service name to reference.
                name: main
                # -- The service port number reference for this path
                port: 5299
      # -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
      tls: []
      #  - secretName: chart-example-tls
      #    hosts:
      #      - chart-example.local
  persistence:
    config:
      # -- Enables or disables the persistence item. Defaults to true
      enabled: false
      # -- Sets the persistence type
      # Valid options are persistentVolumeClaim, emptyDir, nfs, hostPath, secret, configMap or custom
      type: persistentVolumeClaim
      # -- Storage Class for the config volume.
      # If set to `-`, dynamic provisioning is disabled.
      # If set to something else, the given storageClass is used.
      # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
      storageClass:
      # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
      existingClaim:
      # -- AccessMode for the persistent volume.
      # Make sure to select an access mode that is supported by your storage provider!
      # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
      accessMode: ReadWriteOnce
      # -- The amount of storage that is requested for the persistent volume.
      size: 1Gi
      # -- Set to true to retain the PVC upon `helm uninstall`
      retain: false
      # -- Configure mounts to all controllers and containers. By default the persistence item
      # will be mounted to `/<name_of_the_peristence_item>`.
      # Example:
      # globalMounts:
      #   - path: /config
      #     readOnly: false
      globalMounts:
        - path: /config
    downloads:
      # -- Enables or disables the persistence item. Defaults to true
      enabled: false
      # -- Sets the persistence type
      # Valid options are persistentVolumeClaim, emptyDir, nfs, hostPath, secret, configMap or custom
      type: persistentVolumeClaim
      # -- Storage Class for the config volume.
      # If set to `-`, dynamic provisioning is disabled.
      # If set to something else, the given storageClass is used.
      # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
      storageClass:
      # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
      existingClaim:
      # -- AccessMode for the persistent volume.
      # Make sure to select an access mode that is supported by your storage provider!
      # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
      accessMode: ReadWriteOnce
      # -- The amount of storage that is requested for the persistent volume.
      size: 1Gi
      # -- Set to true to retain the PVC upon `helm uninstall`
      retain: false
      # -- Configure mounts to all controllers and containers. By default the persistence item
      # will be mounted to `/<name_of_the_peristence_item>`.
      # Example:
      # globalMounts:
      #   - path: /config
      #     readOnly: false
      globalMounts:
        - path: /downloads
    books:
      # -- Enables or disables the persistence item. Defaults to true
      enabled: false
      # -- Sets the persistence type
      # Valid options are persistentVolumeClaim, emptyDir, nfs, hostPath, secret, configMap or custom
      type: persistentVolumeClaim
      # -- Storage Class for the config volume.
      # If set to `-`, dynamic provisioning is disabled.
      # If set to something else, the given storageClass is used.
      # If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
      storageClass:
      # -- If you want to reuse an existing claim, the name of the existing PVC can be passed here.
      existingClaim:
      # -- AccessMode for the persistent volume.
      # Make sure to select an access mode that is supported by your storage provider!
      # [[ref]](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
      accessMode: ReadWriteOnce
      # -- The amount of storage that is requested for the persistent volume.
      size: 1Gi
      # -- Set to true to retain the PVC upon `helm uninstall`
      retain: false
      # -- Configure mounts to all controllers and containers. By default the persistence item
      # will be mounted to `/<name_of_the_peristence_item>`.
      # Example:
      # globalMounts:
      #   - path: /config
      #     readOnly: false
      globalMounts:
        - path: /books
--- a/charts/matrix-hookshot/Chart.yaml
+++ b/charts/matrix-hookshot/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: matrix-hookshot
-version: 0.1.0
+version: 0.1.1
 description: Chart for Matrix Hookshot
 keywords:
  - matrix
@@ -11,4 +11,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4
-appVersion: "5.2.1"
+appVersion: "5.3.0"
--- a/charts/matrix-hookshot/values.yaml
+++ b/charts/matrix-hookshot/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: halfshot/matrix-hookshot
-    tag: "5.2.1"
+    tag: "5.3.0"
    imagePullPolicy: IfNotPresent
  env: {}
  envFrom: []
@@ -81,7 +81,7 @@ hookshot:
        resources:
          - widgets
-    #github:
+    # github:
    #  # (Optional) Configure this to enable GitHub support
    #  auth:
    #    # Authentication for the GitHub App.
@@ -104,7 +104,7 @@ hookshot:
    #    # (Optional) Prefix used when creating ghost users for GitHub accounts.
    #    _github_
-    #gitlab:
+    # gitlab:
    #  # (Optional) Configure this to enable GitLab support
    #  instances:
    #    gitlab.com:
@@ -119,7 +119,7 @@ hookshot:
    #    # (Optional) Aggregate comments by waiting this many miliseconds before posting them to Matrix. Defaults to 5000 (5 seconds)
    #    5000
-    #figma:
+    # figma:
    #  # (Optional) Configure this to enable Figma support
    #  publicUrl: https://example.com/hookshot/
    #  instances:
@@ -128,7 +128,7 @@ hookshot:
    #      accessToken: your-personal-access-token
    #      passcode: your-webhook-passcode
-    #jira:
+    # jira:
    #  # (Optional) Configure this to enable Jira support. Only specify `url` if you are using a On Premise install (i.e. not atlassian.com)
    #  webhook:
    #    # Webhook settings for JIRA
@@ -139,7 +139,7 @@ hookshot:
    #    client_secret: bar
    #    redirect_uri: https://example.com/oauth/
-    #generic:
+    # generic:
    #  # (Optional) Support for generic webhook events.
    #  #'allowJsTransformationFunctions' will allow users to write short transformation snippets in code, and thus is unsafe in untrusted environments
@@ -150,23 +150,23 @@ hookshot:
    #  allowJsTransformationFunctions: false
    #  waitForComplete: false
-    #feeds:
+    # feeds:
    #  # (Optional) Configure this to enable RSS/Atom feed support
    #  enabled: false
    #  pollConcurrency: 4
    #  pollIntervalSeconds: 600
    #  pollTimeoutSeconds: 30
-    #provisioning:
+    # provisioning:
    #  # (Optional) Provisioning API for integration managers
    #  secret: "!secretToken"
-    #bot:
+    # bot:
    #  # (Optional) Define profile information for the bot user
    #  displayname: Hookshot Bot
    #  avatar: mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d
-    #serviceBots:
+    # serviceBots:
    #  # (Optional) Define additional bot users for specific services
    #  - localpart: feeds
    #    displayname: Feeds
@@ -174,21 +174,21 @@ hookshot:
    #    prefix: "!feeds"
    #    service: feeds
-    #metrics:
+    # metrics:
    #  # (Optional) Prometheus metrics support
    #  enabled: true
-    #cache:
+    # cache:
    #  # (Optional) Cache options for large scale deployments.
    #  # For encryption to work, this must be configured.
    #  redisUri: redis://localhost:6379
-    #queue:
+    # queue:
    #  # (Optional) Message queue configuration options for large scale deployments.
    #  # For encryption to work, this must not be configured.
    #  redisUri: redis://localhost:6379
-    #widgets:
+    # widgets:
    #  # (Optional) EXPERIMENTAL support for complimentary widgets
    #  addToAdminRooms: false
    #  disallowedIpRanges:
@@ -217,12 +217,12 @@ hookshot:
    #  branding:
    #    widgetTitle: Hookshot Configuration
-    #sentry:
+    # sentry:
    #  # (Optional) Configure Sentry error reporting
    #  dsn: https://examplePublicKey@o0.ingest.sentry.io/0
    #  environment: production
-    #permissions:
+    # permissions:
    #  # (Optional) Permissions for using the bridge. See docs/setup.md#permissions for help
    #  - actor: example.com
    #    services:
--- a/charts/mautrix-whatsapp/Chart.yaml
+++ b/charts/mautrix-whatsapp/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: mautrix-whatsapp
-version: 0.0.2
+version: 0.0.3
 description: Chart for Matrix Whatsapp Bridge
 keywords:
  - matrix
@@ -12,4 +12,4 @@ sources:
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/88519669?s=48&v=4
-appVersion: v0.10.6
+appVersion: v0.10.7
--- a/charts/mautrix-whatsapp/values.yaml
+++ b/charts/mautrix-whatsapp/values.yaml
@@ -3,7 +3,7 @@ deployment:
  strategy: Recreate
  image:
    repository: dock.mau.dev/mautrix/whatsapp
-    tag: v0.10.6
+    tag: v0.10.7
    imagePullPolicy: IfNotPresent
  env: {}
  envFrom: []
@@ -45,479 +45,477 @@ persistence:
  accessMode: ReadWriteOnce
  size: 500Mi
 # Reference the following for examples
 # https://github.com/mautrix/whatsapp/blob/main/example-config.yaml
 mautrixWhatsapp:
  # config.yml contents
  existingSecret: ""
  config:
    # Homeserver details.
    homeserver:
-        # The address that this appservice can use to connect to the homeserver.
+      # The address that this appservice can use to connect to the homeserver.
-        address: https://matrix.example.com
+      address: https://matrix.example.com
-        # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
+      # The domain of the homeserver (also known as server_name, used for MXIDs, etc).
-        domain: example.com
+      domain: example.com
-        # What software is the homeserver running?
+      # What software is the homeserver running?
-        # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
+      # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here.
-        software: standard
+      software: standard
-        # The URL to push real-time bridge status to.
+      # The URL to push real-time bridge status to.
-        # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
+      # If set, the bridge will make POST requests to this URL whenever a user's whatsapp connection state changes.
-        # The bridge will use the appservice as_token to authorize requests.
+      # The bridge will use the appservice as_token to authorize requests.
-        status_endpoint: null
+      status_endpoint: null
-        # Endpoint for reporting per-message status.
+      # Endpoint for reporting per-message status.
-        message_send_checkpoint_endpoint: null
+      message_send_checkpoint_endpoint: null
-        # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
+      # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246?
-        async_media: false
+      async_media: false
-        # Should the bridge use a websocket for connecting to the homeserver?
+      # Should the bridge use a websocket for connecting to the homeserver?
-        # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
+      # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy,
-        # mautrix-asmux (deprecated), and hungryserv (proprietary).
+      # mautrix-asmux (deprecated), and hungryserv (proprietary).
-        websocket: false
+      websocket: false
-        # How often should the websocket be pinged? Pinging will be disabled if this is zero.
+      # How often should the websocket be pinged? Pinging will be disabled if this is zero.
-        ping_interval_seconds: 0
+      ping_interval_seconds: 0
    # Application service host/registration related details.
    # Changing these values requires regeneration of the registration.
    appservice:
-        # The address that the homeserver can use to connect to this appservice.
+      # The address that the homeserver can use to connect to this appservice.
-        address: http://localhost:29318
+      address: http://localhost:29318
-        # The hostname and port where this appservice should listen.
+      # The hostname and port where this appservice should listen.
-        hostname: 0.0.0.0
+      hostname: 0.0.0.0
-        port: 29318
+      port: 29318
-        # Database config.
+      # Database config.
-        database:
+      database:
-            # The database type. "sqlite3-fk-wal" and "postgres" are supported.
+        # The database type. "sqlite3-fk-wal" and "postgres" are supported.
-            type: postgres
+        type: postgres
-            # The database URI.
+        # The database URI.
-            #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
+        #   SQLite: A raw file path is supported, but `file:<path>?_txlock=immediate` is recommended.
-            #           https://github.com/mattn/go-sqlite3#connection-string
+        #           https://github.com/mattn/go-sqlite3#connection-string
-            #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
+        #   Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable
-            #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
+        #             To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql
-            uri: postgres://user:password@host/database?sslmode=disable
+        uri: postgres://user:password@host/database?sslmode=disable
-            # Maximum number of connections. Mostly relevant for Postgres.
+        # Maximum number of connections. Mostly relevant for Postgres.
-            max_open_conns: 20
+        max_open_conns: 20
-            max_idle_conns: 2
+        max_idle_conns: 2
-            # Maximum connection idle time and lifetime before they're closed. Disabled if null.
+        # Maximum connection idle time and lifetime before they're closed. Disabled if null.
-            # Parsed with https://pkg.go.dev/time#ParseDuration
+        # Parsed with https://pkg.go.dev/time#ParseDuration
-            max_conn_idle_time: null
+        max_conn_idle_time: null
-            max_conn_lifetime: null
+        max_conn_lifetime: null
-        # The unique ID of this appservice.
+      # The unique ID of this appservice.
-        id: whatsapp
+      id: whatsapp
-        # Appservice bot details.
+      # Appservice bot details.
-        bot:
+      bot:
-            # Username of the appservice bot.
+        # Username of the appservice bot.
-            username: whatsappbot
+        username: whatsappbot
-            # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
+        # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty
-            # to leave display name/avatar as-is.
+        # to leave display name/avatar as-is.
-            displayname: WhatsApp bridge bot
+        displayname: WhatsApp bridge bot
-            avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
+        avatar: mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr
-        # Whether or not to receive ephemeral events via appservice transactions.
+      # Whether or not to receive ephemeral events via appservice transactions.
-        # Requires MSC2409 support (i.e. Synapse 1.22+).
+      # Requires MSC2409 support (i.e. Synapse 1.22+).
-        ephemeral_events: true
+      ephemeral_events: true
-        # Should incoming events be handled asynchronously?
+      # Should incoming events be handled asynchronously?
-        # This may be necessary for large public instances with lots of messages going through.
+      # This may be necessary for large public instances with lots of messages going through.
-        # However, messages will not be guaranteed to be bridged in the same order they were sent in.
+      # However, messages will not be guaranteed to be bridged in the same order they were sent in.
-        async_transactions: false
+      async_transactions: false
-        # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
+      # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
-        as_token: "This value is generated when generating the registration"
+      as_token: "This value is generated when generating the registration"
-        hs_token: "This value is generated when generating the registration"
+      hs_token: "This value is generated when generating the registration"
    # Segment-compatible analytics endpoint for tracking some events, like provisioning API login and encryption errors.
    analytics:
-        # Hostname of the tracking server. The path is hardcoded to /v1/track
+      # Hostname of the tracking server. The path is hardcoded to /v1/track
-        host: api.segment.io
+      host: api.segment.io
-        # API key to send with tracking requests. Tracking is disabled if this is null.
+      # API key to send with tracking requests. Tracking is disabled if this is null.
-        token: null
+      token: null
-        # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
+      # Optional user ID for tracking events. If null, defaults to using Matrix user ID.
-        user_id: null
+      user_id: null
    # Prometheus config.
    metrics:
-        # Enable prometheus metrics?
+      # Enable prometheus metrics?
-        enabled: false
+      enabled: false
-        # IP and port where the metrics listener should be. The path is always /metrics
+      # IP and port where the metrics listener should be. The path is always /metrics
-        listen: 127.0.0.1:8001
+      listen: 127.0.0.1:8001
    # Config for things that are directly sent to WhatsApp.
    whatsapp:
-        # Device name that's shown in the "WhatsApp Web" section in the mobile app.
+      # Device name that's shown in the "WhatsApp Web" section in the mobile app.
-        os_name: Mautrix-WhatsApp bridge
+      os_name: Mautrix-WhatsApp bridge
-        # Browser name that determines the logo shown in the mobile app.
+      # Browser name that determines the logo shown in the mobile app.
-        # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
+      # Must be "unknown" for a generic icon or a valid browser name if you want a specific icon.
-        # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
+      # List of valid browser names: https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64
-        browser_name: unknown
+      browser_name: unknown
    # Bridge config
    bridge:
-        # Localpart template of MXIDs for WhatsApp users.
+      # Localpart template of MXIDs for WhatsApp users.
-        # {{.}} is replaced with the phone number of the WhatsApp user.
+      # {{.}} is replaced with the phone number of the WhatsApp user.
-        username_template: whatsapp_{{.}}
+      username_template: whatsapp_{{.}}
-        # Displayname template for WhatsApp users.
+      # Displayname template for WhatsApp users.
-        # {{.PushName}}     - nickname set by the WhatsApp user
+      # {{.PushName}}     - nickname set by the WhatsApp user
-        # {{.BusinessName}} - validated WhatsApp business name
+      # {{.BusinessName}} - validated WhatsApp business name
-        # {{.Phone}}        - phone number (international format)
+      # {{.Phone}}        - phone number (international format)
-        # The following variables are also available, but will cause problems on multi-user instances:
+      # The following variables are also available, but will cause problems on multi-user instances:
-        # {{.FullName}}  - full name from contact list
+      # {{.FullName}}  - full name from contact list
-        # {{.FirstName}} - first name from contact list
+      # {{.FirstName}} - first name from contact list
-        displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
+      displayname_template: "{{or .BusinessName .PushName .JID}} (WA)"
-        # Should the bridge create a space for each logged-in user and add bridged rooms to it?
+      # Should the bridge create a space for each logged-in user and add bridged rooms to it?
-        # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
+      # Users who logged in before turning this on should run `!wa sync space` to create and fill the space for the first time.
-        personal_filtering_spaces: false
+      personal_filtering_spaces: false
-        # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
+      # Should the bridge send a read receipt from the bridge bot when a message has been sent to WhatsApp?
-        delivery_receipts: false
+      delivery_receipts: false
-        # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
+      # Whether the bridge should send the message status as a custom com.beeper.message_send_status event.
-        message_status_events: false
+      message_status_events: false
-        # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
+      # Whether the bridge should send error notices via m.notice events when a message fails to bridge.
-        message_error_notices: true
+      message_error_notices: true
-        # Should incoming calls send a message to the Matrix room?
+      # Should incoming calls send a message to the Matrix room?
-        call_start_notices: true
+      call_start_notices: true
-        # Should another user's cryptographic identity changing send a message to Matrix?
+      # Should another user's cryptographic identity changing send a message to Matrix?
-        identity_change_notices: false
+      identity_change_notices: false
-        portal_message_buffer: 128
+      portal_message_buffer: 128
-        # Settings for handling history sync payloads.
+      # Settings for handling history sync payloads.
-        history_sync:
+      history_sync:
-            # Enable backfilling history sync payloads from WhatsApp?
+        # Enable backfilling history sync payloads from WhatsApp?
-            backfill: true
+        backfill: true
-            # The maximum number of initial conversations that should be synced.
+        # The maximum number of initial conversations that should be synced.
-            # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
+        # Other conversations will be backfilled on demand when receiving a message or when initiating a direct chat.
-            max_initial_conversations: -1
+        max_initial_conversations: -1
-            # Maximum number of messages to backfill in each conversation.
+        # Maximum number of messages to backfill in each conversation.
-            # Set to -1 to disable limit.
+        # Set to -1 to disable limit.
-            message_count: 50
+        message_count: 50
-            # Should the bridge request a full sync from the phone when logging in?
+        # Should the bridge request a full sync from the phone when logging in?
-            # This bumps the size of history syncs from 3 months to 1 year.
+        # This bumps the size of history syncs from 3 months to 1 year.
-            request_full_sync: false
+        request_full_sync: false
-            # Configuration parameters that are sent to the phone along with the request full sync flag.
+        # Configuration parameters that are sent to the phone along with the request full sync flag.
-            # By default (when the values are null or 0), the config isn't sent at all.
+        # By default (when the values are null or 0), the config isn't sent at all.
-            full_sync_config:
+        full_sync_config:
-                # Number of days of history to request.
+          # Number of days of history to request.
-                # The limit seems to be around 3 years, but using higher values doesn't break.
+          # The limit seems to be around 3 years, but using higher values doesn't break.
-                days_limit: null
+          days_limit: null
-                # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
+          # This is presumably the maximum size of the transferred history sync blob, which may affect what the phone includes in the blob.
-                size_mb_limit: null
+          size_mb_limit: null
-                # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
+          # This is presumably the local storage quota, which may affect what the phone includes in the history sync blob.
-                storage_quota_mb: null
+          storage_quota_mb: null
-            # If this value is greater than 0, then if the conversation's last message was more than
+        # If this value is greater than 0, then if the conversation's last message was more than
-            # this number of hours ago, then the conversation will automatically be marked it as read.
+        # this number of hours ago, then the conversation will automatically be marked it as read.
-            # Conversations that have a last message that is less than this number of hours ago will
+        # Conversations that have a last message that is less than this number of hours ago will
-            # have their unread status synced from WhatsApp.
+        # have their unread status synced from WhatsApp.
-            unread_hours_threshold: 0
+        unread_hours_threshold: 0
-            ###############################################################################
+        ###############################################################################
-            # The settings below are only applicable for backfilling using batch sending, #
+        # The settings below are only applicable for backfilling using batch sending, #
-            # which is no longer supported in Synapse.                                    #
+        # which is no longer supported in Synapse.                                    #
-            ###############################################################################
+        ###############################################################################
-            # Settings for media requests. If the media expired, then it will not be on the WA servers.
+        # Settings for media requests. If the media expired, then it will not be on the WA servers.
-            # Media can always be requested by reacting with the ♻️ (recycle) emoji.
+        # Media can always be requested by reacting with the ♻️ (recycle) emoji.
-            # These settings determine if the media requests should be done automatically during or after backfill.
+        # These settings determine if the media requests should be done automatically during or after backfill.
-            media_requests:
+        media_requests:
-                # Should expired media be automatically requested from the server as part of the backfill process?
+          # Should expired media be automatically requested from the server as part of the backfill process?
-                auto_request_media: true
+          auto_request_media: true
-                # Whether to request the media immediately after the media message is backfilled ("immediate")
+          # Whether to request the media immediately after the media message is backfilled ("immediate")
-                # or at a specific time of the day ("local_time").
+          # or at a specific time of the day ("local_time").
-                request_method: immediate
+          request_method: immediate
-                # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
+          # If request_method is "local_time", what time should the requests be sent (in minutes after midnight)?
-                request_local_time: 120
+          request_local_time: 120
-            # Settings for immediate backfills. These backfills should generally be small and their main purpose is
+        # Settings for immediate backfills. These backfills should generally be small and their main purpose is
-            # to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
+        # to populate each of the initial chats (as configured by max_initial_conversations) with a few messages
-            # so that you can continue conversations without losing context.
+        # so that you can continue conversations without losing context.
-            immediate:
+        immediate:
-                # The number of concurrent backfill workers to create for immediate backfills.
+          # The number of concurrent backfill workers to create for immediate backfills.
-                # Note that using more than one worker could cause the room list to jump around
+          # Note that using more than one worker could cause the room list to jump around
-                # since there are no guarantees about the order in which the backfills will complete.
+          # since there are no guarantees about the order in which the backfills will complete.
-                worker_count: 1
+          worker_count: 1
-                # The maximum number of events to backfill initially.
+          # The maximum number of events to backfill initially.
-                max_events: 10
+          max_events: 10
-            # Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
+        # Settings for deferred backfills. The purpose of these backfills are to fill in the rest of
-            # the chat history that was not covered by the immediate backfills.
+        # the chat history that was not covered by the immediate backfills.
-            # These backfills generally should happen at a slower pace so as not to overload the homeserver.
+        # These backfills generally should happen at a slower pace so as not to overload the homeserver.
-            # Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
+        # Each deferred backfill config should define a "stage" of backfill (i.e. the last week of messages).
-            # The fields are as follows:
+        # The fields are as follows:
-            # - start_days_ago: the number of days ago to start backfilling from.
+        # - start_days_ago: the number of days ago to start backfilling from.
-            #     To indicate the start of time, use -1. For example, for a week ago, use 7.
+        #     To indicate the start of time, use -1. For example, for a week ago, use 7.
-            # - max_batch_events: the number of events to send per batch.
+        # - max_batch_events: the number of events to send per batch.
-            # - batch_delay: the number of seconds to wait before backfilling each batch.
+        # - batch_delay: the number of seconds to wait before backfilling each batch.
-            deferred:
+        deferred:
-                # Last Week
+          # Last Week
-                - start_days_ago: 7
+          - start_days_ago: 7
-                  max_batch_events: 20
+            max_batch_events: 20
-                  batch_delay: 5
+            batch_delay: 5
-                # Last Month
+          # Last Month
-                - start_days_ago: 30
+          - start_days_ago: 30
-                  max_batch_events: 50
+            max_batch_events: 50
-                  batch_delay: 10
+            batch_delay: 10
-                # Last 3 months
+          # Last 3 months
-                - start_days_ago: 90
+          - start_days_ago: 90
-                  max_batch_events: 100
+            max_batch_events: 100
-                  batch_delay: 10
+            batch_delay: 10
-                # The start of time
+          # The start of time
-                - start_days_ago: -1
+          - start_days_ago: -1
-                  max_batch_events: 500
+            max_batch_events: 500
-                  batch_delay: 10
+            batch_delay: 10
-        # Should puppet avatars be fetched from the server even if an avatar is already set?
+      # Should puppet avatars be fetched from the server even if an avatar is already set?
-        user_avatar_sync: true
+      user_avatar_sync: true
-        # Should Matrix users leaving groups be bridged to WhatsApp?
+      # Should Matrix users leaving groups be bridged to WhatsApp?
-        bridge_matrix_leave: true
+      bridge_matrix_leave: true
-        # Should the bridge update the m.direct account data event when double puppeting is enabled.
+      # Should the bridge update the m.direct account data event when double puppeting is enabled.
-        # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
+      # Note that updating the m.direct event is not atomic (except with mautrix-asmux)
-        # and is therefore prone to race conditions.
+      # and is therefore prone to race conditions.
-        sync_direct_chat_list: false
+      sync_direct_chat_list: false
-        # Should the bridge use MSC2867 to bridge manual "mark as unread"s from
+      # Should the bridge use MSC2867 to bridge manual "mark as unread"s from
-        # WhatsApp and set the unread status on initial backfill?
+      # WhatsApp and set the unread status on initial backfill?
-        # This will only work on clients that support the m.marked_unread or
+      # This will only work on clients that support the m.marked_unread or
-        # com.famedly.marked_unread room account data.
+      # com.famedly.marked_unread room account data.
-        sync_manual_marked_unread: true
+      sync_manual_marked_unread: true
-        # When double puppeting is enabled, users can use `!wa toggle` to change whether
+      # When double puppeting is enabled, users can use `!wa toggle` to change whether
-        # presence is bridged. This setting sets the default value.
+      # presence is bridged. This setting sets the default value.
-        # Existing users won't be affected when these are changed.
+      # Existing users won't be affected when these are changed.
-        default_bridge_presence: true
+      default_bridge_presence: true
-        # Send the presence as "available" to whatsapp when users start typing on a portal.
+      # Send the presence as "available" to whatsapp when users start typing on a portal.
-        # This works as a workaround for homeservers that do not support presence, and allows
+      # This works as a workaround for homeservers that do not support presence, and allows
-        # users to see when the whatsapp user on the other side is typing during a conversation.
+      # users to see when the whatsapp user on the other side is typing during a conversation.
-        send_presence_on_typing: false
+      send_presence_on_typing: false
-        # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
+      # Should the bridge always send "active" delivery receipts (two gray ticks on WhatsApp)
-        # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
+      # even if the user isn't marked as online (e.g. when presence bridging isn't enabled)?
      #
      # By default, the bridge acts like WhatsApp web, which only sends active delivery
      # receipts when it's in the foreground.
      force_active_delivery_receipts: false
      # Servers to always allow double puppeting from
      double_puppet_server_map:
        example.com: https://example.com
      # Allow using double puppeting from any server with a valid client .well-known file.
      double_puppet_allow_discovery: false
      # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
      #
      # If set, double puppeting will be enabled automatically for local users
      # instead of users having to find an access token and run `login-matrix`
      # manually.
      login_shared_secret_map:
        example.com: foobar
      # Whether to explicitly set the avatar and room name for private chat portal rooms.
      # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
      # If set to `always`, all DM rooms will have explicit names and avatars set.
      # If set to `never`, DM rooms will never have names and avatars set.
      private_chat_portal_meta: default
      # Should group members be synced in parallel? This makes member sync faster
      parallel_member_sync: false
      # Should Matrix m.notice-type messages be bridged?
      bridge_notices: true
      # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
      # This field will automatically be changed back to false after it, except if the config file is not writable.
      resend_bridge_info: false
      # When using double puppeting, should muted chats be muted in Matrix?
      mute_bridging: false
      # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
      # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
      # This can be set to a tag (e.g. m.lowpriority), or null to disable.
      archive_tag: null
      # Same as above, but for pinned chats. The favorite tag is called m.favourite
      pinned_tag: null
      # Should mute status and tags only be bridged when the portal room is created?
      tag_only_on_create: true
      # Should WhatsApp status messages be bridged into a Matrix room?
      # Disabling this won't affect already created status broadcast rooms.
      enable_status_broadcast: true
      # Should sending WhatsApp status messages be allowed?
      # This can cause issues if the user has lots of contacts, so it's disabled by default.
      disable_status_broadcast_send: true
      # Should the status broadcast room be muted and moved into low priority by default?
      # This is only applied when creating the room, the user can unmute it later.
      mute_status_broadcast: true
      # Tag to apply to the status broadcast room.
      status_broadcast_tag: m.lowpriority
      # Should the bridge use thumbnails from WhatsApp?
      # They're disabled by default due to very low resolution.
      whatsapp_thumbnail: false
      # Allow invite permission for user. User can invite any bots to room with whatsapp
      # users (private chat and groups)
      allow_user_invite: false
      # Whether or not created rooms should have federation enabled.
      # If false, created portal rooms will never be federated.
      federate_rooms: true
      # Should the bridge never send alerts to the bridge management room?
      # These are mostly things like the user being logged out.
      disable_bridge_alerts: false
      # Should the bridge stop if the WhatsApp server says another user connected with the same session?
      # This is only safe on single-user bridges.
      crash_on_stream_replaced: false
      # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
      # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
      # key in the event content even if this is disabled.
      url_previews: false
      # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
      # This is currently not supported in most clients.
      caption_in_message: false
      # Send galleries as a single event? This is not an MSC (yet).
      beeper_galleries: false
      # Should polls be sent using MSC3381 event types?
      extev_polls: false
      # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
      cross_room_replies: false
      # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
      # but they're being phased out and will be completely removed in the future.
      disable_reply_fallbacks: false
      # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
      # Null means there's no enforced timeout.
      message_handling_timeout:
        # Send an error message after this timeout, but keep waiting for the response until the deadline.
        # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
        # If the message is older than this when it reaches the bridge, the message won't be handled at all.
        error_after: null
        # Drop messages after this timeout. They may still go through if the message got sent to the servers.
        # This is counted from the time the bridge starts handling the message.
        deadline: 120s
      # The prefix for commands. Only required in non-management rooms.
      command_prefix: "!wa"
      # Messages sent upon joining a management room.
      # Markdown is supported. The defaults are listed below.
      management_room_text:
        # Sent when joining a room.
        welcome: "Hello, I'm a WhatsApp bridge bot."
        # Sent when joining a management room and the user is already logged in.
        welcome_connected: "Use `help` for help."
        # Sent when joining a management room and the user is not logged in.
        welcome_unconnected: "Use `help` for help or `login` to log in."
        # Optional extra text sent when joining a management room.
        additional_help: ""
      # End-to-bridge encryption support options.
      #
      # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
      encryption:
        # Allow encryption, work in group chat rooms with e2ee enabled
        allow: false
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false
        # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
        appservice: false
        # Require encryption, drop any unencrypted messages.
        require: false
        # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
        # You must use a client that supports requesting keys from other users to use this feature.
        allow_key_sharing: false
        # Should users mentions be in the event wire content to enable the server to send push notifications?
        plaintext_mentions: false
        # Options for deleting megolm sessions from the bridge.
        delete_keys:
          # Beeper-specific: delete outbound sessions when hungryserv confirms
          # that the user has uploaded the key to key backup.
          delete_outbound_on_ack: false
          # Don't store outbound sessions in the inbound table.
          dont_store_outbound: false
          # Ratchet megolm sessions forward after decrypting messages.
          ratchet_on_decrypt: false
          # Delete fully used keys (index >= max_messages) after decrypting messages.
          delete_fully_used_on_decrypt: false
          # Delete previous megolm sessions from same device when receiving a new one.
          delete_prev_on_new_session: false
          # Delete megolm sessions received from a device when the device is deleted.
          delete_on_device_delete: false
          # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
          periodically_delete_expired: false
          # Delete inbound megolm sessions that don't have the received_at field used for
          # automatic ratcheting and expired session deletion. This is meant as a migration
          # to delete old keys prior to the bridge update.
          delete_outdated_inbound: false
        # What level of device verification should be required from users?
        #
-        # By default, the bridge acts like WhatsApp web, which only sends active delivery
+        # Valid levels:
-        # receipts when it's in the foreground.
+        #   unverified - Send keys to all device in the room.
-        force_active_delivery_receipts: false
+        #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
-        # Servers to always allow double puppeting from
+        #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
-        double_puppet_server_map:
+        #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
-            example.com: https://example.com
+        #                           Note that creating user signatures from the bridge bot is not currently possible.
-        # Allow using double puppeting from any server with a valid client .well-known file.
+        #   verified - Require manual per-device verification
-        double_puppet_allow_discovery: false
+        #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
-        # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth
+        verification_levels:
-        #
+          # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
-        # If set, double puppeting will be enabled automatically for local users
+          receive: unverified
-        # instead of users having to find an access token and run `login-matrix`
+          # Minimum level that the bridge should accept for incoming Matrix messages.
-        # manually.
+          send: unverified
-        login_shared_secret_map:
+          # Minimum level that the bridge should require for accepting key requests.
-            example.com: foobar
+          share: cross-signed-tofu
-        # Whether to explicitly set the avatar and room name for private chat portal rooms.
+        # Options for Megolm room key rotation. These options allow you to
-        # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms.
+        # configure the m.room.encryption event content. See:
-        # If set to `always`, all DM rooms will have explicit names and avatars set.
+        # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
-        # If set to `never`, DM rooms will never have names and avatars set.
+        # more information about that event.
-        private_chat_portal_meta: default
+        rotation:
-        # Should group members be synced in parallel? This makes member sync faster
+          # Enable custom Megolm room key rotation settings. Note that these
-        parallel_member_sync: false
+          # settings will only apply to rooms created after this option is
-        # Should Matrix m.notice-type messages be bridged?
+          # set.
-        bridge_notices: true
+          enable_custom: false
-        # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run.
+          # The maximum number of milliseconds a session should be used
-        # This field will automatically be changed back to false after it, except if the config file is not writable.
+          # before changing it. The Matrix spec recommends 604800000 (a week)
-        resend_bridge_info: false
+          # as the default.
-        # When using double puppeting, should muted chats be muted in Matrix?
+          milliseconds: 604800000
-        mute_bridging: false
+          # The maximum number of messages that should be sent with a given a
-        # When using double puppeting, should archived chats be moved to a specific tag in Matrix?
+          # session before changing it. The Matrix spec recommends 100 as the
-        # Note that WhatsApp unarchives chats when a message is received, which will also be mirrored to Matrix.
+          # default.
-        # This can be set to a tag (e.g. m.lowpriority), or null to disable.
+          messages: 100
        archive_tag: null
        # Same as above, but for pinned chats. The favorite tag is called m.favourite
        pinned_tag: null
        # Should mute status and tags only be bridged when the portal room is created?
        tag_only_on_create: true
        # Should WhatsApp status messages be bridged into a Matrix room?
        # Disabling this won't affect already created status broadcast rooms.
        enable_status_broadcast: true
        # Should sending WhatsApp status messages be allowed?
        # This can cause issues if the user has lots of contacts, so it's disabled by default.
        disable_status_broadcast_send: true
        # Should the status broadcast room be muted and moved into low priority by default?
        # This is only applied when creating the room, the user can unmute it later.
        mute_status_broadcast: true
        # Tag to apply to the status broadcast room.
        status_broadcast_tag: m.lowpriority
        # Should the bridge use thumbnails from WhatsApp?
        # They're disabled by default due to very low resolution.
        whatsapp_thumbnail: false
        # Allow invite permission for user. User can invite any bots to room with whatsapp
        # users (private chat and groups)
        allow_user_invite: false
        # Whether or not created rooms should have federation enabled.
        # If false, created portal rooms will never be federated.
        federate_rooms: true
        # Should the bridge never send alerts to the bridge management room?
        # These are mostly things like the user being logged out.
        disable_bridge_alerts: false
        # Should the bridge stop if the WhatsApp server says another user connected with the same session?
        # This is only safe on single-user bridges.
        crash_on_stream_replaced: false
        # Should the bridge detect URLs in outgoing messages, ask the homeserver to generate a preview,
        # and send it to WhatsApp? URL previews can always be sent using the `com.beeper.linkpreviews`
        # key in the event content even if this is disabled.
        url_previews: false
        # Send captions in the same message as images. This will send data compatible with both MSC2530 and MSC3552.
        # This is currently not supported in most clients.
        caption_in_message: false
        # Send galleries as a single event? This is not an MSC (yet).
        beeper_galleries: false
        # Should polls be sent using MSC3381 event types?
        extev_polls: false
        # Should cross-chat replies from WhatsApp be bridged? Most servers and clients don't support this.
        cross_room_replies: false
        # Disable generating reply fallbacks? Some extremely bad clients still rely on them,
        # but they're being phased out and will be completely removed in the future.
        disable_reply_fallbacks: false
        # Maximum time for handling Matrix events. Duration strings formatted for https://pkg.go.dev/time#ParseDuration
        # Null means there's no enforced timeout.
        message_handling_timeout:
            # Send an error message after this timeout, but keep waiting for the response until the deadline.
            # This is counted from the origin_server_ts, so the warning time is consistent regardless of the source of delay.
            # If the message is older than this when it reaches the bridge, the message won't be handled at all.
            error_after: null
            # Drop messages after this timeout. They may still go through if the message got sent to the servers.
            # This is counted from the time the bridge starts handling the message.
            deadline: 120s
-        # The prefix for commands. Only required in non-management rooms.
+          # Disable rotating keys when a user's devices change?
-        command_prefix: "!wa"
+          # You should not enable this option unless you understand all the implications.
          disable_device_change_key_rotation: false
-        # Messages sent upon joining a management room.
+      # Settings for provisioning API
-        # Markdown is supported. The defaults are listed below.
+      provisioning:
-        management_room_text:
+        # Prefix for the provisioning API paths.
-            # Sent when joining a room.
+        prefix: /_matrix/provision
-            welcome: "Hello, I'm a WhatsApp bridge bot."
+        # Shared secret for authentication. If set to "generate", a random secret will be generated,
-            # Sent when joining a management room and the user is already logged in.
+        # or if set to "disable", the provisioning API will be disabled.
-            welcome_connected: "Use `help` for help."
+        shared_secret: generate
-            # Sent when joining a management room and the user is not logged in.
+        # Enable debug API at /debug with provisioning authentication.
-            welcome_unconnected: "Use `help` for help or `login` to log in."
+        debug_endpoints: false
            # Optional extra text sent when joining a management room.
            additional_help: ""
-        # End-to-bridge encryption support options.
+      # Permissions for using the bridge.
-        #
+      # Permitted values:
-        # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info.
+      #    relay - Talk through the relaybot (if enabled), no access otherwise
-        encryption:
+      #     user - Access to use the bridge to chat with a WhatsApp account.
-            # Allow encryption, work in group chat rooms with e2ee enabled
+      #    admin - User level and some additional administration tools
-            allow: false
+      # Permitted keys:
-            # Default to encryption, force-enable encryption in all portals the bridge creates
+      #        * - All Matrix users
-            # This will cause the bridge bot to be in private chats for the encryption to work properly.
+      #   domain - All users on that homeserver
-            default: false
+      #     mxid - Specific user
-            # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data.
+      permissions:
-            appservice: false
+        "*": relay
-            # Require encryption, drop any unencrypted messages.
+        "example.com": user
-            require: false
+        "@admin:example.com": admin
            # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled.
            # You must use a client that supports requesting keys from other users to use this feature.
            allow_key_sharing: false
            # Should users mentions be in the event wire content to enable the server to send push notifications?
            plaintext_mentions: false
            # Options for deleting megolm sessions from the bridge.
            delete_keys:
                # Beeper-specific: delete outbound sessions when hungryserv confirms
                # that the user has uploaded the key to key backup.
                delete_outbound_on_ack: false
                # Don't store outbound sessions in the inbound table.
                dont_store_outbound: false
                # Ratchet megolm sessions forward after decrypting messages.
                ratchet_on_decrypt: false
                # Delete fully used keys (index >= max_messages) after decrypting messages.
                delete_fully_used_on_decrypt: false
                # Delete previous megolm sessions from same device when receiving a new one.
                delete_prev_on_new_session: false
                # Delete megolm sessions received from a device when the device is deleted.
                delete_on_device_delete: false
                # Periodically delete megolm sessions when 2x max_age has passed since receiving the session.
                periodically_delete_expired: false
                # Delete inbound megolm sessions that don't have the received_at field used for
                # automatic ratcheting and expired session deletion. This is meant as a migration
                # to delete old keys prior to the bridge update.
                delete_outdated_inbound: false
            # What level of device verification should be required from users?
            #
            # Valid levels:
            #   unverified - Send keys to all device in the room.
            #   cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys.
            #   cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes).
            #   cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot.
            #                           Note that creating user signatures from the bridge bot is not currently possible.
            #   verified - Require manual per-device verification
            #              (currently only possible by modifying the `trust` column in the `crypto_device` database table).
            verification_levels:
                # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix.
                receive: unverified
                # Minimum level that the bridge should accept for incoming Matrix messages.
                send: unverified
                # Minimum level that the bridge should require for accepting key requests.
                share: cross-signed-tofu
            # Options for Megolm room key rotation. These options allow you to
            # configure the m.room.encryption event content. See:
            # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for
            # more information about that event.
            rotation:
                # Enable custom Megolm room key rotation settings. Note that these
                # settings will only apply to rooms created after this option is
                # set.
                enable_custom: false
                # The maximum number of milliseconds a session should be used
                # before changing it. The Matrix spec recommends 604800000 (a week)
                # as the default.
                milliseconds: 604800000
                # The maximum number of messages that should be sent with a given a
                # session before changing it. The Matrix spec recommends 100 as the
                # default.
                messages: 100
-                # Disable rotating keys when a user's devices change?
+      # Settings for relay mode
-                # You should not enable this option unless you understand all the implications.
+      relay:
-                disable_device_change_key_rotation: false
+        # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
-
+        # authenticated user into a relaybot for that chat.
-        # Settings for provisioning API
+        enabled: false
-        provisioning:
+        # Should only admins be allowed to set themselves as relay users?
-            # Prefix for the provisioning API paths.
+        admin_only: true
-            prefix: /_matrix/provision
+        # The formats to use when sending messages to WhatsApp via the relaybot.
-            # Shared secret for authentication. If set to "generate", a random secret will be generated,
+        message_formats:
-            # or if set to "disable", the provisioning API will be disabled.
+          m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
-            shared_secret: generate
+          m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
-            # Enable debug API at /debug with provisioning authentication.
+          m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
-            debug_endpoints: false
+          m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
-
+          m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
-        # Permissions for using the bridge.
+          m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
-        # Permitted values:
+          m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
-        #    relay - Talk through the relaybot (if enabled), no access otherwise
+          m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
        #     user - Access to use the bridge to chat with a WhatsApp account.
        #    admin - User level and some additional administration tools
        # Permitted keys:
        #        * - All Matrix users
        #   domain - All users on that homeserver
        #     mxid - Specific user
        permissions:
            "*": relay
            "example.com": user
            "@admin:example.com": admin
        # Settings for relay mode
        relay:
            # Whether relay mode should be allowed. If allowed, `!wa set-relay` can be used to turn any
            # authenticated user into a relaybot for that chat.
            enabled: false
            # Should only admins be allowed to set themselves as relay users?
            admin_only: true
            # The formats to use when sending messages to WhatsApp via the relaybot.
            message_formats:
                m.text: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
                m.notice: "<b>{{ .Sender.Displayname }}</b>: {{ .Message }}"
                m.emote: "* <b>{{ .Sender.Displayname }}</b> {{ .Message }}"
                m.file: "<b>{{ .Sender.Displayname }}</b> sent a file"
                m.image: "<b>{{ .Sender.Displayname }}</b> sent an image"
                m.audio: "<b>{{ .Sender.Displayname }}</b> sent an audio file"
                m.video: "<b>{{ .Sender.Displayname }}</b> sent a video"
                m.location: "<b>{{ .Sender.Displayname }}</b> sent a location"
    # Logging config. See https://github.com/tulir/zeroconfig for details.
    logging:
-        min_level: debug
+      min_level: debug
-        writers:
+      writers:
        - type: stdout
          format: pretty-colored
        - type: file
--- a/charts/outline/Chart.yaml
+++ b/charts/outline/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: outline
-version: 0.5.0
+version: 0.5.2
 description: Chart for Outline wiki
 keywords:
  - wiki
@@ -14,5 +14,5 @@ icon: https://avatars.githubusercontent.com/u/1765001?s=48&v=4
 dependencies:
  - name: redis
    repository: https://charts.bitnami.com/bitnami
-    version: 19.1.0
+    version: 19.1.2
 appVersion: v0.75.2
--- a/charts/penpot/Chart.yaml
+++ b/charts/penpot/Chart.yaml
@@ -0,0 +1,13 @@
 apiVersion: v2
 name: penpot
 version: 0.1.0
 description: Chart for Penpot
 keywords:
  - penpot
  - design
 sources:
  - https://github.com/penpot/penpot
 maintainers:
  - name: alexlebens
 icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
 appVersion: 2.0.1
--- a/charts/penpot/README.md
+++ b/charts/penpot/README.md
@@ -0,0 +1,16 @@
 ## Introduction
 [Penpot](https://github.com/penpot/penpot)
 Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return.
 This chart bootstraps a [Penpot](https://github.com/penpot/penpot) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
 ## Prerequisites
 - Kubernetes
 - Helm
 ## Parameters
 See the [values files](values.yaml).
--- a/charts/penpot/templates/_helpers.tpl
+++ b/charts/penpot/templates/_helpers.tpl
@@ -0,0 +1,72 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "penpot.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "penpot.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "penpot.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Common labels.
 */}}
 {{- define "penpot.labels" -}}
 helm.sh/chart: {{ include "penpot.chart" . }}
 app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 {{/*
 Selector labels.
 */}}
 {{- define "penpot.frontendSelectorLabels" -}}
 app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "penpot.backendSelectorLabels" -}}
 app.kubernetes.io/name: {{ include "penpot.name" . }}-backend
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{- define "penpot.exporterSelectorLabels" -}}
 app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end -}}
 {{/*
 Create the name of the service account to use.
 */}}
 {{- define "penpot.serviceAccountName" -}}
 {{- if .Values.serviceAccount.enabled -}}
    {{ default (include "penpot.fullname" .) .Values.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
--- a/charts/penpot/templates/config-map.yaml
+++ b/charts/penpot/templates/config-map.yaml
@@ -0,0 +1,129 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: "{{ include "penpot.fullname" . }}-frontend-nginx"
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 data:
  nginx.conf: |
    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;
    include /etc/nginx/modules-enabled/*.conf;
    events {
        worker_connections 2048;
        # multi_accept on;
    }
    http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_requests 30;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;
        reset_timedout_connection on;
        client_body_timeout 30s;
        client_header_timeout 30s;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        error_log /dev/stdout;
        access_log /dev/stdout;
        gzip on;
        gzip_vary on;
        gzip_proxied any;
        gzip_static on;
        gzip_comp_level 4;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
        resolver 127.0.0.11;
        map $http_upgrade $connection_upgrade {
            default upgrade;
            ''      close;
        }
        server {
            listen 80 default_server;
            server_name _;
            client_max_body_size 100M;
            charset utf-8;
            proxy_http_version 1.1;
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            etag off;
            root /var/www/app/;
            location ~* \.(js|css).*$ {
                add_header Cache-Control "max-age=86400" always; # 24 hours
            }
            location ~* \.(html).*$ {
                add_header Cache-Control "no-cache, max-age=0" always;
            }
            location /api/export {
                proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
            }
            location /api {
                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
            }
            location /ws/notifications {
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
            }
            location @handle_redirect {
                set $redirect_uri "$upstream_http_location";
                set $redirect_host "$upstream_http_x_host";
                set $redirect_cache_control "$upstream_http_cache_control";
                proxy_buffering off;
                proxy_set_header Host "$redirect_host";
                proxy_hide_header etag;
                proxy_hide_header x-amz-id-2;
                proxy_hide_header x-amz-request-id;
                proxy_hide_header x-amz-meta-server-side-encryption;
                proxy_hide_header x-amz-server-side-encryption;
                proxy_pass $redirect_uri;
                add_header x-internal-redirect "$redirect_uri";
                add_header x-cache-control "$redirect_cache_control";
                add_header cache-control "$redirect_cache_control";
            }
            location /assets {
                proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
                recursive_error_pages on;
                proxy_intercept_errors on;
                error_page 301 302 307 = @handle_redirect;
            }
            location /internal/assets {
                internal;
                alias /opt/data/assets;
                add_header x-internal-redirect "$upstream_http_x_accel_redirect";
            }
        }
    }
--- a/charts/penpot/templates/deployment-backend.yaml
+++ b/charts/penpot/templates/deployment-backend.yaml
@@ -0,0 +1,378 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "penpot.fullname" . }}-backend
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.backend.replicaCount }}
  selector:
    matchLabels:
      {{- include "penpot.backendSelectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "penpot.backendSelectorLabels" . | nindent 8 }}
    spec:
    {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{ if .Values.backend.podSecurityContext.enabled }}
      securityContext:
        {{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app.kubernetes.io/instance
                operator: In
                values:
                - {{ .Release.Name }}
            topologyKey: "kubernetes.io/hostname"
      containers:
        - name: {{ .Chart.Name }}-backend
        {{ if .Values.backend.containerSecurityContext.enabled }}
          securityContext:
            {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
        {{- end }}
          image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
          imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
          volumeMounts:
            - mountPath: /opt/data
              name: app-data
              readOnly: false
          env:
            - name: PENPOT_PUBLIC_URI
              value: {{ .Values.config.publicURI | quote }}
            - name: PENPOT_FLAGS
              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
            - name: PENPOT_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.apiSecretKey.existingSecretName }}
                  key: {{ .Values.config.apiSecretKey.existingSecretKey }}
            - name: PENPOT_DATABASE_URI
              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
            - name: PENPOT_DATABASE_USERNAME
            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
              value: {{ .Values.config.postgresql.username | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
            {{- end }}
            - name: PENPOT_DATABASE_PASSWORD
            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
              value: {{ .Values.config.postgresql.password | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
            {{- end }}
            - name: PENPOT_REDIS_URI
              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
            - name: PENPOT_ASSETS_STORAGE_BACKEND
              value: {{ .Values.config.assets.storageBackend | quote }}
          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
              value: {{ .Values.config.assets.filesystem.directory | quote }}
          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
            - name: PENPOT_STORAGE_ASSETS_S3_REGION
              value: {{ .Values.config.assets.s3.region | quote }}
            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
              value: {{ .Values.config.assets.s3.bucket | quote }}
            - name: AWS_ACCESS_KEY_ID
          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
          {{- end }}
            - name: AWS_SECRET_ACCESS_KEY
          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
          {{- end }}
            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
              value: {{ .Values.config.assets.s3.endpointURI | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
          {{- end }}
          {{- end }}
            - name: PENPOT_TELEMETRY_ENABLED
              value: {{ .Values.config.telemetryEnabled | quote }}
          {{- if .Values.config.smtp.enabled }}
          {{- if .Values.config.smtp.defaultFrom }}
            - name: PENPOT_SMTP_DEFAULT_FROM
              value: {{ .Values.config.smtp.defaultFrom | quote }}
          {{- end }}
          {{- if .Values.config.smtp.defaultReplyTo }}
            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
          {{- end }}
          {{- if .Values.config.smtp.host }}
            - name: PENPOT_SMTP_HOST
              value: {{ .Values.config.smtp.host | quote }}
          {{- end }}
          {{- if .Values.config.smtp.port }}
            - name: PENPOT_SMTP_PORT
              value: {{ .Values.config.smtp.port | quote }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
            - name: PENPOT_SMTP_USERNAME
              value: {{ .Values.config.smtp.username | quote }}
          {{- else }}
            - name: PENPOT_SMTP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
            - name: PENPOT_SMTP_PASSWORD
              value: {{ .Values.config.smtp.password | quote }}
          {{- else }}
            - name: PENPOT_SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
          {{- end }}
          {{- if .Values.config.smtp.tls }}
            - name: PENPOT_SMTP_TLS
              value: {{ .Values.config.smtp.tls | quote }}
          {{- end }}
          {{- if .Values.config.smtp.ssl }}
            - name: PENPOT_SMTP_SSL
              value: {{ .Values.config.smtp.ssl | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.registrationDomainWhitelist }}
            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
              value: {{ .Values.config.registrationDomainWhitelist | quote }}
          {{- end }}
          {{- if .Values.config.providers.google.enabled }}
          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              value: {{ .Values.config.providers.google.clientID | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              value: {{ .Values.config.providers.google.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.github.enabled }}
          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
            - name: PENPOT_GITHUB_CLIENT_ID
              value: {{ .Values.config.providers.github.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              value: {{ .Values.config.providers.github.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.gitlab.enabled }}
          {{- if .Values.config.providers.gitlab.baseURI }}
            - name: PENPOT_GITLAB_BASE_URI
              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
            - name: PENPOT_GITLAB_CLIENT_ID
              value: {{ .Values.config.providers.gitlab.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.oidc.enabled }}
          {{- if .Values.config.providers.oidc.baseURI }}
            - name: PENPOT_OIDC_BASE_URI
              value: {{ .Values.config.providers.oidc.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
            - name: PENPOT_OIDC_CLIENT_ID
              value: {{ .Values.config.providers.oidc.clientID | quote}}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
            - name: PENPOT_OIDC_CLIENT_SECRET
              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
          {{- end }}
          {{- if .Values.config.providers.oidc.authURI }}
            - name: PENPOT_OIDC_AUTH_URI
              value: {{ .Values.config.providers.oidc.authURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.tokenURI }}
            - name: PENPOT_OIDC_TOKEN_URI
              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.userURI }}
            - name: PENPOT_OIDC_USER_URI
              value: {{ .Values.config.providers.oidc.userURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.roles }}
            - name: PENPOT_OIDC_ROLES
              value: {{ .Values.config.providers.oidc.roles | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.rolesAttribute }}
            - name: PENPOT_OIDC_ROLES_ATTR
              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.scopes }}
            - name: PENPOT_OIDC_SCOPES
              value: {{ .Values.config.providers.oidc.scopes | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.nameAttribute }}
            - name: PENPOT_OIDC_NAME_ATTR
              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.emailAttribute }}
            - name: PENPOT_OIDC_EMAIL_ATTR
              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.ldap.enabled }}
          {{- if .Values.config.providers.ldap.host }}
            - name: PENPOT_LDAP_HOST
              value: {{ .Values.config.providers.ldap.host | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.port }}
            - name: PENPOT_LDAP_PORT
              value: {{ .Values.config.providers.ldap.port | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.ssl }}
            - name: PENPOT_LDAP_SSL
              value: {{ .Values.config.providers.ldap.ssl | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.startTLS }}
            - name: PENPOT_LDAP_STARTTLS
              value: {{ .Values.config.providers.ldap.startTLS | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.baseDN }}
            - name: PENPOT_LDAP_BASE_DN
              value: {{ .Values.config.providers.ldap.baseDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindDN }}
            - name: PENPOT_LDAP_BIND_DN
              value: {{ .Values.config.providers.ldap.bindDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindPassword }}
            - name: PENPOT_LDAP_BIND_PASSWORD
              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesUsername }}
            - name: PENPOT_LDAP_ATTRS_USERNAME
              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesEmail }}
            - name: PENPOT_LDAP_ATTRS_EMAIL
              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesFullname }}
            - name: PENPOT_LDAP_ATTRS_FULLNAME
              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesPhoto }}
            - name: PENPOT_LDAP_ATTRS_PHOTO
              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
          {{- end }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.backend.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.backend.resources | nindent 12 }}
      {{- with .Values.backend.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.backend.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.backend.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: app-data
      {{- if .Values.persistence.enabled }}
        persistentVolumeClaim:
          claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
      {{- else }}
        emptyDir: {}
      {{- end }}
--- a/charts/penpot/templates/deployment-exporter.yaml
+++ b/charts/penpot/templates/deployment-exporter.yaml
@@ -0,0 +1,353 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "penpot.fullname" . }}-exporter
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.exporter.replicaCount }}
  selector:
    matchLabels:
      {{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
    spec:
    {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
    {{ if .Values.exporter.podSecurityContext.enabled }}
      securityContext:
        {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
    {{- end }}
      containers:
        - name: {{ .Chart.Name }}-exporter
        {{ if .Values.exporter.containerSecurityContext.enabled }}
          securityContext:
            {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
        {{- end }}
          image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
          imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
          env:
            - name: PENPOT_PUBLIC_URI
              value: {{ .Values.config.publicURI | quote }}
            - name: PENPOT_FLAGS
              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
            - name: PENPOT_SECRET_KEY
              value: {{ .Values.config.apiSecretKey | quote }}
            - name: PENPOT_DATABASE_URI
              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
            - name: PENPOT_DATABASE_USERNAME
            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
              value: {{ .Values.config.postgresql.username | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
            {{- end }}
            - name: PENPOT_DATABASE_PASSWORD
            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
              value: {{ .Values.config.postgresql.password | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
            {{- end }}
            - name: PENPOT_REDIS_URI
              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
            - name: PENPOT_ASSETS_STORAGE_BACKEND
              value: {{ .Values.config.assets.storageBackend | quote }}
          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
              value: {{ .Values.config.assets.filesystem.directory | quote }}
          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
            - name: PENPOT_STORAGE_ASSETS_S3_REGION
              value: {{ .Values.config.assets.s3.region | quote }}
            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
              value: {{ .Values.config.assets.s3.bucket | quote }}
            - name: AWS_ACCESS_KEY_ID
          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
          {{- end }}
            - name: AWS_SECRET_ACCESS_KEY
          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
          {{- end }}
            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
              value: {{ .Values.config.assets.s3.endpointURI | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
          {{- end }}
          {{- end }}
            - name: PENPOT_TELEMETRY_ENABLED
              value: {{ .Values.config.telemetryEnabled | quote }}
          {{- if .Values.config.smtp.enabled }}
          {{- if .Values.config.smtp.defaultFrom }}
            - name: PENPOT_SMTP_DEFAULT_FROM
              value: {{ .Values.config.smtp.defaultFrom | quote }}
          {{- end }}
          {{- if .Values.config.smtp.defaultReplyTo }}
            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
          {{- end }}
          {{- if .Values.config.smtp.host }}
            - name: PENPOT_SMTP_HOST
              value: {{ .Values.config.smtp.host | quote }}
          {{- end }}
          {{- if .Values.config.smtp.port }}
            - name: PENPOT_SMTP_PORT
              value: {{ .Values.config.smtp.port | quote }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
            - name: PENPOT_SMTP_USERNAME
              value: {{ .Values.config.smtp.username | quote }}
          {{- else }}
            - name: PENPOT_SMTP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
            - name: PENPOT_SMTP_PASSWORD
              value: {{ .Values.config.smtp.password | quote }}
          {{- else }}
            - name: PENPOT_SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
          {{- end }}
          {{- if .Values.config.smtp.tls }}
            - name: PENPOT_SMTP_TLS
              value: {{ .Values.config.smtp.tls | quote }}
          {{- end }}
          {{- if .Values.config.smtp.ssl }}
            - name: PENPOT_SMTP_SSL
              value: {{ .Values.config.smtp.ssl | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.registrationDomainWhitelist }}
            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
              value: {{ .Values.config.registrationDomainWhitelist | quote }}
          {{- end }}
          {{- if .Values.config.providers.google.enabled }}
          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              value: {{ .Values.config.providers.google.clientID | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              value: {{ .Values.config.providers.google.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.github.enabled }}
          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
            - name: PENPOT_GITHUB_CLIENT_ID
              value: {{ .Values.config.providers.github.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              value: {{ .Values.config.providers.github.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.gitlab.enabled }}
          {{- if .Values.config.providers.gitlab.baseURI }}
            - name: PENPOT_GITLAB_BASE_URI
              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
            - name: PENPOT_GITLAB_CLIENT_ID
              value: {{ .Values.config.providers.gitlab.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.oidc.enabled }}
          {{- if .Values.config.providers.oidc.baseURI }}
            - name: PENPOT_OIDC_BASE_URI
              value: {{ .Values.config.providers.oidc.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
            - name: PENPOT_OIDC_CLIENT_ID
              value: {{ .Values.config.providers.oidc.clientID | quote}}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
            - name: PENPOT_OIDC_CLIENT_SECRET
              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
          {{- end }}
          {{- if .Values.config.providers.oidc.authURI }}
            - name: PENPOT_OIDC_AUTH_URI
              value: {{ .Values.config.providers.oidc.authURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.tokenURI }}
            - name: PENPOT_OIDC_TOKEN_URI
              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.userURI }}
            - name: PENPOT_OIDC_USER_URI
              value: {{ .Values.config.providers.oidc.userURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.roles }}
            - name: PENPOT_OIDC_ROLES
              value: {{ .Values.config.providers.oidc.roles | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.rolesAttribute }}
            - name: PENPOT_OIDC_ROLES_ATTR
              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.scopes }}
            - name: PENPOT_OIDC_SCOPES
              value: {{ .Values.config.providers.oidc.scopes | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.nameAttribute }}
            - name: PENPOT_OIDC_NAME_ATTR
              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.emailAttribute }}
            - name: PENPOT_OIDC_EMAIL_ATTR
              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.ldap.enabled }}
          {{- if .Values.config.providers.ldap.host }}
            - name: PENPOT_LDAP_HOST
              value: {{ .Values.config.providers.ldap.host | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.port }}
            - name: PENPOT_LDAP_PORT
              value: {{ .Values.config.providers.ldap.port | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.ssl }}
            - name: PENPOT_LDAP_SSL
              value: {{ .Values.config.providers.ldap.ssl | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.startTLS }}
            - name: PENPOT_LDAP_STARTTLS
              value: {{ .Values.config.providers.ldap.startTLS | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.baseDN }}
            - name: PENPOT_LDAP_BASE_DN
              value: {{ .Values.config.providers.ldap.baseDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindDN }}
            - name: PENPOT_LDAP_BIND_DN
              value: {{ .Values.config.providers.ldap.bindDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindPassword }}
            - name: PENPOT_LDAP_BIND_PASSWORD
              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesUsername }}
            - name: PENPOT_LDAP_ATTRS_USERNAME
              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesEmail }}
            - name: PENPOT_LDAP_ATTRS_EMAIL
              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesFullname }}
            - name: PENPOT_LDAP_ATTRS_FULLNAME
              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesPhoto }}
            - name: PENPOT_LDAP_ATTRS_PHOTO
              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
          {{- end }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.exporter.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.exporter.resources | nindent 12 }}
      {{- with .Values.exporter.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.exporter.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.exporter.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/charts/penpot/templates/deployment-frontend.yaml
+++ b/charts/penpot/templates/deployment-frontend.yaml
@@ -0,0 +1,375 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "penpot.fullname" . }}-frontend
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  replicas: {{ .Values.frontend.replicaCount }}
  selector:
    matchLabels:
      {{- include "penpot.frontendSelectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
        {{- include "penpot.frontendSelectorLabels" . | nindent 8 }}
    spec:
    {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      serviceAccountName: {{ include "penpot.serviceAccountName" . }}
      affinity:
        podAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app.kubernetes.io/instance
                operator: In
                values:
                - {{ .Release.Name }}
            topologyKey: "kubernetes.io/hostname"
      containers:
        - name: {{ .Chart.Name }}-frontend
          image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
          imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }}
          env:
            - name: PENPOT_PUBLIC_URI
              value: {{ .Values.config.publicURI | quote }}
            - name: PENPOT_FLAGS
              value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
            - name: PENPOT_SECRET_KEY
              value: {{ .Values.config.apiSecretKey | quote }}
            - name: PENPOT_DATABASE_URI
              value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
            - name: PENPOT_DATABASE_USERNAME
            {{- if not .Values.config.postgresql.secretKeys.usernameKey }}
              value: {{ .Values.config.postgresql.username | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
            {{- end }}
            - name: PENPOT_DATABASE_PASSWORD
            {{- if not .Values.config.postgresql.secretKeys.passwordKey }}
              value: {{ .Values.config.postgresql.password | quote }}
            {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.postgresql.existingSecret }}
                  key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
            {{- end }}
            - name: PENPOT_REDIS_URI
              value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
            - name: PENPOT_ASSETS_STORAGE_BACKEND
              value: {{ .Values.config.assets.storageBackend | quote }}
          {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
            - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
              value: {{ .Values.config.assets.filesystem.directory | quote }}
          {{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
            - name: PENPOT_STORAGE_ASSETS_S3_REGION
              value: {{ .Values.config.assets.s3.region | quote }}
            - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
              value: {{ .Values.config.assets.s3.bucket | quote }}
            - name: AWS_ACCESS_KEY_ID
          {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
              value: {{ .Values.config.assets.s3.accessKeyID | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
          {{- end }}
            - name: AWS_SECRET_ACCESS_KEY
          {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
              value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
          {{- end }}
            - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
          {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
              value: {{ .Values.config.assets.s3.endpointURI | quote }}
          {{- else }}
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.assets.s3.existingSecret }}
                  key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
          {{- end }}
          {{- end }}
            - name: PENPOT_TELEMETRY_ENABLED
              value: {{ .Values.config.telemetryEnabled | quote }}
          {{- if .Values.config.smtp.enabled }}
          {{- if .Values.config.smtp.defaultFrom }}
            - name: PENPOT_SMTP_DEFAULT_FROM
              value: {{ .Values.config.smtp.defaultFrom | quote }}
          {{- end }}
          {{- if .Values.config.smtp.defaultReplyTo }}
            - name: PENPOT_SMTP_DEFAULT_REPLY_TO
              value: {{ .Values.config.smtp.defaultReplyTo | quote }}
          {{- end }}
          {{- if .Values.config.smtp.host }}
            - name: PENPOT_SMTP_HOST
              value: {{ .Values.config.smtp.host | quote }}
          {{- end }}
          {{- if .Values.config.smtp.port }}
            - name: PENPOT_SMTP_PORT
              value: {{ .Values.config.smtp.port | quote }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.usernameKey }}
            - name: PENPOT_SMTP_USERNAME
              value: {{ .Values.config.smtp.username | quote }}
          {{- else }}
            - name: PENPOT_SMTP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.usernameKey }}
          {{- end }}
          {{- if not .Values.config.smtp.secretKeys.passwordKey }}
            - name: PENPOT_SMTP_PASSWORD
              value: {{ .Values.config.smtp.password | quote }}
          {{- else }}
            - name: PENPOT_SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.smtp.existingSecret }}
                  key: {{ .Values.config.smtp.secretKeys.passwordKey }}
          {{- end }}
          {{- if .Values.config.smtp.tls }}
            - name: PENPOT_SMTP_TLS
              value: {{ .Values.config.smtp.tls | quote }}
          {{- end }}
          {{- if .Values.config.smtp.ssl }}
            - name: PENPOT_SMTP_SSL
              value: {{ .Values.config.smtp.ssl | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.registrationDomainWhitelist }}
            - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
              value: {{ .Values.config.registrationDomainWhitelist | quote }}
          {{- end }}
          {{- if .Values.config.providers.google.enabled }}
          {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              value: {{ .Values.config.providers.google.clientID | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              value: {{ .Values.config.providers.google.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GOOGLE_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.github.enabled }}
          {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
            - name: PENPOT_GITHUB_CLIENT_ID
              value: {{ .Values.config.providers.github.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.githubClientSecretKey  }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              value: {{ .Values.config.providers.github.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITHUB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.gitlab.enabled }}
          {{- if .Values.config.providers.gitlab.baseURI }}
            - name: PENPOT_GITLAB_BASE_URI
              value: {{ .Values.config.providers.gitlab.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
            - name: PENPOT_GITLAB_CLIENT_ID
              value: {{ .Values.config.providers.gitlab.clientID | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_GITLAB_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.oidc.enabled }}
          {{- if .Values.config.providers.oidc.baseURI }}
            - name: PENPOT_OIDC_BASE_URI
              value: {{ .Values.config.providers.oidc.baseURI | quote }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
            - name: PENPOT_OIDC_CLIENT_ID
              value: {{ .Values.config.providers.oidc.clientID | quote}}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
          {{- end }}
          {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
            - name: PENPOT_OIDC_CLIENT_SECRET
              value: {{ .Values.config.providers.oidc.clientSecret | quote }}
          {{- else }}
            - name: PENPOT_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.config.providers.existingSecret }}
                  key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
          {{- end }}
          {{- if .Values.config.providers.oidc.authURI }}
            - name: PENPOT_OIDC_AUTH_URI
              value: {{ .Values.config.providers.oidc.authURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.tokenURI }}
            - name: PENPOT_OIDC_TOKEN_URI
              value: {{ .Values.config.providers.oidc.tokenURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.userURI }}
            - name: PENPOT_OIDC_USER_URI
              value: {{ .Values.config.providers.oidc.userURI | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.roles }}
            - name: PENPOT_OIDC_ROLES
              value: {{ .Values.config.providers.oidc.roles | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.rolesAttribute }}
            - name: PENPOT_OIDC_ROLES_ATTR
              value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.scopes }}
            - name: PENPOT_OIDC_SCOPES
              value: {{ .Values.config.providers.oidc.scopes | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.nameAttribute }}
            - name: PENPOT_OIDC_NAME_ATTR
              value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
          {{- end }}
          {{- if .Values.config.providers.oidc.emailAttribute }}
            - name: PENPOT_OIDC_EMAIL_ATTR
              value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
          {{- end }}
          {{- end }}
          {{- if .Values.config.providers.ldap.enabled }}
          {{- if .Values.config.providers.ldap.host }}
            - name: PENPOT_LDAP_HOST
              value: {{ .Values.config.providers.ldap.host | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.port }}
            - name: PENPOT_LDAP_PORT
              value: {{ .Values.config.providers.ldap.port | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.ssl }}
            - name: PENPOT_LDAP_SSL
              value: {{ .Values.config.providers.ldap.ssl | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.startTLS }}
            - name: PENPOT_LDAP_STARTTLS
              value: {{ .Values.config.providers.ldap.startTLS | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.baseDN }}
            - name: PENPOT_LDAP_BASE_DN
              value: {{ .Values.config.providers.ldap.baseDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindDN }}
            - name: PENPOT_LDAP_BIND_DN
              value: {{ .Values.config.providers.ldap.bindDN | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.bindPassword }}
            - name: PENPOT_LDAP_BIND_PASSWORD
              value: {{ .Values.config.providers.ldap.bindPassword | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesUsername }}
            - name: PENPOT_LDAP_ATTRS_USERNAME
              value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesEmail }}
            - name: PENPOT_LDAP_ATTRS_EMAIL
              value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesFullname }}
            - name: PENPOT_LDAP_ATTRS_FULLNAME
              value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
          {{- end }}
          {{- if .Values.config.providers.ldap.attributesPhoto }}
            - name: PENPOT_LDAP_ATTRS_PHOTO
              value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
          {{- end }}
          {{- end }}
          volumeMounts:
            - mountPath: /opt/data
              name: app-data
              readOnly: false
            - mountPath: /etc/nginx/nginx.conf
              name: "{{ include "penpot.fullname" . }}-frontend-nginx"
              readOnly: true
              subPath: nginx.conf
          ports:
            - name: http
              containerPort: {{ .Values.frontend.service.port }}
              protocol: TCP
          resources:
            {{- toYaml .Values.frontend.resources | nindent 12 }}
      {{- with .Values.frontend.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.frontend.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.frontend.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      volumes:
      - name: app-data
      {{- if .Values.persistence.enabled }}
        persistentVolumeClaim:
          claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
      {{- else }}
        emptyDir: {}
      {{- end }}
      - configMap:
          defaultMode: 420
          name: "{{ include "penpot.fullname" . }}-frontend-nginx"
        name: "{{ include "penpot.fullname" . }}-frontend-nginx"
--- a/charts/penpot/templates/ingress.yaml
+++ b/charts/penpot/templates/ingress.yaml
@@ -0,0 +1,53 @@
 {{- if .Values.ingress.enabled -}}
 {{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}}
 {{- $fullName := include "penpot.fullname" . -}}
 {{- $svcPort := .Values.frontend.service.port -}}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
 {{ if semverCompare ">=1.19-0" $gitVersion }}
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ $fullName }}
                port:
                  number: {{ $svcPort }}
 {{ else }}
          - path: /
            backend:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
 {{- end }}
  {{- end }}
 {{- end }}
--- a/charts/penpot/templates/persistent-volume-claim.yaml
+++ b/charts/penpot/templates/persistent-volume-claim.yaml
@@ -0,0 +1,24 @@
 {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "penpot.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
 {{- include "penpot.labels" . | nindent 4 }}
 {{- if .Values.persistence.annotations }}
  annotations:
 {{ toYaml .Values.persistence.annotations | indent 4 }}
 {{- end }}
 spec:
  accessModes:
  {{- range .Values.persistence.accessModes }}
    - {{ . | quote }}
  {{- end }}
  resources:
    requests:
      storage: {{ .Values.persistence.size | quote }}
 {{- if .Values.persistence.storageClass }}
  storageClassName: "{{ .Values.persistence.storageClass }}"
 {{- end }}
 {{- end -}}
--- a/charts/penpot/templates/service-account.yaml
+++ b/charts/penpot/templates/service-account.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.enabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "penpot.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end -}}
--- a/charts/penpot/templates/service.yaml
+++ b/charts/penpot/templates/service.yaml
@@ -0,0 +1,52 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "penpot.fullname" . }}-backend
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.backend.service.type }}
  ports:
    - port: {{ .Values.backend.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "penpot.backendSelectorLabels" . | nindent 4 }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "penpot.fullname" . }}-exporter
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.exporter.service.type }}
  ports:
    - port: {{ .Values.exporter.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "penpot.exporterSelectorLabels" . | nindent 4 }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "penpot.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "penpot.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.frontend.service.type }}
  ports:
    - port: {{ .Values.frontend.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "penpot.frontendSelectorLabels" . | nindent 4 }}
--- a/charts/penpot/values.yaml
+++ b/charts/penpot/values.yaml
@@ -0,0 +1,468 @@
 ## Default values for Penpot
 ## @section Global parameters
 ## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
 ## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
 ## @param global.imagePullSecrets Global Docker registry secret names as an array.
 ##
 global:
  ## E.g.
  ## imagePullSecrets:
  ##   - myRegistryKeySecretName
  ##
  imagePullSecrets: []
 ## @section Common parameters
 ## @param nameOverride String to partially override common.names.fullname
 ##
 nameOverride: ""
 ## @param fullnameOverride String to fully override common.names.fullname
 ##
 fullnameOverride: ""
 ## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created.
 ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
 ## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template.
 ##
 serviceAccount:
  enabled: true
  annotations: {}
  name: ""
 ## @section Backend parameters
 ## Penpot Backend
 ##
 backend:
  ## @param backend.image.repository The Docker repository to pull the image from.
  ## @param backend.image.tag The image tag to use.
  ## @param backend.image.imagePullPolicy The image pull policy to use.
  ##
  image:
    repository: penpotapp/backend
    tag: 2.0.1
    imagePullPolicy: IfNotPresent
  ## @param backend.replicaCount The number of replicas to deploy.
  ##
  replicaCount: 1
  ## @param backend.service.type The service type to create.
  ## @param backend.service.port The service port to use.
  ##
  service:
    type: ClusterIP
    port: 6060
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context
  ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context
  ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
  ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
  ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
  ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
  ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: false
    runAsNonRoot: true
  ## @param backend.affinity Affinity for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## @param backend.nodeSelector Node labels for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param backend.tolerations Tolerations for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Penpot backend resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param backend.resources.limits The resources limits for the Penpot backend containers
  ## @param backend.resources.requests The requested resources for the Penpot backend containers
  ##
  resources:
    limits: {}
    requests: {}
 ## @section Frontend parameters
 ## Penpot Frontend
 ##
 frontend:
  ## @param frontend.image.repository The Docker repository to pull the image from.
  ## @param frontend.image.tag The image tag to use.
  ## @param frontend.image.imagePullPolicy The image pull policy to use.
  ##
  image:
    repository: penpotapp/frontend
    tag: 2.0.1
    imagePullPolicy: IfNotPresent
  ## @param frontend.replicaCount The number of replicas to deploy.
  ##
  replicaCount: 1
  ## @param frontend.service.type The service type to create.
  ## @param frontend.service.port The service port to use.
  ##
  service:
    type: ClusterIP
    port: 80
  ## @param frontend.affinity Affinity for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## @param frontend.nodeSelector Node labels for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param frontend.tolerations Tolerations for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Penpot frontend resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param frontend.resources.limits The resources limits for the Penpot frontend containers
  ## @param frontend.resources.requests The requested resources for the Penpot frontend containers
  ##
  resources:
    limits: {}
    requests: {}
 ## @section Exporter parameters
 ## Penpot Exporter
 ##
 exporter:
  ## @param exporter.image.repository The Docker repository to pull the image from.
  ## @param exporter.image.tag The image tag to use.
  ## @param exporter.image.imagePullPolicy The image pull policy to use.
  ##
  image:
    repository: penpotapp/exporter
    tag: 2.0.1
    imagePullPolicy: IfNotPresent
  ## @param exporter.replicaCount The number of replicas to deploy.
  ##
  replicaCount: 1
  ## @param exporter.service.type The service type to create.
  ## @param exporter.service.port The service port to use.
  ##
  service:
    type: ClusterIP
    port: 6061
  ## Configure Pods Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context
  ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup
  ##
  podSecurityContext:
    enabled: true
    fsGroup: 1001
  ## Configure Container Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
  ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context
  ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser
  ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation
  ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped
  ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem
  ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot
  ##
  containerSecurityContext:
    enabled: true
    runAsUser: 1001
    allowPrivilegeEscalation: false
    capabilities:
      drop:
      - all
    readOnlyRootFilesystem: false
    runAsNonRoot: true
  ## @param exporter.affinity Affinity for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## @param exporter.nodeSelector Node labels for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## @param exporter.tolerations Tolerations for Penpot pods assignment
  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: []
  ## Penpot exporter resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## @param exporter.resources.limits The resources limits for the Penpot exporter containers
  ## @param exporter.resources.requests The requested resources for the Penpot exporter containers
  ##
  resources:
    limits: {}
    requests: {}
 ## @section Ingress parameters
 ## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend.
 ## @param frontend.ingress.annotations Mapped annotations for the frontend ingress.
 ## @param frontend.ingress.hosts Array style hosts for the frontend ingress.
 ## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress.
 ##
 ingress:
  enabled: false
  ## E.g.
  ## annotations:
  ##   kubernetes.io/ingress.class: nginx
  ##   kubernetes.io/tls-acme: "true"
  ##
  annotations:
    {}
  ## E.g.
  ## hosts:
  ##   - host: penpot-example.local
  hosts: []
  ## E.g.
  ##  - secretName: chart-example-tls
  ##    hosts:
  ##      - chart-example.local
  tls: []
 ## @section Persistence parameters
 ## Penpot persistence
 ##
 persistence:
  ## @param persistence.enabled Enable persistence using Persistent Volume Claims.
  ##
  enabled: false
  ## @param persistence.storageClass Persistent Volume storage class.
  ## If defined, storageClassName: <storageClass>.
  ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
  ##
  storageClass: ""
  ## @param persistence.size Persistent Volume size.
  ##
  size: 8Gi
  ## @param persistence.existingClaim The name of an existing PVC to use for persistence.
  ##
  existingClaim: ""
  ## @param persistence.accessModes Persistent Volume access modes.
  ##
  accessModes:
    - ReadWriteOnce
  ## @param persistence.annotations Persistent Volume Claim annotations.
  ##
  annotations: {}
 ## @section Configuration parameters
 ## Penpot configuration
 ##
 config:
  ## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
  ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
  ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example.
  ##
  publicURI: "http://localhost:8080"
  flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
  apiSecretKey:
    existingSecretName: ""
    existingSecretKey: ""
  ## @param config.postgresql.host The PostgreSQL host to connect to.
  ## @param config.postgresql.port The PostgreSQL host port to use.
  ## @param config.postgresql.database The PostgreSQL database to use.
  ## @param config.postgresql.username The database username to use.
  ## @param config.postgresql.password The database username to use.
  ## @param config.postgresql.existingSecret The name of an existing secret.
  ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret.
  ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret.
  ##
  postgresql:
    host: "postgresql.penpot.svc.cluster.local"
    port: 5432
    username: ""
    password: ""
    database: ""
    existingSecret: ""
    secretKeys:
      usernameKey: ""
      passwordKey: ""
  ## @param config.redis.host The Redis host to connect to.
  ## @param config.redis.port The Redis host port to use.
  ## @param config.redis.database The Redis database to connect to.
  ##
  redis:
    host: "redis-headless.penpot.svc.cluster.local"
    port: 6379
    database: "0"
  ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3.
  ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend.
  ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend.
  ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend.
  ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend.
  ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend.
  ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend.
  ## @param config.assets.s3.existingSecret The name of an existing secret.
  ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret.
  ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret.
  ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret.
  ##
  assets:
    storageBackend: "assets-fs"
    filesystem:
      directory: "/opt/data/assets"
    s3:
      accessKeyID: ""
      secretAccessKey: ""
      region: ""
      bucket: ""
      endpointURI: ""
      existingSecret: ""
      secretKeys:
        accessKeyIDKey: ""
        secretAccessKey: ""
        endpointURIKey: ""
  ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data.
  ##
  telemetryEnabled: true
  ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable.
  ## @param config.smtp.defaultFrom The SMTP default email to send from.
  ## @param config.smtp.defaultReplyTo The SMTP default email to reply to.
  ## @param config.smtp.host The SMTP host to use.
  ## @param config.smtp.port The SMTP host port to use.
  ## @param config.smtp.username The SMTP username to use.
  ## @param config.smtp.password The SMTP password to use.
  ## @param config.smtp.tls Whether to use TLS for the SMTP connection.
  ## @param config.smtp.ssl Whether to use SSL for the SMTP connection.
  ## @param config.smtp.existingSecret The name of an existing secret.
  ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret.
  ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret.
  ##
  smtp:
    enabled: false
    defaultFrom: ""
    defaultReplyTo: ""
    host: ""
    port: ""
    username: ""
    password: ""
    tls: true
    ssl: false
    existingSecret: ""
    secretKeys:
      usernameKey: ""
      passwordKey: ""
  ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains.
  ##
  registrationDomainWhitelist: ""
  ## Penpot Authentication providers parameters
  ##
  providers:
    ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags.
    ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags.
    ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags.
    ##
    google:
      enabled: false
      clientID: ""
      clientSecret: ""
    ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags.
    ## @param config.providers.github.clientID The GitHub client ID to use.
    ## @param config.providers.github.clientSecret The GitHub client secret to use.
    ##
    github:
      enabled: false
      clientID: ""
      clientSecret: ""
    ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags.
    ## @param config.providers.gitlab.baseURI The GitLab base URI to use.
    ## @param config.providers.gitlab.clientID The GitLab client ID to use.
    ## @param config.providers.gitlab.clientSecret The GitLab client secret to use.
    ##
    gitlab:
      enabled: false
      baseURI: "https://gitlab.com"
      clientID: ""
      clientSecret: ""
    ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags.
    ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use.
    ## @param config.providers.oidc.clientID The OpenID Connect client ID to use.
    ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use.
    ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided.
    ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided.
    ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided.
    ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking  disabled.
    ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled.
    ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`.
    ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used.
    ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used.
    ##
    oidc:
      enabled: false
      baseURI: ""
      clientID: ""
      clientSecret: ""
      authURI: ""
      tokenURI: ""
      userURI: ""
      roles: "role1 role2"
      rolesAttribute: ""
      scopes: "scope1 scope2"
      nameAttribute: ""
      emailAttribute: ""
    ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags.
    ## @param config.providers.ldap.host The LDAP host to use.
    ## @param config.providers.ldap.port The LDAP port to use.
    ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection.
    ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection.
    ## @param config.providers.ldap.baseDN The LDAP base DN to use.
    ## @param config.providers.ldap.bindDN The LDAP bind DN to use.
    ## @param config.providers.ldap.bindPassword The LDAP bind password to use.
    ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use.
    ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use.
    ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use.
    ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use.
    ##
    ldap:
      enabled: false
      host: "ldap"
      port: 10389
      ssl: false
      startTLS: false
      baseDN: "ou=people,dc=planetexpress,dc=com"
      bindDN: "cn=admin,dc=planetexpress,dc=com"
      bindPassword: "GoodNewsEveryone"
      attributesUsername: "uid"
      attributesEmail: "mail"
      attributesFullname: "cn"
      attributesPhoto: "jpegPhoto"
    ## @param config.providers.existingSecret The name of an existing secret to use.
    ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret.
    ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret.
    ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret.
    ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret.
    ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret.
    ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret.
    ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret.
    ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret.
    ##
    existingSecret: ""
    secretKeys:
      googleClientIDKey: ""
      googleClientSecretKey: ""
      githubClientIDKey: ""
      githubClientSecretKey: ""
      gitlabClientIDKey: ""
      gitlabClientSecretKey: ""
      oidcClientIDKey: ""
      oidcClientSecretKey: ""
--- a/charts/postgres-cluster/Chart.yaml
+++ b/charts/postgres-cluster/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 2.2.0
+version: 2.4.2
 description: Chart for cloudnative-pg cluster
 keywords:
  - database
--- a/charts/postgres-cluster/templates/_backup.tpl
+++ b/charts/postgres-cluster/templates/_backup.tpl
@@ -3,7 +3,7 @@
 backup:
  retentionPolicy: {{ .Values.backup.retentionPolicy }}
  barmanObjectStore:
-    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.name" . }}"
+    destinationPath: "s3://{{ .Values.backup.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.backupName" . }}"
    endpointURL: {{ .Values.backup.endpointURL }}
    {{- if .Values.backup.endpointCA }}
    endpointCA:
--- a/charts/postgres-cluster/templates/_bootstrap.tpl
+++ b/charts/postgres-cluster/templates/_bootstrap.tpl
@@ -26,20 +26,20 @@ bootstrap:
    import:
      type: {{ .Values.replica.importType }}
      databases:
-        {{- if and (len .Values.replica.importDatabases gt 1) (.Values.replica.importType eq "microservice") }}
+        {{- if and (gt (len .Values.replica.importDatabases) 1) (eq .Values.replica.importType "microservice") }}
          {{ fail "Too many databases in import type of microservice!" }}
        {{- else}}
        {{- with .Values.replica.importDatabases }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
        {{- end }}        
-      {{- if .Values.replica.importType eq "monolith" }}
+      {{- if eq .Values.replica.importType "monolith" }}
      roles:
        {{- with .Values.replica.importRoles }}
        {{- . | toYaml | nindent 8 }}
        {{- end }}
      {{- end }}
-      {{- if and (.Values.replica.postImportApplicationSQL) (.Values.replica.importType eq "microservice") }}
+      {{- if and (.Values.replica.postImportApplicationSQL) (eq .Values.replica.importType "microservice") }}
      postImportApplicationSQL:
        {{- with .Values.replica.postImportApplicationSQL }}
        {{- . | toYaml | nindent 8 }}
@@ -58,19 +58,18 @@ externalClusters:
    recoveryTarget:
      targetTime: {{ . }}
    {{- end }}
-    source: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+    source: {{ include "cluster.recoveryServerName" . }}
 externalClusters:
-  - name: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+  - name: {{ include "cluster.recoveryServerName" . }}
    barmanObjectStore:
-      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
+      serverName: {{ include "cluster.recoveryServerName" . }}
-      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ .Values.recovery.recoveryName }}"
+      destinationPath: "s3://{{ .Values.recovery.endpointBucket }}/{{ .Values.kubernetesClusterName }}/postgresql/{{ include "cluster.recoveryInstanceName" . }}"
      endpointURL: {{ .Values.recovery.endpointURL }}
      {{- with .Values.recovery.endpointCA }}
      endpointCA:
        name: {{ . }}
        key: ca-bundle.crt
      {{- end }}
      serverName: "{{ include "cluster.name" . }}-backup-{{ .Values.recovery.recoveryIndex }}"
      s3Credentials:
        accessKeyId:
          name: {{ include "cluster.recoveryCredentials" . }}
--- a/charts/postgres-cluster/templates/_helpers.tpl
+++ b/charts/postgres-cluster/templates/_helpers.tpl
@@ -5,7 +5,7 @@ Expand the name of the chart.
  {{- if .Values.nameOverride }}
    {{- .Values.nameOverride | trunc 63 | trimSuffix "-" }}
  {{- else }}
-    {{- printf "postgresql-%s-%s" .Values.cluster.image.majorVersion .Release.Name | trunc 63 | trimSuffix "-" -}}
+    {{- printf "%s-postgresql-%s" .Release.Name ((semver .Values.cluster.image.tag).Major | toString) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
@@ -57,11 +57,34 @@ Generate name for object store credentials
 {{- end }}
 {{/*
-Generate recovery server name
+Generate backup server name
 */}}
-{{- define "cluster.recoveryName" -}}
+{{- define "cluster.backupName" -}}
-  {{- if .Values.recovery.recoveryName -}}
+  {{- if .Values.backup.backupName -}}
-    {{- .Values.recovery.recoveryName -}}
+    {{- .Values.backup.backupName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery server name
 */}}
 {{- define "cluster.recoveryServerName" -}}
  {{- if .Values.recovery.recoveryServerName -}}
    {{- .Values.recovery.recoveryServerName -}}
  {{- else -}}
    {{- printf "%s-backup-%s" (include "cluster.name" .) (toString .Values.recovery.recoveryIndex) | trunc 63 | trimSuffix "-" -}}
  {{- end }}
 {{- end }}
 {{/*
 Generate recovery instance name
 */}}
 {{- define "cluster.recoveryInstanceName" -}}
  {{- if .Values.recovery.recoveryInstanceName -}}
    {{- .Values.recovery.recoveryInstanceName -}}
  {{- else -}}
    {{ include "cluster.name" . }}
  {{- end }}
--- a/charts/postgres-cluster/values.yaml
+++ b/charts/postgres-cluster/values.yaml
@@ -24,7 +24,6 @@ cluster:
  image:
    repository: ghcr.io/cloudnative-pg/postgresql
    tag: "16.2"
    majorVersion: "16"
    pullPolicy: IfNotPresent
  # The UID and GID of the postgres user inside the image
@@ -44,7 +43,7 @@ cluster:
      cpu: 10m
    limits:
      memory: 1Gi
-      cpu: 100m
+      cpu: 800m
      hugepages-2Mi: 256Mi
  # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration
@@ -108,11 +107,14 @@ recovery:
  # Specifies secret that contains S3 credentials, should contain the keys ACCESS_KEY_ID and ACCESS_SECRET_KEY
  endpointCredentials: ""
-  # Generate external cluster name, uses: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}"
+  # Generate external cluster name, uses: {{ .Release.Name }}postgresql-<major version>-cluster-backup-index-{{ .Values.recovery.recoveryIndex }}
  recoveryIndex: 1
  # Name of the recovery cluster in the object store, defaults to "cluster.name"
-  recoveryName: ""
+  recoveryServerName: ""
  # Name of the recovery cluster in the object store, defaults to ".Release.Name"
  recoveryInstanceName: ""
  wal:
    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
@@ -171,6 +173,9 @@ backup:
  # Generate external cluster name, creates: postgresql-{{ .Release.Name }}-cluster-backup-index-{{ .Values.backups.backupIndex }}"
  backupIndex: 1
  # Name of the backup cluster in the object store, defaults to "cluster.name"
  backupName: ""
  wal:
    # WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.
    compression: snappy
--- a/charts/taiga/Chart.yaml
+++ b/charts/taiga/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: taiga
-version: 0.1.2
+version: 0.2.0
 description: Chart for Taiga
 keywords:
  - kanban
@@ -14,11 +14,11 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
 dependencies:
  - name: rabbitmq
-    version: 13.0.3
+    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
-    alias: taiga-async-rabbitmq
+    alias: async-rabbitmq
  - name: rabbitmq
-    version: 13.0.3
+    version: 14.0.1
    repository: https://charts.bitnami.com/bitnami
-    alias: taiga-events-rabbitmq
+    alias: events-rabbitmq
 appVersion: 6.7.7
--- a/charts/taiga/templates/deployment-back.yaml
+++ b/charts/taiga/templates/deployment-back.yaml
@@ -213,7 +213,7 @@ spec:
              value: "False"
          {{ end }}
-          {{ if .Values.trelloImporter }}
+          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
@@ -232,12 +232,12 @@ spec:
          {{ end }}
            - name: RABBITMQ_USER
-              value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
-                  name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
-                  key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
@@ -437,7 +437,7 @@ spec:
              value: "False"
          {{ end }}
-          {{ if .Values.trelloImporter }}
+          {{ if .Values.trelloImporter.enabled }}
            - name: ENABLE_TRELLO_IMPORTER
              value: "True"
            - name: TRELLO_IMPORTER_API_KEY
@@ -456,12 +456,12 @@ spec:
          {{ end }}
            - name: RABBITMQ_USER
-              value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
+              value: "{{ index .Values "async-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
-                  name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
+                  name: {{ index .Values "async-rabbitmq" "auth" "existingPasswordSecret" }}
-                  key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
+                  key: {{ index .Values "async-rabbitmq" "auth" "existingSecretPasswordKey" }}
          {{ if .Values.ingress.enabled }}
            - name: TAIGA_SITES_DOMAIN
--- a/charts/taiga/templates/deployment-events.yaml
+++ b/charts/taiga/templates/deployment-events.yaml
@@ -46,8 +46,8 @@ spec:
      securityContext:
        {{- with .Values.events.securityContext }}
        {{ toYaml . | nindent 8 }}
-        {{- end }}
+      {{- end }}
-        containers:
+      containers:
        - name: {{ template "taiga.fullname" . }}-events
          image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
          imagePullPolicy: {{ .Values.events.image.pullPolicy }}
@@ -55,7 +55,10 @@ spec:
            {{ toYaml .Values.events.resources | nindent 12 }}
          ports:
            - name: taiga-events
-              containerPort: {{ .Values.events.service.port }}
+              containerPort: {{ .Values.events.service.http.port }}
              protocol: TCP
            - name: taiga-app
              containerPort: {{ .Values.events.service.app.port }}
              protocol: TCP
          env:
            - name: TAIGA_SECRET_KEY
@@ -64,18 +67,20 @@ spec:
                  name: "{{ .Values.secretKey.existingSecretName }}"
                  key: "{{ .Values.secretKey.existingSecretKey }}"
            - name: RABBITMQ_USER
-              value: "{{ index .Values "taiga-events-rabbitmq" "auth" "username" }}"
+              value: "{{ index .Values "events-rabbitmq" "auth" "username" }}"
            - name: RABBITMQ_PASS
              valueFrom:
                secretKeyRef:
-                  name: {{ index .Values "taiga-events-rabbitmq" "auth" "existingPasswordSecret" }}
+                  name: {{ index .Values "events-rabbitmq" "auth" "existingPasswordSecret" }}
-                  key: {{ index .Values "taiga-events-rabbitmq" "auth" "existingSecretPasswordKey" }}
+                  key: {{ index .Values "events-rabbitmq" "auth" "existingSecretPasswordKey" }}
            - name: APP_PORT
              value: "{{ .Values.events.service.app.port }}"
          {{- if .Values.events.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
-              path: /admin/login/
+              path: /healthz
-              port: {{ .Values.events.service.port }}
+              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
@@ -86,8 +91,8 @@ spec:
          {{- if .Values.events.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
-              path: /admin/login/
+              path: /healthz
-              port: {{ .Values.events.service.port }}
+              port: {{ .Values.events.service.app.port }}
            initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
            timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
--- a/charts/taiga/templates/deployment-front.yaml
+++ b/charts/taiga/templates/deployment-front.yaml
@@ -72,6 +72,8 @@ spec:
              value: "false"
            - name: ENABLE_GITLAB_AUTH
              value: "false"
            - name: ENABLE_OIDC
              value: "{{ .Values.oidc.enabled }}"              
            - name: ENABLE_SLACK
              value: "{{ .Values.enableSlack }}"
            - name: ENABLE_GITHUB_IMPORTER
--- a/charts/taiga/templates/ingress.yaml
+++ b/charts/taiga/templates/ingress.yaml
@@ -48,6 +48,15 @@ spec:
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
        {{ if .Values.oidc.enabled }}
          - path: /oidc
            backend:
              service:
                name: "{{ template "taiga.fullname" . }}-back"
                port:
                  name: taiga-back
            pathType: ImplementationSpecific
        {{- end }}                  
          - path: /events
            backend:
              service:
--- a/charts/taiga/templates/service.yaml
+++ b/charts/taiga/templates/service.yaml
@@ -55,10 +55,14 @@ metadata:
 spec:
  type: {{ .Values.events.service.type }}
  ports:
-    - port: {{ .Values.events.service.port }}
+    - port: {{ .Values.events.service.http.port }}
      targetPort: taiga-events
      protocol: TCP
      name: taiga-events
    - port: {{ .Values.events.service.app.port }}
      targetPort: taiga-app
      protocol: TCP
      name: taiga-app
  selector:
    {{- include "taiga.events.matchLabels" . | nindent 4 }}
    {{- with .Values.events.service.extraSelectorLabels }}
--- a/charts/taiga/values.yaml
+++ b/charts/taiga/values.yaml
@@ -82,15 +82,15 @@ postgresql:
 oidc:
  enabled: false
  existingSecretName: ""
-  scopesKey: "" # "openid profile email"
+  scopesKey: ""                  # "openid profile email"
-  signatureAlgorithmKey: "" # "RS256"
+  signatureAlgorithmKey: ""      # "RS256"
-  clientIdKey: "" # <generate from auth provider>
+  clientIdKey: ""                # <generate from auth provider>
-  clientSecretKey: "" # <generate from auth provider>
+  clientSecretKey: ""            # <generate from auth provider>
-  baseUrlKey: "" # "https://id.fedoraproject.org/openidc"
+  baseUrlKey: ""                 # "https://id.fedoraproject.org/openidc"
-  jwksEndpointKey: "" # "https://id.fedoraproject.org/openidc/Jwks"
+  jwksEndpointKey: ""            # "https://id.fedoraproject.org/openidc/Jwks"
-  authorizationEndpointKey: "" # "https://id.fedoraproject.org/openidc/Authorization"
+  authorizationEndpointKey: ""   # "https://id.fedoraproject.org/openidc/Authorization"
-  tokenEndpointKey: "" # "https://id.fedoraproject.org/openidc/Token"
+  tokenEndpointKey: ""           # "https://id.fedoraproject.org/openidc/Token"
-  userEndpointKey: "" # "https://id.fedoraproject.org/openidc/UserInfo"
+  userEndpointKey: ""            # "https://id.fedoraproject.org/openidc/UserInfo"
 ## SMTP mail delivery configuration
 ## ref: https://taigaio.github.io/taiga-doc/dist/setup-production.html
@@ -347,7 +347,7 @@ async:
 ## Async Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
-taiga-async-rabbitmq:
+async-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
@@ -487,13 +487,18 @@ events:
    # -- Allow adding additional match labels
    extraSelectorLabels: {}
-    # -- HTTP port number
+    http:
-    port: 8888
+      # -- HTTP port number
      port: 8888
    app:
      # -- HTTP port number
      port: 3023
 ## Events Rabbitmq
 ## https://artifacthub.io/packages/helm/bitnami/rabbitmq?modal=values-schema
 ##
-taiga-events-rabbitmq:
+events-rabbitmq:
  auth:
    ## @param auth.username RabbitMQ application username
    ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables
--- a/charts/tubearchivist/Chart.yaml
+++ b/charts/tubearchivist/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: tubearchivist
-version: 0.2.0
+version: 0.2.3
 description: Chart for Tube Archivist
 keywords:
  - download
@@ -14,7 +14,7 @@ maintainers:
 icon: https://avatars.githubusercontent.com/u/102734415?s=48&v=4
 dependencies:
  - name: redis
-    version: 19.1.0
+    version: 19.1.2
    repository: https://charts.bitnami.com/bitnami
  - name: elasticsearch
    version: 20.0.4
--- a/charts/tubearchivist/values.yaml
+++ b/charts/tubearchivist/values.yaml
@@ -20,18 +20,18 @@ service:
    port: 8000
 ingress:
  enabled: false
-  className:
+  className: ""
-  annotations:
+  annotations: ""
-  host:
+  host: ""
 persistence:
  cache:
    enabled: false
-    storageClassName: default
+    storageClassName: ""
    storageSize: 5Gi
    accessMode: ReadWriteOnce
    volumeMode: Filesystem
  youtube:
-    claimName:
+    claimName: ""
 redis:
  image:
    repository: redis/redis-stack-server
@@ -48,17 +48,17 @@ redis:
    loadmodule /opt/redis-stack/lib/rejson.so
 elasticsearch:
  global:
-    storageClass: default
+    storageClass: ""
  extraEnvVars:
    - name: "discovery.type"
      value: "single-node"
    - name: xpack.security.enabled
      value: "true"
-  extraEnvVarsSecret:
+  extraEnvVarsSecret: []
  extraConfig:
    path:
      repo: /usr/share/elasticsearch/data/snapshot
-  extraVolumes:
+  extraVolumes: []
  extraVolumeMounts:
    - name: snapshot
      mountPath: /usr/share/elasticsearch/data/snapshot
Author	SHA1	Message	Date
alexlebens	f06aa3a175	add lazy-librarian	2024-04-21 03:59:25 -06:00
alexlebens	9abeba8f9d	add penpot	2024-04-19 21:34:56 -06:00
alexlebens	1f498323a4	change postgres settings to import only password from secret	2024-04-19 05:41:38 -06:00
alexlebens	646e3a2c36	grant read to unlogged users	2024-04-19 05:32:28 -06:00
alexlebens	197ca6ef81	add quotes around default vhost of /	2024-04-19 05:22:14 -06:00
alexlebens	b8780a7339	add default vhost	2024-04-19 05:05:10 -06:00
alexlebens	b90968ea85	fix scanner image name	2024-04-19 05:01:23 -06:00
alexlebens	d3275f8067	create switch if various api keys are provided	2024-04-19 04:58:46 -06:00
alexlebens	649f362824	remove extra configuration from rabbitmq	2024-04-19 04:54:03 -06:00
alexlebens	732761d73b	fix default vhost	2024-04-19 04:50:49 -06:00
alexlebens	0e7627cb7d	fix oidc values path	2024-04-19 04:41:22 -06:00
alexlebens	d81c246b35	add kyoo	2024-04-19 04:08:55 -06:00
renovate[bot]	b97dd1f892	Update Helm release redis to v19.1.2 (#39 ) * Update Helm release redis to v19.1.2 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-18 22:02:37 -06:00
alexlebens	0b8374753d	change default cpu limit	2024-04-18 05:49:15 -06:00
alexlebens	cb29afdcb2	fix source server naming	2024-04-18 05:35:06 -06:00
alexlebens	4f366535c3	change default cpu limit	2024-04-18 04:35:42 -06:00
alexlebens	f32ef77551	add additional options for recovery	2024-04-18 03:43:52 -06:00
alexlebens	d02f649164	remove default option in bootstrap helper	2024-04-18 03:27:00 -06:00
alexlebens	3b50ca2bfe	fix comparision operator position	2024-04-18 01:51:06 -06:00
alexlebens	17796a1183	increment chart version	2024-04-18 01:48:03 -06:00
alexlebens	512b1d4243	set default value for comparision	2024-04-18 01:47:46 -06:00
alexlebens	a2b0cdd5b6	fix ordering of comparision operator	2024-04-18 01:39:33 -06:00
alexlebens	e79af169b9	calculate length of array separately	2024-04-18 01:35:19 -06:00
alexlebens	661f9342b9	fix length measurement of database	2024-04-18 01:17:16 -06:00
alexlebens	9d1244c7a1	remove patch from image tag	2024-04-18 01:07:36 -06:00
alexlebens	0dc50bf88f	change default cluster name to start with release	2024-04-17 20:01:47 -06:00
alexlebens	75accbbf87	use semver function to pull major version into cluster name	2024-04-17 20:00:06 -06:00
alexlebens	19fbd95a79	change templating for cluster naming	2024-04-17 19:45:08 -06:00
alexlebens	d73c42fd42	change default values	2024-04-17 19:15:54 -06:00
renovate[bot]	6399a8ca97	Update Helm release rabbitmq to v14 (#34 ) * Update Helm release rabbitmq to v14 * update chart * align comments for readability --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:13:57 -06:00
renovate[bot]	580c7da73a	Update Helm release redis to v19.1.1 (#18 ) * Update Helm release redis to v19.1.1 * update charts * fix indentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:09:36 -06:00
renovate[bot]	11d47799f1	Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7 (#36 ) * Update dock.mau.dev/mautrix/whatsapp Docker tag to v0.10.7 * update helm chart * fix indentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:05:30 -06:00
renovate[bot]	7d825da72d	Update linuxserver/code-server Docker tag to v4.23.1 (#35 ) * Update linuxserver/code-server Docker tag to v4.23.1 * update helm chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:05:16 -06:00
renovate[bot]	adf49292bd	Update halfshot/matrix-hookshot Docker tag to v5.3.0 (#38 ) * Update halfshot/matrix-hookshot Docker tag to v5.3.0 * update chart * fix linting errors --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: alexlebens <alexanderlebens@gmail.com>	2024-04-17 19:03:21 -06:00
renovate[bot]	63e69df14a	Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12 (#37 ) * Update ghcr.io/gethomepage/homepage Docker tag to v0.8.12 * update chart --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Alex Lebens <alexanderlebens@gmail.com>	2024-04-17 18:55:36 -06:00
alexlebens	7bd8a4525a	if oidc is enabled add an ingress path to the backend	2024-04-17 04:42:51 -06:00
alexlebens	a860789056	add env to front deployment about oidc enablement	2024-04-15 03:31:49 -06:00
alexlebens	58f89640a8	fix naming of changed rabbitmq charts	2024-04-15 02:47:45 -06:00
alexlebens	132e086d6d	change rabbitmq chart naming to generate proper dns and app names	2024-04-15 02:44:10 -06:00
alexlebens	617505ee99	fix length of app port	2024-04-13 23:37:58 -06:00
alexlebens	34a21702ab	fix http service value	2024-04-13 23:32:48 -06:00
alexlebens	15d3253af9	fix events app port to service and port	2024-04-13 23:28:03 -06:00
alexlebens	90970ef172	fix events health endpoint	2024-04-13 23:19:59 -06:00
alexlebens	0d6f789ffd	increment chart version	2024-04-13 23:14:21 -06:00
alexlebens	f968776cd0	fix trello importer switch for async container	2024-04-13 23:13:44 -06:00
alexlebens	0b2beb08b7	fix indentation of events deployment	2024-04-13 23:11:44 -06:00
alexlebens	8fae31a679	properly enable/disable trello importer	2024-04-13 23:07:20 -06:00
alexlebens	f67ac05610	fix indentation	2024-04-13 23:05:03 -06:00