migration to next

2025-03-02 16:56:16 -06:00
parent 1693ecd0ae
commit 9fe661cf24
342 changed files with 166 additions and 159 deletions
--- a/clusters/cl01tl/applications/audiobookshelf/Chart.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/Chart.yaml
@@ -1,23 +0,0 @@
-apiVersion: v2
-name: audiobookshelf
-version: 1.0.0
-description: Audiobookshelf
-keywords:
-  - audiobookshelf
-  - books
-  - podcasts
-  - audiobooks
-home: https://wiki.alexlebens.dev/doc/audiobookshelf-uNciuFjzDw
-sources:
-  - https://github.com/advplyr/audiobookshelf
-  - https://github.com/advplyr/audiobookshelf/pkgs/container/audiobookshelf
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: audiobookshelf
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/audiobookshelf.png
-appVersion: 2.17.5
--- a/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/external-secret.yaml
@@ -1,116 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: audiobookshelf-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: audiobookshelf-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: audiobookshelf-metadata-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: audiobookshelf-metadata-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/audiobookshelf/audiobookshelf-metadata"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume-claim.yaml
@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: audiobookshelf-nfs-storage-backup
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: audiobookshelf-nfs-storage-backup
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeMode: Filesystem
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: audiobookshelf-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: audiobookshelf-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: audiobookshelf-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: audiobookshelf-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: audiobookshelf-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/templates/replication-source.yaml
@@ -1,56 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: audiobookshelf-config-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: audiobookshelf-config-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: audiobookshelf-config
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: audiobookshelf-config-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
-
-# ---
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: audiobookshelf-metadata-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: audiobookshelf-metadata-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: audiobookshelf-metadata
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: audiobookshelf-metadata-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/audiobookshelf/values.yaml
+++ b/clusters/cl01tl/applications/audiobookshelf/values.yaml
@@ -1,80 +0,0 @@
-audiobookshelf:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/advplyr/audiobookshelf
-            tag: 2.19.5
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 80
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: audiobookshelf-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: audiobookshelf
-                port: 80
-      tls:
-        - hosts:
-            - audiobookshelf-cl01tl
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 2Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    metadata:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /metadata
-              readOnly: false
-    backup:
-      existingClaim: audiobookshelf-nfs-storage-backup
-      advancedMounts:
-        main:
-          main:
-            - path: /metadata/backups
-              readOnly: false
-    audiobooks:
-      existingClaim: audiobookshelf-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /mnt/store/
-              readOnly: false
--- a/clusters/cl01tl/applications/calibre-web-automated/Chart.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/Chart.yaml
@@ -1,21 +0,0 @@
-apiVersion: v2
-name: calibre-web-automated
-version: 1.0.0
-description: Calibre Web Automated
-keywords:
-  - calibre-web-automated
-  - books
-home: https://wiki.alexlebens.dev/doc/calibre-web-automated-1SMf1jPFsb
-sources:
-  - https://github.com/crocodilestick/Calibre-Web-Automator
-  - https://hub.docker.com/r/crocodilestick/calibre-web-automated
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: calibre-web-automated
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/calibre-web.png
-appVersion: V2.1.2
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/external-secret.yaml
@@ -1,82 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: calibre-web-automated-gmail-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-gmail-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: gmail.json
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/calibre-web/gmail
-        metadataPolicy: None
-        property: gmail.json
-
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: calibre-web-automated-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: calibre-web-automated-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/calibre-web-automated/calibre-web-automated-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume-claim.yaml
@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: calibre-web-automated-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: calibre-web-automated-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: calibre-web-automated-ingest-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: calibre-web-automated-ingest-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/persistent-volume.yaml
@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-web-automated-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Calibre
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
-
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: calibre-web-automated-ingest-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: calibre-web-automated-ingest-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Calibre Import
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/templates/replication-source.yaml
@@ -1,30 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: calibre-web-automated-config-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: calibre-web-automated-config-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: calibre-web-automated-config
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: calibre-web-automated-config-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 1000
-#       runAsGroup: 100
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/calibre-web-automated/values.yaml
+++ b/clusters/cl01tl/applications/calibre-web-automated/values.yaml
@@ -1,155 +0,0 @@
-calibre-web-automated:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: crocodilestick/calibre-web-automated
-            tag: V3.0.4
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: PUID
-              value: 1000
-            - name: PGID
-              value: 100
-            - name: DOCKER_MODS
-              value: lscr.io/linuxserver/mods:universal-calibre-v7.23.0
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-    downloader:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/calibrain/calibre-web-automated-book-downloader
-            tag: latest@sha256:90d16b6d27c054f607a17ad47d99944e474b5957be5a43400e9341af52c5c3f7
-            pullPolicy: IfNotPresent
-          env:
-            - name: FLASK_PORT
-              value: 8084
-            - name: UID
-              value: 1000
-            - name: GID
-              value: 100
-            - name: USE_CF_BYPASS
-              value: true
-            - name: CLOUDFLARE_PROXY_URL
-              value: http://localhost:8000
-            - name: INGEST_DIR
-              value: /cwa-book-ingest
-            - name: BOOK_LANGUAGE
-              value: end
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-        bypass:
-          image:
-            repository: ghcr.io/sarperavci/cloudflarebypassforscraping
-            tag: latest@sha256:e937223b9321168efec4ce4b60958d399b6dde37791ea6dc67d05b057c0f167e
-            pullPolicy: IfNotPresent
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 8083
-          targetPort: 8083
-          protocol: HTTP
-    downloader:
-      controller: downloader
-      ports:
-        http:
-          port: 8084
-          targetPort: 8084
-          protocol: HTTP
-  ingress:
-    tailscale-main:
-      enabled: true
-      className: tailscale
-      labels:
-        tailscale.com/proxy-class: no-metrics
-      hosts:
-        - host: calibre-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: calibre-web-automated-main
-                port: 8083
-      tls:
-        - hosts:
-            - calibre-cl01tl
-    tailscale-downloader:
-      enabled: true
-      className: tailscale
-      labels:
-        tailscale.com/proxy-class: no-metrics
-      hosts:
-        - host: calibre-downloader-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: calibre-web-automated-downloader
-                port: 8084
-      tls:
-        - hosts:
-            - calibre-downloader-cl01tl
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    gmail:
-      enabled: true
-      type: secret
-      name: calibre-web-automated-gmail-config
-      advancedMounts:
-        main:
-          main:
-            - path: /app/calibre-web/gmail.json
-              readOnly: true
-              mountPropagation: None
-              subPath: gmail.json
-    books:
-      existingClaim: calibre-web-automated-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /calibre-library
-              readOnly: false
-    ingest:
-      existingClaim: calibre-web-automated-ingest-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /cwa-book-ingest
-              readOnly: false
-        downloader:
-          main:
-            - path: /cwa-book-ingest
-              readOnly: false
--- a/clusters/cl01tl/applications/code-server/Chart.yaml
+++ b/clusters/cl01tl/applications/code-server/Chart.yaml
@@ -1,28 +0,0 @@
-apiVersion: v2
-name: code-server
-version: 1.0.0
-description: Code Server
-keywords:
-  - code-server
-  - code
-  - ide
-home: https://wiki.alexlebens.dev/doc/code-server-1WziinqCFS
-sources:
-  - https://github.com/coder/code-server
-  - https://github.com/cloudflare/cloudflared
-  - https://hub.docker.com/r/linuxserver/code-server
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: code-server
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/code-server.png
-appVersion: 4.96.1
--- a/clusters/cl01tl/applications/code-server/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/code-server/templates/external-secret.yaml
@@ -1,55 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: codeserver-password-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: codeserver-password-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/code-server/auth
-        metadataPolicy: None
-        property: PASSWORD
-    - secretKey: SUDO_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/code-server/auth
-        metadataPolicy: None
-        property: SUDO_PASSWORD
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: code-server-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: code-server-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/codeserver
-        metadataPolicy: None
-        property: token
--- a/clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/code-server/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: code-server-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: code-server-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeMode: Filesystem
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/code-server/values.yaml
+++ b/clusters/cl01tl/applications/code-server/values.yaml
@@ -1,49 +0,0 @@
-code-server:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/linuxserver/code-server
-            tag: 4.97.2@sha256:733c98b11faf45078c2a98cb1049fa10f386a725c893e867b82b4349ad4c5944
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: PUID
-              value: 1000
-            - name: PGID
-              value: 1000
-            - name: DEFAULT_WORKSPACE
-              value: /config
-          envFrom:
-            - secretRef:
-                name: codeserver-password-secret
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 8443
-          targetPort: 8443
-          protocol: HTTP
-  persistence:
-    config:
-      existingClaim: code-server-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-cloudflared:
-  existingSecretName: code-server-cloudflared-secret
--- a/clusters/cl01tl/applications/directus/Chart.yaml
+++ b/clusters/cl01tl/applications/directus/Chart.yaml
@@ -1,44 +0,0 @@
-apiVersion: v2
-name: directus
-version: 1.0.0
-description: Directus
-keywords:
-  - directus
-  - cms
-home: https://wiki.alexlebens.dev/doc/directus-EvV9wese9H
-sources:
-  - https://github.com/directus/directus
-  - https://github.com/minio/operator
-  - https://github.com/valkey-io/valkey
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://hub.docker.com/r/directus/directus
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/minio/operator/tree/master/helm/tenant
-  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
-  - https://github.com/alexlebens/helm-charts/charts/cloudflared
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: directus
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: tenant
-    alias: minio
-    version: 7.0.0
-    repository: https://operator.min.io/
-  - name: valkey
-    version: 2.4.0
-    repository: https://charts.bitnami.com/bitnami
-  - name: cloudflared
-    alias: cloudflared-directus
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/directus.png
-appVersion: 11.3.2
--- a/clusters/cl01tl/applications/directus/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/directus/templates/external-secret.yaml
@@ -1,247 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: admin-email
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/config
-        metadataPolicy: None
-        property: admin-email
-    - secretKey: admin-password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/config
-        metadataPolicy: None
-        property: admin-password
-    - secretKey: secret
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/config
-        metadataPolicy: None
-        property: secret
-    - secretKey: key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/config
-        metadataPolicy: None
-        property: key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-valkey-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-valkey-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: user
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/valkey
-        metadataPolicy: None
-        property: user
-    - secretKey: password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/valkey
-        metadataPolicy: None
-        property: password
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: OIDC_CLIENT_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/directus
-        metadataPolicy: None
-        property: client
-    - secretKey: OIDC_CLIENT_SECRET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/directus
-        metadataPolicy: None
-        property: secret
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-minio-user-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-minio-user-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/minio/auth
-        metadataPolicy: None
-        property: AWS_ACCESS_KEY_ID
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/minio/auth
-        metadataPolicy: None
-        property: AWS_SECRET_ACCESS_KEY
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-minio-root-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-minio-root-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/minio/config
-        metadataPolicy: None
-        property: root-config.env
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-minio-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-minio-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/directus/minio/config
-        metadataPolicy: None
-        property: config.env
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/directus
-        metadataPolicy: None
-        property: token
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: directus-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: directus-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/directus/values.yaml
+++ b/clusters/cl01tl/applications/directus/values.yaml
@@ -1,206 +0,0 @@
-directus:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: directus/directus
-            tag: 11.5.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: PUBLIC_URL
-              value: https://directus.alexlebens.dev
-            - name: WEBSOCKETS_ENABLED
-              value: true
-            - name: ADMIN_EMAIL
-              valueFrom:
-                secretKeyRef:
-                  name: directus-config
-                  key: admin-email
-            - name: ADMIN_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: directus-config
-                  key: admin-password
-            - name: SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: directus-config
-                  key: secret
-            - name: KEY
-              valueFrom:
-                secretKeyRef:
-                  name: directus-config
-                  key: key
-            - name: DB_CLIENT
-              value: postgres
-            - name: DB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: directus-postgresql-17-cluster-app
-                  key: host
-            - name: DB_DATABASE
-              valueFrom:
-                secretKeyRef:
-                  name: directus-postgresql-17-cluster-app
-                  key: dbname
-            - name: DB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: directus-postgresql-17-cluster-app
-                  key: port
-            - name: DB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: directus-postgresql-17-cluster-app
-                  key: user
-            - name: DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: directus-postgresql-17-cluster-app
-                  key: password
-            - name: REDIS_ENABLED
-              value: true
-            - name: REDIS_HOST
-              value: directus-valkey-primary
-            - name: REDIS_PORT
-              value: 6379
-            - name: REDIS_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: directus-valkey-config
-                  key: user
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: directus-valkey-config
-                  key: password
-            - name: STORAGE_LOCATIONS
-              value: s3
-            - name: STORAGE_S3_DRIVER
-              value: s3
-            - name: STORAGE_S3_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: directus-minio-user-secret
-                  key: AWS_ACCESS_KEY_ID
-            - name: STORAGE_S3_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: directus-minio-user-secret
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: STORAGE_S3_BUCKET
-              value: directus
-            - name: STORAGE_S3_REGION
-              value: us-east-1
-            - name: STORAGE_S3_ENDPOINT
-              value: http://minio.directus:80
-            - name: STORAGE_S3_FORCE_PATH_STYLE
-              value: "true"
-            - name: AUTH_PROVIDERS
-              value: AUTHENTIK
-            - name: AUTH_AUTHENTIK_DRIVER
-              value: openid
-            - name: AUTH_AUTHENTIK_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: directus-oidc-secret
-                  key: OIDC_CLIENT_ID
-            - name: AUTH_AUTHENTIK_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: directus-oidc-secret
-                  key: OIDC_CLIENT_SECRET
-            - name: AUTH_AUTHENTIK_SCOPE
-              value: openid profile email
-            - name: AUTH_AUTHENTIK_ISSUER_URL
-              value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration
-            - name: AUTH_AUTHENTIK_IDENTIFIER_KEY
-              value: email
-            - name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION
-              value: true
-            - name: AUTH_AUTHENTIK_LABEL
-              value: Authentik Login
-            - name: TELEMETRY
-              value: false
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 8055
-          protocol: TCP
-minio:
-  existingSecret:
-    name: directus-minio-root-secret
-  tenant:
-    name: minio-directus
-    configuration:
-      name: directus-minio-config-secret
-    pools:
-      - servers: 3
-        name: pool
-        volumesPerServer: 2
-        size: 10Gi
-        storageClassName: ceph-block
-    mountPath: /export
-    subPath: /data
-    metrics:
-      enabled: true
-      port: 9000
-      protocol: http
-    certificate:
-      requestAutoCert: false
-  ingress:
-    console:
-      enabled: true
-      ingressClassName: tailscale
-      tls:
-        - secretName: minio-directus-cl01tl
-          hosts:
-            - minio-directus-cl01tl
-      host: minio-directus-cl01tl
-      path: /
-      pathType: Prefix
-valkey:
-  architecture: standalone
-  auth:
-    enabled: true
-    existingSecret: directus-valkey-config
-    existingSecretPasswordKey: password
-    usePasswordFiles: false
-  primary:
-    persistence:
-      enabled: false
-  replica:
-    persistence:
-      enabled: false
-cloudflared-directus:
-  name: cloudflared-directus
-  existingSecretName: directus-cloudflared-secret
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    monitoring:
-      enabled: true
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-17-cluster
-    endpointCredentials: directus-postgresql-17-cluster-backup-secret
-    backupIndex: 1
--- a/clusters/cl01tl/applications/element-web/Chart.yaml
+++ b/clusters/cl01tl/applications/element-web/Chart.yaml
@@ -1,27 +0,0 @@
-apiVersion: v2
-name: element-web
-version: 1.0.0
-description: Element Web
-keywords:
-  - element-web
-  - chat
-  - matrix
-home: https://wiki.alexlebens.dev/doc/element-web-R4dzXXspgr
-sources:
-  - https://github.com/element-hq/element-web
-  - https://github.com/cloudflare/cloudflared
-  - https://hub.docker.com/r/vectorim/element-web
-  - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: element-web
-    version: 1.4.3
-    repository: https://ananace.gitlab.io/charts
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/element.png
-appVersion: v1.11.88
--- a/clusters/cl01tl/applications/element-web/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/element-web/templates/external-secret.yaml
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: element-web-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: element-web-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/element
-        metadataPolicy: None
-        property: token
--- a/clusters/cl01tl/applications/element-web/values.yaml
+++ b/clusters/cl01tl/applications/element-web/values.yaml
@@ -1,28 +0,0 @@
-element-web:
-  replicaCount: 1
-  image:
-    repository: vectorim/element-web
-    tag: v1.11.93
-    pullPolicy: IfNotPresent
-  defaultServer:
-    url: https://matrix.alexlebens.dev
-    name: alexlebens.dev
-    identity_url: https://alexlebens.dev
-  config:
-    disable_3pid_login: true
-    brand: "Alex Lebens"
-    branding:
-      welcome_background_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
-      auth_header_logo_url: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-    sso_redirect_options:
-      immediate: true
-    default_theme: dark
-    default_country_code: US
-  ingress:
-    enabled: false
-  resources:
-    requests:
-      cpu: 10m
-      memory: 128Mi
-cloudflared:
-  existingSecretName: element-web-cloudflared-secret
--- a/clusters/cl01tl/applications/freshrss/Chart.yaml
+++ b/clusters/cl01tl/applications/freshrss/Chart.yaml
@@ -1,33 +0,0 @@
-apiVersion: v2
-name: freshrss
-version: 1.0.0
-description: FreshRSS
-keywords:
-  - freshrss
-  - rss
-home: https://wiki.alexlebens.dev/doc/freshrss-W6nFVTmKJw
-sources:
-  - https://github.com/FreshRSS/FreshRSS
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://hub.docker.com/r/freshrss/freshrss
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: freshrss
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/freshrss.png
-appVersion: 1.24.3
--- a/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/freshrss/templates/external-secret.yaml
@@ -1,192 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: freshrss-install-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: freshrss-install-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ADMIN_EMAIL
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/freshrss/config
-        metadataPolicy: None
-        property: ADMIN_EMAIL
-    - secretKey: ADMIN_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/freshrss/config
-        metadataPolicy: None
-        property: ADMIN_PASSWORD
-    - secretKey: ADMIN_API_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/freshrss/config
-        metadataPolicy: None
-        property: ADMIN_API_PASSWORD
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: freshrss-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: OIDC_CLIENT_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/freshrss
-        metadataPolicy: None
-        property: client
-    - secretKey: OIDC_CLIENT_SECRET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/freshrss
-        metadataPolicy: None
-        property: secret
-    - secretKey: OIDC_CLIENT_CRYPTO_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/freshrss
-        metadataPolicy: None
-        property: crypto-key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: freshrss-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: freshrss-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/freshrss
-        metadataPolicy: None
-        property: token
-
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: freshrss-data-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: freshrss-data-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/freshrss/freshrss-data"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: freshrss-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: freshrss-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/freshrss/templates/replication-source.yaml
@@ -1,37 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: freshrss-data-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: freshrss-data-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: freshrss-data
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: freshrss-data-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 568
-#       runAsGroup: 568
-#       fsGroup: 568
-#       fsGroupChangePolicy: OnRootMismatch
-#       supplementalGroups:
-#         - 44
-#         - 100
-#         - 109
-#         - 65539
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/freshrss/values.yaml
+++ b/clusters/cl01tl/applications/freshrss/values.yaml
@@ -1,187 +0,0 @@
-freshrss:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      initContainers:
-        init-download-extension-1:
-          securityContext:
-            runAsUser: 0
-          image:
-            repository: alpine
-            tag: 3.21.3
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              apk add --no-cache git;
-              cd /tmp;
-              git clone -n --depth=1 --filter=tree:0 https://github.com/cn-tools/cntools_FreshRssExtensions.git;
-              cd cntools_FreshRssExtensions;
-              git sparse-checkout set --no-cone /xExtension-YouTubeChannel2RssFeed;
-              git checkout;
-              rm -rf /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
-              cp -r xExtension-YouTubeChannel2RssFeed /var/www/FreshRSS/extensions
-              chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-        init-download-extension-2:
-          securityContext:
-            runAsUser: 0
-          image:
-            repository: alpine
-            tag: 3.21.3
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              apk add --no-cache git;
-              cd /tmp;
-              git clone -n --depth=1 --filter=tree:0 https://github.com/FreshRSS/Extensions.git;
-              cd Extensions;
-              git sparse-checkout set --no-cone /xExtension-ImageProxy;
-              git checkout;
-              rm -rf /var/www/FreshRSS/extensions/xExtension-ImageProxy
-              cp -r xExtension-ImageProxy /var/www/FreshRSS/extensions
-              chown -R 568:568 /var/www/FreshRSS/extensions/xExtension-YouTubeChannel2RssFeed
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-      containers:
-        main:
-          image:
-            repository: freshrss/freshrss
-            tag: 1.26.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: PGID
-              value: "568"
-            - name: PUID
-              value: "568"
-            - name: TZ
-              value: US/Central
-            - name: FRESHRSS_ENV
-              value: production
-            - name: CRON_MIN
-              value: 13,43
-            - name: BASE_URL
-              value: https://rss.alexlebens.dev
-            - name: DB_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: freshrss-postgresql-17-cluster-app
-                  key: host
-            - name: DB_BASE
-              valueFrom:
-                secretKeyRef:
-                  name: freshrss-postgresql-17-cluster-app
-                  key: dbname
-            - name: DB_USER
-              valueFrom:
-                secretKeyRef:
-                  name: freshrss-postgresql-17-cluster-app
-                  key: user
-            - name: DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: freshrss-postgresql-17-cluster-app
-                  key: password
-            - name: FRESHRSS_INSTALL
-              value: |
-                --api-enabled
-                --base-url $(BASE_URL)
-                --db-base $(DB_BASE)
-                --db-host $(DB_HOST)
-                --db-password $(DB_PASSWORD)
-                --db-type pgsql
-                --db-user $(DB_USER)
-                --auth-type http_auth
-                --default-user admin
-                --language en
-            - name: FRESHRSS_USER
-              value: |
-                --api-password $(ADMIN_API_PASSWORD)
-                --email $(ADMIN_EMAIL)
-                --language en
-                --password $(ADMIN_PASSWORD)
-                --user admin
-            - name: OIDC_ENABLED
-              value: 1
-            - name: OIDC_PROVIDER_METADATA_URL
-              value: https://auth.alexlebens.dev/application/o/freshrss/.well-known/openid-configuration
-            - name: OIDC_X_FORWARDED_HEADERS
-              value: X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
-            - name: OIDC_SCOPES
-              value: openid email profile
-            - name: OIDC_REMOTE_USER_CLAIM
-              value: preferred_username
-          envFrom:
-            - secretRef:
-                name: freshrss-oidc-secret
-            - secretRef:
-                name: freshrss-install-secret
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 80
-          protocol: HTTP
-  persistence:
-    data:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /var/www/FreshRSS/data
-              readOnly: false
-    extensions:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 1Gi
-      retain: true
-      advancedMounts:
-        main:
-          init-download-extension-1:
-            - path: /var/www/FreshRSS/extensions
-              readOnly: false
-          init-download-extension-2:
-            - path: /var/www/FreshRSS/extensions
-              readOnly: false
-          main:
-            - path: /var/www/FreshRSS/extensions
-              readOnly: false
-cloudflared:
-  existingSecretName: freshrss-cloudflared-secret
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    monitoring:
-      enabled: true
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-17-cluster
-    endpointCredentials: freshrss-postgresql-17-cluster-backup-secret
-    backupIndex: 2
--- a/clusters/cl01tl/applications/hoarder/Chart.yaml
+++ b/clusters/cl01tl/applications/hoarder/Chart.yaml
@@ -1,32 +0,0 @@
-apiVersion: v2
-name: hoarder
-version: 1.0.0
-description: Hoarder
-keywords:
-  - hoarder
-  - bookmarks
-home: https://wiki.alexlebens.dev/doc/hoarder-
-sources:
-  - https://github.com/hoarder-app/hoarder
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/meilisearch/meilisearch
-  - https://github.com/hoarder-app/hoarder/pkgs/container/hoarder
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
-  - https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: hoarder
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: meilisearch
-    version: 0.12.0
-    repository: https://meilisearch.github.io/meilisearch-kubernetes
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/hoarder.svg
-appVersion: 0.19.0
--- a/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/hoarder/templates/external-secret.yaml
@@ -1,164 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: hoarder-key-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: hoarder-key-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/hoarder/key
-        metadataPolicy: None
-        property: key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: hoarder-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: hoarder-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AUTHENTIK_CLIENT_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/hoarder
-        metadataPolicy: None
-        property: client
-    - secretKey: AUTHENTIK_CLIENT_SECRET
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/hoarder
-        metadataPolicy: None
-        property: secret
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: hoarder-meilisearch-master-key-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: hoarder-meilisearch-master-key-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: meilisearch
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: MEILI_MASTER_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/hoarder/meilisearch
-        metadataPolicy: None
-        property: MEILI_MASTER_KEY
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: hoarder-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: hoarder-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/hoarder
-        metadataPolicy: None
-        property: token
-
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: hoarder-data-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: hoarder-data-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/hoarder/hoarder-data"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/hoarder/templates/replication-source.yaml
@@ -1,27 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: hoarder-data-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: hoarder-data-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: hoarder-data
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: hoarder-data-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/hoarder/values.yaml
+++ b/clusters/cl01tl/applications/hoarder/values.yaml
@@ -1,128 +0,0 @@
-hoarder:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/hoarder-app/hoarder
-            tag: 0.22.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: DATA_DIR
-              value: /data
-            - name: NEXTAUTH_URL
-              value: https://hoarder.alexlebens.dev/
-            - name: NEXTAUTH_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: hoarder-key-secret
-                  key: key
-            - name: MEILI_ADDR
-              value: http://hoarder-meilisearch.hoarder:7700
-            - name: MEILI_MASTER_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: hoarder-meilisearch-master-key-secret
-                  key: MEILI_MASTER_KEY
-            - name: BROWSER_WEB_URL
-              value: http://hoarder.hoarder:9222
-            - name: DISABLE_SIGNUPS
-              value: false
-            - name: OAUTH_PROVIDER_NAME
-              value: "Authentik"
-            - name: OAUTH_WELLKNOWN_URL
-              value: https://auth.alexlebens.dev/application/o/hoarder/.well-known/openid-configuration
-            - name: OAUTH_SCOPE
-              value: "openid email profile"
-            - name: OAUTH_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: hoarder-oidc-secret
-                  key: AUTHENTIK_CLIENT_ID
-            - name: OAUTH_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: hoarder-oidc-secret
-                  key: AUTHENTIK_CLIENT_SECRET
-            - name: OLLAMA_BASE_URL
-              value: http://ollama-server-1.ollama:11434
-            - name: OLLAMA_KEEP_ALIVE
-              value: 5m
-            - name: INFERENCE_TEXT_MODEL
-              value: llama3.1:8b
-            - name: INFERENCE_IMAGE_MODEL
-              value: llama3.2-vision:11b
-            - name: EMBEDDING_TEXT_MODEL
-              value: mxbai-embed-large
-            - name: INFERENCE_JOB_TIMEOUT_SEC
-              value: 720
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-        chrome:
-          image:
-            repository: gcr.io/zenika-hub/alpine-chrome
-            tag: 124
-            pullPolicy: IfNotPresent
-          args:
-            - --no-sandbox
-            - --disable-gpu
-            - --disable-dev-shm-usage
-            - --remote-debugging-address=0.0.0.0
-            - --remote-debugging-port=9222
-            - --hide-scrollbars
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 3000
-          targetPort: 3000
-          protocol: HTTP
-        chrome:
-          port: 9222
-          targetPort: 9222
-          protocol: HTTP
-  persistence:
-    data:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /data
-              readOnly: false
-meilisearch:
-  environment:
-    MEILI_NO_ANALYTICS: true
-    MEILI_ENV: production
-  auth:
-    existingMasterKeySecret: hoarder-meilisearch-master-key-secret
-  service:
-    type: ClusterIP
-    port: 7700
-  persistence:
-    enabled: true
-    storageClass: ceph-block
-    size: 10Gi
-  resources:
-    requests:
-      cpu: 10m
-      memory: 128Mi
-  serviceMonitor:
-    enabled: true
-cloudflared:
-  existingSecretName: hoarder-cloudflared-secret
--- a/clusters/cl01tl/applications/homepage-dev/Chart.yaml
+++ b/clusters/cl01tl/applications/homepage-dev/Chart.yaml
@@ -1,27 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 1.0.0
-description: Homepage
-keywords:
-  - homepage
-  - dashboard
-home: https://wiki.alexlebens.dev/doc/homepage-dev-crZPAd8FEj
-sources:
-  - https://github.com/gethomepage/homepage
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/gethomepage/homepage/pkgs/container/homepage
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/cloudflared
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: homepage
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: cloudflared
-    alias: cloudflared
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/homepage.png
-appVersion: v0.10.0
--- a/clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/homepage-dev/templates/external-secret.yaml
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: homepage-dev-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage-dev-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/homepage-dev
-        metadataPolicy: None
-        property: token
--- a/clusters/cl01tl/applications/homepage-dev/values.yaml
+++ b/clusters/cl01tl/applications/homepage-dev/values.yaml
@@ -1,145 +0,0 @@
-homepage:
-  global:
-    nameOverride: homepage
-  controllers:
-    main:
-      type: deployment
-      annotations:
-        reloader.stakater.com/auto: "true"
-      strategy: Recreate
-      containers:
-        main:
-          image:
-            repository: ghcr.io/gethomepage/homepage
-            tag: v0.10.9
-            pullPolicy: IfNotPresent
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  configMaps:
-    config:
-      enabled: true
-      data:
-        docker.yaml: ""
-        kubernetes.yaml: ""
-        settings.yaml: |
-          favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-          headerStyle: clean
-          hideVersion: true
-          color: zinc
-          background:
-            image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
-            brightness: 50
-          theme: dark
-          disableCollapse: true
-        widgets.yaml: |
-          - logo:
-              icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-          - datetime:
-              text_size: xl
-              format:
-                dateStyle: long
-                timeStyle: short
-                hour12: false
-          - openmeteo:
-              label: St. Paul
-              latitude: 44.95
-              longitude: 93.09
-              units: metric
-              cache: 5
-        services.yaml: |
-          - Applications:
-              - Auth:
-                  icon: sh-authentik.svg
-                  description: Authentik
-                  href: https://auth.alexlebens.dev
-                  siteMonitor: https://auth.alexlebens.dev
-                  statusStyle: dot
-              - Site:
-                  icon: https://d21zlbwtcn424f.cloudfront.net/icon_white.png
-                  description: Profile Website
-                  href: https://www.alexlebens.dev
-                  siteMonitor: https://www.alexlebens.dev
-                  statusStyle: dot
-              - Content Management:
-                  icon: directus.png
-                  description: Directus
-                  href: https://directus.alexlebens.dev
-                  siteMonitor: https://directus.alexlebens.dev
-                  statusStyle: dot
-              - Chat:
-                  icon: sh-element.svg
-                  description: Matrix
-                  href: https://chat.alexlebens.dev
-                  siteMonitor: https://chat.alexlebens.dev
-                  statusStyle: dot
-              - Wiki:
-                  icon: sh-outline.svg
-                  description: Outline
-                  href: https://wiki.alexlebens.dev
-                  siteMonitor: https://wiki.alexlebens.dev
-                  statusStyle: dot
-              - Passwords:
-                  icon: sh-vaultwarden-light.svg
-                  description: Vaultwarden
-                  href: https://passwords.alexlebens.dev
-                  siteMonitor: https://passwords.alexlebens.dev
-                  statusStyle: dot
-              - Bookmarks:
-                  icon: sh-hoarder-light.svg
-                  description: Hoader
-                  href: https://hoarder.alexlebens.dev
-                  siteMonitor: https://hoarder.alexlebens.dev
-                  statusStyle: dot
-              - RSS:
-                  icon: sh-freshrss.svg
-                  description: FreshRSS
-                  href: https://rss.alexlebens.dev
-                  siteMonitor: https://rss.alexlebens.dev
-                  statusStyle: dot
-        bookmarks.yaml: ""
-  service:
-    http:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 3000
-          protocol: HTTP
-  persistence:
-    config:
-      enabled: true
-      type: configMap
-      name: homepage-dev-config
-      advancedMounts:
-        main:
-          main:
-            - path: /app/config/bookmarks.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: bookmarks.yaml
-            - path: /app/config/docker.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: docker.yaml
-            - path: /app/config/kubernetes.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: kubernetes.yaml
-            - path: /app/config/services.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: services.yaml
-            - path: /app/config/settings.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: settings.yaml
-            - path: /app/config/widgets.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: widgets.yaml
-cloudflared:
-  existingSecretName: homepage-dev-cloudflared-secret
--- a/clusters/cl01tl/applications/homepage/Chart.yaml
+++ b/clusters/cl01tl/applications/homepage/Chart.yaml
@@ -1,21 +0,0 @@
-apiVersion: v2
-name: homepage
-version: 1.0.0
-description: Homepage
-keywords:
-  - homepage
-  - dashboard
-home: https://wiki.alexlebens.dev/doc/homepage-s2clWoI5EC
-sources:
-  - https://github.com/gethomepage/homepage
-  - https://github.com/gethomepage/homepage/pkgs/container/homepage
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: homepage
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/homepage.png
-appVersion: v0.10.0
--- a/clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml
+++ b/clusters/cl01tl/applications/homepage/templates/cluster-role-binding.yaml
@@ -1,19 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: homepage
-subjects:
-  - kind: ServiceAccount
-    name: homepage
-    namespace: {{ .Release.Namespace }}
--- a/clusters/cl01tl/applications/homepage/templates/cluster-role.yaml
+++ b/clusters/cl01tl/applications/homepage/templates/cluster-role.yaml
@@ -1,51 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: homepage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - traefik.containo.us
-      - traefik.io
-    resources:
-      - ingressroutes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - metrics.k8s.io
-    resources:
-      - nodes
-      - pods
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions/status
-    verbs:
-      - get
--- a/clusters/cl01tl/applications/homepage/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/homepage/templates/external-secret.yaml
@@ -1,107 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: homepage-keys-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: homepage-keys-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /synology/auth/cl01tl
-        metadataPolicy: None
-        property: user
-    - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /synology/auth/cl01tl
-        metadataPolicy: None
-        property: password
-    - secretKey: HOMEPAGE_VAR_UNIFI_USER
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /unifi/auth/cl01tl
-        metadataPolicy: None
-        property: user
-    - secretKey: HOMEPAGE_VAR_UNIFI_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /unifi/auth/cl01tl
-        metadataPolicy: None
-        property: password
-    - secretKey: HOMEPAGE_VAR_SONARR_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/sonarr4/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_SONARR4K_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/sonarr4-4k/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/sonarr4-anime/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_RADARR_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/radarr5/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_RADARR4K_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/radarr5-4k/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/radarr5-anime/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/radarr5-standup/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_LIDARR2_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/lidarr2/key
-        metadataPolicy: None
-        property: key
-    - secretKey: HOMEPAGE_VAR_PROWLARR_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/prowlarr/key
-        metadataPolicy: None
-        property: key
--- a/clusters/cl01tl/applications/homepage/templates/service.yaml
+++ b/clusters/cl01tl/applications/homepage/templates/service.yaml
@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea-ps10rp
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: gitea-ps10rp
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: tailscale
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net
-spec:
-  externalName: placeholder
-  type: ExternalName
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: home-ps10rp
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: home-ps10rp
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: tailscale
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net
-spec:
-  externalName: placeholder
-  type: ExternalName
-
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-ps10rp
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: traefik-ps10rp
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: tailscale
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-  annotations:
-    tailscale.com/tailnet-fqdn: traefik-ps10rp.boreal-beaufort.ts.net
-spec:
-  externalName: placeholder
-  type: ExternalName
--- a/clusters/cl01tl/applications/homepage/values.yaml
+++ b/clusters/cl01tl/applications/homepage/values.yaml
@@ -1,697 +0,0 @@
-homepage:
-  global:
-    nameOverride: homepage
-  controllers:
-    main:
-      type: deployment
-      annotations:
-        reloader.stakater.com/auto: "true"
-      strategy: Recreate
-      containers:
-        main:
-          image:
-            repository: ghcr.io/gethomepage/homepage
-            tag: v0.10.9
-            pullPolicy: IfNotPresent
-          envFrom:
-            - secretRef:
-                name: homepage-keys-secret
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  serviceAccount:
-    create: true
-    name: homepage
-  configMaps:
-    config:
-      enabled: true
-      data:
-        docker.yaml: ""
-        kubernetes.yaml: |
-          mode: cluster
-        settings.yaml: |
-          favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-          headerStyle: clean
-          hideVersion: true
-          color: zinc
-          background:
-            image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background-3.jpg
-            brightness: 50
-          theme: dark
-          disableCollapse: true
-          layout:
-            - Media:
-                tab: Applications
-                icon: mdi-multimedia-#ffffff
-            - Public:
-                tab: Applications
-                icon: mdi-earth-#ffffff
-            - Internal:
-                tab: Applications
-                icon: mdi-security-network-#ffffff
-            - Code:
-                tab: Tools
-                icon: mdi-code-block-braces-#ffffff
-            - Monitoring:
-                tab: Tools
-                icon: mdi-chart-line-#ffffff
-            - Services:
-                tab: Services
-                icon: mdi-toolbox-outline-#ffffff
-            - Hardware:
-                tab: Services
-                icon: mdi-server-network-#ffffff
-            - Storage:
-                tab: Services
-                icon: mdi-database-#ffffff
-            - TV Shows:
-                tab: Servarr
-                icon: mdi-television-#ffffff
-            - Movies:
-                tab: Servarr
-                icon: mdi-filmstrip-#ffffff
-            - Music:
-                tab: Servarr
-                icon: mdi-music-box-multiple-#ffffff
-            - Services (Servarr):
-                tab: Servarr
-                icon: mdi-radar-#ffffff
-            - External Services:
-                tab: Bookmarks
-                icon: mdi-cloud-#ffffff
-            - Other Homes:
-                tab: Bookmarks
-                icon: mdi-cloud-#ffffff
-            - Trackers:
-                tab: Bookmarks
-                icon: mdi-cloud-#ffffff
-        widgets.yaml: |
-          - logo:
-              icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-          - kubernetes:
-              cluster:
-                show: true
-                cpu: true
-                memory: true
-                showLabel: true
-                label: "Cluster"
-              nodes:
-                show: false
-          - datetime:
-              text_size: xl
-              format:
-                dateStyle: long
-                timeStyle: short
-                hour12: false
-          - openmeteo:
-              label: St. Paul
-              latitude: 44.95
-              longitude: 93.09
-              units: metric
-              cache: 5
-        services.yaml: |
-          - Media:
-              - Plex:
-                  icon: sh-plex.svg
-                  description: Media server
-                  href: https://plex-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://plex.plex:32400
-                  statusStyle: dot
-              - Media Requests:
-                  icon: sh-overseerr.svg
-                  description: Overseer
-                  href: https://overseerr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://overseerr.overseerr:80
-                  statusStyle: dot
-              - Jellyfin:
-                  icon: sh-jellyfin.svg
-                  description: Media server
-                  href: https://jellyfin-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://jellyfin.jellyfin:80
-                  statusStyle: dot
-              - Youtube Archive:
-                  icon: sh-tube-archivist-light.png
-                  description: TubeAchivist
-                  href: https://tubearchivist-cl01tl.boreal-beaufort.ts.net/login
-                  siteMonitor: http://tubearchivist.tubearchivist:80
-                  statusStyle: dot
-              - Photos:
-                  icon: sh-immich.svg
-                  description: Immich
-                  href: https://immich-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://immich-main.immich:2283
-                  statusStyle: dot
-              - Podcasts and Audiobooks:
-                  icon: sh-audiobookshelf.svg
-                  description: Audiobookshelf
-                  href: https://audiobookshelf-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://audiobookshelf.audiobookshelf:80
-                  statusStyle: dot
-              - Books:
-                  icon: sh-calibre-web-light.svg
-                  description: Calibre Web Automated
-                  href: https://calibre-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://calibre-web-automated-main.calibre-web-automated:8083
-                  statusStyle: dot
-          - Public:
-              - Site:
-                  icon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/icon_white.png
-                  description: Profile Website
-                  href: https://www.alexlebens.dev
-                  siteMonitor: https://www.alexlebens.dev
-                  statusStyle: dot
-              - Content Management:
-                  icon: directus.png
-                  description: Directus
-                  href: https://directus.alexlebens.dev
-                  siteMonitor: https://directus.alexlebens.dev
-                  statusStyle: dot
-              - Chat:
-                  icon: sh-element.svg
-                  description: Matrix
-                  href: https://chat.alexlebens.dev
-                  siteMonitor: https://chat.alexlebens.dev
-                  statusStyle: dot
-              - Wiki:
-                  icon: sh-outline.svg
-                  description: Outline
-                  href: https://wiki.alexlebens.dev
-                  siteMonitor: https://wiki.alexlebens.dev
-                  statusStyle: dot
-              - Passwords:
-                  icon: sh-vaultwarden-light.svg
-                  description: Vaultwarden
-                  href: https://passwords.alexlebens.dev
-                  siteMonitor: https://passwords.alexlebens.dev
-                  statusStyle: dot
-              - Bookmarks:
-                  icon: sh-hoarder-light.svg
-                  description: Hoader
-                  href: https://hoarder.alexlebens.dev
-                  siteMonitor: https://hoarder.alexlebens.dev
-                  statusStyle: dot
-              - RSS:
-                  icon: sh-freshrss.svg
-                  description: FreshRSS
-                  href: https://rss.alexlebens.dev
-                  siteMonitor: https://rss.alexlebens.dev
-                  statusStyle: dot
-          - Internal:
-              - Home Automation:
-                  icon: sh-home-assistant.svg
-                  description: Home Assistant
-                  href: https://home-assistant-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://home-assistant.home-assistant:8123
-                  statusStyle: dot
-              - AI:
-                  icon: sh-ollama-light.svg
-                  description: Ollama
-                  href: https://ollama-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://ollama-web.ollama:80
-                  statusStyle: dot
-              - AI Image:
-                  icon: https://user-images.githubusercontent.com/36368048/196280761-1535f413-a91e-4b6a-af6a-b890f8ae204c.png
-                  description: Stable Diffusion
-                  href: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net
-                  siteMonitor: https://stable-diffusion-pd05wd.boreal-beaufort.ts.net
-                  statusStyle: dot
-              - Search:
-                  icon: sh-searxng.svg
-                  description: Searxng
-                  href: https://searxng-cl01tl.boreal-beaufort.ts.net/
-                  siteMonitor: http://searxng-browser.searxng:80
-                  statusStyle: dot
-              - Email:
-                  icon: sh-roundcube.svg
-                  description: Roundcube
-                  href: https://mail-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://roundcube.roundcube:80
-                  statusStyle: dot
-              - Wiki:
-                  icon: sh-kiwix-light.svg
-                  description: Kiwix
-                  href: https://kiwix-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://kiwix.kiwix:80
-                  statusStyle: dot
-              - Pictures:
-                  icon: sh-photoview.svg
-                  description: Photoview
-                  href: https://photoview-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://photoview.photoview:80
-                  statusStyle: dot
-          - Code:
-              - Code (Public):
-                  icon: sh-gitea.svg
-                  description: Gitea
-                  href: https://gitea.alexlebens.dev
-                  siteMonitor: https://gitea.alexlebens.dev
-                  statusStyle: dot
-              - Code (Tailnet):
-                  icon: sh-gitea.svg
-                  description: Gitea
-                  href: https://gitea-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: https://gitea-cl01tl.boreal-beaufort.ts.net
-                  statusStyle: dot
-              - Code (ps10rp):
-                  icon: sh-gitea.svg
-                  description: Gitea
-                  href: https://gitea-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: https://gitea-cl01tl.boreal-beaufort.ts.net
-                  statusStyle: dot
-              - IDE (Public):
-                  icon: sh-visual-studio-code.svg
-                  description: VS Code
-                  href: https://codeserver.alexlebens.dev
-                  siteMonitor: https://codeserver.alexlebens.dev
-                  statusStyle: dot
-              - IDE (Home Assistant):
-                  icon: sh-visual-studio-code.svg
-                  description: Edit config for Home Assistant
-                  href: https://home-assistant-codeserver-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://home-assistant.home-assistant:8443
-                  statusStyle: dot
-              - Continuous Deployment:
-                  icon: sh-argo-cd.svg
-                  description: ArgoCD
-                  href: https://argocd-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://argo-cd-argocd-server.argo-cd:80
-                  statusStyle: dot
-                  namespace: argocd
-              - Workflows:
-                  icon: sh-argo-cd.svg
-                  description: Argo Workflows
-                  href: https://argo-workflows-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://argo-workflows-server.argo-workflows:2746
-                  statusStyle: dot
-                  namespace: argocd
-              - Deployment:
-                  icon: sh-komodo.svg
-                  description: Komodo
-                  href: https://komodo-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://komodo.komodo:80
-                  statusStyle: dot
-                  namespace: komodo
-          - Monitoring:
-              - Kubernetes:
-                  icon: kubernetes.png
-                  description: Headlamp
-                  href: https://headlamp-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://headlamp.headlamp:80
-                  statusStyle: dot
-              - Network Monitoring:
-                  icon: cilium.png
-                  description: Hubble for Cilium
-                  href: https://hubble-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://hubble-ui.kube-system:80
-                  statusStyle: dot
-              - Dashboard:
-                  icon: sh-grafana.svg
-                  description: Grafana
-                  href: https://grafana-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://grafana.grafana:80/api/health
-                  statusStyle: dot
-              - Metrics:
-                  icon: sh-prometheus.svg
-                  description: Prometheus
-                  href: https://prometheus-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
-                  statusStyle: dot
-                  widget:
-                    type: prometheus
-                    url: http://kube-prometheus-stack-prometheus.kube-prometheus-stack:9090
-              - Tautulli:
-                  icon: sh-tautulli.svg
-                  description: Plex Monitoring
-                  href: https://tautulli-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://tautulli.tautulli:80
-                  statusStyle: dot
-              - Jellystat:
-                  icon: sh-jellystat.png
-                  description: Jellyfin Monitoring
-                  href: https://jellystat-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://jellystat.jellystat:3000
-                  statusStyle: dot
-          - Services:
-              - Auth (Public):
-                  icon: sh-authentik.svg
-                  description: Authentik
-                  href: https://auth.alexlebens.dev
-                  siteMonitor: https://auth.alexlebens.dev
-                  statusStyle: dot
-              - Auth (Tailnet):
-                  icon: sh-authentik.svg
-                  description: Authentik
-                  href: https://auth-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://authentik-server.authentik:80
-                  statusStyle: dot
-              - Email:
-                  icon: sh-stalwart-mail-server.svg
-                  description: Stalwart
-                  href: https://stalwart-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://stalwart.stalwart:80
-                  statusStyle: dot
-              - Reverse Proxy (cl01tl):
-                  icon: sh-traefik.svg
-                  description: Traefik
-                  href: https://traefik-cl01tl.alexlebens.net/dashboard/#/
-                  siteMonitor: https://traefik-cl01tl.alexlebens.net/dashboard/#/
-                  statusStyle: dot
-                  widget:
-                    type: traefik
-                    url: https://traefik-cl01tl.alexlebens.net
-              - Reverse Proxy (ps10rp):
-                  icon: sh-traefik.svg
-                  description: Traefik
-                  href: https://traefik-ps10rp.boreal-beaufort.ts.net/dashboard/#/
-                  siteMonitor: https://traefik-ps10rp.boreal-beaufort.ts.net/dashboard/#/
-                  statusStyle: dot
-              - Image Cache:
-                  icon: sh-harbor.svg
-                  description: Harbor
-                  href: https://harbor-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://harbor-portal.harbor:80
-                  statusStyle: dot
-          - Hardware:
-              - Network Management (alexlebens.net):
-                  icon: sh-ubiquiti-unifi.svg
-                  description: Unifi
-                  href: https://unifi.alexlebens.net
-                  siteMonitor: https://unifi.alexlebens.net
-                  statusStyle: dot
-              - Network Attached Storage:
-                  icon: sh-synology-light.svg
-                  description: Synology
-                  href: https://synology.alexlebens.net
-                  siteMonitor: https://synology.alexlebens.net
-                  statusStyle: dot
-                  widget:
-                    type: diskstation
-                    url: https://synology.alexlebens.net
-                    username: {{ "{{HOMEPAGE_VAR_SYNOLOGY_USER}}" }}
-                    password: {{ "{{HOMEPAGE_VAR_SYNOLOGY_PASSWORD}}" }}
-                    volume: volume_2
-              - TV Tuner:
-                  icon: sh-hdhomerun.svg
-                  description: HD Homerun
-                  href: http://hdhr.alexlebens.net
-                  siteMonitor: http://hdhr.alexlebens.net
-                  statusStyle: dot
-              - KVM:
-                  icon: sh-pikvm-light.svg
-                  description: Pi KVM
-                  href: https://pikvm.alexlebens.net
-                  siteMonitor: https://pikvm.alexlebens.net
-                  statusStyle: dot
-          - Storage:
-              - Cluster Storage:
-                  icon: ceph.png
-                  description: Ceph
-                  href: https://ceph-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://rook-ceph-mgr-dashboard.rook-ceph:7000
-                  statusStyle: dot
-              - Database:
-                  icon: sh-pgadmin-light.svg
-                  description: PGAdmin
-                  href: https://pgadmin-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://pgadmin.pgadmin:80
-                  statusStyle: dot
-              - Secrets:
-                  icon: sh-hashicorp-vault.svg
-                  description: Vault
-                  href: https://vault-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://vault.vault:8200
-                  statusStyle: dot
-              - Object Storage (Outline):
-                  icon: sh-minio.svg
-                  description: Minio Tenant
-                  href: https://minio-outline-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://minio-outline-console.outline:9090
-                  statusStyle: dot
-              - Object Storage (Directus):
-                  icon: sh-minio.svg
-                  description: Minio Tenant
-                  href: https://minio-directus-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://minio-directus-console.directus:9090
-                  statusStyle: dot
-          - TV Shows:
-              - Sonarr:
-                  icon: sh-sonarr.svg
-                  description: TV Shows
-                  href: https://sonarr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://sonarr4.sonarr4:80
-                  statusStyle: dot
-                  widget:
-                    type: sonarr
-                    url: http://sonarr4.sonarr4:80
-                    key: {{ "{{HOMEPAGE_VAR_SONARR_KEY}}" }}
-                    fields: ["wanted", "queued", "series"]
-                    enableQueue: false
-              - Sonarr 4K:
-                  icon: sh-sonarr.svg
-                  description: TV Shows 4K
-                  href: https://sonarr-4k-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://sonarr4-4k.sonarr4-4k:80
-                  statusStyle: dot
-                  widget:
-                    type: sonarr
-                    url: http://sonarr4-4k.sonarr4-4k:80
-                    key: {{ "{{HOMEPAGE_VAR_SONARR4K_KEY}}" }}
-                    fields: ["wanted", "queued", "series"]
-                    enableQueue: false
-              - Sonarr Anime:
-                  icon: sh-sonarr.svg
-                  description: Anime Shows
-                  href: https://sonarr-anime-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://sonarr4-anime.sonarr4-anime:80
-                  statusStyle: dot
-                  widget:
-                    type: sonarr
-                    url: http://sonarr4-anime.sonarr4-anime:80
-                    key: {{ "{{HOMEPAGE_VAR_SONARRANIME_KEY}}" }}
-                    fields: ["wanted", "queued", "series"]
-                    enableQueue: false
-          - Movies:
-              - Radarr:
-                  icon: sh-radarr.svg
-                  description: Movies
-                  href: https://radarr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://radarr5.radarr5:80
-                  statusStyle: dot
-                  widget:
-                    type: radarr
-                    url: http://radarr5.radarr5:80
-                    key: {{ "{{HOMEPAGE_VAR_RADARR_KEY}}" }}
-                    fields: ["wanted", "queued", "movies"]
-                    enableQueue: false
-              - Radarr 4K:
-                  icon: sh-radarr.svg
-                  description: Movies 4K
-                  href: https://radarr-4k-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://radarr5-4k.radarr5-4k:80
-                  statusStyle: dot
-                  widget:
-                    type: radarr
-                    url: http://radarr5-4k.radarr5-4k:80
-                    key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }}
-                    fields: ["wanted", "queued", "movies"]
-                    enableQueue: false
-              - Radarr Anime:
-                  icon: sh-radarr.svg
-                  description: Anime Movies
-                  href: https://radarr-anime-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://radarr5-anime.radarr5-anime:80
-                  statusStyle: dot
-                  widget:
-                    type: radarr
-                    url: http://radarr5-anime.radarr5-anime:80
-                    key: {{ "{{HOMEPAGE_VAR_RADARRANIME_KEY}}" }}
-                    fields: ["wanted", "queued", "movies"]
-                    enableQueue: false
-              - Radarr Stand Up:
-                  icon: sh-radarr.svg
-                  description: Stand Up
-                  href: https://radarr-standup-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://radarr5-standup.radarr5-standup:80
-                  statusStyle: dot
-                  widget:
-                    type: radarr
-                    url: http://radarr5-standup.radarr5-standup:80
-                    key: {{ "{{HOMEPAGE_VAR_RADARRSTANDUP_KEY}}" }}
-                    fields: ["wanted", "queued", "movies"]
-                    enableQueue: false
-          - Music:
-              - Lidarr:
-                  icon: sh-lidarr.svg
-                  description: Music
-                  href: https://lidarr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://lidarr2.lidarr2:80
-                  statusStyle: dot
-                  widget:
-                    type: lidarr
-                    url: http://lidarr2.lidarr2:80
-                    key: {{ "{{HOMEPAGE_VAR_LIDARR2_KEY}}" }}
-                    fields: ["wanted", "queued", "artists"]
-              - LidaTube:
-                  icon: sh-lidatube.png
-                  description: Searches for Music
-                  href: https://lidatube-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://lidatube.lidatube:80
-                  statusStyle: dot
-          - Services (Servarr):
-              - qBittorrent:
-                  icon: sh-qbittorrent.svg
-                  description: P2P Downloads
-                  href: https://qbittorrent-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://qbittorrent.qbittorrent:8080
-                  statusStyle: dot
-                  widget:
-                    type: qbittorrent
-                    url: http://qbittorrent.qbittorrent:8080
-                    enableLeechProgress: true
-              - Prowlarr:
-                  icon: sh-prowlarr.svg
-                  description: Indexers
-                  href: https://prowlarr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://prowlarr.prowlarr:80
-                  statusStyle: dot
-              - Soulseek:
-                  icon: sh-slskd.png
-                  description: slskd
-                  href: https://slskd-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://slskd.slskd:5030
-                  statusStyle: dot
-              - CWA Downloader:
-                  icon: sh-calibre.png
-                  description: Calibre Web Automated Book Downloader
-                  href: https://calibre-downloader-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://calibre-web-automated-downloader.calibre-web-automated:8084
-                  statusStyle: dot
-              - Tdarr:
-                  icon: sh-tdarr.png
-                  description: Media transcoding and health checks
-                  href: https://tdarr-cl01tl.boreal-beaufort.ts.net
-                  siteMonitor: http://tdarr-web.tdarr:8265
-                  statusStyle: dot
-                  widget:
-                    type: tdarr
-                    url: http://tdarr-web.tdarr:8265
-          - Other Homes:
-              - Dev:
-                  icon: sh-homepage.png
-                  description: Public Homepage
-                  href: https://home.alexlebens.dev
-                  siteMonitor: https://home.alexlebens.dev
-                  statusStyle: dot
-              - Lebens Home:
-                  icon: sh-homepage.png
-                  description: Lebens Homepage
-                  href: https://home-ps10rp.boreal-beaufort.ts.net
-                  siteMonitor: https://home-ps10rp.boreal-beaufort.ts.net
-                  statusStyle: dot
-        bookmarks.yaml: |
-          - External Services:
-              - Github:
-                  - abbr: GH
-                    href: https://github.com/alexlebens/infrastructure
-              - Renovate:
-                  - abbr: RN
-                    href: https://developer.mend.io/[platform]/alexlebens/infrastructure
-              - Digital Ocean:
-                  - abbr: DO
-                    href: https://www.digitalocean.com/
-              - AWS:
-                  - abbr: AW
-                    href: https://aws.amazon.com/console/
-              - Cloudflare:
-                  - abbr: CF
-                    href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768
-              - Tailscale:
-                  - abbr: TS
-                    href: https://login.tailscale.com/admin/machines
-              - ProtonVPN:
-                  - abbr: PV
-                    href: https://account.protonvpn.com/
-              - Unifi:
-                  - abbr: UF
-                    href: https://unifi.ui.com/
-              - Pushover:
-                  - abbr: PO
-                    href: https://pushover.net
-              - ReCaptcha:
-                  - abbr: RC
-                    href: https://www.google.com/recaptcha/admin/site/698983587
-          - Trackers:
-              - Torrentleech:
-                  - abbr: TL
-                    href: https://www.torrentleech.org
-              - Avistaz:
-                  - abbr: AV
-                    href: https://avistaz.to
-              - Cinemaz:
-                  - abbr: CM
-                    href: https://cinemaz.to
-              - Cathode Ray Tube:
-                  - abbr: CRT
-                    href: https://www.cathode-ray.tube
-              - Alpha Ratio:
-                  - abbr: AL
-                    href: https://alpharatio.cc/
-              - MV Group:
-                  - abbr: MV
-                    href: https://forums.mvgroup.org
-  service:
-    http:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 3000
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: home-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: homepage
-                port: 80
-      tls:
-        - hosts:
-            - home-cl01tl
-  persistence:
-    config:
-      enabled: true
-      type: configMap
-      name: homepage-config
-      advancedMounts:
-        main:
-          main:
-            - path: /app/config/bookmarks.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: bookmarks.yaml
-            - path: /app/config/docker.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: docker.yaml
-            - path: /app/config/kubernetes.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: kubernetes.yaml
-            - path: /app/config/services.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: services.yaml
-            - path: /app/config/settings.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: settings.yaml
-            - path: /app/config/widgets.yaml
-              readOnly: true
-              mountPropagation: None
-              subPath: widgets.yaml
--- a/clusters/cl01tl/applications/immich/Chart.yaml
+++ b/clusters/cl01tl/applications/immich/Chart.yaml
@@ -1,31 +0,0 @@
-apiVersion: v2
-name: immich
-version: 1.0.0
-description: Immich
-keywords:
-  - immich
-  - photos
-home: https://wiki.alexlebens.dev/doc/immich-AVxvAWeWQ5
-sources:
-  - https://github.com/immich-app/immich
-  - https://github.com/valkey-io/valkey
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: immich
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: valkey
-    version: 2.4.0
-    repository: https://charts.bitnami.com/bitnami
-  - name: postgres-cluster
-    alias: postgres-16-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/immich-app/immich/main/design/immich-logo.svg
-appVersion: v1.123.0
--- a/clusters/cl01tl/applications/immich/templates/external-secrets.yaml
+++ b/clusters/cl01tl/applications/immich/templates/external-secrets.yaml
@@ -1,55 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: immich-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: config
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: immich.json
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/immich/config
-        metadataPolicy: None
-        property: immich.json
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: immich-postgresql-16-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-postgresql-16-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/immich/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: immich-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: immich-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/immich/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: immich-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Immich
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/immich/templates/service-monitor.yaml
+++ b/clusters/cl01tl/applications/immich/templates/service-monitor.yaml
@@ -1,25 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: immich
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: immich
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: metrics
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: immich
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: metrics-api
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics
-    - port: metrics-ms
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics
--- a/clusters/cl01tl/applications/immich/values.yaml
+++ b/clusters/cl01tl/applications/immich/values.yaml
@@ -1,251 +0,0 @@
-immich:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/immich-app/immich-server
-            tag: v1.128.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: IMMICH_TELEMETRY_INCLUDE
-              value: all
-            - name: IMMICH_CONFIG_FILE
-              value: /config/immich.json
-            - name: IMMICH_MACHINE_LEARNING_URL
-              value: http://immich-machine-learning.immich:3003
-            - name: REDIS_HOSTNAME
-              value: immich-valkey-primary
-            - name: DB_VECTOR_EXTENSION
-              value: pgvecto.rs
-            - name: DB_HOSTNAME
-              valueFrom:
-                secretKeyRef:
-                  name: immich-postgresql-16-cluster-app
-                  key: host
-            - name: DB_DATABASE_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: immich-postgresql-16-cluster-app
-                  key: dbname
-            - name: DB_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: immich-postgresql-16-cluster-app
-                  key: port
-            - name: DB_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: immich-postgresql-16-cluster-app
-                  key: user
-            - name: DB_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: immich-postgresql-16-cluster-app
-                  key: password
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /api/server/ping
-                  port: 2283
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            readiness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /api/server/ping
-                  port: 2283
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            startup:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /api/server/ping
-                  port: 2283
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 30
-          resources:
-            requests:
-              gpu.intel.com/i915: 1
-              cpu: 10m
-              memory: 512Mi
-            limits:
-              gpu.intel.com/i915: 1
-              cpu: 2
-    machine-learning:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/immich-app/immich-machine-learning
-            tag: v1.128.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: TRANSFORMERS_CACHE
-              value: /cache
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /ping
-                  port: 3003
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            readiness:
-              enabled: true
-              custom: true
-              spec:
-                httpGet:
-                  path: /ping
-                  port: 3003
-                initialDelaySeconds: 0
-                periodSeconds: 10
-                timeoutSeconds: 1
-                failureThreshold: 3
-            startup:
-              enabled: false
-          resources:
-            requests:
-              gpu.intel.com/i915: 1
-              cpu: 10m
-              memory: 256Mi
-            limits:
-              gpu.intel.com/i915: 1
-              cpu: 8
-              memory: 10Gi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 2283
-          targetPort: 2283
-          protocol: TCP
-        metrics-api:
-          port: 8081
-          targetPort: 8081
-          protocol: TCP
-        metrics-ms:
-          port: 8082
-          targetPort: 8082
-          protocol: TCP
-    machine-learning:
-      controller: machine-learning
-      ports:
-        http:
-          port: 3003
-          targetPort: 3003
-          protocol: TCP
-  ingress:
-    main:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: immich-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: immich-main
-                port: 2283
-      tls:
-        - hosts:
-            - immich-cl01tl
-  persistence:
-    config:
-      enabled: true
-      type: secret
-      name: immich-config-secret
-      advancedMounts:
-        main:
-          main:
-            - path: /config/immich.json
-              readOnly: true
-              mountPropagation: None
-              subPath: immich.json
-    media:
-      existingClaim: immich-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /usr/src/app/upload
-              readOnly: false
-    cache:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: true
-      advancedMounts:
-        machine-learning:
-          main:
-            - path: /cache
-              readOnly: false
-valkey:
-  architecture: standalone
-  auth:
-    enabled: false
-    usePasswordFiles: false
-  primary:
-    persistence:
-      enabled: false
-  replica:
-    persistence:
-      enabled: false
-postgres-16-cluster:
-  # Tensorchord
-  #--- https://github.com/immich-app/immich/discussions/9060
-  #--- https://docs.pgvecto.rs/admin/kubernetes.html
-  #--- https://github.com/tensorchord/cloudnative-pgvecto.rs
-  type: tensorchord
-  mode: standalone
-  cluster:
-    image:
-      repository: ghcr.io/tensorchord/cloudnative-pgvecto.rs
-      tag: 16.3-v0.2.1
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    resources:
-      requests:
-        memory: 384Mi
-        cpu: 200m
-    monitoring:
-      enabled: true
-    postgresql:
-      parameters:
-        shared_buffers: 256MB
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/immich/immich-postgresql-16-cluster
-    endpointCredentials: immich-postgresql-16-cluster-backup-secret
-    backupIndex: 1
--- a/clusters/cl01tl/applications/jellyfin/Chart.yaml
+++ b/clusters/cl01tl/applications/jellyfin/Chart.yaml
@@ -1,27 +0,0 @@
-apiVersion: v2
-name: jellyfin
-version: 1.0.0
-description: Jellyfin
-keywords:
-  - jellyfin
-  - media
-  - movies
-  - tv shows
-  - books
-  - music
-home: https://wiki.alexlebens.dev/doc/jellyfin-li98lrEiuA
-sources:
-  - https://github.com/jellyfin/jellyfin
-  - https://github.com/jellyfin/jellyfin-vue
-  - https://hub.docker.com/r/jellyfin/jellyfin
-  - https://github.com/jellyfin/jellyfin-vue/pkgs/container/jellyfin-vue
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: jellyfin
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/jellyfin.png
-appVersion: 10.10.3
--- a/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/jellyfin/templates/external-secret.yaml
@@ -1,57 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: jellyfin-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: jellyfin-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellyfin/jellyfin-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/jellyfin/templates/persistent-volume-claim.yaml
@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyfin-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellyfin-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: jellyfin-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: jellyfin-youtube-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellyfin-youtube-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: jellyfin-youtube-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadOnlyMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/jellyfin/templates/persistent-volume.yaml
@@ -1,52 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: jellyfin-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellyfin-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
-
---
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: jellyfin-youtube-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellyfin-youtube-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadOnlyMany
-  nfs:
-    path: /volume2/Storage/YouTube
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/jellyfin/templates/replication-source.yaml
@@ -1,27 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: jellyfin-config-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: jellyfin-config-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: jellyfin-config
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: jellyfin-config-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/jellyfin/values.yaml
+++ b/clusters/cl01tl/applications/jellyfin/values.yaml
@@ -1,104 +0,0 @@
-jellyfin:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/jellyfin/jellyfin
-            tag: 10.10.6
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: JELLYFIN_hostwebclient
-              value: true
-            - name: JELLYFIN_PublishedServerUrl
-              value: https://jellyfin-cl01tl.boreal-beaufort.ts.net/
-          resources:
-            requests:
-              gpu.intel.com/i915: 1
-              cpu: 1
-              memory: 2Gi
-            limits:
-              gpu.intel.com/i915: 1
-              cpu: 4
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 8096
-          protocol: HTTP
-  ingress:
-    tailscale-main:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: jellyfin-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: jellyfin
-                port: 80
-      tls:
-        - hosts:
-            - jellyfin-cl01tl
-    traefik:
-      enabled: true
-      className: traefik
-      annotations:
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        traefik.ingress.kubernetes.io/router.tls: "true"
-        cert-manager.io/cluster-issuer: letsencrypt-issuer
-      hosts:
-        - host: jellyfin.alexlebens.net
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: jellyfin
-                port: 80
-      tls:
-        - hosts:
-            - jellyfin.alexlebens.net
-          secretName: jellyfin-tls-secret
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 60Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    cache:
-      type: emptyDir
-      advancedMounts:
-        main:
-          main:
-            - path: /cache
-              readOnly: false
-    media:
-      existingClaim: jellyfin-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /mnt/store
-              readOnly: false
-    youtube:
-      existingClaim: jellyfin-youtube-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /mnt/youtube
-              readOnly: true
--- a/clusters/cl01tl/applications/jellystat/Chart.yaml
+++ b/clusters/cl01tl/applications/jellystat/Chart.yaml
@@ -1,27 +0,0 @@
-apiVersion: v2
-name: jellystat
-version: 1.0.0
-description: Jellystat
-keywords:
-  - jellystat
-  - jellyfin
-home: https://wiki.alexlebens.dev/doc/jellystat-0FixP7GqGZ
-sources:
-  - https://github.com/CyferShepard/Jellystat
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://hub.docker.com/r/cyfershepard/jellystat
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: jellystat
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/jellystat.png
-appVersion: 1.1.1
--- a/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/jellystat/templates/external-secret.yaml
@@ -1,128 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: jellystat-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellystat-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: secret-key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/jellystat/auth
-        metadataPolicy: None
-        property: secret-key
-    - secretKey: user
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/jellystat/auth
-        metadataPolicy: None
-        property: user
-    - secretKey: password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/jellystat/auth
-        metadataPolicy: None
-        property: password
-
-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: jellystat-data-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: jellystat-data-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/jellystat/jellystat-data"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: jellystat-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: jellystat-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/jellystat/templates/replication-source.yaml
@@ -1,27 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: jellystat-data-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: jellystat-data-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: jellystat-data
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: jellystat-data-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/jellystat/values.yaml
+++ b/clusters/cl01tl/applications/jellystat/values.yaml
@@ -1,112 +0,0 @@
-jellystat:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: cyfershepard/jellystat
-            tag: 1.1.3
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: JWT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-secret
-                  key: secret-key
-            - name: JS_USER
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-secret
-                  key: user
-            - name: JS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-secret
-                  key: password
-            - name: POSTGRES_USER
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
-                  key: username
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
-                  key: password
-            - name: POSTGRES_DB
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
-                  key: dbname
-            - name: POSTGRES_IP
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
-                  key: host
-            - name: POSTGRES_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: jellystat-postgresql-17-cluster-app
-                  key: port
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 3000
-          targetPort: 3000
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: jellystat-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: jellystat
-                port: 3000
-      tls:
-        - hosts:
-            - jellystat-cl01tl
-  persistence:
-    data:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /app/backend/backup-data
-              readOnly: false
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    monitoring:
-      enabled: true
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/jellystat/jellystat-postgresql-17-cluster
-    endpointCredentials: jellystat-postgresql-17-cluster-backup-secret
-    backupIndex: 1
-    retentionPolicy: "7d"
--- a/clusters/cl01tl/applications/kiwix/Chart.yaml
+++ b/clusters/cl01tl/applications/kiwix/Chart.yaml
@@ -1,21 +0,0 @@
-apiVersion: v2
-name: kiwix
-version: 1.0.0
-description: Kiwix
-keywords:
-  - kiwix
-  - wikipedia
-home: https://wiki.alexlebens.dev/doc/kiwix-
-sources:
-  - https://github.com/kiwix
-  - https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: kiwix
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/svg/kiwix-light.svg
-appVersion: 3.7.0
--- a/clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/kiwix/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: kiwix-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kiwix-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: kiwix-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/kiwix/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: kiwix-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: kiwix-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Kiwix
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/kiwix/values.yaml
+++ b/clusters/cl01tl/applications/kiwix/values.yaml
@@ -1,55 +0,0 @@
-kiwix:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/kiwix/kiwix-serve
-            tag: 3.7.0
-            pullPolicy: IfNotPresent
-          args:
-            - '*.zim'
-          env:
-            - name: PORT
-              value: 8080
-          resources:
-            requests:
-              cpu: 50m
-              memory: 512Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 8080
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: kiwix-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: kiwix
-                port: 80
-      tls:
-        - hosts:
-            - kiwix-cl01tl
-  persistence:
-    media:
-      existingClaim: kiwix-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /data
-              readOnly: true
--- a/clusters/cl01tl/applications/libation/Chart.yaml
+++ b/clusters/cl01tl/applications/libation/Chart.yaml
@@ -1,22 +0,0 @@
-apiVersion: v2
-name: libation
-version: 1.0.0
-description: Libation
-keywords:
-  - libation
-  - audiobooks
-  - audible
-home: https://wiki.alexlebens.dev/doc/libation-bbiuA1SKtu
-sources:
-  - https://github.com/rmcrackan/Libation
-  - https://hub.docker.com/r/rmcrackan/libation
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: libation
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://getlibation.com/images/libation-logo.png
-appVersion: 11.6.3
--- a/clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/libation/templates/persistent-volume-claim.yaml
@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-config
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation-config
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  volumeMode: Filesystem
-
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: libation-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: libation-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/libation/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/libation/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: libation-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: libation-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Audiobooks/
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/libation/values.yaml
+++ b/clusters/cl01tl/applications/libation/values.yaml
@@ -1,44 +0,0 @@
-libation:
-  controllers:
-    main:
-      type: cronjob
-      cronjob:
-        suspend: false
-        concurrencyPolicy: Forbid
-        timeZone: US/Central
-        schedule: "0 * * * *"
-        startingDeadlineSeconds: 90
-        successfulJobsHistory: 3
-        failedJobsHistory: 3
-        backoffLimit: 3
-        parallelism: 1
-      containers:
-        main:
-          image:
-            repository: rmcrackan/libation
-            tag: 12.0.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: SLEEP_TIME
-              value: "-1"
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  persistence:
-    config:
-      existingClaim: libation-config
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    data:
-      existingClaim: libation-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /data
-              readOnly: false
--- a/clusters/cl01tl/applications/lidarr2/Chart.yaml
+++ b/clusters/cl01tl/applications/lidarr2/Chart.yaml
@@ -1,30 +0,0 @@
-apiVersion: v2
-name: lidarr2
-version: 1.0.0
-description: Lidarr
-keywords:
-  - lidarr
-  - servarr
-  - music
-  - metrics
-home: https://wiki.alexlebens.dev/doc/lidarr-BIqpxux60p
-sources:
-  - https://github.com/Lidarr/Lidarr
-  - https://github.com/linuxserver/docker-lidarr
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/onedr0p/exportarr/pkgs/container/exportarr
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: lidarr2
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/lidarr.png
-appVersion: 2.8.2
--- a/clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/external-secret.yaml
@@ -1,89 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: lidarr2-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: lidarr2-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/lidarr2/lidarr2-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: lidarr2-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidarr2-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: lidarr2-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidarr2-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: lidarr2-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: lidarr2-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidarr2-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/lidarr2/templates/prometheus-rule.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/prometheus-rule.yaml
@@ -1,34 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: lidarr2
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidarr2
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: metrics
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  groups:
-    - name: lidarr2
-      rules:
-        - alert: ExportarrAbsent
-          annotations:
-            description: Lidarr Exportarr has disappeared from Prometheus
-              service discovery.
-            summary: Exportarr is down.
-          expr: |
-            absent(up{job=~".*lidarr2.*"} == 1)
-          for: 5m
-          labels:
-            severity: critical
-        - alert: LidarrDown
-          annotations:
-            description: Lidarr service is down.
-            summary: Lidarr is down.
-          expr: |
-            lidarr_system_status{job=~".*lidarr2.*"} == 0
-          for: 5m
-          labels:
-            severity: critical
--- a/clusters/cl01tl/applications/lidarr2/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/replication-source.yaml
@@ -1,30 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: lidarr2-config-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: lidarr2-config-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: lidarr2-config
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: lidarr2-config-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 1000
-#       runAsGroup: 1000
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/lidarr2/templates/service-monitor.yaml
+++ b/clusters/cl01tl/applications/lidarr2/templates/service-monitor.yaml
@@ -1,21 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: lidarr2
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidarr2
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: metrics
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: lidarr2
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  endpoints:
-    - port: metrics
-      interval: 3m
-      scrapeTimeout: 1m
-      path: /metrics
--- a/clusters/cl01tl/applications/lidarr2/values.yaml
+++ b/clusters/cl01tl/applications/lidarr2/values.yaml
@@ -1,143 +0,0 @@
-lidarr2:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      pod:
-        securityContext:
-          runAsUser: 1000
-          runAsGroup: 1000
-          fsGroup: 1000
-          fsGroupChangePolicy: OnRootMismatch
-      containers:
-        main:
-          image:
-            repository: ghcr.io/linuxserver/lidarr
-            tag: version-2.8.2.4493@sha256:108ecf0fcbd8f77b6e8a513be6f3446feb47666dd1b45ea360569e9aac0960e4
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: PUID
-              value: 1000
-            - name: PGID
-              value: 1000
-          probes:
-            liveness:
-              enabled: true
-              custom: true
-              spec:
-                exec:
-                  command:
-                  - /usr/bin/env
-                  - bash
-                  - -c
-                  - curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while
-                    read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
-                failureThreshold: 5
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                successThreshold: 1
-                timeoutSeconds: 10
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-        metrics:
-          image:
-            repository: ghcr.io/onedr0p/exportarr
-            tag: v2.0.1
-            pullPolicy: IfNotPresent
-          args: ["lidarr"]
-          env:
-            - name: URL
-              value: http://localhost
-            - name: CONFIG
-              value: /config/config.xml
-            - name: PORT
-              value: 9792
-            - name: ENABLE_ADDITIONAL_METRICS
-              value: false
-            - name: ENABLE_UNKNOWN_QUEUE_ITEMS
-              value: false
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 8686
-          protocol: HTTP
-        metrics:
-          port: 9792
-          targetPort: 9792
-          protocol: TCP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: lidarr-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: lidarr2
-                port: 80
-      tls:
-        - hosts:
-            - lidarr-cl01tl
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-          metrics:
-            - path: /config
-              readOnly: true
-    media:
-      existingClaim: lidarr2-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /mnt/store
-              readOnly: false
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    resources:
-      requests:
-        memory: 1Gi
-        cpu: 200m
-    monitoring:
-      enabled: true
-  bootstrap:
-    initdb:
-      postInitSQL:
-        - CREATE DATABASE "lidarr-main" OWNER "app";
-        - CREATE DATABASE "lidarr-log" OWNER "app";
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/lidarr2/lidarr2-postgresql-17-cluster
-    endpointCredentials: lidarr2-postgresql-17-cluster-backup-secret
-    backupIndex: 2
-    retentionPolicy: "7d"
--- a/clusters/cl01tl/applications/lidatube/Chart.yaml
+++ b/clusters/cl01tl/applications/lidatube/Chart.yaml
@@ -1,22 +0,0 @@
-apiVersion: v2
-name: lidatube
-version: 1.0.0
-description: LidaTube
-keywords:
-  - lidatube
-  - music
-  - yt-dlp
-home: https://wiki.alexlebens.dev/doc/lidatube-Rm5ioxwcaS
-sources:
-  - https://github.com/TheWicklowWolf/LidaTube
-  - https://registry.hub.docker.com/r/thewicklowwolf/lidatube
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: lidatube
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/TheWicklowWolf/LidaTube/main/src/static/lidatube.png
-appVersion: 0.2.9
--- a/clusters/cl01tl/applications/lidatube/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/lidatube/templates/external-secret.yaml
@@ -1,23 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: lidatube-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidatube-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: lidarr_api_key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/lidarr2/key
-        metadataPolicy: None
-        property: key
--- a/clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/lidatube/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: lidatube-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidatube-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: lidatube-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/lidatube/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: lidatube-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: lidatube-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Music
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/lidatube/values.yaml
+++ b/clusters/cl01tl/applications/lidatube/values.yaml
@@ -1,82 +0,0 @@
-lidatube:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      pod:
-        securityContext:
-          fsGroup: 1000
-          fsGroupChangePolicy: OnRootMismatch
-      containers:
-        main:
-          image:
-            repository: thewicklowwolf/lidatube
-            tag: 0.2.16
-            pullPolicy: IfNotPresent
-          env:
-            - name: PUID
-              value: 1000
-            - name: PGID
-              value: 1000
-            - name: lidarr_address
-              value: http://lidarr2.lidarr2:80
-            - name: lidarr_api_key
-              valueFrom:
-                secretKeyRef:
-                  name: lidatube-secret
-                  key: lidarr_api_key
-            - name: sleep_interval
-              value: 360
-            - name: sync_schedule
-              value: 4
-            - name: attempt_lidarr_import
-              value: true
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 5000
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: lidatube-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: lidatube
-                port: 80
-      tls:
-        - hosts:
-            - lidatube-cl01tl
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /lidatube/config
-              readOnly: false
-    music:
-      existingClaim: lidatube-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /lidatube/downloads
-              readOnly: false
--- a/clusters/cl01tl/applications/outline/Chart.yaml
+++ b/clusters/cl01tl/applications/outline/Chart.yaml
@@ -1,49 +0,0 @@
-apiVersion: v2
-name: outline
-version: 1.0.0
-description: Outline
-keywords:
-  - outline
-  - wiki
-  - documentation
-home: https://wiki.alexlebens.dev/doc/outline-JOaS8Mn0Bt
-sources:
-  - https://github.com/outline/outline
-  - https://github.com/minio/operator
-  - https://github.com/valkey-io/valkey
-  - https://github.com/cloudflare/cloudflared
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://hub.docker.com/r/outlinewiki/outline
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/minio/operator/tree/master/helm/tenant
-  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
-  - https://github.com/alexlebens/helm-charts/charts/cloudflared
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: outline
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: tenant
-    alias: minio
-    version: 7.0.0
-    repository: https://operator.min.io/
-  - name: valkey
-    version: 2.4.0
-    repository: https://charts.bitnami.com/bitnami
-  - name: cloudflared
-    alias: cloudflared-outline
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-  - name: cloudflared
-    alias: cloudflared-minio
-    repository: http://alexlebens.github.io/helm-charts
-    version: 1.14.0
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/outline.png
-appVersion: 0.81.1
--- a/clusters/cl01tl/applications/outline/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/outline/templates/external-secret.yaml
@@ -1,226 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-key-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-key-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: secret-key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/key
-        metadataPolicy: None
-        property: secret-key
-    - secretKey: utils-key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/key
-        metadataPolicy: None
-        property: utils-key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-oidc-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-oidc-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: client
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/outline
-        metadataPolicy: None
-        property: client
-    - secretKey: secret
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /authentik/oidc/outline
-        metadataPolicy: None
-        property: secret
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-minio-user-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-minio-user-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/minio/auth
-        metadataPolicy: None
-        property: AWS_ACCESS_KEY_ID
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/minio/auth
-        metadataPolicy: None
-        property: AWS_SECRET_ACCESS_KEY
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-minio-root-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-minio-root-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/minio/config
-        metadataPolicy: None
-        property: root-config.env
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-minio-config-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-minio-config-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: config.env
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/outline/minio/config
-        metadataPolicy: None
-        property: config.env
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/outline
-        metadataPolicy: None
-        property: token
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-minio-cloudflared-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-cloudflared-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: cf-tunnel-token
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cloudflare/tunnels/outline-minio
-        metadataPolicy: None
-        property: token
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: outline-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/outline/values.yaml
+++ b/clusters/cl01tl/applications/outline/values.yaml
@@ -1,209 +0,0 @@
-outline:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: outlinewiki/outline
-            tag: 0.82.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: NODE_ENV
-              value: production
-            - name: URL
-              value: https://wiki.alexlebens.dev
-            - name: PORT
-              value: 3000
-            - name: SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: outline-key-secret
-                  key: secret-key
-            - name: UTILS_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: outline-key-secret
-                  key: utils-key
-            - name: POSTGRES_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
-                  key: username
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
-                  key: password
-            - name: POSTGRES_DATABASE_NAME
-              valueFrom:
-                secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
-                  key: dbname
-            - name: POSTGRES_DATABASE_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
-                  key: host
-            - name: POSTGRES_DATABASE_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: outline-postgresql-17-cluster-app
-                  key: port
-            - name: DATABASE_URL
-              value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)
-            - name: DATABASE_URL_TEST
-              value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test
-            - name: DATABASE_CONNECTION_POOL_MIN
-              value: "2"
-            - name: DATABASE_CONNECTION_POOL_MAX
-              value: "20"
-            - name: PGSSLMODE
-              value: disable
-            - name: REDIS_URL
-              value: redis://outline-valkey-primary.outline:6379
-            - name: FILE_STORAGE
-              value: s3
-            - name: AWS_ACCESS_KEY_ID
-              valueFrom:
-                secretKeyRef:
-                  name: outline-minio-user-secret
-                  key: AWS_ACCESS_KEY_ID
-            - name: AWS_SECRET_ACCESS_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: outline-minio-user-secret
-                  key: AWS_SECRET_ACCESS_KEY
-            - name: AWS_REGION
-              value: us-east-1
-            - name: AWS_S3_UPLOAD_BUCKET_NAME
-              value: outline
-            - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: https://outline-storage.alexlebens.dev/outline
-            - name: AWS_S3_ACCELERATE_URL
-              value: https://outline-storage.alexlebens.dev/outline
-            - name: AWS_S3_FORCE_PATH_STYLE
-              value: false
-            - name: AWS_S3_ACL
-              value: private
-            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
-              value: "26214400"
-            - name: FORCE_HTTPS
-              value: false
-            - name: ENABLE_UPDATES
-              value: false
-            - name: WEB_CONCURRENCY
-              value: 1
-            - name: FILE_STORAGE_IMPORT_MAX_SIZE
-              value: 5120000
-            - name: LOG_LEVEL
-              value: info
-            - name: DEFAULT_LANGUAGE
-              value: en_US
-            - name: RATE_LIMITER_ENABLED
-              value: false
-            - name: DEVELOPMENT_UNSAFE_INLINE_CSP
-              value: false
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: outline-oidc-secret
-                  key: client
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: outline-oidc-secret
-                  key: secret
-            - name: OIDC_AUTH_URI
-              value: https://auth.alexlebens.dev/application/o/authorize/
-            - name: OIDC_TOKEN_URI
-              value: https://auth.alexlebens.dev/application/o/token/
-            - name: OIDC_USERINFO_URI
-              value: https://auth.alexlebens.dev/application/o/userinfo/
-            - name: OIDC_USERNAME_CLAIM
-              value: email
-            - name: OIDC_DISPLAY_NAME
-              value: Authentik
-            - name: OIDC_SCOPES
-              value: openid profile email
-          resources:
-            requests:
-              cpu: 10m
-              memory: 512Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 3000
-          targetPort: 3000
-          protocol: HTTP
-minio:
-  existingSecret:
-    name: outline-minio-root-secret
-  tenant:
-    name: minio-outline
-    configuration:
-      name: outline-minio-config-secret
-    pools:
-      - servers: 3
-        name: pool
-        volumesPerServer: 2
-        size: 10Gi
-        storageClassName: ceph-block
-    mountPath: /export
-    subPath: /data
-    metrics:
-      enabled: true
-      port: 9000
-      protocol: http
-    certificate:
-      requestAutoCert: false
-  ingress:
-    console:
-      enabled: true
-      ingressClassName: tailscale
-      tls:
-        - secretName: minio-outline-cl01tl
-          hosts:
-            - minio-outline-cl01tl
-      host: minio-outline-cl01tl
-      path: /
-      pathType: Prefix
-valkey:
-  architecture: standalone
-  auth:
-    enabled: false
-    usePasswordFiles: false
-  primary:
-    persistence:
-      enabled: false
-  replica:
-    persistence:
-      enabled: false
-cloudflared-outline:
-  existingSecretName: outline-cloudflared-secret
-  name: cloudflared-outline
-cloudflared-minio:
-  existingSecretName: outline-minio-cloudflared-secret
-  name: cloudflared-minio
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    monitoring:
-      enabled: true
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
-    endpointCredentials: outline-postgresql-17-cluster-backup-secret
-    backupIndex: 1
--- a/clusters/cl01tl/applications/overseerr/Chart.yaml
+++ b/clusters/cl01tl/applications/overseerr/Chart.yaml
@@ -1,21 +0,0 @@
-apiVersion: v2
-name: overseerr
-version: 1.0.0
-description: Overseerr
-keywords:
-  - overseer
-  - media
-  - request
-home: https://wiki.alexlebens.dev/doc/overseerr-pCUN6XnGR5
-sources:
-  - https://github.com/sct/overseerr
-  - https://github.com/sct/overseerr/pkgs/container/overseerr
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/overseerr.png
-appVersion: 1.33.2
--- a/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/overseerr/templates/external-secret.yaml
@@ -1,57 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: overseerr-main-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: overseerr-main-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/overseerr/overseerr-main"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/overseerr/templates/replication-source.yaml
@@ -1,27 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: overseerr-main-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: overseerr-main-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: overseerr-main
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: overseerr-main-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/overseerr/values.yaml
+++ b/clusters/cl01tl/applications/overseerr/values.yaml
@@ -1,56 +0,0 @@
-app-template:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/sct/overseerr
-            tag: 1.33.2
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-          resources:
-            requests:
-              cpu: 10m
-              memory: 512Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 5055
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: overseerr-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: overseerr
-                port: 80
-      tls:
-        - hosts:
-            - overseerr-cl01tl
-  persistence:
-    main:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /app/config
-              readOnly: false
--- a/clusters/cl01tl/applications/photoview/Chart.yaml
+++ b/clusters/cl01tl/applications/photoview/Chart.yaml
@@ -1,28 +0,0 @@
-apiVersion: v2
-name: photoview
-version: 1.0.0
-description: Photoview
-keywords:
-  - photoview
-  - pictures
-home: https://wiki.alexlebens.dev/doc/photoview-WSRscnhpwv
-sources:
-  - https://github.com/immich-app/immich
-  - https://github.com/valkey-io/valkey
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: photoview
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
-appVersion: 2.4.0
--- a/clusters/cl01tl/applications/photoview/templates/external-secrets.yaml
+++ b/clusters/cl01tl/applications/photoview/templates/external-secrets.yaml
@@ -1,30 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: photoview-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: photoview-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/photoview/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: photoview-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: photoview-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: photoview-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/photoview/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: photoview-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: photoview-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage/Pictures
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/photoview/values.yaml
+++ b/clusters/cl01tl/applications/photoview/values.yaml
@@ -1,108 +0,0 @@
-photoview:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      initContainers:
-        init-chmod-data:
-          securityContext:
-            runAsUser: 0
-          image:
-            repository: busybox
-            tag: 1.37.0
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              /bin/chown -R 999:999 /app/cache
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-      containers:
-        main:
-          image:
-            repository: photoview/photoview
-            tag: 2.4.0
-            pullPolicy: IfNotPresent
-          env:
-            - name: PHOTOVIEW_DATABASE_DRIVER
-              value: postgres
-            - name: PHOTOVIEW_POSTGRES_URL
-              valueFrom:
-                secretKeyRef:
-                  name: photoview-postgresql-17-cluster-app
-                  key: uri
-            - name: PHOTOVIEW_MEDIA_CACHE
-              value: /app/cache
-            - name: PHOTOVIEW_VIDEO_HARDWARE_ACCELERATION
-              value: qsv
-          resources:
-            requests:
-              cpu: 10m
-              memory: 512Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 80
-          protocol: HTTP
-  ingress:
-    main:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: photoview-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: photoview
-                port: 80
-      tls:
-        - hosts:
-            - photoview-cl01tl
-  persistence:
-    media:
-      existingClaim: photoview-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /photos
-              readOnly: true
-    cache:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      retain: false
-      advancedMounts:
-        main:
-          init-chmod-data:
-            - path: /app/cache
-              readOnly: false
-          main:
-            - path: /app/cache
-              readOnly: false
-postgres-17-cluster:
-  mode: standalone
-  cluster:
-    walStorage:
-      storageClass: local-path
-    storage:
-      storageClass: local-path
-    monitoring:
-      enabled: true
-  backup:
-    enabled: true
-    endpointURL: https://nyc3.digitaloceanspaces.com
-    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/photoview/photoview-postgresql-17-cluster
-    endpointCredentials: photoview-postgresql-17-cluster-backup-secret
-    backupIndex: 2
-    retentionPolicy: "7d"
--- a/clusters/cl01tl/applications/plex/Chart.yaml
+++ b/clusters/cl01tl/applications/plex/Chart.yaml
@@ -1,25 +0,0 @@
-apiVersion: v2
-name: plex
-version: 1.0.0
-description: Plex
-keywords:
-  - plex
-  - tv shows
-  - movies
-  - music
-  - photos
-  - live tv
-home: https://wiki.alexlebens.dev/doc/plex-seA2AdTB59
-sources:
-  - https://www.plex.tv/
-  - https://github.com/onedr0p/containers/pkgs/container/plex
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: plex
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/plex.png
-appVersion: 1.41.3.9292
--- a/clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/plex/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: plex-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: plex-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: plex-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/plex/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/plex/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: plex-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: plex-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/clusters/cl01tl/applications/plex/values.yaml
+++ b/clusters/cl01tl/applications/plex/values.yaml
@@ -1,94 +0,0 @@
-plex:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      containers:
-        main:
-          image:
-            repository: ghcr.io/linuxserver/plex
-            tag: 1.41.4@sha256:3f8bae7222401c135eb38056f35d77100b5b3db764f9fde21db92405366dc05c
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-            - name: VERSION
-              value: docker
-          resources:
-            requests:
-              gpu.intel.com/i915: 1
-              cpu: 10m
-              memory: 512Mi
-            limits:
-              gpu.intel.com/i915: 1
-              cpu: 4
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 32400
-          targetPort: 32400
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: plex-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: plex
-                port: 32400
-      tls:
-        - hosts:
-            - plex-cl01tl
-    traefik:
-      enabled: true
-      className: traefik
-      annotations:
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        traefik.ingress.kubernetes.io/router.tls: "true"
-        cert-manager.io/cluster-issuer: letsencrypt-issuer
-      hosts:
-        - host: plex.alexlebens.net
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: plex
-                port: 32400
-      tls:
-        - hosts:
-            - plex.alexlebens.net
-          secretName: plex-tls-secret
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 60Gi
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
-    transcode:
-      type: emptyDir
-      advancedMounts:
-        main:
-          main:
-            - path: /transcode
-              readOnly: false
-    media:
-      existingClaim: plex-nfs-storage
-      advancedMounts:
-        main:
-          main:
-            - path: /mnt/store
-              readOnly: true
--- a/clusters/cl01tl/applications/prowlarr/Chart.yaml
+++ b/clusters/cl01tl/applications/prowlarr/Chart.yaml
@@ -1,22 +0,0 @@
-apiVersion: v2
-name: prowlarr
-version: 1.0.0
-description: Prowlarr
-keywords:
-  - prowlarr
-  - servarr
-  - trackers
-home: https://wiki.alexlebens.dev/doc/prowlarr-ERparmlGES
-sources:
-  - https://github.com/Prowlarr/Prowlarr
-  - https://github.com/onedr0p/containers/pkgs/container/prowlarr
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: prowlarr
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prowlarr.png
-appVersion: 1.28.2.4885
--- a/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/prowlarr/templates/external-secret.yaml
@@ -1,57 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: prowlarr-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: prowlarr-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/prowlarr/prowlarr-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
--- a/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml
+++ b/clusters/cl01tl/applications/prowlarr/templates/replication-source.yaml
@@ -1,37 +0,0 @@
-# apiVersion: volsync.backube/v1alpha1
-# kind: ReplicationSource
-# metadata:
-#   name: prowlarr-config-backup-source
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: prowlarr-config-backup-source
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   sourcePVC: prowlarr-config
-#   trigger:
-#     schedule: 0 0 */3 * *
-#   restic:
-#     pruneIntervalDays: 14
-#     repository: prowlarr-config-backup-secret
-#     retain:
-#       hourly: 1
-#       daily: 1
-#       weekly: 1
-#       monthly: 2
-#       yearly: 4
-#     moverSecurityContext:
-#       runAsUser: 568
-#       runAsGroup: 568
-#       fsGroup: 568
-#       fsGroupChangePolicy: OnRootMismatch
-#       supplementalGroups:
-#         - 44
-#         - 100
-#         - 109
-#         - 65539
-#     copyMethod: Snapshot
-#     storageClassName: ceph-block-delete
-#     volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/applications/prowlarr/values.yaml
+++ b/clusters/cl01tl/applications/prowlarr/values.yaml
@@ -1,84 +0,0 @@
-prowlarr:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      revisionHistoryLimit: 3
-      pod:
-        securityContext:
-          runAsUser: 568
-          runAsGroup: 568
-          fsGroup: 568
-          fsGroupChangePolicy: OnRootMismatch
-          supplementalGroups:
-            - 44
-            - 100
-            - 109
-            - 65539
-      containers:
-        main:
-          image:
-            repository: ghcr.io/onedr0p/prowlarr
-            tag: 1.31.2.4975
-            pullPolicy: IfNotPresent
-          env:
-            - name: TZ
-              value: US/Central
-          probes:
-            liveness:
-              enabled: false
-              custom: true
-              spec:
-                exec:
-                  command:
-                  - /usr/bin/env
-                  - bash
-                  - -c
-                  - curl --fail localhost:8686/api/v1/system/status?apiKey=`IFS=\> && while
-                    read -d \< E C; do if [[ $E = "ApiKey" ]]; then echo $C; fi; done < /config/config.xml`
-                failureThreshold: 5
-                initialDelaySeconds: 60
-                periodSeconds: 10
-                successThreshold: 1
-                timeoutSeconds: 10
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  serviceAccount:
-    create: true
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 9696
-          protocol: HTTP
-  ingress:
-    tailscale:
-      enabled: true
-      className: tailscale
-      hosts:
-        - host: prowlarr-cl01tl
-          paths:
-            - path: /
-              pathType: Prefix
-              service:
-                name: prowlarr
-                port: 80
-      tls:
-        - hosts:
-            - prowlarr-cl01tl
-  persistence:
-    config:
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 1Gi
-      retain: true
-      advancedMounts:
-        main:
-          main:
-            - path: /config
-              readOnly: false
--- a/clusters/cl01tl/applications/radarr5-4k/Chart.yaml
+++ b/clusters/cl01tl/applications/radarr5-4k/Chart.yaml
@@ -1,31 +0,0 @@
-apiVersion: v2
-name: radarr5-4k
-version: 1.0.0
-description: Radarr v5 4K
-keywords:
-  - radarr
-  - servarr
-  - movies
-  - 4k
-  - metrics
-home: https://wiki.alexlebens.dev/doc/radarr-T6nPLajWDP
-sources:
-  - https://github.com/Radarr/Radarr
-  - https://github.com/cloudnative-pg/cloudnative-pg
-  - https://github.com/onedr0p/containers/pkgs/container/radarr
-  - https://github.com/onedr0p/exportarr/pkgs/container/exportarr
-  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
-  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: radarr5-4k
-    repository: https://bjw-s.github.io/helm-charts/
-    version: 3.7.1
-  - name: postgres-cluster
-    alias: postgres-17-cluster
-    version: 4.2.0
-    repository: http://alexlebens.github.io/helm-charts
-icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/radarr.png
-appVersion: 5.16.3
--- a/clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/radarr5-4k/templates/external-secret.yaml
@@ -1,89 +0,0 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: radarr5-4k-config-backup-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: radarr5-4k-config-backup-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: backup
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   target:
-#     template:
-#       mergePolicy: Merge
-#       engineVersion: v2
-#       data:
-#         RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/radarr5-4k/radarr5-4k-config"
-#   data:
-#     - secretKey: BUCKET_ENDPOINT
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: S3_BUCKET_ENDPOINT
-#     - secretKey: RESTIC_PASSWORD
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: RESTIC_PASSWORD
-#     - secretKey: AWS_DEFAULT_REGION
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/volsync/restic/config
-#         metadataPolicy: None
-#         property: AWS_DEFAULT_REGION
-#     - secretKey: AWS_ACCESS_KEY_ID
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: access_key
-#     - secretKey: AWS_SECRET_ACCESS_KEY
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /digital-ocean/home-infra/volsync-backups
-#         metadataPolicy: None
-#         property: secret_key
-
---
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: radarr5-4k-postgresql-17-cluster-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: radarr5-4k-postgresql-17-cluster-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: database
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: access
-    - secretKey: ACCESS_SECRET_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/postgres-backups
-        metadataPolicy: None
-        property: secret
--- a/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml
+++ b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume-claim.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: radarr5-4k-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: radarr5-4k-nfs-storage
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  volumeName: radarr5-4k-nfs-storage
-  storageClassName: nfs-client
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
--- a/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml
+++ b/clusters/cl01tl/applications/radarr5-4k/templates/persistent-volume.yaml
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: radarr5-4k-nfs-storage
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: storage
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  persistentVolumeReclaimPolicy: Retain
-  storageClassName: nfs-client
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  nfs:
-    path: /volume2/Storage
-    server: synologybond.alexlebens.net
-  mountOptions:
-    - vers=4
-    - minorversion=1
-    - noac
--- a/Show More
+++ b/Show More