From f03dbea74675db91191443a130886c4e28bfc92a Mon Sep 17 00:00:00 2001
From: Morten Olsen <fbtijfdq@void.black>
Date: Thu, 1 Jan 2026 13:28:58 +0100
Subject: [PATCH] transform forgejo

---
 apps/charts/common/TEMPLATING.md              | 149 ++++++++++++++++++
 apps/charts/common/common-1.0.0.tgz           | Bin 0 -> 19154 bytes
 apps/charts/common/templates/_helpers.tpl     | 121 ++++++++++++--
 apps/charts/forgejo/Chart.yaml                |   4 +
 apps/charts/forgejo/templates/deployment.yaml | 107 +------------
 apps/charts/forgejo/templates/pvc.yaml        |  12 +-
 apps/charts/forgejo/templates/service.yaml    |  33 +---
 .../forgejo/templates/virtual-service.yaml    |  40 +----
 apps/charts/forgejo/values.yaml               | 100 +++++++++++-
 9 files changed, 359 insertions(+), 207 deletions(-)
 create mode 100644 apps/charts/common/TEMPLATING.md
 create mode 100644 apps/charts/common/common-1.0.0.tgz

diff --git a/apps/charts/common/TEMPLATING.md b/apps/charts/common/TEMPLATING.md
new file mode 100644
index 0000000..a0f4f3a
--- /dev/null
+++ b/apps/charts/common/TEMPLATING.md
@@ -0,0 +1,149 @@
+# Values Templating Guide
+
+This document explains how templating works in `values.yaml` files and what placeholders are available.
+
+## Current Placeholders
+
+The templating system supports the following placeholders in `values.yaml`:
+
+| Placeholder | Maps To | Example |
+|------------|---------|---------|
+| `{release}` | `.Release.Name` | `forgejo`, `audiobookshelf` |
+| `{namespace}` | `.Release.Namespace` | `prod`, `default` |
+| `{fullname}` | `common.fullname` helper | `audiobookshelf`, `forgejo` |
+| `{subdomain}` | `.Values.subdomain` | `code`, `audiobookshelf` |
+| `{domain}` | `.Values.globals.domain` | `olsen.cloud` |
+| `{timezone}` | `.Values.globals.timezone` | `Europe/Amsterdam` |
+
+## Available Values
+
+### Release Object (`.Release.*`)
+- `.Release.Name` - The release name (chart instance name)
+- `.Release.Namespace` - The namespace the release will be installed into
+- `.Release.Service` - The service that rendered the chart (usually "Helm")
+- `.Release.Revision` - The revision number of this release
+
+### Chart Object (`.Chart.*`)
+- `.Chart.Name` - The name of the chart
+- `.Chart.Version` - The version of the chart
+- `.Chart.AppVersion` - The app version of the chart
+
+### Values Object (`.Values.*`)
+- `.Values.subdomain` - The subdomain for this application
+- `.Values.globals.environment` - The environment (e.g., `prod`)
+- `.Values.globals.domain` - The domain (e.g., `olsen.cloud`)
+- `.Values.globals.timezone` - The timezone (e.g., `Europe/Amsterdam`)
+- `.Values.globals.istio.gateways.public` - Public Istio gateway
+- `.Values.globals.istio.gateways.private` - Private Istio gateway
+- `.Values.globals.authentik.ref.name` - Authentik server name
+- `.Values.globals.authentik.ref.namespace` - Authentik server namespace
+- `.Values.globals.networking.private.ip` - Private network IP
+
+## Usage Examples
+
+### Simple String Replacement
+
+```yaml
+env:
+  BASE_URL:
+    value: "https://{subdomain}.{domain}"
+  # Renders to: "https://audiobookshelf.olsen.cloud"
+```
+
+### Secret Reference with Release Name
+
+```yaml
+env:
+  DATABASE_URL:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-database"
+        key: url
+  # Renders to: name: "audiobookshelf-database"
+```
+
+### Complex String with Multiple Placeholders
+
+```yaml
+env:
+  SSH_DOMAIN:
+    value: "ssh-{subdomain}.{domain}"
+  # Renders to: "ssh-code.olsen.cloud"
+```
+
+## Extending Placeholders
+
+To add more placeholders, edit `apps/charts/common/templates/_helpers.tpl` in the `common.env` helper:
+
+### Current Implementation
+
+```go
+value: {{ $value 
+  | replace "{release}" $.Release.Name 
+  | replace "{namespace}" $.Release.Namespace
+  | replace "{fullname}" (include "common.fullname" $)
+  | replace "{subdomain}" $.Values.subdomain 
+  | replace "{domain}" $.Values.globals.domain
+  | replace "{timezone}" $.Values.globals.timezone
+  | quote }}
+```
+
+**Note:** `{fullname}` uses the `common.fullname` helper which:
+- Returns `.Release.Name` if it contains the chart name
+- Otherwise returns `{release}-{chart-name}`
+- Respects `.Values.fullnameOverride` if set
+
+**Important:** Update both locations:
+1. Line ~245: For `value:` entries (when `$value.value` exists)
+2. Line ~248: For simple string values
+
+### Example Usage
+
+```yaml
+env:
+  NAMESPACE:
+    value: "{namespace}"
+  # Renders to: "prod" (or whatever namespace the release is in)
+  
+  TIMEZONE:
+    value: "{timezone}"
+  # Renders to: "Europe/Amsterdam"
+  
+  APP_NAME:
+    value: "{fullname}"
+  # Renders to: "audiobookshelf" (or "release-chartname" if different)
+  
+  FULL_URL:
+    value: "https://{subdomain}.{domain}"
+  # Renders to: "https://audiobookshelf.olsen.cloud"
+  
+  SECRET_NAME:
+    valueFrom:
+      secretKeyRef:
+        name: "{fullname}-secrets"
+        key: apiKey
+  # Renders to: name: "audiobookshelf-secrets"
+```
+
+## Limitations
+
+1. **No nested placeholders**: Placeholders cannot reference other placeholders
+2. **No conditional logic**: Placeholders are simple string replacements
+3. **No functions**: Cannot use Helm template functions in values.yaml
+4. **Order matters**: Replacements happen in order, so `{release}` is replaced before `{subdomain}`
+
+## Best Practices
+
+1. **Use placeholders for dynamic values**: Release names, domains, subdomains
+2. **Keep it simple**: Use placeholders for common values, not complex logic
+3. **Document custom placeholders**: If you add new ones, document them
+4. **Test thoroughly**: Verify placeholders render correctly in your environment
+
+## Troubleshooting
+
+If a placeholder isn't being replaced:
+
+1. Check the placeholder name matches exactly (case-sensitive)
+2. Verify the value exists in the context (`.Release.*` or `.Values.*`)
+3. Check the replacement chain in `_helpers.tpl`
+4. Use `helm template --debug` to see the rendered output
diff --git a/apps/charts/common/common-1.0.0.tgz b/apps/charts/common/common-1.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..51039671ea5080e45b5d0dfe6b72a39e3c84988a
GIT binary patch
literal 19154
zcmV)1K+V4&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PK7TJe1$pI7*}iiBy({5Mu1vNeE>tTe6Os2a_=~X0aqoA(SPu
zrj3e9d$J{p%95oNSqhPCA^Xn%GYiJj^8Nka_xHZ<=kt3$pYONv+;h%7_uO;NJ?Gqe
z9~j!z6^)Y6bcSN_5HF}JlIFkuk(88_+$$?f`d3m?a{0fKQhOz7q~xTe<z)BDO36yo
zNJ>e|?v<tiB>x+DS@95Xcqo=e^8dT9<%9b_@<1^Na}bL|pixSIyEGFV#KEu#44(A2
z2A~TfT>&J*0Sm=?0WhMD0FG!ZfOCdoK{$X1T`@=~9>g)Bpst`2K-MKDycY&kn#W>t
zpQkPbk%UMx{ZEhgKhM&KV*d+MDPiXfA~7Hq2f<_ht9-%l?O#StQc`xA{mV)I$Nv94
zkGHpkD3i7)28x0McxMnGS~7rkB>g5CJcLP9!pDcn+glufgN_Ik2=J4220{eo2gDZ}
zp#&rzfRL9GLn0lBITT3%aU@71cMyw3z(L?7fX5P0Fkr6?=_kU~gy86i@C5k9`2h+o
z5CtdxWFj%Ai3Oo}5P&Z9;7C9sy#O}?6p3&|fN%hc!I0SgHK#<3rQ9MM7nqxGTwss_
z^2_$W82}QuKu3TiQYF>Dm(U`QFf<AeMWApLB9J2>5`^MFGVVN|OJ4p%<}g?U3hxN;
z3*y8Das10@kvskS`C9$wl366LAtbs)jiW3M02Buha3CCT@LE(n010&fk-wf)642s|
zE*}ZCkjcL(>l|<rz=9Yg6b1tPd-wr<JN|#Jk|Yku4B~#tAi0^$p)-hdh2WeeNK7jM
z-rfKL1w#_xD~1ChcetV%2O>cj9*xzf5QR`_31xg57|i?-eSDap7!1UP-~eJ#ARfd)
z5NL^omDt;R6_k^J8v%_6myLHN6;~(<>IA~Y9lXed<~7Cy#JVG3%kjzbGNCa4Cy6Z|
zr1+{Fkb{j?WJES`$m)C}P&hmk1p}9IO>Ia^S;j+Aa3~fIz(EWW?d1xh@Bj{vh2lXc
zuV3=N2x~$CUDe|(f<fj<E_XV=0hu@7BOr`qQ@=I4g<()U35W$SXe=HOCWdhiP?(Dc
zxzQB^#UmULNCe(X<kuEAPs12ZZFy89TY!KNd%-QZKnxb)3dMR6@ra(#5rM_w{|OSQ
zWr+ZO+39jguHHH?L<Py;d#xo>!vRPH4*z%J!Tl5YV4)}{@OMDsz=G0~w4C@30G4z}
zZk!(@0AR3aJQ{{ZQr=Vk0!}V0L;R+i#;bbpKZ<vr8)rNovpO5UM5X4-RMU9LT>PG_
zg5>JRe^PuL#V`HqYEPl?OQol@udcoGZgGXy{|(k})gHGB%<tO%Qsqsk<n;%IrxMKS
z>b~k2mn!=T5OGq^%e5H~#X5obMFm^@n@XeqCG7`RF|9vX#B%9Uv-}H?6(d-&{4e#b
zkkyO@pf-@DmV;Tek^h#C{$yp&AQXvrCX#Ugf2l8IAY&rTAG{+KB$a8P9l-e&<hLkf
zsV~m8@SkKLLKRGbZhs(-_ribxKT$L~AfBW`l;283IYRNyzi@#|7=+@Tsg+TJqKXtA
zu%Hv@X#mB;oB@7YD@k!hn>_;j)Dj@i+58kQZ=hC<KY^{(^1l=S9)>YN!(1pLSolln
ze|i*)KmVjz5CjT=M?jHUAQI|j0>aQJILQO8^7=2P^cTebDNh&>i$KGv2rPN=H>$Oq
zz(3^xk8lOi1UwamrEmU%hm|D$DHD!R1d@OSO`WkI&KZp)AufOS7mTb%W;L~6uECgp
z;yr)oAP*3bNC1v@g(6TSpZe?6fdn(}78lnMf&&HH#|J|7-U*3zfFf~_g~nfWZFWTe
zmt7LDNJ?^w$766x5)!M7cb=`~16}6+-O)&bD+suv2`K!p(>pSh0SRbv0azLjkYRok
z^pg58UU0Jue^RR!j^Hr=3IHg7kin^1{<3hfY>a;z-M>DtdFC<1gdB$lQFwC_iY5|@
zaHTlG)tZR<x`2(w0>VTGzB&<p7#ih>aN-yFEs!gShr*$F=pVo+ASA{B07iUiI6o|b
z<q5VpDGdAd$d<eN<plo%mpo}ygowf<57+>TS;&~kf0Bi^I1S6-me9Zv6K%?BL;g+1
zCjVY!ks9uwDi?@yM_|z?QklUWibX&jkiSti5aqsV00pAlmqytFE})kfAmC1HrVg7Z
zfK-Y|gj}MBE(jD{4+rqOLNWaF6sX(DuOOuVAHbq1bFuK}60KYgOA*x}(CY~3I6sNh
z@5tCx6ZBgO5K5hLp{(bPC2OA#|8h;F1|nkNFi_Y^Fw)y4u=7P=AO4lm<YIMMV8I*!
zzy<XB3(gm$zEtN{AT8+UQkgA#{b#W)L-@ZXx#i3+7v5?ffSL%EimvG3e~A#Nkrvi|
zQU@yn0&38eaLWP&YG7h?b^?t8R|B7Kqb>*kO1i5`^FMO@J30PU+OmQgmCrUkwnX}W
z!@%!WB69>5Pk<ult3OUqJm>-SBGrFLTmBe=0}=t7fB)+sXbBk|GBnPZgiKzt#8=}M
zfx{!v5DIY|gwh!m>*9bbh;#lI*v2B<p?L6L<(rKC4;ZI(_ZOU#!gH;~%>^uoLldyD
z-((02uz%Q807&~Ei^n>k7z|FrU5bggqAO8#$uuA6DNz@}er;BiQW1F%hiZLahJaky
zp*jhm5GXj2BUvIU4g<o7X!9EyWD?}lBCDkyt8AuFSRmRU0tQ{0ic)Qv%(qjOSfrK)
z*{k8WBZ%_SMd0vgtd~B*6@j1cZDq@^d;S%bB|db1ql+v8S12CltWPD@)djn93vf}u
zdnrXm$}tWKU8?ydKFB3q{PRu}7D6@3Oj1G+az;!=m^#6s+J{|O;fW8z73u^k0sK^Q
zB)uX|9vX)rN)PbyQCiWAhdKd1KK#om85595V>A*0^I9@BWE{*wBX!YD&(RQ#H^zcE
zl1VLLj#Q0ST5TV8`6drhJ{0jtNiQYxx7E!>3?#xGM1eRQscF^jmy}R{(>E4`!V&*9
zq?Rb|FUCfd+%CdUr~9jNu(TfVFS3BfF3D<sw{$Mzf++V@IU*%i|Adi0$$|3X_cpgs
zIat-${yLc?ttj&=;rwzUj1vLG0UQBC-e7ShAn^zc5}e-_``unV3E+48I;%u1tM6)&
zcE09I_r&pe{sKXAS^7$X6$1n?%gX*Mca6lwm#ldU%N<1?zgX)W$)xA$QM}Y|S3v<v
zHRBhEl*ssxB*?u(QE))m2~Qa)AStqhIBJn9X`UB;{DW0k;8&~g!n#ZDi&WHKbdCbc
zCB3YjUlU2d;X$n4{3aU3W0Ji;Rk5CW^Pa5D%l4-z-LJNvw;J}6jXes$Z+G{ACHXM5
zTvx2af3qI0kmoPT$^U{f{<jBS3se3tPVTD5lBl<UsXV9bzbfDr-2W5rXKb#y;Q4;-
z+A!|0Ro&XEHO61;TmKsNm#)ZoHI&tLVfFgyqTc?0TR#*A193P5G#p$o+9MzoZh=MM
zK_e6lB!#^cIg$aepc?_i;TM)NVth-A;7FxU#EE6q!R6~Pb%B$t8DxA-Bov3EsvG|a
z?XObkm5Q+}PyDlvEKLZPs0-0)FD&>=z#t$B>VO2{t8Cv0J411YK(FQT3BXU;VG#j@
zQQ)t(cli0Kcc_2U|MCp_m%WnmR$`~C1CaAtfPbFepCA`H2KdQ6|6)9==lPW3Q5y{k
z#CxEzE(nwp1qXp%OktN!=D*@i#mPNW5J+{VmFEJ<<){A|*E>JtUz7NK<zxk60B}a*
z7FXOqZQYTfNR<eHbgW|@5sN0wr;Fqla1e(_prE81AXJerxxc?#s1_emAh6`k%8+@f
z22(94%ZUL1is0%1VwWso{{(&c7SpPPf3w1^GQcGciRAiMR`dSKUMYp6{|SSo6uJJ+
zVkvz7PnayZ>;D5bJ6|>YkJ0`gFxr0-MQ9nC{6(D>h5Kc=07u~#VuW9s`l2EI#)=n#
zmRRr~p%*O}f%%2WuLOo5FsoTSaWu|oR}cwxfViTuco2m~;y@HJA(L>If+8`_(1ohA
zp~(>thQ`AG#oXuLWb!LAB;pX4XGa>8tcYx@tM0xm9?Kz}KUoEm`e4s0b!imoKT>eK
zu-!}bVsVIgv?bIP`AftV4roaQi?n@2?T-FV75;KdiDWWHdRm$i8U(yEh{7XWG?9qE
z+Ur0g;ILmB5wY>lRs@~z^EYO(00Z!2LC3!VgkV8OfS;tA{|K6-q`$DYCE(;FkN>Yh
z$=bh)aV~=XrHL+^r2pN9N_6lbcEJ)Bw;TQ}TgqavjM2Xo^wI<4f0PCmgd?yZ3~z=-
zP>ptJC4r>Q)PRdizqj|owYK>)dV)AX+$x*j^KpZK2uWsCd(MBc*!@r6LH*D3Klf1X
ze;?7-&@#}5xWfNC`uM~5A7rFt<d%Q`K~h@kKli`?9nUU+a+y`1@|6eDek~J|sWSox
zAaDS5wQoS+ouPODgGIX|;2>`K*B}7O2LwpxFQ7;y0L74Y<B7=$86O8APyn9T!Qx&o
zgo$a_F2D>2bpn}~Owj-V2a-XS_KZLQUT6Y#B~38^3Woy-JOIU!u8Lzo;;I4jTEMVh
z{KSd95)+fXy*=?K)3WbhEc;po+0zs8#i1As(*jupIcl2U=cau4g6M3Q5dcV))A>Ov
z0gebHs3ai)fk;qr?CtG|!Uj<QmVg56or%Jx;+}wkL-C+JfJXyxv<C`_hLW%8FM^N-
zr{NAoAc+wXak_}oXJXPoA{VBDEKLxwrz{tu_5cP8IwCxkn3%*D-p(&y_JBA*3f`zc
z20%H>MFl<&YPkH90aP&Lg`5braMbnC!nNG_>%fcPOE&{ZXiKjSlaz{dUIKw~qC#AG
zScHhIwes#RAWVtlaYUKU-=P(uBDG|PpGZY>+0|KU0t%8MOW0pXJITCLUp@Ra8r4ob
z5lxrsE*0g3Cjm=Rb?O0=7W{>oqPk)L2ruLo6e#Mx2w3C-lGzb`KzKf|_#G1UMm-VR
zocg#w;D|-LQc{T(I8@-j0t8X+L?G?ePC!#4EMk^xdW@R*Z;GWvV#Z5OtC4Rp{t=s;
z;E>Rlo*E<L6U|K96Y7dVf=o<$6tA-I-4w9}8=JQ|B*KO4!l=B>zj@=2<Xm>`0?3gj
zV1maIV0Z!+Bzc?#&kA~CKp39rHgOaiMVtWPl!+o54jBmon1CQ)4<*16Xa_Xf1?LPR
z9VN(6WVcH8_$UA*O9}Fy!190pLy7-PwGE8*HB9vkb^aS-z~9GzQj#)KdzZ(5a?<ku
ziU0l`&w_I>C3`ZWtJNVO;2<Rggri{ul1~ObF-X#<Xq?d=^KOp_?19F*kODgUrLF)$
zbl*@E9Pl6oi%2L8bVeiLM9&Dtf&g?rU?ImZnglGC*o!e09N9}zb%pc7;X&8M!%ReP
z>xf1o(H_LsC0#7%M~R8)BsFp1Bwzr=-~dxJaB|+O11FhIic>u&SNp|u60l!5*KQA-
z1nig8I7n|C(O4(&INDxpxwo_j$oPv#-d9o}y(hiKV9{_Q4NBlJkGy!Cos7J^ph$WP
zL&L#e_rDtc($XcViCijzA<+c*Jm$ig_f>J{TS<-D1S}c@N@%#^@E{frbtRHm8mf}9
zi7$5n6cGSM4#z<l9uQs>il{v)6j>%_almvjD5b<b^C<%PLocM4D^V%(CF3s^cBn#J
zzypCq0uCUV5)ui*0R#$<UP6fyJIvFWKM+SsjIhMWoRkqQe9B0efFnSWNH2h&m`(97
z<?0CK%<$r%$bVBdILM(jDOn;%;3RpGvKcCAk+Yk5SuGyAr5@>uAbshFk>)|?Kg#qA
z=*4da%_BfDnAMR;oKpPDBC8aondfz-{!(PRP$4IV6(k8zWqs7Bs~i@YCqjLGL>PoP
zLBuF_C9)cUr3}oU+@PRQTf?f@i`q}dUpRU?Pho{ctV(9pGZIumtsZHocm6`dUl3Rs
z*Zz^j%JL@>eW5~3DZi3$H2)R)g4L}`gVeejp;h-Es7FEp0Q8I(>j(4xoZ?wb5G3br
zg2xh9i6i9eJEZ#$3t>6wI4}V0*D%qxGdrSBj<hLvYZfZ6RE`(2a8ZZ}0EoT|MOt+5
zXe#ifo)<!;J^b@=`7XeOd}Z_q=m=s#qR;X`;GGwIA<=$UFsY?ss<8^Ai+3(pzezct
zZ!BKQ5+^1i4p1Dpc$S`Y^NxT;t{4>scj=g@2rLXp6HOGh=e)E@!!ejYbG&qMUp6ii
z6J0wkBLfXR!=>WK;he?)QuIVn;=;G8umNpPJcuHtlFNb&G^uptipGLVVhAw+gd^~P
zJ?Z)kxo#!#+plHXlgnD*(#)0&phOW5CCt$yN{Oh0WM4+)(Fx78;w~K%@ORhgmcjku
zM%^;#KU|Mn2K}cSa?8N~=8hZ*WnssHG+m;idalG64~oJoiHZVdq$(KTfW|umNHlo?
zz$r0FK>&RO3Iu$mW#yEB186KI=2Nl<KolN}0C9k@hck!*?5S^h+5?~`0*A+mFi9`s
zE0FPVWM6?JYp*+1d@>&+QYw_ol-E$hK-<JvLsNUH?o!XhN_8c!L;Qd+8cPb1!6nXc
zNj!oe#<L<!0C6r%^$fI+85u6`Xi?59`&qv1@RKPWFw@unw|F~JZzkHBN3>1th=Th6
z^IBvu+%l&H#UKuWUVrJg7D&vy2GTVxvQ{w>wMtaf5DlO}93F%(aS5WLN=uvv0E41X
zXkx@S@4wM_XArvthp1&FdN4E!jv)2{MFL2)69Tq^8Zj?gs)5+W)e6TXLm}iyK*317
z5(#LMIUwLba-n{q3cmnF^h#8z5R)vCj1iWY1i3=-c*?M-)<qoP48>qT6cG_kgcAdB
z=p|VXxpGg0hXW3vBhhm%$xBE=-4EjMfH4*d!;|irkmYKITk2#<u^rqC1$9NhC|r`c
zS&Zv(Vw6Y>C$<<9Qp9=)1Tg>tPmvlCbJY&W{+L2v3?K>&Mp>vxGeH)u)_kf9BjE68
z*A+9b=LmSA38cjW1$qEz6qz*&65bhfCCk>7IB>i(8jB`4IU~J@sOBIR;pnxLF>;y!
zz|dGM2*V>6cPgl2R+1o1v1oz=62v*9(Zn>EiAm29fKt-}5IEFsJm3IQsSI3+Bymk=
z5avR1Ce-kxWPnsf2XO%C2_<ze41?l8aU6)kA@B%ykmMdId=v4>D-zjt&M$N@Gzt%T
zF3Z*cq93LX@@1&mpweh!l7Jv-nf;Pwlqf~wG?F(%78F`s91c1VoJe~iIB?!WQc^86
z0goZz|5I@M#}6f<A^#&z+O&e;olg9h_VI`Be@pF^mReT-laZE^`A_}t-|_ICW86ym
zF(*Q^2daBS5~gdgSKmuf&Oydp5^f@gIA)@_*T~#_uYm>fI1~l<GChn|C9X6yKl0YA
zm^M!-7^bIYoHMpLv_H(|CjEL5IJ3C5Ongpx`Q^Unux%%@Lifh*y_w-0745Ef^SN&6
zMd$Z-g!e~H+u@v~WZqOyO<B%1_xJnQJs5lDRyCy3p;+aWIdlmJp@&Mcq+Vg)q~(U?
zEV*`Qria(Z$H&J625YtR@$nh(8`-2ka&x2p#*GGH2H_(HVK;_1Z45UEzd<wOw?@K-
zXYZMSTQRe9*%AXUXC%D#ar~f7<_wdp@VD38!d@sWTwWMjAbx6s<udI%sQOl|A{r(g
z9U8y2^pZP5_M6fKbBZa2XmW<Gmj-0~(+>%#gwZDsJkou6vU?re=doH>fohW<&--Af
zxzo2l4kc^gIRYKvmqs28(yKNWL_KobHYNZ5YU*6%%-rrPA&jc7(FEZQ@FTRB*3ohu
zTF2toDi8e$kIu9;-73Prf7`YFvyyCdra4NQ-~I2<<z5a4k|Nf?QNnKD-tl?+<M#%#
zo<Db*Z)?zP7MArb!by6x`r#p0C5vKv`<a93?&RK~iR5^71M3^j`2DUi<10Rzt-~!<
zsUM2`*^%crPZhDS(^!g~?(I`-w-3Q?nA(ugCeOtA?G(PTDW3M76fHMl{|(0{Q;=js
z9uY=12B^@RUHjcnb+UwLSX--I<(HT{ugJk9<L0-IAf2kb-Gu%6>)wq1A;F2X5-}`{
zQ6v7kTV4x|Kj(`#fN0CM+S{Hq+`|E#UyMX)KPp~t-NniwJti+vNgGAO^r#b{r!!5v
zLw85*j^F+0wG7tl9-+2>+ly1Yp@Cnw{dyOxeiAJ!D^2;0cl943MSM8rAJt(R_>j}P
zZmC8JTk0P2Y<mKKG_DzTmj9F(hhj)CL$W?&u%vWY=X!oOt-!T0y7u%tU-CT~aKBkd
zlW0$)RWq`oZA+_5*q*?3MO)oY-p{l4DjyS)8qnxI_{~2Fse7LF)2q_xi8G0uo25n0
z3x6s+BTy#2S^73`kp33Sxrjh1KxnhQ0#mE;zN1;w9)-Ds`vgy1GL)3QdL#Qo7i}Oq
zAHov!@HS6{q2$IZyH6SW2VGORR;t%Fz3-qgV^-8lI=4FJ)FRIW^D&O%w6B4TR#)DY
ztYv{4N+i6Xe{7sUn*!xhiP$|He0bv=n?Q=T7R?uTQHWmYy_0-~pZe=vLUlK->6AP(
zW}s4cwS<8_k=EE~U#|bYuJz&_d248*Hs^#-OVQD6(8dIwe&^Ni<wqNJTJlD>W4pln
zfH6^9HF;SsCq2jOR;JMW&v!3reNS<E{9#0J*I4Q}XO+Z^&(n^>o#tI$z0ptO`#GLD
z``A4^Vd||<r*GuyW9ntW=QWb@bN}h6yM0@Vh41{Z*@q9k^7`p^hW9j#{iY8q3xZ@P
z(Fk?mWyXm|jBZ^_Pd;zbjc3KLpG(P)6)QbT16{-Vl*>FVeA-H>yQ0jQMYkBiCGBgR
zHCafHZGAD^${hp*>8}|G7-zkqv-SQ*<&I-d<hMJo7c_Zy);6RKD#mEs9`c5xa6NnL
z%-*&V)>nux+51@6X<QPz8+Jm)?Aw6<ep=&OYeGz%{ksPRCv#=u49qOp<7hl8$4$hV
zfV(@MpCZ%@sxi@|J+x*$$YQkibV2!S<Mqzz`Xt9Fs8CoD;KQTEP-M-=RCr?xk8WX)
znm$7Q)ojdej=(}jvk?E1bNRR86i%tP(*$p4DSQ(o9FpI)hS^4MT7+#D(096ie&?nj
z$sPN5v%GE|ImN067r6aAd)<@SSKg!F0M|Oa(mriYpj_bO@v%b;bZ7cGl-n2^BZIlw
zwK-1k?$epxr*wcr*8RiNXXkvfY#tw0Lc5)96D!v@GAi_(K!!4#md`Nk!tY%}$H|x!
z>QRu_wqKED-(}i;vb-&Y!{>*$_$aLZe7D62T2ol(J8ePpVk%$*<YRSlVNe~X_s%cP
zyqs6PIGi*hzOt~50mgSbf$|nb4Lt)cA9nj)!q-aOTB1X59brjT=el;MW*5tvLJiT7
zfam@L`xxKQ_!oM0mGH*pj?-Di>lWqmCT2g|w!4nOy6?t%)>g&~%JvNB1&>O(&3$9K
zhuiV0Ma$X#QqW$B28<u>QBHxf<<>J(CheyaUP_*o43*ZD3@N<E`<%fnAmQZ}HsO%%
zVi&=51`Vi^{|U)7O9j_fS|$;Gh9g?c0ro;Qo7b3b2M)y=X=GoXI;%h3yiVH_$2V@G
zwdXa|E9DqtP|m*DX}zt!#jiOoUgHrt??pJMVJSh^e%vnRPPP!!8n=g%9J*ah2lCp7
z=xH>JkMbt4FdCcs<O1tW4e;X*54_|3ISc&^7+X(<yw!-dVPa!FatXpc-BY}4;~vKQ
zYmxCGdp0((8;a3wSc9v+iV0k=N7s?H{*%=+wivCK)9S*}YB$GiZmpk?mq)W|j0T;$
zl9$O4)`~n|`5<Pkzrt3!GptXyICx)rJ$k)p>+Dn?+d5Y1Ol#-z(0$)?J#6$o7jkai
z1?O=KEAP<{A=voSLNf|p?qy;KP#E@@`0g-A+m_ci`9d+Otg=V!)peFL4-X$?uFs&!
zjHgrC_k$hJbBe}NOkbkT|5d23<9?gyalNQS%u8JrtG>@p-(t<Or?~e&GTwL!QdbeW
zHbL@2+1HYUfU}PPCWdgk>5k}@D|gSwq#mmCY<cwJkwyaDSx94G=C<+P{q2lv-Upg)
zF_bKi`gD@Bh*h?n$MJ<iLDqfoFJqs%*;zeGnzy!|^`~v!dhz-Bqk<bUd)zJ4{0+S5
z6`P_Mcx;j<+EwsTklDNoU8gh7$Y03gtg=yMV&$;i$k=Pi)C%c1wcVZuzU~%NX_V*d
zM3uDxiq&gUQp$5>+w5sr*l&s&mWCRnDf8hIwg^efS#!l*JDj}_?C1|^F%%AD6%s7u
zI-DbSA;U=|pRX{A*+^yGnG~(bW9xssx>od(g{@FBMbBZ3zx@r*<N?0(Omi-}p~5J6
z7~3&M_d-UAa6v4P>pq(#2HYxPx|a5?K6HarfFM>&Z2xRvRMWQ?-tV7OtT(UU5`M30
zg9Lxd&s}`#mz*7r`9u64S$?iyT$dD4B&PJLd4D&e`65jxf>~?-8-6c_kUGKE_#DNy
z4ZZ6$?2xy0UUbuRi#^)n^@*Fq#wIFZH=~D&7oM$WI_Jj3u&3>vV&PkrRudipC5N!y
zf-ify;YVmIXfDYc@3T7;sPN>1s8rQyUO$$gnrG(<PiMdFJtyq%p`=4_(>wPx{n-0@
z&dtg0)0=i*DgJiCFS#)D=K*<(q}QWZ&o74>rlJGIAFqG2rqgZrMixs9)7z(qxcUyM
z{NS%b9em)YxqYrTG~T{!?)$fcDuui9Y(&2)hR@yie}<Xc-BeXtbg*S2*TeO${aLLn
zp+`KQDtORi55MH{@75EJCTL*qJu*Sh71uH!5oS4~2$<^HXFynVZNdr_GD7rDg=EC<
z)`8G4-Lu!^gfN1arsGOlLZtb)Am(~(kwt~C_uY5I4BYDk&aAIF>aE%HVM}hhL&!Zg
z?@z4n>61fpF_$udmUI45d_tW%!MC<#D#;>%Oco}#DkB=RCR8BDwbH=cMyA7N>`fKD
z$$kUu_^jt!ddv;eqG_{xj_r#zdLXZ>QS2|8)q#4m%j<I0&MOb!OY*6#)d;Y6q+w<_
zpcMZw<-&wV-fc*h6A#^C>FyI}3~wDBS9gCt&F5j1(ov?jt&nD)=EKU6#>Tzdww=AD
zMe~Z4QH}rX!-==reH%mrze=(RpbjyD`JZPeIc_QO^0TsdeUJk=YV4E!`3*PHBp}c5
z2A&OksIIZCIU-6oJD71d)SrKIC}zec-OJ~(h3(hQ0_ej$ev4+YxZ)1KB6yC?oWw&*
z-<qGi*JtePGyI~p%W?Q#&C7A2gd~V@VgjJkS^H6W(`|-5eQUQoYOzgL7Uy&%zy@tj
zl}a9pevLbzsmaO0J-kbXWovK(BX>Z;CHh3$hqSs*@Aqlc)W5HxPXUBS(D!|2HHDhN
zpjX>d#=A?RvqW1P?!5XEU%5-{mF1@O=L>`F1wP(PeC4Nw6{|C1Kk;5si)(;x`!I_2
znF0{S#PP^S;77z{DwEIWBmDY~QD0Q{s2<vD7?7aA1=kLq%J_8Zh3Ubp1FsN2zMS3X
zdsQ_dh-RI!Hs4%6P4wXsUSmPip~!3N1$*B#X}!ofr&6O9fPHFr+Rgp+=zFc#LS1vs
zXUg1uvWPwmtn5A01isy{&LM2{@Vk`Ybnn=8OoyRcQ(F3j#bl4YKS-BcS?GT`S)G4B
zhCa;iimUYA?Iyh^CgZQl-*RD<W^2IpX+E4nH-DP8P|uqxfYinfaosK5*j;cv(zb7I
z=XTD-kmk8h^0Lz%v;BUphu3(<Z}0WWnhsUf-BKF94n`A3d+i3ArbU*8;i&MIjV65h
z(=IeL{d9_MsWdk}(4N=+A&J|9f~c)~p-<C+f0yH@ClvMZBaO$#jsCg<@@ws3EZej)
zoD$Xt@*y+!7;w|vI6}+GurDlIwEVQfmGfJKUi|Exeiig!d+4{Gp0^WvTc&1D)qP^h
zZaNq6V8i310<@M1N$Y=(p}ct2S`=8M=x7da`o>(n@n>+?`NS(ciFb>O21Z8O8FxC+
z2`8-|uU07JXuVRAa$4crh8D(s+WQmmYrolk=v(`hsZyFVu<Md=RU#x}SWn=Pl8q$0
zHDbTNL>2w<DLS#OgTa~=x&k&Yt@00z(&K6Q`B?KeRw^GCSX;?J*jgYBSzENpkW2XG
z;o_jvE{W4U*DklD(4*)KhP#E6O<!%NN!Shq){W4tW$?27^eo9=NJ9R#f^>Ux^2aUw
zf{$G)k{txy2}crM;C;kdN9hlVK>7<Us&aMM8f?B_tJs!%s7RTk<iL8fZ9I~!uhz;4
z;$LyS+xqRTityL`I$<0CZ+#BT&VvD<k#1p96&I5EYg?1Q`dLZOF1Kx5d_VhW_#7n}
zN{&^pKWbb1!ZIhvYXe(<GEE8JcL6NjIq!4#ERd*b!)xcR1h%%~%FC6u!XI|Bgu;u5
zL{IlSb}}Nv&^Ww8NKav4UWK2h%sC9?_;DI}Z#rwY7=xGf!djkOr<{WJTe8r1WE+Gz
zUB@VBwHs_L#$@ZlU$CF1u{&=N#Hzk_eW5eU7rV#}uL<eakyUGf`!OYR9nm-E0+=P{
za8KMZkF)Ska2Yf5-~3fO{MMbB{E++2Pw2p#xo>`Rp*k&GpR=!owH<e@mt=3f>2DfX
zD0EVKYgr20RsLi?zLQzSw3{{F0sP5B>;!trVxItgQI`Dz=kVw0-m@shwr$tgO1ICq
zu&~1JZk=#h*K0k-h@P8)xrK$2Tn>1icV9iN`~nSi_AA`uw+R`79pKkyVq@T^WjG&1
zi(+Ic9qZmFAacZ_Gc;!S+}8EuOc6FybW#2fN^&oIwnbi}H3nMKclC+;&_aAWL|h>B
z14`Ql;!YbU_vz^tZo7Aj)!;MJx}b=Mx4HD+n?{{`<8^!8&vmq7gBt>c6|U7Qin-eH
zv$O0>g|yTrZXF!l?0dFy=H0r1$9qH%?`&!F;Mfp&L?2k2`hiwG<WQ(#@GYA1SFEfD
z^Xe+niqzrSV*190j{0|X*Itc&4~HSo8#1pkRZQP*cKE)vXNR#e!|RzO3)zm;%vTOU
zNwjQ({N`-?t6T3w#vga9l!&NQL-ZbZ1|!C=O-Huk*L<0%;83G0anL)!uh3rau{&MG
z_3KcB*@UMwyQz&L^zwQCcXtkPnibNnRb%}sv;HEBqW|4B<ByF4MH{lRTd{5vX|$fs
zg?GeQll)FbMM@}CmZaHN9AM?R;Z*tp!+7)b#!|RI-?I&ZvF@+>_~y=^<YmNH?C}<S
z|MbQijcumfUV^H9;nix%8}1tNZ%Q%S!WSy%`Zek&4UKYI<%n|g)j^eWd-N47EV$Y|
z5!?D=Sz7g<1L8sv33M;44_UbIdTjGXrM`XkfbZ7#^<D;#TL#y!r%}j1r>Ee<#Y(r0
zkOb%JJ>1^$`ndm|v9c>0zA-1W6gvgIP%voOpg7tXRO%Inird23n>QphA+%Gyxj*m8
z^|zLc<EJ=3dZ{I4!(JcgvN`a&h@JZa3++q)yDSk8H7BZt&a}NyFBaWl{rXLNw^FlH
z6F<WtWu3zVFiwN4$dnF$Y)YIKbWLrt!YhF|tb+y*-$D6}YlE~LvNzKlhI0KBybs6p
z95|usd+%MmmHBBci#Tf<nJb>2h%?+e2f4VvO-gT$q-E^#^R4N&^Y%GtoXDa7Kroi&
z+8Q16lp`58jwm_=Dz?#f`Aa<5W#>;<-Nk7qy>$npOhqoY#QM(0^RHV@<k$<X`*JSq
z)irOn3!K@;c~OD8K8l^Gi{Eg3?b*&7&Mu8o3Z=p&uPQR0(t4y=GmP^oY`V7Vvu<c&
z)W#Bj)$&09*fVd09Q`+)9*j1Tv7>Ql72XK-cVyh;K$l+_&+9`gy!8!6{~Ww7RQ>X~
zNVm(PZ{&vTleHo`PF9TPw(gNt%`ZHt+4}G`Ec*$H4=;WuO>pkB`fRh;-1uCqch=n4
zgZHyt_l`Ch6>4mcruC@&EJK^z{?IbMv){SPzPB5W0L6Dq2Qhq+Yr<{uGTX<d5h|x9
z5N&W)tkd3*rg{sU?v;W1eYC)(^O>2u=p^|z2H)b}?w^^Ns2j6J7`PCM;qaWsZ+eMf
z5j|bBT~Z_Rv?Tre^AT%b#6Ujo+qz}wy0a7ZY*d(M;B>t{)5|@<{_OE<_O5dqd%ZTv
zmQGme@P#l%I7hN+NL|(ouc9pn1El=dJwD2EAs__Pf~VQYDk6=MFH`tw`ht0|W36A*
z4m!S%IV@+^7z*pY3{5|1or6uay#Xn-EIVA30IW&<nf(p>At$UD@3}!jKMl9Ogso>k
zqXVsE<%Jy#CJqdrg<oEOum-dCz}NPhuk<n6%8_=KDG#N%p!h^DWj|melr4vkjfs{;
zC|-_di(vq#b$zbex`+=fTcHf^I-y*q%#1-ZMOxe2%;{;EPN%TYr+J_@GIgxw(#TC_
zY>eCtm0kN1>PQm`?_l;X%%I_f8NQ@d*VP4YIR?JE=gcA)V(bI;<X2%yGG|%0FBy3M
zT!{V^V6)M|L2@&Lrq=n6fr^(MN+KvaprnaKXmik6b|)Icy?lA8@>?7=b+6}?@*dvK
zR(etK$T$669{q=}z01utEs5mbhg5Z7X};nW%N`j1q;6b&WM*!L8Lj<#Mkl^5L#U1R
z>s+<kiQ98YJ9h3oS2GvBaZYh=;HsC<>$hQozIbOn1Nx3<ohILv6B>dmBnM;$-=*bV
ze9?4YMt_@^XM&PgD#L00;|WPJ(n)NSH`H`CyYGCK4W1|sW-<#9*#0Dp^IG4J6ExRK
zxfED-J%PRx4r<Z6+VA5l`$gDxWF)u#W$jkDPkk?amA~?KFiTa3xx|pWr6or3r_)*U
z(ejRq1vd9<<{E-s{oWsmH}Sg{zWsf40sO$3x9K*GhLN@Y(4yg-+yX0Cxy&yQHlhc6
zJom|!zm?mVkm+qutA{+?g%wIv*}21M+}E$NIz*7e2?uLuu2)idA8gi8F0c7P!UM^D
z_mTFSLTyKrI_qckwF2j++|!w3K2^CzKgRIpe62N~`BKyud6i}A#OuzFy_1@6B4P+T
z_lcg}zUc~IP^E!TvCp;94VzSCstgBAPQ69Rhu5C#Z&XtY-R!zYkk`$C)5o6X+RgT#
zZ)X}#{meWcdEpWJ0jHF0{Y_JtgI2{cGmXWmHMiaGa-P3N@5xNtCvc~{p?Ow!;7;R{
zZO4TA8rjTX#dK_F-P;94t~{@h#-VRH+uTZy&h%O<Z{K63-KBYoBhhNMK?qDc7>x}{
z&OzoqkT%G-6pzgq@3VO-zwdh<w7F7`d*t$ymqRu;E}KSuyfbt>%TQ@&q=iaGt))+j
ztlj}lq0sjU$XoA@-JYzNx;&uPuL0flq@k)m?ih`qnDX_8Vbxtua%w#<&jvodzQwk<
zqUr+wMD)@4tsSx=wM{0Ore+C}{1M6QY0CA(FI+AAGlh!WowWKM7gnU5A4p{_(rK_-
z7cI+dozmy+di%CY-EFB^je<y?s-rt_W)EYoeqd03Ri34QIZ$6%RlCpU!>wxY!t*mm
zyf<RyHu@yzp)|@viyE)K(O`#h)V+?#XvXiaOm*JVU>DUZD#v1WY0$#?&LL#=r#A=K
z6Q>{Dzh65UH&nd!K}e3EVEXN+$A#`@I=no?*BHE2G(ll>t|u)eeP~k<{Pv^J_*+St
zb;hWJ{kA?vqm5w?<-#Km)@&O5!BKbp)9yV8V{~u+aC!EzH{V0^-?Y@;)C7Bv0I!u{
zBay{n;g7}-#6B~$x_Ugz<=y$IS@lEcyRItNq`W_1rr1P(GE4^!U$6-&j1w~%Gik>(
zgonK6z%eMOeUbKVyxb_i0|i118d=t)GiPyu=Duy+t_hiwBcFp|JoU_Gr;wYk>_XEX
zD6Mzl3=-1Udw98k57yb)5uB<E&fLsy5%Fzs^!ZY6q^LJ_6;XE7#df`~&(90pH{N?3
zuzDzdph|s0RkbukYVfD*wc&BpQ`+kvxtp(*p|8$qF)>JPJrL;}EjQu0%lSvw(}Ned
z-*Ab4iu`ncz0w)3^g(wk)5qm@1CQVIX1x2{-%Q8*to!OTPvQnYk$m_)_wJ0l#S<^I
zpTQ!WE*Vx|(Q0~pH13AHG_9ji5_BiMK~L65*u^8)qJCuZNeLc%*8Ny~bE1T^$#&ew
z83~sl`g8r4xzz{Xc?QY7KU~uwbiOif|GEC$9;UbbW;>M>J-N8A71(!s7O{W&@Zgcy
z=FLyy?_uMrtK%=rT}oA&%X1u*ac3!VYLslJ9V-^i9<_sJS{;9T|M0{S4$FqDl%(5o
z(%KusN(__4J-p7ltAtu1pZooE9!X%AA0}+8@|l6ALqFRXSl!f5^Nsaxx$#)Wym+gD
zLoq{8*X9gQ&f;UabGCWfR=%*2SvkViVATuvMl2e~)pol12N^aGI)1t%v>{woBQbd9
z)3*MEYV<k%HziR)8pV6pMezC{yY1UP`o@oj;Y76}n7Q0^W<CUXJ=wB(Z3NHvE1YeE
z$7HUUf0z3B#y9<C)c2=nN2^deo_P!nhDwnHuiN)9MKXdIuy-UWqs(+L6^7ogu8vdo
zwa*;xmCtWvTjTVdIqBYYT>ntqi}&cXo7<HYdOh$TJw3LZEIG(+>ZJB6^Qcv~!rNDl
zXhIEB+D;{_k|VrLV-}h6k3J+JaCZgNCF8&G^kcU*t-0Huy<J&W<y}woEaa@Fd1Iu4
z=cgE($1-=Pb|VJ~5qNXV?DwOcLVleY@~U1V9RmT0-nHJSl#@vXcYa)x2RvxFoUb}<
z8QSzNIn0#VI71qu<YL_Q>|y!%`v*Ejw%=}j{^=X~#)T#ep4kg_HGbItW6w6_>ihd9
zrL=>^HpOt_M30KdbP_C+?wZ9x8l^sdG8Br~-+WJ63-)pNYZ~(G&FEWa9?ht*SqMpG
zmI@p=n$S>h_t7aYjwk!;mDg#J*SbaT`5qhkV6myx`dPRBLF3l?h&Yiw=G|9@5K3cs
zc=SoBhuU86TrPMTOeV>!3C``>{BcmvJMQB*>E=fj?W31f$E>*-KC3g|c<Y*-xle;0
zk{NC*Dct;RV9jld6I1TDB?lq>YRY=x$8g_+j}2vZ-+y!~+t;bavnNrscw@A9L1evQ
zWmUmF+vZ1T#O=|St^3uBOqx@9ZIEiV1LGO5EidY%**;0U{>6xXuO8#{M|4R3kIPA8
zUB=}<pgXF}o$th5X;gN=DG*rF-x<ivzTbFVLHzrzO?$=eX_tm>^4m1<8IkOo4CbGe
zYCy41%gJon1Dg^uD&vg5#GWND*!ILny}H$P)2UncAU31-<|a+nKP~b*mA+YEw~*ED
zOQ`M2`aNCH+cWYzYXiz*GGCfsy%hte@}@<UtGf<O^wLV3Pp%odG_tPOI9xANticz2
z(^(cmtHWmVX5Y&xhNcNs?12;azubDHE!3MnDB*Yy8Ki4+#$OIAW%wpyM}S#|MZCbc
z#S!x(Qd#{^qMJ(Z@~}NiJ~`ULmqquy>a(R2D0F$Iw>PF)N(5n|>eFPo_nvC)x{qcw
z^l3G_pW2n_g(+Td7KpcI<c&tJ%}6^GTsd;i4D#vc+#CK=!3?~LJMNc297Y=RbsC3%
z*0Jq1x)gKIr7u{b+*|H(A?u~&WOb)~7h^ALr@o1LR(7a5f9I2qb)K`EZ<U@a@K$uK
ztUVjeWvwCO=AR!V<I^!?VX*V`SvIaouQ#*Oiqk&GuIpvARl5y!?Qg%|GL_Zu?drYP
z(Q4dCXzE%|ZnD$IED@*UL1HEfD0!9YJEgL{K|MTe8=686*H3=TuJJzVd(QD_m~Fqb
zV^=Y#gKVkcc+`KNH@~%8weLmjrX08RSp~tHBHroNOv3AKZIvvkp3@g%Ja9DOerAT)
zl+@cJBYG!~()aWgsZ0%zj|~N=owV{z*?%F<BC>tWCTK=@cl;Iq(du>+Ccg@k`k7C!
z*he#!<LFOXI_+gPExe=}yC32dmz=i2(NtLMmO{&r;%s1CYh0Zw`r930=h(;(+&Q67
zo#`(JHF2IgsdUogN6?*nyACM$<fyd%)XtG&J}Va-e_Y=*&kpYQGpS(|U6PXC!7<yk
zgZJaZ1AR5=Yd$^tZf=CQ$*wjyGI;iZ;a=^0tJDlLpN8Ts-jOjnr5UO{`p4zV2@2Wi
zaQpY0FZh@hm>3!yJR$6=`g2p4zg|%O$B$1N;c$k-?|O7__eHDD@3`FZ*-x|dm}a<j
ziSs0V#nbg4B1FOq)|}>TJ9lQ&gE+hEPhXTO`jm)73d)wb&O8<o>^gq$AkOK@%WoS}
zC0t;=HyFOCI@6|J(J*|VhFTxflT_Svc6xCC<c}{2Z{=~S1V=D!O6R+Qf<>P-k6cYB
zr`YS^?K_+XRWUVBz81AY&=r38v8hWjF*8B3KIba3`m1(6{Mmjs>X5{Jkx{RViN^Qu
z^}AmkHM6r2;FD25;o|zpXX0+Qkx5$JUGqfVjuYTabV@)GL-VLH{ly1U({ghJd*7e6
z!0y|d_D(*-#`t?j#TU?*@fPX)h@HUL^7S50Pl*Wo-eBb))>HcFNO3#b_t@)=GhdTR
zq_>-4T=rcU>};qF-(6IB)#haQ2>0Q41Gg0)^}B0+LkornKkogWZ|QBAcM*HbC))Ql
zd-tta(Fc{hdj=bABdp#iSqL}ls@p36$Zq|(r7P0*Zg`NRrYk&5_B>RnR{DM$kNV?K
zWfARMmkzZr_va+7?s2XWERr3e2`X)@vL3&oa-#Lx#jaw%&u_huhOQ42Z}$~IT{9bQ
z#GXUPUd^@>m~*&Q-SJ#g)?Y4dmj}0%?gSF0bRAwGrN`=_I=zXuovv6lXZOte8U6a5
zPXlC(etht)l~k{UkA>I8e&Xs_dxH7BMaC5Bd5t&kRQqI3dGyFLrqN5$B6>d?I<?o(
z2Jk%ym~=7BymYg#|4RGOge%#*aSccgTw}~ewu%h*@U@>_Hf<<Q@Z{;UKc-Rk#D7SS
z!BINW%O>RGr!m#|j5`7+iUoIip40xpv7wmt_;u8~q}0uN@;gN<)ST7om0DwMV7O>V
zh9n9m_bmHBE#7nTIxQ`I2Y6cfV!`KQ!`ZnrE{E_<4{q6|H$*x&-{1Q%%C+lgTpsc^
z(x<rS+cumnKEtT~s+9DJte2CYvm(dT>m;j=2bb@QeY9pYv+ST3v&as_L<7o4J?&{u
zz>WOU<~;?s+LYbH`|s2reL=s^t8yQEkk^43b%j<P)60ism`3y>j@&W26k}rzn^aGf
zoqa>weT3n4N>#PI?i!125gAq1d5$F`Rsn^T5hg><+jm{fv8zcm{Di=#`nv8^5&qOR
zX@op)R3Me!A;C4qWcD`LKzVT8ZZTQf8`4RahH9L6H*!m23a(#&J0O)*EG(iLb9j*3
zYr2xQs`NO%EAB;3wf2kbkL*J*`DXVczVWo5j_DT+n9Q6h54cz#X&jI?=oV#&s)t<&
zzgeutm6r;^-DtmKd>q?wa%A^5I*XjHTg7qV1V-+wT(0^1L^Y4qw%p-U{9a>lVOA&Q
ztOXJ=sy12qqweR;9Jxpn^+|nycVx)LhW<C5v_1WoZ14G@+b^F-h_d41ZixKYd>1Eu
zA#u*FdFQSy-TI9>)#nc}#}>rLN|(yqsTK2`?tFLtbVpm2-j}1P<5sBqr88_6N9DV&
z+}z%1R|Xx6bDA3&Y&l-$rkv#o<K|9$ax++GYx>6eX~$`&M2n|phEG}zXV1^Ld=$EU
z5NtV-LdVj3)*8*YGwCVrbV}SLmf=~iXq#b%g6Nr7S05+K#10;D!NvCFNe}utseOjU
zd@srNg{GM_+6m|nn~RE?G+m2`?zNNlEjS_b?3?s#P)2Lo<k4c+Q!<7K-B0%wvg{xl
z;zIQWN7_bl21TJ4)oaH$SvkcjjK#)if8X9;7r!U9|LOz5dq@4=V(D=@ZOlQmAD;dw
zk3{x4^F~!a;y-rTHenoJk`$4)?$nr)=$_jyIOXG4a`*Zn^(LOn-5Yqa?m9AX>Ze=M
zQI2Onc1KLBpr$%3&i3o1XWy?h|1x=;e@H^Erp&BoGdEptR%IdBJ;?lkCw`~<bkFB=
zy~<eh+%*R8H+fS8=&SZ`@BBXscX=c~=}+VKw25VBefkOFbJ%JkMBlys#-)!&=HAvt
z57aNJwzlezR;TQk<LIeKE3a$PuGjARq$9r3c5Q~h1Nla`t`Dc_BWs_V)h8Vu8GkZX
z_03U!EEQeRbU&7M#+S#e-&6877-f_{)BdxhM@sv^TOV`ZX;x@G=CZYYQ;d{LSzBa<
z#pg|SIp#c`14!<iUc+;(3<qo1GgP%&@fLr)GHE|fa2a@4T{k|Kb{aFZre_D6K5Wf*
z@I5YeBd?~dGOs0M=Oh1=(ZNCCt1gbXZo{U|Dt(hH3NrFP%^UNB#&({K<_T0bLgXvK
zQ?aA3pVVZPZ@VuWuO!8oDAyQ|dLGbCQ?$oOjcM~^HG~qzw>J!Wb?=k~M>(VX+p=Tk
zc2B2DqE64Y+&I%9ckaU8{uAHXIQ(2YF3C(VGwt-17=3W?F(J==1Z-GaC!VLe_WEuK
zc{Ph|TVlUUiij)By=<yIe&f{PCuPvXkB%I9+x~o3^WIQ;@(G{byWDoj+OS)p`M$1F
z<D*(OzFnzhcOPC&jYNOZi^<*LY-xJyvBKoz(Lqps?46p=>4PG?Rh#qE*&d#JS$h0~
zKyAl!KITFR-m~MEKTS@>wAFlRj<2zHx%<VmVzOr3&E&#i_eoXh^eeSnM^&y$K~!^l
zD|DY*4-NPBJ<UvOvl{+6aNuz+Puh++RptT{Ha?g3Awc~4Y^&VGw9}u5TsFVm*<O|p
z?pDn{FL!$c>ugnX6D={TbkXz3Y}@c<aP#q89lyOZ4zbs^cia{qX#A8EXP!6wqqF%l
z7MhN#yae=aF!u@&P3yjLHGeEUnO$Ml=}v@U+5NF9RF>M8@qud=FTYn5L5|f1)k$3a
z^7Gr+h=iHCNL!eyMN%%}er~sq!GT@MFI}u2)@}`0Ga|#&#GP;Hb>1(xrZsb7@SDt8
zg`c4_L+6g2uNZ9SJ1b)>ATrW({zZ9K!SQCn%j3Cvv&h>%vVn*DRl5ovt4$3&ei*S+
zJ2Evd>&lmho)zl^s;{ez2V0lKjTWjnmsWP&wDopH8^svRx;C7T8hc#u;mMauP4(%M
z19;7?x1G^_sl2o4bXNeGIEnfX7YkxWTx`3(%B6APs;oX8=;xd>QEkcZdfnEew&@ZU
zF%Ie7BYPcoIKsBJp0D!2nGHO$NT1G0v;M}t6G`+td9ngc13%U09R$UFd^DaYyge~+
zx5W3*^Gm0V42;s^X0k1fcg%TeI6PUyT@mVDzS%Fk%nWgK=bp}*HygA)^!;w<qb_2q
zdwawVywuy(+p1M!-^li%qekzT8Uef+fBCZQ2j!H!2rWqiS=FAi`6?*OETo=f#rMMD
z^3K-UZJL@FANcyp&-_5|9RAw(X22^(Rn6>-y2pW-7~M4OJOzux8aAfS43zFFm9}Y(
z$4c=A?|QjeMu+19cW1qC8js&Qmqhkx#pLtY>DI9)1v{i3boBGfY!?iTd|uky>-ID>
zYJ;+2U_#Yq7qMd=DZ*kc4Jnx|lg!UP#l-NQknSu=?v8!i&AaKi<xINT*p%DUu=fUu
zWa)Z~l(MNLbpfCXU-cD?ZLL(P_OW{cr!0{so8vd%;f2Y!rgU@%zN@`DqPDrFEOFD2
zM7C96RerjOk1+mn!_%O1w*rzf_kr}__u^|e3z}zUe|lS|c9q!+y2^hka(~}ti@DIh
z{Xq2(=6pV<X^#BoV|CsmH!Oe3zIp-w9#Q*IyWI%=c6W#9Gv7$R@rTm8A4p-HPPlxi
zxY4Msx8|yH;GWm{MUCz^u3x<_Q>eyOg^infKVEsVEQmLr`B(=B=ZP;fhUp%c``ITR
zwGOdepUOBgcqRg8qQATO&M|Y|J|EwP*Jr%MGbcJ@ahBaRdug`|)En8d2k}+i@4q-U
zQy-Ccas8Di$5o0p&jfkdiSSrwzwIgPO_e|Vb!;q7s<Ec5F7xfZX5`#s1%WbLLC@%(
zO-XmJiU;#VOB{{XWNCkFnaX>GOT2!^BM)f%l=iNCt|@%Em|$yt{KN6Vv_oZUVz8r@
zJ<dMst(2;uH)m1?jS_a7&7SR_im8W8waGwi-4fd~By4wMnqCh)2sfX-*!2G4hqq3z
z`V?8i@5!{M8aCp8yh>|9Z|lFA5maM^%;fex`6FV_dM3wuxt=p0P<QM;j^V-(6S>Id
z4@oB^YF+5V3os>ja(%wP;ufmmRxgkjL-2lxzJXOS5DAdub9s|-%sj%nFT0BH_JK_V
zwjd<v^4+)xq9s>y25lW5yR<zaSllH%f1|25L}<A5{Kvb(OXr%$%%1Dn6?=Nkj!Xqx
z?7HX@DdP0V&TMmW3d;lgI%MeA!=rmTE<8op#i&(zxrdp3&MPN$YL5L-_P9g$)(JK2
zdsx<V*3_{j*v8@mM?TNC9ruPk4JM2n{T>f)9||z6@44H5k)alRyfZ@fm^$*lN63BX
zo;S>ib;FqISFfI04Grh3TQ_{0lH4sN^fFyfzCvkm_paGand7c^-=`sVeiw_#HyQGA
z^(pK4`n{t$k5Ozk+Sp$!Kf(Ao&#_CDsLS|cInH{+<#9g;UFidw)i*!bc&FmFSmJfr
z8rSc)TeL$OgD-it-}Pnhs=IjR^327Hwq}XJ0$L|aPkfqeHOQ%!nUDzBE4?Ka;;Iun
z8iv}Cf&8ppiuUU#ST`x<sT_BzDSqasDz^7QLY?&#e``~KZ?|3B-H7jYA1Bkln@`^O
zuwm<Nl;qBbCTR6zwjK`;7md2t6n(Dg_qB70oVnRFTshl1o2isz<<jH+!QkSK2yP|>
z()QxX-if5spEQL&i``aHR6W+7{`!k!ne79`5APGhdA<f)7m2mm8q}VYp6E2UdK;TK
z{&P>prmM0X-#$<0%@nym|2Ry*ThgyNGn8i2VSTghgQInLL0!Id|3RqF!J)xzr?TbK
zTi$hP+s=-d>@HuY+RtA0NvGd}5Y*t8W7R*LcrDJX#aqKA=kwX!f{_wh$j>S@Kj_Ze
zJP|PH=)14koC?9ejaSE_VEKjB{p`mye#m2|4t|#5`JpeJ<MdqCr%^i6Yfy0}JfZ)N
zv$Bn0T@`k2^67yduNPsgnkGyK6p~_Ra?kYVP6-NRzTW-(c%!+d)iXV&{!09`ZXGr`
z_eikfRLO;D_Cf8UFWm3bukW~Geu-d+xMdE}*WTI~?$=Du9aU;qi1XN)#D%Cz8g0Vd
z8fh^&w=JV0baY35{j>}3vs8$ClI@ezPl|gi?mGtmXiSQTZqxixU0%rBH5+&Ap)*FW
zSUD}-E3(ms{mC{4=Bnw?dK-9gV>zcGtOgEf>mKNO=PNThhv|3rRsJ^dIZQ`}jZ-FK
z_XCv<oYV6+w&7zPm*Og*PvSBR9&WCWYdY+>xdV;j8GI$|ruP9NG^Li{!Rck+XZcWM
z?-iAk3C|{#Gfxf&x<1%={Lmf8p4u86o!gyqg+>PrgOiZ%w;0P*)vMMX-{2h2d?i2q
zVNjR#NT~qC$^7N@7%59T-UnxO2Og>3c<$VKrK75-x$?PDxUOnm(tyBC;aIa=R9Ii@
z4W@oQjXSp6VHJ%i>$P(S{kr*{Gnc)!ss4zHR+TIMSUBvIIidK4;R64QGW0#Kw^?%u
z_S?F)RhOTTN$dJ?=Q(YeBRB7Ni|6w4<_ANC?|61(TzEV%blP&5!3_OCAE|Jk#q8bt
z=?W9bK(&+TQ>E7h--n;Wb~h#M{W0-V#!FMfai^%q!T#5StuNj*W<F(2(qpKtbP%#F
z&)W*>J*p{H?~3&b%baB8v>Y#M-Zfjh4wr<qM8{8FOy+}DrIs2UdZK1){Kh%vOHti3
z2~#C`e94_lXF}V`dm!4C&l7?4z%Z*Vhp$SE{cK&EY0)F~mMbebLJ~D=TU6FL9xx;t
zzM<Pmn#a@Dst-9h?TVPlcoxMLxBV)@T17$IW%th87jT2FdNao+&TLnoM0P*D*MIUf
zos(gHEZd0mh~_#^taHeK=b+7Tb5x7djqDqERE?#?&5LJEbh1#nV?D<!%FzSt9f+$|
z0d!^P<_TXgYa-{?nVTJczP{4V-@gs8$^Y=lB^25=(q(^cPV=;C5KcTCG~Uo{;c61y
z{fRkevS;eG`FGE;$=D|`v7;`*Gb(nIO~-SlXC;#EsKesZN-q0cemXh``;>?~ZpCkP
z+@epv!YvW^^u1H?rDJE09evg_b^4Y_Ta3&Ou7V$RIX6n%emoof!s{Crp7{6)gh3U1
zbocJc-I3C2cTne8cPV=hRX<i9QS@#cWw7WlHN9>NR!v71T+WF$-|O@4^yD5L>7BM$
z5mtHjm0w+oAUnBT9-MsMT-NYYvuXT!wcGV3HSXgX!4VPGSlo2E|Ipi1%kTPLeFVX$
z$G(1Vmp>Hw?5P9qOnu)}(QTvAe9_}yKCv8m%8;Y)ZJVuh=sx{(^!YkbRfCDv7wr~K
z6)&Dw<{2x@r1Twn?RC?*{PA!=?>F{C5kle8_WHUza>98OlMkYu%gT0kMEacj;F*Ut
zHT^ze7hYQI(6h<NZb#~ctHMqv$ITu!MGsZ&TJx<cu@Z3-FetEU%N=M)+hftxtnk>?
z^JVq_)AJXXoE5#+nSXlA<@9Nhk>A#IDXD#{_k5@nFm^dylI-~8Onl_Y^ksi0OqZLS
zlz2UEL*D<VZ;fZqzW40p^c(tHYSXsVA3Dw!Hu>z`UE&A7IJa+~sh9lX`J(-+!qzWn
zVQGK=V@Bnj%WIeD34gDv{(YL`>g6J}UDjq{asLW$|J&<-Vk*m$nW0PbE6g$~PnAWy
z`}xbJ{n(u6hl}dt{yzAWdHiq3@$<K5_AL9<ET?I`xOS0pw)3nuzdd_i`fYVTv?=Vr
zcEF`C{RIzpU2u<kvwZoSp6FAHdDmYLe{I`mkaYcefZQ9IA8O{imTpqeu-=gS=-G{;
zoc_;NpT6(<k!oqbFKVvGUMr{Ti9fx1SFmO)$>h)5y>Vh)@s9<2gtssDjhC>SQIQ$-
zp}lX@mBagE+1?x77A*a|#%ktIrONDM`@(L1)#tj;+Hag$CVBPBtSdriP4;hl^YQEz
z;l{r71;y7|cUtD=-d8^S{LDK8^Y<4fPkQyDAoWG7m+t@k_ZR+s{sV#4^Zx5IF#P`?
htE}J3&^FN9fkwe77zHB;00IC2|NpS|6><QY0063&IW7PI

literal 0
HcmV?d00001

diff --git a/apps/charts/common/templates/_helpers.tpl b/apps/charts/common/templates/_helpers.tpl
index 13250ec..c89da53 100644
--- a/apps/charts/common/templates/_helpers.tpl
+++ b/apps/charts/common/templates/_helpers.tpl
@@ -60,10 +60,13 @@ Recreate
 {{- end }}
 
 {{/*
-Standard container port
+Standard container port (for backward compatibility)
 */}}
 {{- define "common.containerPort" -}}
-{{- if .Values.container.port }}
+{{- if .Values.container.ports }}
+{{- $primaryPort := first .Values.container.ports }}
+{{- $primaryPort.port }}
+{{- else if .Values.container.port }}
 {{- .Values.container.port }}
 {{- else }}
 80
@@ -71,28 +74,85 @@ Standard container port
 {{- end }}
 
 {{/*
-Standard service port
+Container ports list
+*/}}
+{{- define "common.containerPorts" -}}
+{{- if .Values.container.ports }}
+{{- range .Values.container.ports }}
+- name: {{ .name }}
+  containerPort: {{ .port }}
+  protocol: {{ .protocol | default "TCP" }}
+{{- end }}
+{{- else if .Values.container.port }}
+- name: http
+  containerPort: {{ .Values.container.port }}
+  protocol: TCP
+{{- else }}
+- name: http
+  containerPort: 80
+  protocol: TCP
+{{- end }}
+{{- end }}
+
+{{/*
+Standard service port (for backward compatibility)
 */}}
 {{- define "common.servicePort" -}}
-{{- if .Values.service.port }}
+{{- if .Values.service.ports }}
+{{- $primaryService := first .Values.service.ports }}
+{{- $primaryService.port }}
+{{- else if .Values.service.port }}
 {{- .Values.service.port }}
 {{- else }}
 80
 {{- end }}
 {{- end }}
 
+{{/*
+Service ports list
+*/}}
+{{- define "common.servicePorts" -}}
+{{- if .Values.service.ports }}
+{{- range .Values.service.ports }}
+- port: {{ .port }}
+  targetPort: {{ .targetPort | default .port }}
+  protocol: {{ .protocol | default "TCP" }}
+  name: {{ .name }}
+{{- end }}
+{{- else if .Values.service.port }}
+- port: {{ .Values.service.port }}
+  targetPort: {{ include "common.containerPort" . }}
+  protocol: TCP
+  name: http
+{{- else }}
+- port: 80
+  targetPort: {{ include "common.containerPort" . }}
+  protocol: TCP
+  name: http
+{{- end }}
+{{- end }}
+
 {{/*
 Standard health probe
 */}}
 {{- define "common.healthProbe" -}}
 {{- if .Values.container.healthProbe }}
+{{- $probePort := .Values.container.healthProbe.port | default (include "common.containerPort" .) }}
 {{- if eq .Values.container.healthProbe.type "httpGet" }}
 httpGet:
   path: {{ .Values.container.healthProbe.path | default "/" }}
-  port: {{ include "common.containerPort" . }}
+  {{- if regexMatch "^[0-9]+$" $probePort }}
+  port: {{ $probePort }}
+  {{- else }}
+  port: {{ $probePort }}
+  {{- end }}
 {{- else if eq .Values.container.healthProbe.type "tcpSocket" }}
 tcpSocket:
-  port: {{ include "common.containerPort" . }}
+  {{- if regexMatch "^[0-9]+$" $probePort }}
+  port: {{ $probePort }}
+  {{- else }}
+  port: {{ $probePort }}
+  {{- end }}
 {{- end }}
 {{- if .Values.container.healthProbe.initialDelaySeconds }}
 initialDelaySeconds: {{ .Values.container.healthProbe.initialDelaySeconds }}
@@ -174,16 +234,18 @@ Standard environment variables
   valueFrom:
     {{- if $value.valueFrom.secretKeyRef }}
     secretKeyRef:
-      name: {{ $value.valueFrom.secretKeyRef.name }}
+      name: {{ $value.valueFrom.secretKeyRef.name | replace "{release}" $.Release.Name | replace "{namespace}" $.Release.Namespace | replace "{fullname}" (include "common.fullname" $) }}
       key: {{ $value.valueFrom.secretKeyRef.key }}
     {{- else if $value.valueFrom.configMapKeyRef }}
     configMapKeyRef:
-      name: {{ $value.valueFrom.configMapKeyRef.name }}
+      name: {{ $value.valueFrom.configMapKeyRef.name | replace "{release}" $.Release.Name | replace "{namespace}" $.Release.Namespace | replace "{fullname}" (include "common.fullname" $) }}
       key: {{ $value.valueFrom.configMapKeyRef.key }}
     {{- end }}
+  {{- else if $value.value }}
+  value: {{ $value.value | replace "{release}" $.Release.Name | replace "{namespace}" $.Release.Namespace | replace "{fullname}" (include "common.fullname" $) | replace "{subdomain}" $.Values.subdomain | replace "{domain}" $.Values.globals.domain | replace "{timezone}" $.Values.globals.timezone | quote }}
   {{- end }}
   {{- else }}
-  value: {{ $value | quote }}
+  value: {{ $value | replace "{release}" $.Release.Name | replace "{namespace}" $.Release.Namespace | replace "{fullname}" (include "common.fullname" $) | replace "{subdomain}" $.Values.subdomain | replace "{domain}" $.Values.globals.domain | replace "{timezone}" $.Values.globals.timezone | quote }}
   {{- end }}
 {{- end }}
 {{- end }}
@@ -240,9 +302,7 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
           ports:
-            - name: http
-              containerPort: {{ include "common.containerPort" . }}
-              protocol: TCP
+{{ include "common.containerPorts" . | indent 12 }}
           {{- if .Values.container.healthProbe }}
           livenessProbe:
 {{ include "common.healthProbe" . | indent 12 }}
@@ -265,10 +325,31 @@ spec:
 {{- end }}
 
 {{/*
-Full Service resource
+Full Service resource(s) - supports multiple services
 */}}
 {{- define "common.service" -}}
 {{- if .Values.service }}
+{{- if .Values.service.ports }}
+{{- $firstPort := index .Values.service.ports 0 }}
+{{- range $index, $port := .Values.service.ports }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ if $port.serviceName }}{{ include "common.fullname" $ }}-{{ $port.serviceName }}{{ else }}{{ include "common.fullname" $ }}{{ if and (gt $index 0) }}-{{ $port.name }}{{ end }}{{ end }}
+  labels:
+    {{- include "common.labels" $ | nindent 4 }}
+spec:
+  type: {{ $port.type | default $.Values.service.type | default "ClusterIP" }}
+  ports:
+    - port: {{ $port.port }}
+      targetPort: {{ $port.targetPort | default $port.port }}
+      protocol: {{ $port.protocol | default "TCP" }}
+      name: {{ $port.name }}
+  selector:
+    {{- include "common.selectorLabels" $ | nindent 4 }}
+{{- end }}
+{{- else }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -278,14 +359,12 @@ metadata:
 spec:
   type: {{ .Values.service.type | default "ClusterIP" }}
   ports:
-    - port: {{ include "common.servicePort" . }}
-      targetPort: {{ include "common.containerPort" . }}
-      protocol: TCP
-      name: http
+{{ include "common.servicePorts" . | indent 4 }}
   selector:
     {{- include "common.selectorLabels" . | nindent 4 }}
 {{- end }}
 {{- end }}
+{{- end }}
 
 {{/*
 Full PVC resources
@@ -337,7 +416,11 @@ spec:
         - destination:
             host: {{ include "common.fullname" . }}
             port:
+              {{- if .Values.virtualService.servicePort }}
+              number: {{ .Values.virtualService.servicePort }}
+              {{- else }}
               number: {{ include "common.servicePort" . }}
+              {{- end }}
 
 ---
 {{- end }}
@@ -360,7 +443,11 @@ spec:
         - destination:
             host: {{ include "common.fullname" . }}
             port:
+              {{- if .Values.virtualService.servicePort }}
+              number: {{ .Values.virtualService.servicePort }}
+              {{- else }}
               number: {{ include "common.servicePort" . }}
+              {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/apps/charts/forgejo/Chart.yaml b/apps/charts/forgejo/Chart.yaml
index fa3f030..fbd26a7 100644
--- a/apps/charts/forgejo/Chart.yaml
+++ b/apps/charts/forgejo/Chart.yaml
@@ -1,3 +1,7 @@
 apiVersion: v2
 version: 1.0.0
 name: forgejo
+dependencies:
+  - name: common
+    version: 1.0.0
+    repository: file://../common
diff --git a/apps/charts/forgejo/templates/deployment.yaml b/apps/charts/forgejo/templates/deployment.yaml
index 57a96ed..4508e33 100644
--- a/apps/charts/forgejo/templates/deployment.yaml
+++ b/apps/charts/forgejo/templates/deployment.yaml
@@ -1,106 +1 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: "{{ .Release.Name }}"
-spec:
-  strategy:
-    type: Recreate
-  replicas: 1
-  revisionHistoryLimit: 0
-  selector:
-    matchLabels:
-      app: "{{ .Release.Name }}"
-  template:
-    metadata:
-      labels:
-        app: "{{ .Release.Name }}"
-    spec:
-      containers:
-        - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-          ports:
-            - name: http
-              containerPort: 3000
-              protocol: TCP
-            - name: ssh
-              containerPort: 22
-              protocol: TCP
-          livenessProbe:
-            tcpSocket:
-              port: http
-          readinessProbe:
-            tcpSocket:
-              port: http
-          volumeMounts:
-            - mountPath: /data
-              name: data
-          env:
-            - name: TZ
-              value: "{{ .Values.globals.timezone }}"
-            - name: USER_UID
-              value: "1000"
-            - name: USER_GID
-              value: "1000"
-            - name: FORGEJO__server__SSH_DOMAIN
-              value: "ssh-{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-            - name: FORGEJO__server__SSH_PORT
-              value: "2206"
-            - name: FORGEJO__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD
-              value: "true"
-            #- name: FORGEJO__service__ENABLE_BASIC_AUTHENTICATION
-            #  value: 'true'
-            - name: FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM
-              value: "false"
-            - name: FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE
-              value: "true"
-            - name: FORGEJO__service__DEFAULT_USER_IS_RESTRICTED
-              value: "true"
-            - name: FORGEJO__service__DEFAULT_USER_VISIBILITY
-              value: "private"
-            - name: FORGEJO__service__DEFAULT_ORG_VISIBILITY
-              value: "private"
-            - name: FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION
-              value: "true"
-            - name: FORGEJO__other__SHOW_FOOTER_POWERED_BY
-              value: "false"
-            - name: FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME
-              value: "false"
-            - name: FORGEJO__other__SHOW_FOOTER_VERSION
-              value: "false"
-            - name: FORGEJO__repository__ENABLE_PUSH_CREATE_USER
-              value: "true"
-            - name: FORGEJO__repository__ENABLE_PUSH_CREATE_ORG
-              value: "true"
-            - name: FORGEJO__openid__ENABLE_OPENID_SIGNIN
-              value: "false"
-            - name: FORGEJO__openid__ENABLE_OPENID_SIGNUP
-              value: "false"
-            - name: FORGEJO__database__DB_TYPE
-              value: postgres
-            - name: FORGEJO__database__NAME
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: database
-            - name: FORGEJO__database__HOST
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: host
-            - name: FORGEJO__database__DB_PORT
-              value: "5432"
-            - name: FORGEJO__database__USER
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: user
-            - name: FORGEJO__database__PASSWD
-              valueFrom:
-                secretKeyRef:
-                  name: "{{ .Release.Name }}-pg-connection"
-                  key: password
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: "{{ .Release.Name }}-data"
+{{ include "common.deployment" . }}
diff --git a/apps/charts/forgejo/templates/pvc.yaml b/apps/charts/forgejo/templates/pvc.yaml
index bc1d0a6..379bad9 100644
--- a/apps/charts/forgejo/templates/pvc.yaml
+++ b/apps/charts/forgejo/templates/pvc.yaml
@@ -1,11 +1 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: '{{ .Release.Name }}-data'
-spec:
-  accessModes:
-    - 'ReadWriteOnce'
-  resources:
-    requests:
-      storage: '1Gi'
-  storageClassName: '{{ .Values.globals.environment }}'
+{{ include "common.pvc" . }}
diff --git a/apps/charts/forgejo/templates/service.yaml b/apps/charts/forgejo/templates/service.yaml
index bfade59..f024c64 100644
--- a/apps/charts/forgejo/templates/service.yaml
+++ b/apps/charts/forgejo/templates/service.yaml
@@ -1,32 +1 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 3000
-      protocol: TCP
-      name: http
-  selector:
-    app: "{{ .Release.Name }}"
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ .Release.Name }}-ssh"
-  labels:
-    app: "{{ .Release.Name }}"
-spec:
-  type: LoadBalancer
-  ports:
-    - port: 2206
-      targetPort: 22
-      protocol: TCP
-      name: ssh
-  selector:
-    app: "{{ .Release.Name }}"
+{{ include "common.service" . }}
diff --git a/apps/charts/forgejo/templates/virtual-service.yaml b/apps/charts/forgejo/templates/virtual-service.yaml
index 36e9d43..766f6b9 100644
--- a/apps/charts/forgejo/templates/virtual-service.yaml
+++ b/apps/charts/forgejo/templates/virtual-service.yaml
@@ -1,39 +1 @@
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-public"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.public }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
----
-apiVersion: networking.istio.io/v1
-kind: VirtualService
-metadata:
-  name: "{{ .Release.Name }}-private"
-  namespace: "{{ .Release.Namespace }}"
-spec:
-  gateways:
-    - "{{ .Values.globals.istio.gateways.private }}"
-    - mesh
-  hosts:
-    - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}"
-    - mesh
-  http:
-    - route:
-        - destination:
-            host: "{{ .Release.Name }}"
-            port:
-              number: 80
-
+{{ include "common.virtualService" . }}
diff --git a/apps/charts/forgejo/values.yaml b/apps/charts/forgejo/values.yaml
index 857496d..c01e181 100644
--- a/apps/charts/forgejo/values.yaml
+++ b/apps/charts/forgejo/values.yaml
@@ -2,6 +2,102 @@ image:
   repository: codeberg.org/forgejo/forgejo
   tag: 13@sha256:88858e7f592f82d4f650713c7bed8c0cd792d7f71475a7467c5650a31cd2eda9
   pullPolicy: IfNotPresent
+
 subdomain: code
-globals:
-  environment: prod
+
+# Deployment configuration
+deployment:
+  strategy: Recreate
+  replicas: 1
+  revisionHistoryLimit: 0
+
+# Container configuration - multiple ports
+container:
+  ports:
+    - name: http
+      port: 3000
+      protocol: TCP
+    - name: ssh
+      port: 22
+      protocol: TCP
+  healthProbe:
+    type: tcpSocket
+    port: http  # Use named port
+
+# Service configuration - multiple services
+service:
+  ports:
+    - name: http
+      port: 80
+      targetPort: 3000
+      protocol: TCP
+      type: ClusterIP
+    - name: ssh
+      port: 2206
+      targetPort: 22
+      protocol: TCP
+      type: LoadBalancer
+      serviceName: ssh  # Will be prefixed with release name: {release}-ssh
+
+# Volume configuration
+volumes:
+  - name: data
+    mountPath: /data
+    persistentVolumeClaim: data
+
+# Persistent volume claims
+persistentVolumeClaims:
+  - name: data
+    size: 1Gi
+
+# VirtualService configuration
+virtualService:
+  enabled: true
+  gateways:
+    public: true
+    private: true
+  servicePort: 80  # Route to the http service port
+
+# Environment variables
+env:
+  USER_UID: "1000"
+  USER_GID: "1000"
+  FORGEJO__server__SSH_DOMAIN:
+    value: "ssh-{subdomain}.{domain}"  # Will be templated: ssh-{subdomain}.{domain}
+  FORGEJO__server__SSH_PORT: "2206"
+  FORGEJO__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD: "true"
+  FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM: "false"
+  FORGEJO__service__DEFAULT_KEEP_EMAIL_PRIVATE: "true"
+  FORGEJO__service__DEFAULT_USER_IS_RESTRICTED: "true"
+  FORGEJO__service__DEFAULT_USER_VISIBILITY: "private"
+  FORGEJO__service__DEFAULT_ORG_VISIBILITY: "private"
+  FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION: "true"
+  FORGEJO__other__SHOW_FOOTER_POWERED_BY: "false"
+  FORGEJO__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME: "false"
+  FORGEJO__other__SHOW_FOOTER_VERSION: "false"
+  FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true"
+  FORGEJO__repository__ENABLE_PUSH_CREATE_ORG: "true"
+  FORGEJO__openid__ENABLE_OPENID_SIGNIN: "false"
+  FORGEJO__openid__ENABLE_OPENID_SIGNUP: "false"
+  FORGEJO__database__DB_TYPE: postgres
+  FORGEJO__database__DB_PORT: "5432"
+  FORGEJO__database__NAME:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: database
+  FORGEJO__database__HOST:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: host
+  FORGEJO__database__USER:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: user
+  FORGEJO__database__PASSWD:
+    valueFrom:
+      secretKeyRef:
+        name: "{release}-pg-connection"
+        key: password