Remove apps (#50 )

chore(deps): update eslint monorepo to v9.36.0 (#33 )
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@eslint/js](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint/tree/HEAD/packages/js)) | [`9.32.0` -> `9.36.0`](https://renovatebot.com/diffs/npm/@eslint%2fjs/9.32.0/9.36.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@eslint%2fjs/9.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@eslint%2fjs/9.32.0/9.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [eslint](https://eslint.org) ([source](https://redirect.github.com/eslint/eslint)) | [`9.32.0` -> `9.36.0`](https://renovatebot.com/diffs/npm/eslint/9.32.0/9.36.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/eslint/9.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint/9.32.0/9.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>eslint/eslint (@eslint/js)</summary> ### [`v9.36.0`](https://redirect.github.com/eslint/eslint/releases/tag/v9.36.0) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.35.0...v9.36.0) #### Features - [`47afcf6`](47afcf668d) feat: correct `preserve-caught-error` edge cases ([#20109](https://redirect.github.com/eslint/eslint/issues/20109)) (Francesco Trotta) #### Bug Fixes - [`75b74d8`](75b74d865d) fix: add missing rule option types ([#20127](https://redirect.github.com/eslint/eslint/issues/20127)) (ntnyq) - [`1c0d850`](1c0d85049e) fix: update `eslint-all.js` to use `Object.freeze` for `rules` object ([#20116](https://redirect.github.com/eslint/eslint/issues/20116)) (루밀LuMir) - [`7d61b7f`](7d61b7fadc) fix: add missing scope types to `Scope.type` ([#20110](https://redirect.github.com/eslint/eslint/issues/20110)) (Pixel998) - [`7a670c3`](7a670c301b) fix: correct rule option typings in `rules.d.ts` ([#20084](https://redirect.github.com/eslint/eslint/issues/20084)) (Pixel998) #### Documentation - [`b73ab12`](b73ab12acd) docs: update examples to use `defineConfig` ([#20131](https://redirect.github.com/eslint/eslint/issues/20131)) (sethamus) - [`31d9392`](31d9392699) docs: fix typos ([#20118](https://redirect.github.com/eslint/eslint/issues/20118)) (Pixel998) - [`c7f861b`](c7f861b3f8) docs: Update README (GitHub Actions Bot) - [`6b0c08b`](6b0c08b106) docs: Update README (GitHub Actions Bot) - [`91f97c5`](91f97c5046) docs: Update README (GitHub Actions Bot) #### Chores - [`12411e8`](12411e8d45) chore: upgrade [@eslint/js](https://redirect.github.com/eslint/js)@9.36.0 ([#20139](https://redirect.github.com/eslint/eslint/issues/20139)) (Milos Djermanovic) - [`488cba6`](488cba6b39) chore: package.json update for [@eslint/js](https://redirect.github.com/eslint/js) release (Jenkins) - [`bac82a2`](bac82a2a9c) ci: simplify renovate configuration ([#19907](https://redirect.github.com/eslint/eslint/issues/19907)) (唯然) - [`c00bb37`](c00bb37d62) ci: bump actions/labeler from 5 to 6 ([#20090](https://redirect.github.com/eslint/eslint/issues/20090)) (dependabot\[bot]) - [`fee751d`](fee751dc8a) refactor: use `defaultOptions` in rules ([#20121](https://redirect.github.com/eslint/eslint/issues/20121)) (Pixel998) - [`1ace67d`](1ace67d9f7) chore: update example to use `defineConfig` ([#20111](https://redirect.github.com/eslint/eslint/issues/20111)) (루밀LuMir) - [`4821963`](4821963bf7) test: add missing loc information to error objects in rule tests ([#20112](https://redirect.github.com/eslint/eslint/issues/20112)) (루밀LuMir) - [`b42c42e`](b42c42e7cd) chore: disallow use of deprecated `type` property in core rule tests ([#20094](https://redirect.github.com/eslint/eslint/issues/20094)) (Milos Djermanovic) - [`7bb498d`](7bb498d720) test: remove deprecated `type` property from core rule tests ([#20093](https://redirect.github.com/eslint/eslint/issues/20093)) (Pixel998) - [`e10cf2a`](e10cf2ab42) ci: bump actions/setup-node from 4 to 5 ([#20089](https://redirect.github.com/eslint/eslint/issues/20089)) (dependabot\[bot]) - [`5cb0ce4`](5cb0ce48ef) refactor: use `meta.defaultOptions` in `preserve-caught-error` ([#20080](https://redirect.github.com/eslint/eslint/issues/20080)) (Pixel998) - [`f9f7cb5`](f9f7cb578d) chore: package.json update for eslint-config-eslint release (Jenkins) - [`81764b2`](81764b2980) chore: update `eslint` peer dependency in `eslint-config-eslint` ([#20079](https://redirect.github.com/eslint/eslint/issues/20079)) (Milos Djermanovic) ### [`v9.35.0`](https://redirect.github.com/eslint/eslint/compare/v9.34.0...af2a0870fdc646091d027516601888923e5bc202) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.34.0...v9.35.0) ### [`v9.34.0`](https://redirect.github.com/eslint/eslint/compare/v9.33.0...b48fa20034e53bc65d1a58f3d834705e3087b00c) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.33.0...v9.34.0) ### [`v9.33.0`](https://redirect.github.com/eslint/eslint/compare/v9.32.0...ad283717ed4764a171120ca7c6cba82a78fa024c) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.32.0...v9.33.0) </details> <details> <summary>eslint/eslint (eslint)</summary> ### [`v9.36.0`](https://redirect.github.com/eslint/eslint/compare/v9.35.0...b4857e54e54b5dba96d156cd8d8b4d42dc5a3bf4) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.35.0...v9.36.0) ### [`v9.35.0`](https://redirect.github.com/eslint/eslint/compare/v9.34.0...8401101d1e3e3e4e1edc2a9e59cafc9956bf2610) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.34.0...v9.35.0) ### [`v9.34.0`](https://redirect.github.com/eslint/eslint/compare/v9.33.0...b8875f67a7bc99824f19147f4a669be7e98f3eee) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.33.0...v9.34.0) ### [`v9.33.0`](https://redirect.github.com/eslint/eslint/compare/v9.32.0...a90d7c4fe5ef83054e29d21d7ffb442103429d03) [Compare Source](https://redirect.github.com/eslint/eslint/compare/v9.32.0...v9.33.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/morten-olsen/homelab-operator).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-02-08 01:36:28 +01:00 · 2025-09-25 20:56:08 +02:00 · 2025-09-24 00:52:06 +02:00
236 changed files with 77 additions and 4591 deletions
--- a/charts/apps/AGENT.md
+++ b/charts/apps/AGENT.md
@@ -1,136 +0,0 @@
 # Agent Documentation
 This document describes how to create a new application chart for the homelab operator.
 ## Chart Structure
 Each application has its own chart located in a directory under `charts/apps`. The chart should contain the following files:
 - `Chart.yaml`: The chart metadata.
 - `values.yaml`: The default values for the chart.
 - `templates/`: A directory containing the Kubernetes resource templates.
 ## Custom Resources
 The homelab operator uses several custom resources to manage applications. These resources are defined in the `templates` directory of the chart.
 ### `PostgresDatabase`
 If the application requires a PostgreSQL database, you can create a `PostgresDatabase` resource. The operator will automatically create a database and a secret containing the connection details. The secret will have the same name as the release with a `-pg-connection` postfix.
 Example:
 ```yaml
 # templates/database.yaml
 apiVersion: homelab.mortenolsen.pro/v1
 kind: PostgresDatabase
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
 ```
 The secret has the following values:
 - `database`: name of the created database
 - `host`: the hostname of the postgres server
 - `port`: the port of the postgres server
 - `url`: combined url in the format `postgresql://{user}:{password}@{host}:{port}/{database}`
 ### `OidcClient`
 If the application requires OIDC authentication, you can create an `OidcClient` resource. The operator will automatically create an OIDC client and a secret containing the client ID and secret. The secret will have the same name as the release with a `-client` postfix.
 You need to specify the redirect URIs for the OIDC client. The subdomain is taken from the `values.yaml` file.
 Example:
 ```yaml
 # templates/client.yaml
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  redirectUris:
    - path: /user/oauth2/Authentik/callback
      subdomain: "{{ .Values.subdomain }}"
      matchingMode: strict
 ```
 The secret has the following value:
 - `authorization`: Authorization endpoint
 - `clientId`
 - `clientSecret`
 - `configuration`: autodiscovery endpoint
 - `configurationIssuer`: issuer url
 - `endSession`: end session endpoint
 - `jwks`: jwks endpoint
 - `token`: token endpoint
 - `userinfo`: user info endpoint
 ### `HttpService` and `ExternalHttpService`
 To expose the application, you can use either an `HttpService` or an `ExternalHttpService` resource.
 - `HttpService`: This will expose the application through the Istio gateway. This is for internal access only.
 - `ExternalHttpService`: This will expose the application through a CloudFlare tunnel. This is for external access.
 Both resources take a `subdomain` and a `destination` as parameters. The `destination` is the Kubernetes service to route traffic to.
 Example of `HttpService`:
 ```yaml
 # templates/http-service.yaml
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
    port:
      number: 80
 ```
 Example of `ExternalHttpService`:
 ```yaml
 # templates/external-http-service.yaml
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
    port:
      number: 80
 ```
 ## `values.yaml`
 The `values.yaml` file should contain the following values:
 - `globals.environment`: The environment the application is running in (e.g., `prod`, `dev`).
 - `image.repository`: The Docker image repository.
 - `image.tag`: The Docker image tag.
 - `subdomain`: The subdomain for the application.
 Example:
 ```yaml
 # values.yaml
 globals:
  environment: prod
 image:
  repository: docker.gitea.com/gitea
  tag: latest
 subdomain: gitea
 ```
--- a/charts/apps/apprise/Chart.yaml
+++ b/charts/apps/apprise/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: apprise
--- a/charts/apps/apprise/templates/client.yaml
+++ b/charts/apps/apprise/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /oauth/oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/apprise/templates/deployment.yaml
+++ b/charts/apps/apprise/templates/deployment.yaml
@@ -1,43 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
            - name: BASE_URL
              value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
          volumeMounts:
            - mountPath: /config
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/apprise/templates/http-service.yaml
+++ b/charts/apps/apprise/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}"
    port:
      number: 80
--- a/charts/apps/apprise/templates/pvc.yaml
+++ b/charts/apps/apprise/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/apprise/templates/service.yaml
+++ b/charts/apps/apprise/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8000
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/apprise/values.yaml
+++ b/charts/apps/apprise/values.yaml
@@ -1,9 +0,0 @@
 globals:
  environment: prod
  timezone: Europe/Amsterdam
  domain: olsen.cloud
 image:
  repository: docker.io/caronc/apprise
  tag: latest@sha256:127b3834f0679502529397ead8ffeaadf5189019c4c863fa6652e9b942fdccf8
  pullPolicy: IfNotPresent
 subdomain: apprise
--- a/charts/apps/audiobookshelf/Chart.yaml
+++ b/charts/apps/audiobookshelf/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: audiobookshelf
--- a/charts/apps/audiobookshelf/templates/client.yaml
+++ b/charts/apps/audiobookshelf/templates/client.yaml
@@ -1,13 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /audiobookshelf/auth/openid/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
    - path: /audiobookshelf/auth/openid/mobile-redirect
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/audiobookshelf/templates/deployment.yaml
+++ b/charts/apps/audiobookshelf/templates/deployment.yaml
@@ -1,52 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}'
    spec:
      containers:
        - name: '{{ .Release.Name }}'
          image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
          imagePullPolicy: '{{ .Values.image.pullPolicy }}'
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /config
              name: config
            - mountPath: /metadata
              name: metadata
            - mountPath: /audiobooks
              name: audiobooks
            - mountPath: /podcasts
              name: podcasts
      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-config'
        - name: metadata
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-metadata'
        - name: audiobooks
          persistentVolumeClaim:
            claimName: books
        - name: podcasts
          persistentVolumeClaim:
            claimName: podcasts
--- a/charts/apps/audiobookshelf/templates/external-http-service.yaml
+++ b/charts/apps/audiobookshelf/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/audiobookshelf/templates/pvc.yaml
+++ b/charts/apps/audiobookshelf/templates/pvc.yaml
@@ -1,24 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-config'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-metadata'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/audiobookshelf/templates/service.yaml
+++ b/charts/apps/audiobookshelf/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      name: http
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/audiobookshelf/values.yaml
+++ b/charts/apps/audiobookshelf/values.yaml
@@ -1,7 +0,0 @@
 globals:
  environment: prod
 image:
  repository: ghcr.io/advplyr/audiobookshelf
  tag: 2.29.0@sha256:dd4a3079d26bfe9f0ea63de3e3eff483dfa25fef05ef850a5a9d121dca3794b2
  pullPolicy: IfNotPresent
 subdomain: audiobookshelf
--- a/charts/apps/baikal/Chart.yaml
+++ b/charts/apps/baikal/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: esphome
--- a/charts/apps/baikal/templates/database.yaml
+++ b/charts/apps/baikal/templates/database.yaml
@@ -1,6 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: PostgresDatabase
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
--- a/charts/apps/baikal/templates/deployment.yaml
+++ b/charts/apps/baikal/templates/deployment.yaml
@@ -1,46 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - name: http
              containerPort: 80
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
          volumeMounts:
            - mountPath: /var/www/baikal/Specific
              name: data
            - mountPath: /var/www/baikal/config
              name: config
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
        - name: config
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-config"
--- a/charts/apps/baikal/templates/external-http-service.yaml
+++ b/charts/apps/baikal/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/baikal/templates/http-service.yaml
+++ b/charts/apps/baikal/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}"
    port:
      number: 80
--- a/charts/apps/baikal/templates/pvc.yaml
+++ b/charts/apps/baikal/templates/pvc.yaml
@@ -1,24 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: "{{ .Release.Name }}-data"
 spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
  storageClassName: "{{ .Values.globals.environment }}"
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: "{{ .Release.Name }}-config"
 spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
  storageClassName: "{{ .Values.globals.environment }}"
--- a/charts/apps/baikal/templates/service.yaml
+++ b/charts/apps/baikal/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/baikal/values.yaml
+++ b/charts/apps/baikal/values.yaml
@@ -1,9 +0,0 @@
 globals:
  environment: prod
  timezone: Europe/Amsterdam
  domain: olsen.cloud
 image:
  repository: docker.io/ckulka/baikal
  tag: nginx@sha256:045918423df00a3f9ec793a819b9acdb055d338b75387926b7d93d753ac1e93a
  pullPolicy: IfNotPresent
 subdomain: baikal
--- a/charts/apps/bytestash/Chart.yaml
+++ b/charts/apps/bytestash/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: ByteStash
--- a/charts/apps/bytestash/templates/client.yaml
+++ b/charts/apps/bytestash/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /api/auth/oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/bytestash/templates/deployment.yaml
+++ b/charts/apps/bytestash/templates/deployment.yaml
@@ -1,54 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: ghcr.io/jordan-dalby/bytestash:latest
          ports:
            - containerPort: 5000
              name: http
          env:
            - name: ALLOW_NEW_ACCOUNTS
              value: "true"
            - name: DISABLE_INTERNAL_ACCOUNTS
              value: "true"
            - name: OIDC_ENABLED
              value: "true"
            - name: OIDC_DISPLAY_NAME
              value: OIDC
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientId
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientSecret
            - name: OIDC_ISSUER_URL
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: configurationIssuer
          volumeMounts:
            - mountPath: /data/snippets
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/bytestash/templates/external-http-service.yaml
+++ b/charts/apps/bytestash/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/bytestash/templates/http-service.yaml
+++ b/charts/apps/bytestash/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}'
    port:
      number: 80
--- a/charts/apps/bytestash/templates/pvc.yaml
+++ b/charts/apps/bytestash/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/bytestash/templates/service.yaml
+++ b/charts/apps/bytestash/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 5000
      protocol: TCP
      name: http
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/bytestash/values.yaml
+++ b/charts/apps/bytestash/values.yaml
@@ -1,3 +0,0 @@
 globals:
  environment: prod
 subdomain: bytestash
--- a/charts/apps/calibre-web/Chart.yaml
+++ b/charts/apps/calibre-web/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: calibre-web
--- a/charts/apps/calibre-web/templates/client.yaml
+++ b/charts/apps/calibre-web/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /api/auth/oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/calibre-web/templates/deployment.yaml
+++ b/charts/apps/calibre-web/templates/deployment.yaml
@@ -1,42 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - containerPort: 8083
              name: http
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
            - name: PUID
              value: "1000"
            - name: PGID
              value: "1000"
          volumeMounts:
            - mountPath: /config
              name: data
            - mountPath: /books
              name: books
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
        - name: books
          persistentVolumeClaim:
            claimName: books
--- a/charts/apps/calibre-web/templates/external-http-service.yaml
+++ b/charts/apps/calibre-web/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/calibre-web/templates/http-service.yaml
+++ b/charts/apps/calibre-web/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}"
    port:
      number: 80
--- a/charts/apps/calibre-web/templates/pvc.yaml
+++ b/charts/apps/calibre-web/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/calibre-web/templates/service.yaml
+++ b/charts/apps/calibre-web/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8083
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/calibre-web/values.yaml
+++ b/charts/apps/calibre-web/values.yaml
@@ -1,9 +0,0 @@
 globals:
  environment: prod
  domain: olsen.cloud
  timezone: Europe/Amsterdam
 image:
  repository: lscr.io/linuxserver/calibre-web
  tag: latest@sha256:98a20064168ab284bbb8e048af48c89a5e25650f35a4b217705241af94c1debe
  pullPolicy: IfNotPresent
 subdomain: calibre-web
--- a/charts/apps/coder/Chart.yaml
+++ b/charts/apps/coder/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: openwebui
--- a/charts/apps/coder/templates/client.yaml
+++ b/charts/apps/coder/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /api/v2/users/oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/coder/templates/deployment.yaml
+++ b/charts/apps/coder/templates/deployment.yaml
@@ -1,73 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}'
    spec:
      serviceAccountName: '{{ .Release.Name }}-serviceaccount'
      containers:
        - name: '{{ .Release.Name }}'
          image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
          imagePullPolicy: '{{ .Values.image.pullPolicy }}'
          ports:
            - name: http
              containerPort: 7080
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /home/coder/.config
              name: data
          env:
            - name: CODER_HTTP_ADDRESS
              value: '0.0.0.0:7080'
            - name: CODER_OIDC_ALLOWED_GROUPS
              value: admin
            - name: CODER_OIDC_GROUP_FIELD
              value: groups
            - name: CODER_ACCESS_URL
              value: https://coder.olsen.cloud
            - name: CODER_OIDC_ICON_URL
              value: https://authentik.olsen.cloud/static/dist/assets/icons/icon.png
            - name: CODER_DISABLE_PASSWORD_AUTH
              value: 'true'
            - name: CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
              value: 'false'
            - name: CODER_OIDC_SIGN_IN_TEXT
              value: 'Sign in with OIDC'
            - name: CODER_OIDC_SCOPES
              value: openid,profile,email,offline_access
            - name: CODER_OIDC_ISSUER_URL
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: configurationIssuer
            - name: CODER_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientId
            - name: CODER_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientSecret
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-data'
--- a/charts/apps/coder/templates/http-service.yaml
+++ b/charts/apps/coder/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/coder/templates/pvc.yaml
+++ b/charts/apps/coder/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/coder/templates/role.yaml
+++ b/charts/apps/coder/templates/role.yaml
@@ -1,21 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: '{{ .Release.Name }}-workspace-creator'
 rules:
  - apiGroups: [''] # "" indicates the core API group (for Pods, PVCs, Services)
    resources: ['pods', 'pods/exec', 'pods/log', 'persistentvolumeclaims', 'services']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['apps'] # For Deployments, StatefulSets
    resources: ['deployments', 'statefulsets']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['networking.k8s.io'] # For Ingresses
    resources: ['ingresses']
    verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
  - apiGroups: ['events.k8s.io'] # For events related to workspace activity
    resources: ['events']
    verbs: ['create', 'patch', 'update'] # Coder might create events for workspace lifecycle
  # Add any other resources that Coder workspace templates might create (e.g., secrets, configmaps)
  # - apiGroups: [""]
  #   resources: ["secrets", "configmaps"]
  #   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- a/charts/apps/coder/templates/rolebinding.yaml
+++ b/charts/apps/coder/templates/rolebinding.yaml
@@ -1,13 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: '{{ .Release.Name }}-workspace-creator-binding'
  namespace: '{{ .Release.Namespace }}'
 subjects:
  - kind: ServiceAccount
    name: '{{ .Release.Name }}-serviceaccount'
    namespace: '{{ .Release.Namespace }}'
 roleRef:
  kind: ClusterRole
  name: '{{ .Release.Name }}-workspace-creator'
  apiGroup: rbac.authorization.k8s.io
--- a/charts/apps/coder/templates/service.yaml
+++ b/charts/apps/coder/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 7080
      protocol: TCP
      name: http
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/coder/templates/serviceaccount.yaml
+++ b/charts/apps/coder/templates/serviceaccount.yaml
@@ -1,5 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: '{{ .Release.Name }}-serviceaccount'
  namespace: '{{ .Release.Namespace }}'
--- a/charts/apps/coder/values.yaml
+++ b/charts/apps/coder/values.yaml
@@ -1,7 +0,0 @@
 globals:
  environment: prod
 image:
  repository: ghcr.io/coder/coder
  tag: latest@sha256:73714e0685addde01bbff905cf5b647d6b677d77977c8009b6293d40fdf0f562
  pullPolicy: IfNotPresent
 subdomain: coder
--- a/charts/apps/data/Chart.yaml
+++ b/charts/apps/data/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: data
--- a/charts/apps/data/templates/database.yaml
+++ b/charts/apps/data/templates/database.yaml
@@ -1,6 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: PostgresDatabase
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
--- a/charts/apps/data/values.yaml
+++ b/charts/apps/data/values.yaml
@@ -1,2 +0,0 @@
 globals:
  environment: prod
--- a/charts/apps/esphome/Chart.yaml
+++ b/charts/apps/esphome/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: esphome
--- a/charts/apps/esphome/templates/deployment.yaml
+++ b/charts/apps/esphome/templates/deployment.yaml
@@ -1,42 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      hostNetwork: true
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - name: http
              containerPort: 6052
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
          volumeMounts:
            - mountPath: /config
              name: data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/esphome/templates/http-service.yaml
+++ b/charts/apps/esphome/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}"
    port:
      number: 80
--- a/charts/apps/esphome/templates/pvc.yaml
+++ b/charts/apps/esphome/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/esphome/templates/service.yaml
+++ b/charts/apps/esphome/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 6052
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/esphome/values.yaml
+++ b/charts/apps/esphome/values.yaml
@@ -1,9 +0,0 @@
 globals:
  environment: prod
  timezone: Europe/Amsterdam
  domain: olsen.cloud
 image:
  repository: ghcr.io/esphome/esphome
  tag: latest@sha256:67f4df2206af244e79c6c624ea7ef27be572f83af981657b1ac1ffa0d7b8487a
  pullPolicy: IfNotPresent
 subdomain: esphome
--- a/charts/apps/gitea/Chart.yaml
+++ b/charts/apps/gitea/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: gitea
--- a/charts/apps/gitea/templates/_runner-deployment.yaml
+++ b/charts/apps/gitea/templates/_runner-deployment.yaml
@@ -1,36 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}-runner'
  labels:
    app: '{{ .Release.Name }}-runner'
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}-runner'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}-runner'
    spec:
      containers:
        - name: '{{ .Release.Name }}-runner'
          image: docker.io/gitea/act_runner:latest-dind-rootless
          env:
            - name: GITEA_INSTANCE_URL
              value: '{{ .Release.Name }}'
            - name: GITEA_RUNNER_NAME
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-runner'
                  key: registration_token
            - name: DOCKER_HOST
              value: tcp://localhost:2376
            - name: DOCKER_CERT_PATH
              value: /certs/client
            - name: DOCKER_TLS_VERIFY
              value: '1'
          securityContext:
            privileged: true
--- a/charts/apps/gitea/templates/client.yaml
+++ b/charts/apps/gitea/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /user/oauth2/Authentik/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/gitea/templates/database.yaml
+++ b/charts/apps/gitea/templates/database.yaml
@@ -1,6 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: PostgresDatabase
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
--- a/charts/apps/gitea/templates/deployment.yaml
+++ b/charts/apps/gitea/templates/deployment.yaml
@@ -1,103 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
            - name: ssh
              containerPort: 22
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /data
              name: data
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
            - name: USER_UID
              value: "1000"
            - name: USER_GID
              value: "1000"
            - name: GITEA__server__SSH_DOMAIN
              value: ssh-gitea.olsen.cloud
            - name: GITEA__server__SSH_PORT
              value: "2205"
            - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD
              value: "true"
            #- name: GITEA__service__ENABLE_BASIC_AUTHENTICATION
            #  value: 'true'
            - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM
              value: "false"
            - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE
              value: "true"
            - name: GITEA__service__DEFAULT_USER_IS_RESTRICTED
              value: "true"
            - name: GITEA__service__DEFAULT_USER_VISIBILITY
              value: "private"
            - name: GITEA__service__DEFAULT_ORG_VISIBILITY
              value: "private"
            - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION
              value: "true"
            - name: GITEA__other__SHOW_FOOTER_POWERED_BY
              value: "false"
            - name: GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME
              value: "false"
            - name: GITEA__other__SHOW_FOOTER_VERSION
              value: "false"
            - name: GITEA__repository__ENABLE_PUSH_CREATE_USER
              value: "true"
            - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG
              value: "true"
            - name: GITEA__openid__ENABLE_OPENID_SIGNIN
              value: "false"
            - name: GITEA__openid__ENABLE_OPENID_SIGNUP
              value: "false"
            - name: GITEA__database__DB_TYPE
              value: postgres
            - name: GITEA__database__NAME
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-pg-connection"
                  key: database
            - name: GITEA__database__HOST
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-pg-connection"
                  key: host
            - name: GITEA__database__USER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-pg-connection"
                  key: user
            - name: GITEA__database__PASSWD
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-pg-connection"
                  key: password
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/gitea/templates/external-http-service.yaml
+++ b/charts/apps/gitea/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/gitea/templates/pvc.yaml
+++ b/charts/apps/gitea/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/gitea/templates/service.yaml
+++ b/charts/apps/gitea/templates/service.yaml
@@ -1,32 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 3000
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}-ssh"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: LoadBalancer
  ports:
    - port: 2205
      targetPort: 22
      protocol: TCP
      name: ssh
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/gitea/values.yaml
+++ b/charts/apps/gitea/values.yaml
@@ -1,8 +0,0 @@
 globals:
  environment: prod
  timezone: Europe/Amsterdam
 image:
  repository: docker.gitea.com/gitea
  tag: latest@sha256:2edc102cbb636ae1ddac5fa0c715aa5b03079dee13ac6800b2cef6d4e912e718
  pullPolicy: IfNotPresent
 subdomain: gitea
--- a/charts/apps/headscale/Chart.yaml
+++ b/charts/apps/headscale/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: headscale
--- a/charts/apps/headscale/templates/client.yaml
+++ b/charts/apps/headscale/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  redirectUris:
    - path: /oidc/callback
      subdomain: '{{ .Values.subdomain }}'
      matchingMode: strict
--- a/charts/apps/headscale/templates/config-map.yaml
+++ b/charts/apps/headscale/templates/config-map.yaml
@@ -1,70 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: '{{ .Release.Name }}-config-template'
 data:
  config.yaml.template: |
    server_url: ${PUBLIC_URL}
    listen_addr: 0.0.0.0:8080
    metrics_listen_addr: 0.0.0.0:9090
    grpc_listen_addr: 0.0.0.0:50443
    private_key_path: /var/lib/headscale/private_key # Path inside the container
    noise:
      private_key_path: /var/lib/headscale/noise_private_key # Path inside the container
    listen_routes: false 
    base_domain: "${PUBLIC_URL}" # For client routes and DNS push.
    derp:
      server:
        enabled: false
        region_id: 999
        region_code: "headscale"
        region_name: "Headscale Embedded DERP"
        stun_listen_addr: "0.0.0.0:3478"
        automatically_add_embedded_derp_region: true
      urls:
        - https://controlplane.tailscale.com/derpmap/default
      auto_update_enabled: true
      update_frequency: 24h
    oidc:
      enabled: true
      only_start_if_oidc_is_available: true
      issuer: "${OIDC_ISSUER_URL}"
      client_id: "${OIDC_CLIENT_ID}"
      client_secret: "${OIDC_CLIENT_SECRET}"
      scopes: ["openid", "profile", "email"]
      redirect_url: "${PUBLIC_URL}/oidc/callback"
      pkce:
        enabled: true
        method: S256
    # DNS configuration
    dns:
      magic_dns: false
      override_local_dns: true # Push Headscale's DNS settings to clients
      ttl: 60
      nameservers:
        global:
          - 1.1.1.1 # Cloudflare DNS
          #- 10.43.0.10 # Replace with your ClusterIP for kube-dns/CoreDNS
      # Domains to search for (e.g., for Kubernetes services)
      search_domains:
        - svc.cluster.local
        - cluster.local
    auto_create_users: true
    oidc_user_property: preferred_username # Or 'email' or 'sub'
    prefixes:
      v4: 10.20.20.0/24 # Example: A /24 subnet for your VPN clients
    database:
      type: sqlite
      sqlite:
        path: /var/lib/headscale/db.sqlite
--- a/charts/apps/headscale/templates/deployment.yaml
+++ b/charts/apps/headscale/templates/deployment.yaml
@@ -1,97 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}'
    spec:
      # To expose WireGuard UDP directly, we need a NodePort service.
      # The Pod needs to be aware of the external port it's being exposed on.
      # The easiest way to get WireGuard to listen on the correct port and make it
      # externally accessible is to use `hostNetwork: true` for the UDP component,
      # or by directly specifying the listen port in Headscale config if the NodePort is stable.
      # OPTION 1: Best for simple homelab on bare metal where host network traffic isn't an issue
      # hostNetwork: true # This makes the pod listen directly on the node's IPs
      # dnsPolicy: ClusterFirstWithHostNet # Required if using hostNetwork
      initContainers:
        - name: generate-config
          image: alpine/git # A small image with 'envsubst' available or easily installable
          imagePullPolicy: IfNotPresent
          command: ['sh', '-c']
          args:
            - |
              # Install envsubst if it's not present (alpine/git may not have it by default)
              apk update && apk add bash gettext
              # Substitute environment variables into the template
              # The vars are passed via `env` section below
              envsubst < /config-template/config.yaml.template > /etc/headscale/config.yaml
              mkdir -p /etc/headscale
              # Optional: Verify the generated config
              echo "--- Generated Headscale Configuration ---"
              cat /etc/headscale/config.yaml
              echo "---------------------------------------"
          env:
            # These are the variables that `envsubst` will look for and replace
            - name: PUBLIC_URL
              value: 'https://{{ .Values.subdomain }}.olsen.cloud'
            - name: OIDC_ISSUER_URL
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: configurationIssuer
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientId
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: '{{ .Release.Name }}-client'
                  key: clientSecret
            # Add any other variables used in config.yaml.template here
          volumeMounts:
            - name: config-template
              mountPath: /config-template # Mount the ConfigMap as a volume
              readOnly: true
            - name: headscale-config
              mountPath: /etc/headscale # Destination for the generated config
      containers:
        - name: '{{ .Release.Name }}'
          image: headscale/headscale:latest # Use the official image
          command: ['headscale', 'serve']
          ports:
            - name: http-api
              containerPort: 8080
              protocol: TCP
            - name: wireguard-udp
              containerPort: 41641
              protocol: UDP
          volumeMounts:
            - name: headscale-data
              mountPath: /var/lib/headscale
            - name: headscale-config
              mountPath: /etc/headscale
      volumes:
        - name: config-template
          configMap:
            name: '{{ .Release.Name }}-config-template'
        - name: headscale-config
          emptyDir: {}
        - name: headscale-data
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-data'
--- a/charts/apps/headscale/templates/external-http-service.yaml
+++ b/charts/apps/headscale/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/headscale/templates/pvc.yaml
+++ b/charts/apps/headscale/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/headscale/templates/service.yaml
+++ b/charts/apps/headscale/templates/service.yaml
@@ -1,32 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    app: '{{ .Release.Name }}'
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: '{{ .Release.Name }}-headscale'
  labels:
    app: '{{ .Release.Name }}'
 spec:
  type: LoadBalancer
  ports:
    - port: 41641
      targetPort: 41641
      protocol: UDP
      name: wireguard-udp
  selector:
    app: '{{ .Release.Name }}'
--- a/charts/apps/headscale/values.yaml
+++ b/charts/apps/headscale/values.yaml
@@ -1,7 +0,0 @@
 globals:
  environment: prod
 image:
  repository: headscale/headscale
  tag: latest@sha256:ea9b5ee06274d757a4d52103de56cd11a9c393acb19d9a35f4b9fe52ada410de
  pullPolicy: IfNotPresent
 subdomain: headscale
--- a/charts/apps/homarr/Chart.yaml
+++ b/charts/apps/homarr/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: openwebui
--- a/charts/apps/homarr/templates/client.yaml
+++ b/charts/apps/homarr/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  redirectUris:
    - path: /api/auth/callback/oidc
      subdomain: "{{ .Values.subdomain }}"
      matchingMode: strict
--- a/charts/apps/homarr/templates/deployment.yaml
+++ b/charts/apps/homarr/templates/deployment.yaml
@@ -1,83 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          ports:
            - name: http
              containerPort: 7575
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /appdata
              name: data
          env:
            - name: BASE_URL
              value: https://homarr.olsen.cloud # TODO
            - name: NEXTAUTH_URL
              value: https://homarr.olsen.cloud
            - name: AUTH_PROVIDERS
              value: oidc
            - name: AUTH_OIDC_CLIENT_NAME
              value: Authentik
            - name: AUTH_OIDC_SCOPE_OVERWRITE
              value: openid email profile
            - name: AUTH_OIDC_GROUPS_ATTRIBUTE
              value: groups
            - name: AUTH_OIDC_AUTO_LOGIN
              value: "true"
            - name: SECRET_ENCRYPTION_KEY
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-secrets"
                  key: encryptionkey
            - name: AUTH_OIDC_ISSUER
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: configurationIssuer
            - name: AUTH_OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientId
            - name: AUTH_OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientSecret
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/homarr/templates/external-http-service.yaml
+++ b/charts/apps/homarr/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
  subdomain: '{{ .Values.subdomain }}'
  destination:
    host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local'
    port:
      number: 80
--- a/charts/apps/homarr/templates/http-service.yaml
+++ b/charts/apps/homarr/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
    port:
      number: 80
--- a/charts/apps/homarr/templates/pvc.yaml
+++ b/charts/apps/homarr/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: '{{ .Release.Name }}-data'
 spec:
  accessModes:
    - 'ReadWriteOnce'
  resources:
    requests:
      storage: '1Gi'
  storageClassName: '{{ .Values.globals.environment }}'
--- a/charts/apps/homarr/templates/secret.yaml
+++ b/charts/apps/homarr/templates/secret.yaml
@@ -1,9 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: GenerateSecret
 metadata:
  name: "{{ .Release.Name }}-secrets"
 spec:
  fields:
    - name: encryptionkey
      encoding: hex
      length: 64
--- a/charts/apps/homarr/templates/service.yaml
+++ b/charts/apps/homarr/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 7575
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/homarr/values.yaml
+++ b/charts/apps/homarr/values.yaml
@@ -1,7 +0,0 @@
 globals:
  environment: prod
 image:
  repository: ghcr.io/homarr-labs/homarr
  tag: latest@sha256:9ba9831d43347b6d66143a0754c97b9790a2ffe9bdf5004083668864b3328e65
  pullPolicy: IfNotPresent
 subdomain: homarr
--- a/charts/apps/home-assistant/Chart.yaml
+++ b/charts/apps/home-assistant/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: home-assistant
--- a/charts/apps/home-assistant/templates/client.yaml
+++ b/charts/apps/home-assistant/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  redirectUris:
    - path: /auth/openid/callback
      subdomain: "{{ .Values.subdomain }}"
      matchingMode: strict
--- a/charts/apps/home-assistant/templates/deployment.yaml
+++ b/charts/apps/home-assistant/templates/deployment.yaml
@@ -1,45 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}"
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: "{{ .Release.Name }}"
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
          ports:
            - name: http
              containerPort: 8123
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /config
              name: config
          securityContext:
            privileged: true
      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: "{{ .Release.Name }}-config"
--- a/charts/apps/home-assistant/templates/external-http-service.yaml
+++ b/charts/apps/home-assistant/templates/external-http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: ExternalHttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
    port:
      number: 80
--- a/charts/apps/home-assistant/templates/http-service.yaml
+++ b/charts/apps/home-assistant/templates/http-service.yaml
@@ -1,11 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: HttpService
 metadata:
  name: "{{ .Release.Name }}"
 spec:
  environment: "{{ .Values.globals.environment }}"
  subdomain: "{{ .Values.subdomain }}"
  destination:
    host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local"
    port:
      number: 80
--- a/charts/apps/home-assistant/templates/piper.yaml
+++ b/charts/apps/home-assistant/templates/piper.yaml
@@ -1,59 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}-piper"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}-piper"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}-piper"
    spec:
      hostNetwork: true
      containers:
        - name: "{{ .Release.Name }}-piper"
          image: "{{ .Values.piper.image.repository }}:{{ .Values.piper.image.tag }}"
          imagePullPolicy: "{{ .Values.piper.image.pullPolicy }}"
          args:
            - --piper
            - /usr/share/piper/piper
            - --data-dir
            - /usr/share/piper-voices
            - --voice
            - "{{ .Values.piper.model }}"
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
          ports:
            - name: http
              containerPort: 10200
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}-piper"
  labels:
    app: "{{ .Release.Name }}-piper"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 10200
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}-piper"
--- a/charts/apps/home-assistant/templates/pvc.yaml
+++ b/charts/apps/home-assistant/templates/pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: "{{ .Release.Name }}-config"
 spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
  storageClassName: "{{ .Values.globals.environment }}"
--- a/charts/apps/home-assistant/templates/service.yaml
+++ b/charts/apps/home-assistant/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}"
  labels:
    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8123
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}"
--- a/charts/apps/home-assistant/templates/whisper.yaml
+++ b/charts/apps/home-assistant/templates/whisper.yaml
@@ -1,57 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: "{{ .Release.Name }}-whisper"
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: "{{ .Release.Name }}-whisper"
  template:
    metadata:
      labels:
        app: "{{ .Release.Name }}-whisper"
    spec:
      hostNetwork: true
      containers:
        - name: "{{ .Release.Name }}-whisper"
          image: "{{ .Values.whisper.image.repository }}:{{ .Values.whisper.image.tag }}"
          imagePullPolicy: "{{ .Values.whisper.image.pullPolicy }}"
          args:
            - --model
            - "{{ .Values.whisper.model }}"
            - --language
            - "{{ .Values.whisper.language }}"
          env:
            - name: TZ
              value: "{{ .Values.globals.timezone }}"
          ports:
            - name: http
              containerPort: 10300
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ .Release.Name }}-whisper"
  labels:
    app: "{{ .Release.Name }}-whisper"
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 10300
      protocol: TCP
      name: http
  selector:
    app: "{{ .Release.Name }}-whisper"
--- a/charts/apps/home-assistant/values.yaml
+++ b/charts/apps/home-assistant/values.yaml
@@ -1,21 +0,0 @@
 globals:
  environment: prod
  timezone: Europe/Amsterdam
 image:
  repository: ghcr.io/home-assistant/home-assistant
  tag: stable@sha256:89ec0583c7f47c8a150204f6b5ed48b5432026012bebe1226cf72775a795a5e1
  pullPolicy: IfNotPresent
 subdomain: home-assistant
 piper:
  image:
    repository: ghcr.io/morten-olsen/glados-voice
    tag: main@sha256:8fcc19bd9e7e846bdfd9e9e569c8c944dcfb1d0b47e3f479cbaa7f5587c7206c
    pullPolicy: Always
  model: en_US-glados-medium
 whisper:
  image:
    repository: rhasspy/wyoming-whisper
    tag: latest@sha256:f03456914affe8076fc7688c0890f4c708d93ebfac7340b0b2467f721412012d
    pullPolicy: IfNotPresent
  model: tiny-int8
  language: us
--- a/charts/apps/install.sh
+++ b/charts/apps/install.sh
@@ -1,12 +0,0 @@
 set -euo pipefail
 find . -name "values.yaml" -type f -print0 | while IFS= read -r -d '' values_file; do
  location=$(dirname "$values_file")
  name=$(basename "$location")
  name=$(echo "$name" | tr '[:upper:]' '[:lower:]' | tr -s '[:punct:][:space:]' '-' | sed -e 's/^-*//' -e 's/-*$//')
  echo "✅ Chart found in: $location"
  echo "   - Generated release name: $name"
  HELM_COMMAND="helm install --namespace prod \"$name\" \"$location\""
  helm upgrade -i --namespace prod "$name" "$location"
 done
--- a/charts/apps/jellyfin/Chart.yaml
+++ b/charts/apps/jellyfin/Chart.yaml
@@ -1,3 +0,0 @@
 apiVersion: v2
 version: 1.0.0
 name: Jellyfin
--- a/charts/apps/jellyfin/notes.md
+++ b/charts/apps/jellyfin/notes.md
@@ -1 +0,0 @@
 https://www.authelia.com/integration/openid-connect/clients/jellyfin/
--- a/charts/apps/jellyfin/templates/client.yaml
+++ b/charts/apps/jellyfin/templates/client.yaml
@@ -1,10 +0,0 @@
 apiVersion: homelab.mortenolsen.pro/v1
 kind: OidcClient
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.environment }}'
  redirectUris:
    - path: /sso/OID/redirect/Authentik
      subdomain: '{{ .Values.globals.subdomain }}'
      matchingMode: strict
--- a/charts/apps/jellyfin/templates/config-pvc.yaml
+++ b/charts/apps/jellyfin/templates/config-pvc.yaml
@@ -1,11 +0,0 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: "{{ .Release.Name }}-config"
 spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
  storageClassName: "{{ .Values.globals.environment }}"
--- a/charts/apps/jellyfin/templates/deployment.yaml
+++ b/charts/apps/jellyfin/templates/deployment.yaml
@@ -1,52 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: '{{ .Release.Name }}'
  template:
    metadata:
      labels:
        app: '{{ .Release.Name }}'
    spec:
      containers:
        - name: '{{ .Release.Name }}'
          image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
          imagePullPolicy: '{{ .Values.image.pullPolicy }}'
          ports:
            - name: http
              containerPort: 8096
              protocol: TCP
          livenessProbe:
            tcpSocket:
              port: http
          readinessProbe:
            tcpSocket:
              port: http
          volumeMounts:
            - mountPath: /config
              name: config
            - mountPath: /media/movies
              name: movies
            - mountPath: /media/tv-shows
              name: tvshows
            - mountPath: /media/music
              name: music
      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: '{{ .Release.Name }}-config'
        - name: movies
          persistentVolumeClaim:
            claimName: movies
        - name: tvshows
          persistentVolumeClaim:
            claimName: tvshows
        - name: music
          persistentVolumeClaim:
            claimName: music
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`https://www.authelia.com/integration/openid-connect/clients/jellyfin/`