use persistent storage class

2026-02-08 01:36:28 +01:00 · 2026-01-05 09:51:01 +01:00
parent 8bfb79bf83
commit 63c863b7e1
46 changed files with 59 additions and 624 deletions
--- a/apps/charts/audiobookshelf/values.yaml
+++ b/apps/charts/audiobookshelf/values.yaml
@@ -26,10 +26,10 @@ service:
 volumes:
  - name: config
    mountPath: /config
-    persistentVolumeClaim: config  # Will be prefixed with release name in template
+    persistentVolumeClaim: config # Will be prefixed with release name in template
  - name: metadata
    mountPath: /metadata
-    persistentVolumeClaim: metadata  # Will be prefixed with release name in template
+    persistentVolumeClaim: metadata # Will be prefixed with release name in template
  - name: audiobooks
    mountPath: /audiobooks
    persistentVolumeClaim: books
@@ -41,8 +41,10 @@ volumes:
 persistentVolumeClaims:
  - name: config
    size: 1Gi
    storageClassName: persistent
  - name: metadata
-    size: 1Gi
+    size: 5Gi
    storageClassName: persistent
 # DNS configuration
 dns:
--- a/apps/charts/bytestash/values.yaml
+++ b/apps/charts/bytestash/values.yaml
@@ -35,6 +35,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/calibre-web/values.yaml
+++ b/apps/charts/calibre-web/values.yaml
@@ -25,15 +25,16 @@ service:
 volumes:
  - name: data
    mountPath: /config
-    persistentVolumeClaim: data  # Will be prefixed with release name
+    persistentVolumeClaim: data # Will be prefixed with release name
  - name: books
    mountPath: /calibre-library
-    persistentVolumeClaim: books  # External PVC, used as-is
+    persistentVolumeClaim: books # External PVC, used as-is
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/coder/values.yaml
+++ b/apps/charts/coder/values.yaml
@@ -34,6 +34,7 @@ volumes:
  - name: data
    mountPath: /home/coder/.config
    persistentVolumeClaim: data
    storageClassName: persistent
 # Persistent volume claims
 persistentVolumeClaims:
--- a/apps/charts/cups/Chart.yaml
+++ b/apps/charts/cups/Chart.yaml
@@ -1,7 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: cups
 dependencies:
  - name: common
    version: 1.0.0
    repository: file://../../common
--- a/apps/charts/cups/templates/deployment.yaml
+++ b/apps/charts/cups/templates/deployment.yaml
@@ -1 +0,0 @@
 {{ include "common.deployment" . }}
--- a/apps/charts/cups/templates/pvc.yaml
+++ b/apps/charts/cups/templates/pvc.yaml
@@ -1 +0,0 @@
 {{ include "common.pvc" . }}
--- a/apps/charts/cups/templates/secret-external-secrets.yaml
+++ b/apps/charts/cups/templates/secret-external-secrets.yaml
@@ -1 +0,0 @@
 {{ include "common.externalSecrets.externalSecrets" . }}
--- a/apps/charts/cups/templates/secret-password-generators.yaml
+++ b/apps/charts/cups/templates/secret-password-generators.yaml
@@ -1 +0,0 @@
 {{ include "common.externalSecrets.passwordGenerators" . }}
--- a/apps/charts/cups/templates/service.yaml
+++ b/apps/charts/cups/templates/service.yaml
@@ -1 +0,0 @@
 {{ include "common.service" . }}
--- a/apps/charts/cups/templates/virtual-service.yaml
+++ b/apps/charts/cups/templates/virtual-service.yaml
@@ -1,53 +0,0 @@
 {{- if and .Values.virtualService.enabled .Values.subdomain (hasKey .Values.globals "domain") (ne .Values.globals.domain "") }}
 {{- if and .Values.virtualService.gateways.public (hasKey .Values.globals "istio") (hasKey .Values.globals.istio "gateways") (hasKey .Values.globals.istio.gateways "public") (ne .Values.globals.istio.gateways.public "") }}
 apiVersion: networking.istio.io/v1
 kind: VirtualService
 metadata:
  name: {{ include "common.fullname" . }}-public
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  gateways:
    - {{ .Values.globals.istio.gateways.public | quote }}
    - mesh
  hosts:
    - {{ include "common.domain" . }}
    - mesh
  http:
    - match:
        - uri:
            prefix: "/"
      route:
        - destination:
            host: {{ include "common.fullname" . }}
            port:
              number: {{ .Values.virtualService.servicePort | default 631 }}
 ---
 {{- end }}
 {{- if and .Values.virtualService.gateways.private (hasKey .Values.globals "istio") (hasKey .Values.globals.istio "gateways") (hasKey .Values.globals.istio.gateways "private") (ne .Values.globals.istio.gateways.private "") }}
 apiVersion: networking.istio.io/v1
 kind: VirtualService
 metadata:
  name: {{ include "common.fullname" . }}-private
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "common.labels" . | nindent 4 }}
 spec:
  gateways:
    - {{ .Values.globals.istio.gateways.private | quote }}
    - mesh
  hosts:
    - {{ include "common.domain" . }}
    - mesh
  http:
    - match:
        - uri:
            prefix: "/"
      route:
        - destination:
            host: {{ include "common.fullname" . }}
            port:
              number: {{ .Values.virtualService.servicePort | default 631 }}
 {{- end }}
 {{- end }}
--- a/apps/charts/cups/values.yaml
+++ b/apps/charts/cups/values.yaml
@@ -1,218 +0,0 @@
 image:
  repository: olbat/cupsd
  tag: latest
  pullPolicy: IfNotPresent
 # Command to initialize and start CUPS
 command:
  - /bin/sh
  - -c
 args:
  - |
    echo "Starting CUPS initialization..."
    mkdir -p /etc/cups/ssl /var/spool/cups/tmp /var/log/cups /var/cache/cups /var/run
    chmod 755 /etc/cups /var/spool/cups 2>&1 || true
    if [ ! -f /etc/cups/cupsd.conf ]; then
      echo "CUPS config not found, creating configuration with web access..."
      {
        echo "Listen *:631"
        echo "ServerRoot /etc/cups"
        echo "StateDir /var/spool/cups"
        echo "CacheDir /var/cache/cups"
        echo "DataDir /usr/share/cups"
        echo "AccessLog /var/log/cups/access_log"
        echo "ErrorLog /var/log/cups/error_log"
        echo "LogLevel warn"
        echo "MaxLogSize 0"
        echo "SystemGroup lpadmin"
        echo "User root"
        echo "Group lp"
        echo "ServerAdmin root"
        echo ""
        echo "# Network printer discovery"
        echo "BrowseLocalProtocols dnssd"
        echo "BrowseRemoteProtocols dnssd"
        echo "BrowseAddress @LOCAL"
        echo "BrowsePoll 192.168.0.0/16"
        echo "BrowsePoll 192.168.1.0/24"
        echo "BrowsePoll 192.168.10.0/24"
        echo "BrowsePoll 192.168.20.0/24"
        echo "BrowsePoll 192.168.30.0/24"
        echo ""
        echo "<Location />"
        echo "  Order allow,deny"
        echo "  Allow all"
        echo "</Location>"
        echo ""
        echo "<Location /admin>"
        echo "  Order allow,deny"
        echo "  Allow all"
        echo "</Location>"
        echo ""
        echo "<Location /admin/conf>"
        echo "  AuthType Default"
        echo "  Require user @SYSTEM"
        echo "  Order allow,deny"
        echo "  Allow all"
        echo "</Location>"
        echo ""
        echo "<Policy default>"
        echo "  JobPrivateAccess default"
        echo "  JobPrivateValues default"
        echo "  SubscriptionPrivateAccess default"
        echo "  SubscriptionPrivateValues default"
        echo "  <Limit Create-Job Print-Job Print-URI Validate-Job>"
        echo "    Require user @OWNER @SYSTEM"
        echo "  </Limit>"
        echo "  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>"
        echo "    Require user @OWNER @SYSTEM"
        echo "  </Limit>"
        echo "  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>"
        echo "    Require user @SYSTEM"
        echo "  </Limit>"
        echo "  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>"
        echo "    Require user @SYSTEM"
        echo "  </Limit>"
        echo "  <Limit All>"
        echo "    Order deny,allow"
        echo "  </Limit>"
        echo "</Policy>"
      } > /etc/cups/cupsd.conf
      echo "Created CUPS configuration file"
    else
      echo "CUPS config already exists, ensuring access controls and discovery are present..."
      # Add network discovery settings if not present
      if ! grep -q "BrowseLocalProtocols" /etc/cups/cupsd.conf; then
        {
          echo ""
          echo "# Network printer discovery"
          echo "BrowseLocalProtocols dnssd"
          echo "BrowseRemoteProtocols dnssd"
          echo "BrowseAddress @LOCAL"
          echo "BrowsePoll 192.168.0.0/16"
          echo "BrowsePoll 192.168.1.0/24"
          echo "BrowsePoll 192.168.10.0/24"
          echo "BrowsePoll 192.168.20.0/24"
          echo "BrowsePoll 192.168.30.0/24"
        } >> /etc/cups/cupsd.conf
        echo "Added network discovery settings"
      fi
      # Always ensure Location sections exist for web access
      if ! grep -q "<Location />" /etc/cups/cupsd.conf; then
        {
          echo ""
          echo "<Location />"
          echo "  Order allow,deny"
          echo "  Allow all"
          echo "</Location>"
          echo ""
          echo "<Location /admin>"
          echo "  Order allow,deny"
          echo "  Allow all"
          echo "</Location>"
          echo ""
          echo "<Location /admin/conf>"
          echo "  AuthType Default"
          echo "  Require user @SYSTEM"
          echo "  Order allow,deny"
          echo "  Allow all"
          echo "</Location>"
        } >> /etc/cups/cupsd.conf
        echo "Added access control sections to existing config"
      fi
    fi
    echo "Testing CUPS configuration..."
    /usr/sbin/cupsd -t 2>&1 || echo "Config test warnings (may be normal)"
    echo "Starting CUPS daemon in foreground..."
    exec /usr/sbin/cupsd -f
 subdomain: cups
 # Deployment configuration
 deployment:
  strategy: Recreate
  replicas: 1
  revisionHistoryLimit: 0
  hostNetwork: true # Required for printer discovery and Android device access
  dnsPolicy: ClusterFirstWithHostNet
 # Container configuration
 container:
  ports:
    - name: ipp
      port: 631
      protocol: TCP
  healthProbe:
    type: tcpSocket
    port: ipp
  securityContext:
    privileged: false
    runAsUser: 0 # CUPS typically needs root for printer access
 # Service configuration
 service:
  ports:
    - name: ipp
      port: 631
      targetPort: 631
      protocol: TCP
      type: ClusterIP
  # Note: With hostNetwork, the service is mainly for service discovery
  # CUPS will be accessible directly on node IP:631
 # Volume configuration
 volumes:
  - name: config
    mountPath: /etc/cups
    persistentVolumeClaim: cups-config
  - name: spool
    mountPath: /var/spool/cups
    persistentVolumeClaim: cups-spool
 # Persistent volume claims
 persistentVolumeClaims:
  - name: config
    size: 1Gi
  - name: spool
    size: 5Gi
 # VirtualService configuration (for web UI)
 # Enables access via https://cups.{domain} for administration
 # IPP printing can still work via direct node IP or through the service
 virtualService:
  enabled: true
  gateways:
    public: true
    private: true
  servicePort: 631
 # OIDC client configuration (disabled with hostNetwork)
 # Web UI will be accessible directly via node IP
 oidc:
  enabled: false
 # External Secrets configuration
 externalSecrets:
  - name: "{release}-secrets"
    passwords:
      - name: cupspassword
        length: 16
        allowRepeat: true
        encoding: hex
        secretKeys:
          - cupspassword
 # Environment variables
 env:
  TZ:
    value: "{timezone}"
  CUPSADMIN:
    value: admin
  CUPSPASSWORD:
    valueFrom:
      secretKeyRef:
        name: "{release}-secrets"
        key: cupspassword
--- a/apps/charts/esphome/values.yaml
+++ b/apps/charts/esphome/values.yaml
@@ -9,14 +9,14 @@ subdomain: esphome
 deployment:
  strategy: Recreate
  replicas: 1
-  hostNetwork: true  # ESPHome needs hostNetwork for device discovery
+  hostNetwork: true # ESPHome needs hostNetwork for device discovery
 # Container configuration
 container:
  port: 6052
  healthProbe:
    type: tcpSocket
-    port: http  # Use named port
+    port: http # Use named port
 # Service configuration
 service:
@@ -32,7 +32,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
-    size: 1Gi
+    size: 10Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/forgejo/values.yaml
+++ b/apps/charts/forgejo/values.yaml
@@ -65,7 +65,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
-    size: 1Gi
+    size: 10Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/gitea/values.yaml
+++ b/apps/charts/gitea/values.yaml
@@ -47,7 +47,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
-    size: 1Gi
+    size: 10Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/homarr/values.yaml
+++ b/apps/charts/homarr/values.yaml
@@ -33,6 +33,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/home-assistant/values.yaml
+++ b/apps/charts/home-assistant/values.yaml
@@ -52,7 +52,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: config
-    size: 1Gi
+    size: 5Gi
    storageClassName: persistent
 piper:
  image:
    repository: ghcr.io/morten-olsen/glados-voice
--- a/apps/charts/homebox/values.yaml
+++ b/apps/charts/homebox/values.yaml
@@ -32,6 +32,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/immich/values.yaml
+++ b/apps/charts/immich/values.yaml
@@ -30,8 +30,10 @@ database:
 persistentVolumeClaims:
  - name: upload
    size: 100Gi
    storageClassName: persistent
  - name: library
    size: 100Gi
    storageClassName: persistent
  - name: model-cache
    size: 10Gi
@@ -43,7 +45,7 @@ virtualService:
  gateways:
    public: true
    private: true
-  servicePort: 80  # Port of the main server service
+  servicePort: 80 # Port of the main server service
 # OIDC client configuration
 oidc:
--- a/apps/charts/jellyfin/values.yaml
+++ b/apps/charts/jellyfin/values.yaml
@@ -51,6 +51,7 @@ volumes:
 persistentVolumeClaims:
  - name: config
    size: 5Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/mealie/values.yaml
+++ b/apps/charts/mealie/values.yaml
@@ -32,6 +32,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/miniflux/values.yaml
+++ b/apps/charts/miniflux/values.yaml
@@ -16,7 +16,7 @@ container:
  port: 8080
  healthProbe:
    type: tcpSocket
-    port: http  # Use named port
+    port: http # Use named port
 # Service configuration
 service:
--- a/apps/charts/mollysocket/templates/pvc.yaml
+++ b/apps/charts/mollysocket/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: persistent
--- a/apps/charts/mqtt/templates/pvc.yaml
+++ b/apps/charts/mqtt/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: persistent
--- a/apps/charts/music-assistant/templates/pvc.yaml
+++ b/apps/charts/music-assistant/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: persistent
--- a/apps/charts/n8n/values.yaml
+++ b/apps/charts/n8n/values.yaml
@@ -48,6 +48,7 @@ volumes:
  - name: data
    mountPath: /home/node/.n8n
    persistentVolumeClaim: data
    storageClassName: persistent
 # Persistent volume claims
 persistentVolumeClaims:
--- a/apps/charts/ntfy/templates/pvc.yaml
+++ b/apps/charts/ntfy/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: persistent
--- a/apps/charts/openwebui/values.yaml
+++ b/apps/charts/openwebui/values.yaml
@@ -32,7 +32,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
-    size: 1Gi
+    size: 3Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/readeck/values.yaml
+++ b/apps/charts/readeck/values.yaml
@@ -15,7 +15,7 @@ container:
  port: 8000
  healthProbe:
    type: tcpSocket
-    port: http  # Use named port
+    port: http # Use named port
 # Service configuration
 service:
@@ -32,6 +32,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/scanopy/Chart.yaml
+++ b/apps/charts/scanopy/Chart.yaml
@@ -1,7 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: scanopy
 dependencies:
  - name: common
    version: 1.0.0
    repository: file://../../common
--- a/apps/charts/scanopy/templates/daemon-deployment.yaml
+++ b/apps/charts/scanopy/templates/daemon-deployment.yaml
@@ -1,158 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ .Release.Name }}-daemon
  labels:
    {{- include "common.labels" . | nindent 4 }}
    component: daemon
 spec:
  strategy:
    type: {{ .Values.daemon.deployment.strategy | default "Recreate" }}
  replicas: {{ .Values.daemon.deployment.replicas | default 1 }}
  {{- if .Values.daemon.deployment.revisionHistoryLimit }}
  revisionHistoryLimit: {{ .Values.daemon.deployment.revisionHistoryLimit }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "common.selectorLabels" . | nindent 6 }}
      component: daemon
  template:
    metadata:
      labels:
        {{- include "common.selectorLabels" . | nindent 8 }}
        component: daemon
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: daemon
          image: "{{ .Values.daemon.image.repository }}:{{ .Values.daemon.image.tag }}"
          imagePullPolicy: {{ .Values.daemon.image.pullPolicy | default "IfNotPresent" }}
          ports:
            {{- if .Values.daemon.container.ports }}
            {{- range .Values.daemon.container.ports }}
            - name: {{ .name }}
              containerPort: {{ .port }}
              protocol: {{ .protocol | default "TCP" }}
            {{- end }}
            {{- else if .Values.daemon.container.port }}
            - name: http
              containerPort: {{ .Values.daemon.container.port }}
              protocol: TCP
            {{- end }}
          {{- if .Values.daemon.container.healthProbe }}
          livenessProbe:
            {{- if eq .Values.daemon.container.healthProbe.type "httpGet" }}
            httpGet:
              path: {{ .Values.daemon.container.healthProbe.path }}
              port: {{ .Values.daemon.container.healthProbe.port }}
            {{- else if eq .Values.daemon.container.healthProbe.type "tcpSocket" }}
            tcpSocket:
              port: {{ .Values.daemon.container.healthProbe.port }}
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.initialDelaySeconds }}
            initialDelaySeconds: {{ .Values.daemon.container.healthProbe.initialDelaySeconds }}
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.periodSeconds }}
            periodSeconds: {{ .Values.daemon.container.healthProbe.periodSeconds }}
            {{- else }}
            periodSeconds: 5
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.timeoutSeconds }}
            timeoutSeconds: {{ .Values.daemon.container.healthProbe.timeoutSeconds }}
            {{- else }}
            timeoutSeconds: 3
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.failureThreshold }}
            failureThreshold: {{ .Values.daemon.container.healthProbe.failureThreshold }}
            {{- else }}
            failureThreshold: 15
            {{- end }}
          readinessProbe:
            {{- if eq .Values.daemon.container.healthProbe.type "httpGet" }}
            httpGet:
              path: {{ .Values.daemon.container.healthProbe.path }}
              port: {{ .Values.daemon.container.healthProbe.port }}
            {{- else if eq .Values.daemon.container.healthProbe.type "tcpSocket" }}
            tcpSocket:
              port: {{ .Values.daemon.container.healthProbe.port }}
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.initialDelaySeconds }}
            initialDelaySeconds: {{ .Values.daemon.container.healthProbe.initialDelaySeconds }}
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.periodSeconds }}
            periodSeconds: {{ .Values.daemon.container.healthProbe.periodSeconds }}
            {{- else }}
            periodSeconds: 5
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.timeoutSeconds }}
            timeoutSeconds: {{ .Values.daemon.container.healthProbe.timeoutSeconds }}
            {{- else }}
            timeoutSeconds: 3
            {{- end }}
            {{- if .Values.daemon.container.healthProbe.failureThreshold }}
            failureThreshold: {{ .Values.daemon.container.healthProbe.failureThreshold }}
            {{- else }}
            failureThreshold: 15
            {{- end }}
          {{- end }}
          {{- if .Values.daemon.container.securityContext }}
          securityContext:
            {{- toYaml .Values.daemon.container.securityContext | nindent 12 }}
          {{- end }}
          {{- if .Values.daemon.volumes }}
          volumeMounts:
            {{- range .Values.daemon.volumes }}
            - name: {{ .name }}
              mountPath: {{ .mountPath }}
              {{- if .readOnly }}
              readOnly: {{ .readOnly }}
              {{- end }}
            {{- end }}
          {{- end }}
          env:
            {{- if .Values.daemon.env }}
            {{- range $key, $value := .Values.daemon.env }}
            - name: {{ $key }}
              {{- if kindIs "map" $value }}
              {{- if $value.value }}
              value: {{ $value.value | replace "{release}" $.Release.Name | replace "{namespace}" $.Release.Namespace | replace "{subdomain}" $.Values.subdomain | replace "{domain}" $.Values.globals.domain | replace "{timezone}" $.Values.globals.timezone }}
              {{- else if $value.valueFrom }}
              valueFrom:
                {{- if $value.valueFrom.secretKeyRef }}
                secretKeyRef:
                  name: {{ $value.valueFrom.secretKeyRef.name | replace "{release}" $.Release.Name }}
                  key: {{ $value.valueFrom.secretKeyRef.key }}
                {{- end }}
              {{- end }}
              {{- else }}
              value: {{ $value | quote }}
              {{- end }}
            {{- end }}
            {{- end }}
            {{- if .Values.globals.timezone }}
            - name: TZ
              value: {{ .Values.globals.timezone | quote }}
            {{- end }}
      {{- if .Values.daemon.volumes }}
      volumes:
        {{- range .Values.daemon.volumes }}
        - name: {{ .name }}
          {{- if .persistentVolumeClaim }}
          persistentVolumeClaim:
            {{- if or (eq .persistentVolumeClaim "config") (eq .persistentVolumeClaim "metadata") (eq .persistentVolumeClaim "data") (eq .persistentVolumeClaim "daemon-config") }}
            claimName: {{ $.Release.Name }}-{{ .persistentVolumeClaim }}
            {{- else }}
            claimName: {{ .persistentVolumeClaim }}
            {{- end }}
          {{- else if .hostPath }}
          hostPath:
            path: {{ .hostPath.path }}
            {{- if .hostPath.type }}
            type: {{ .hostPath.type }}
            {{- end }}
          {{- else if .emptyDir }}
          emptyDir: {}
          {{- end }}
        {{- end }}
      {{- end }}
--- a/apps/charts/scanopy/templates/daemon-service.yaml
+++ b/apps/charts/scanopy/templates/daemon-service.yaml
@@ -1,26 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Release.Name }}-daemon
  labels:
    {{- include "common.labels" . | nindent 4 }}
    component: daemon
 spec:
  type: {{ .Values.daemon.service.type | default "ClusterIP" }}
  ports:
    {{- if .Values.daemon.service.ports }}
    {{- range .Values.daemon.service.ports }}
    - name: {{ .name }}
      port: {{ .port }}
      targetPort: {{ .targetPort | default .port }}
      protocol: {{ .protocol | default "TCP" }}
    {{- end }}
    {{- else if .Values.daemon.service.port }}
    - name: http
      port: {{ .Values.daemon.service.port }}
      targetPort: {{ .Values.daemon.service.targetPort | default .Values.daemon.service.port }}
      protocol: TCP
    {{- end }}
  selector:
    {{- include "common.selectorLabels" . | nindent 4 }}
    component: daemon
--- a/apps/charts/scanopy/templates/database.yaml
+++ b/apps/charts/scanopy/templates/database.yaml
@@ -1 +0,0 @@
 {{ include "common.database" . }}
--- a/apps/charts/scanopy/templates/deployment.yaml
+++ b/apps/charts/scanopy/templates/deployment.yaml
@@ -1 +0,0 @@
 {{ include "common.deployment" . }}
--- a/apps/charts/scanopy/templates/pvc.yaml
+++ b/apps/charts/scanopy/templates/pvc.yaml
@@ -1 +0,0 @@
 {{ include "common.pvc" . }}
--- a/apps/charts/scanopy/templates/service.yaml
+++ b/apps/charts/scanopy/templates/service.yaml
@@ -1 +0,0 @@
 {{ include "common.service" . }}
--- a/apps/charts/scanopy/templates/virtual-service.yaml
+++ b/apps/charts/scanopy/templates/virtual-service.yaml
@@ -1 +0,0 @@
 {{ include "common.virtualService" . }}
--- a/apps/charts/scanopy/values.yaml
+++ b/apps/charts/scanopy/values.yaml
@@ -1,116 +0,0 @@
 # Server image configuration
 image:
  repository: ghcr.io/scanopy/scanopy/server
  tag: latest
  pullPolicy: IfNotPresent
 subdomain: scanopy
 # Server deployment configuration
 deployment:
  strategy: Recreate
  replicas: 1
  revisionHistoryLimit: 0
 # Server container configuration
 container:
  ports:
    - name: http
      port: 60072
      protocol: TCP
  healthProbe:
    type: httpGet
    path: /api/health
    port: http
 # Service configuration
 service:
  ports:
    - name: http
      port: 80
      targetPort: 60072
      protocol: TCP
      type: ClusterIP
 # Volume configuration
 volumes:
  - name: data
    mountPath: /data
    persistentVolumeClaim: data
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
    size: 10Gi
  - name: daemon-config
    size: 1Gi
 # VirtualService configuration
 virtualService:
  enabled: true
  gateways:
    public: true
    private: true
 # Database configuration
 database:
  enabled: true
 # Environment variables
 env:
  SCANOPY_LOG_LEVEL: info
  SCANOPY_SERVER_PORT: "60072"
  SCANOPY_DAEMON_PORT: "60073"
  SCANOPY_WEB_EXTERNAL_PATH: /app/static
  SCANOPY_PUBLIC_URL:
    value: "https://{subdomain}.{domain}"
  SCANOPY_DATABASE_URL:
    valueFrom:
      secretKeyRef:
        name: "{release}-connection"
        key: url
  SCANOPY_INTEGRATED_DAEMON_URL:
    value: "http://{release}-daemon.{namespace}.svc.cluster.local:60073"
 # Daemon configuration
 daemon:
  image:
    repository: ghcr.io/scanopy/scanopy/daemon
    tag: latest
    pullPolicy: IfNotPresent
  deployment:
    strategy: Recreate
    replicas: 1
  container:
    ports:
      - name: http
        port: 60073
        protocol: TCP
    healthProbe:
      type: httpGet
      path: /api/health
      port: http
    securityContext:
      privileged: true
  service:
    ports:
      - name: http
        port: 60073
        targetPort: 60073
        protocol: TCP
        type: ClusterIP
  volumes:
    - name: daemon-config
      mountPath: /root/.config/daemon
      persistentVolumeClaim: daemon-config
  env:
    SCANOPY_LOG_LEVEL: info
    SCANOPY_SERVER_PORT: "60072"
    SCANOPY_DAEMON_PORT: "60073"
    SCANOPY_SERVER_URL:
      value: "http://{release}.{namespace}.svc.cluster.local:80"
    SCANOPY_PORT: "60073"
    SCANOPY_BIND_ADDRESS: "0.0.0.0"
    SCANOPY_NAME: scanopy-daemon
    SCANOPY_HEARTBEAT_INTERVAL: "30"
    SCANOPY_MODE: Push
--- a/apps/charts/signal/templates/pvc.yaml
+++ b/apps/charts/signal/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+  storageClassName: persistent
--- a/apps/charts/syncthing/templates/pvc.yaml
+++ b/apps/charts/syncthing/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+  storageClassName: persistent
--- a/apps/charts/vaultwarden/templates/pvc.yaml
+++ b/apps/charts/vaultwarden/templates/pvc.yaml
@@ -7,5 +7,5 @@ spec:
    - "ReadWriteOnce"
  resources:
    requests:
-      storage: "1Gi"
+      storage: "3Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: persistent
--- a/apps/charts/vikunja/values.yaml
+++ b/apps/charts/vikunja/values.yaml
@@ -32,6 +32,7 @@ volumes:
 persistentVolumeClaims:
  - name: data
    size: 1Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/charts/zerobyte/templates/pvc.yaml
+++ b/apps/charts/zerobyte/templates/pvc.yaml
@@ -8,4 +8,4 @@ spec:
  resources:
    requests:
      storage: "1Gi"
-  storageClassName: "{{ .Values.globals.environment }}"
+  storageClassName: "persistent"
--- a/apps/charts/zot/values.yaml
+++ b/apps/charts/zot/values.yaml
@@ -41,7 +41,8 @@ volumes:
 # Persistent volume claims
 persistentVolumeClaims:
  - name: data
-    size: 1Gi
+    size: 50Gi
    storageClassName: persistent
 # VirtualService configuration
 virtualService:
--- a/apps/common/templates/_helpers.tpl
+++ b/apps/common/templates/_helpers.tpl
@@ -315,7 +315,11 @@ metadata:
 spec:
  strategy:
    type: {{ include "common.deploymentStrategy" . }}
-  replicas: {{ .Values.deployment.replicas | default 1 }}
+  {{- if hasKey .Values.deployment "replicas" }}
  replicas: {{ .Values.deployment.replicas }}
  {{- else }}
  replicas: {{ .Values.deployment.replicas }}
  {{- end }}
  {{- if hasKey .Values.deployment "revisionHistoryLimit" }}
  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
  {{- else }}
@@ -445,6 +449,9 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ $.Release.Name }}-{{ .name }}
  annotations:
    longhorn.io/description: "{{ $.Release.Namespace }}/{{ $.Release.Name }}"
    argocd.argoproj.io/sync-options: Delete=false
  labels:
    {{- include "common.labels" $ | nindent 4 }}
 spec:
@@ -453,8 +460,10 @@ spec:
  resources:
    requests:
      storage: {{ .size }}
-  {{- if $.Values.globals.environment }}
+  {{- if .storageClassName }}
-  storageClassName: {{ $.Values.globals.environment }}
+  storageClassName: {{ .storageClassName }}
  {{- else if $.Values.globals.storageClassName }}
  storageClassName: {{ $.Values.globals.storageClassName }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/migrate.sh
+++ b/migrate.sh
@@ -0,0 +1 @@
 ./scripts/sync_pvc_with_host.sh /data/volumes/prod/$1 prod $1
		`@@ -1 +0,0 @@`
			`{{ include "common.externalSecrets.externalSecrets" . }}`
		`@@ -1 +0,0 @@`
			`{{ include "common.externalSecrets.passwordGenerators" . }}`
		`@@ -0,0 +1 @@`
							`./scripts/sync_pvc_with_host.sh /data/volumes/prod/$1 prod $1`