Merge pull request #427 from auricom/searx

[searx] new chart

charts/dsmr-reader/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/dsmr-reader/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+appVersion: v4.9.0
+description: DSMR-protocol reader, telegram data storage and energy consumption visualizer.
+name: dsmr-reader
+version: 1.0.0
+keywords:
+- dsmr-reader
+- energy
+home: https://github.com/k8s-at-home/charts/tree/master/charts/dsmr-reader
+icon: https://avatars2.githubusercontent.com/u/57727360?s=400&v=4
+sources:
+- https://github.com/dsmrreader/dsmr-reader
+- https://github.com/xirixiz/dsmr-reader-docker
+maintainers:
+- name: billimek
+  email: jeff@billimek.com
+dependencies:
+- name: common
+  repository: https://k8s-at-home.com/charts/
+  version: 2.1.1
+- name: postgresql
+  version: 10.2.0
+  repository: https://charts.bitnami.com/bitnami
+  condition: postgresql.enabled

charts/dsmr-reader/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/dsmr-reader/README.md

@@ -0,0 +1,67 @@
+# DSMR-reader
+
+This is a helm chart for [DSMR-reader](https://github.com/dsmrreader/dsmr-reader).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/dsmr-reader
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/dsmr-reader
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/dsmr-reader/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install dsmr-reader \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/dsmr-reader
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install dsmr-reader k8s-at-home/dsmr-reader --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/dsmr-reader/ci/ct-values.yaml

@@ -0,0 +1,9 @@
+fullnameOverride: dsmr-reader
+
+env:
+  DATALOGGER_MODE: receiver
+  DJANGO_DATABASE_HOST: dsmr-reader-db
+
+postgresql:
+  enabled: true
+  fullnameOverride: dsmr-reader-db

charts/dsmr-reader/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/dsmr-reader/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/dsmr-reader/values.yaml

@@ -0,0 +1,47 @@
+# Default values for dsmr-reader.
+
+image:
+  repository: xirixiz/dsmr-reader-docker
+  pullPolicy: IfNotPresent
+  tag: latest-v4.9.0-amd64
+
+securityContext:
+  privileged: true
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+# For all options see https://github.com/xirixiz/dsmr-reader-docker#dsmr-reader---environment-variables
+env:
+  # TZ: UTC
+  # DJANGO_TIME_ZONE: UTC
+  DJANGO_DATABASE_USER: dsmr-reader
+  DJANGO_DATABASE_PASSWORD: dsmr-reader-pass
+  DJANGO_DATABASE_PORT: 5432
+  DJANGO_DATABASE_NAME: dsmr-reader
+
+# Path to your p1 reader device in the container
+# additionalVolumeMounts:
+# - name: p1reader
+#   mountPath: /dev/ttyUSB0
+
+# Path to your p1 reader device on the host
+# additionalVolumes:
+# - name: p1reader
+#   hostPath:
+#     path: /dev/ttyUSB0
+
+# Enable postgres
+# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql
+postgresql:
+  enabled: false
+  postgresqlUsername: dsmr-reader
+  postgresqlPassword: dsmr-reader-pass
+  postgresqlDatabase: dsmr-reader
+  persistence:
+    enabled: false
+    # storageClass: ""

charts/monica/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.19.1
 description: A Personal Relationship Management tool to help you organize your social life
 name: monica
-version: 2.2.1
+version: 2.2.2
 keywords:
   - crm
 home: https://www.monicahq.com/

charts/monica/README.md

@@ -9,7 +9,7 @@ This chart supports many different environment variables. See the [Monica Docume
 
 ```shell
 $ helm repo add k8s-at-home https://k8s-at-home.com/charts/
-$ helm install k8s-at-home/moica
+$ helm install k8s-at-home/monica
 ```
 
 ## Installing the Chart

charts/node-feature-discovery/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: node-feature-discovery
-version: 2.0.0
-appVersion: 0.6.0
+version: 2.1.0
+appVersion: 0.7.0
 description: Detect hardware features available on each node in a Kubernetes cluster, and advertises those features using node labels
 keywords:
   - kubernetes

charts/node-feature-discovery/values.yaml

@@ -3,10 +3,10 @@
 # Declare variables to be passed into your templates.
 
 image:
-  repository: quay.io/kubernetes_incubator/node-feature-discovery
+  repository: gcr.io/k8s-staging-nfd/node-feature-discovery
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "v0.6.0"
+  tag: "v0.7.0"
 
 imagePullSecrets: []
 nameOverride: ""

charts/resilio-sync/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/resilio-sync/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+appVersion: 2.7.2
+description: Resilio Sync is a fast, reliable, and simple file sync and share solution, powered by P2P technology
+name: resilio-sync
+version: 1.0.0
+keywords:
+  - resilio
+  - sync
+  - btsync
+  - bittorrent
+home: https://github.com/k8s-at-home/charts/tree/master/charts/resio-sync
+icon: https://blog.resilio.com/wp-content/uploads/2016/06/SyncSymbol-260x260px.png
+sources:
+  - https://github.com/orgs/linuxserver/packages/container/package/resilio-sync
+maintainers:
+  - name: salekseev
+    email: 100800+salekseev@users.noreply.github.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.1.1

charts/resilio-sync/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- salekseev
+- onedr0p
+- bjw-s
+reviewers:
+- salekseev
+- onedr0p
+- bjw-s

charts/resilio-sync/README.md

@@ -0,0 +1,68 @@
+# Resilio Sync
+
+This is a helm chart for [resilio-sync](https://resilio-sync.org/).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/resilio-sync
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/resilio-sync
+```
+
+The default login details (change ASAP) are:
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/resilio-sync/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install my-release \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/resilio-sync
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install my-release k8s-at-home/resilio-sync --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/resilio-sync/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/resilio-sync/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/resilio-sync/values.yaml

@@ -0,0 +1,94 @@
+# Default values for resilio-sync.
+
+image:
+  repository: ghcr.io/linuxserver/resilio-sync
+  pullPolicy: IfNotPresent
+  tag: version-2.7.2.1375
+
+strategy:
+  type: Recreate
+
+env: {}
+  # TZ: UTC
+  # PUID: 1001
+  # PGID: 1001
+  # UMASK: 022
+
+service:
+  port:
+    port: 8888
+
+  additionalServices:
+  - enabled: true
+    nameSuffix: bt
+    type: ClusterIP
+    port:
+      port: 55555
+      name: bt
+      protocol: TCP
+      targetPort: 55555
+  - enabled: true
+    nameSuffix: utp
+    type: ClusterIP
+    port:
+      port: 55555
+      name: utp
+      protocol: UDP
+      targetPort: 55555
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /config
+
+  media:
+    enabled: false
+    emptyDir: false
+    mountPath: /media
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+  downloads:
+    enabled: false
+    emptyDir: false
+    mountPath: /downloads
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+  sync:
+    enabled: false
+    emptyDir: false
+    mountPath: /sync
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/searx/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+.vscode/
+*.tmproj
+# OWNERS file for Kubernetes
+OWNERS

charts/searx/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 0.18.0
+description: Searx is a privacy-respecting, hackable metasearch engine
+name: searx
+version: 1.0.0
+keywords:
+  - searx
+  - search engine
+  - privacy
+home: https://github.com/k8s-at-home/charts/tree/master/charts/searx
+icon: https://github.com/searx/searx/blob/master/searx/static/themes/simple/img/logo_searx_a.png?raw=true
+sources:
+  - https://github.com/searx/searx
+  - https://searx.github.io/searx/
+  - https://hub.docker.com/r/searx/searx
+maintainers:
+  - name: auricom
+    email: k8s-at-home@xpander.eml.cc
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.1.1

charts/searx/OWNERS

@@ -0,0 +1,4 @@
+approvers:
+- auricom
+reviewers:
+- auricom

charts/searx/README.md

@@ -0,0 +1,77 @@
+# Searx
+
+This is a helm chart for [Searx](https://github.com/searx/searx).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/searx
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the nextcloud chart and their default values that have to be overriden.
+
+| Parameter                                                 | Description                                             | Default                                     |
+| --------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------- |
+| `searx.baseUrl`                                           | external url                                            | `https://serax.DOMAIN`                      |
+| `searx.mortyKey`                                          | Morty reverse proxy unique key                          | `changeme`                                  |
+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/searx
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/searx/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install searx \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/searx
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install searx k8s-at-home/searx --values values.yaml
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.0.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/searx/ci/ct-values.yaml

@@ -0,0 +1,2 @@
+ingress:
+  enabled: true

charts/searx/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/searx/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/searx/templates/configmap.yaml

@@ -0,0 +1,269 @@
+
+{{/*
+Searx Configuration files.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "searx-config"
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+data:
+  Caddyfile: |-
+    {
+      admin off
+    }
+
+    :80 {
+      log {
+            output discard
+      }
+
+      @api {
+            path /config
+    	path /status
+      }
+
+      @static {
+            path /static/*
+      }
+
+      @notstatic {
+            not path /static/*
+      }
+
+      @morty {
+            path /morty/*
+      }
+
+      @notmorty {
+            not path /morty/*
+      }
+
+      header {
+            # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
+            Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+            # Enable cross-site filter (XSS) and tell browser to block detected attacks
+            X-XSS-Protection "1; mode=block"
+
+            # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+            X-Content-Type-Options "nosniff"
+
+            # Disallow the site to be rendered within a frame (clickjacking protection)
+            X-Frame-Options "SAMEORIGIN"
+
+            # Disable some features
+            Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
+
+            # Referer
+            Referrer-Policy "no-referrer"
+
+            # X-Robots-Tag
+            X-Robots-Tag "noindex, noarchive, nofollow"
+
+            # Remove Server header
+            -Server
+      }
+
+      header @api {
+            Access-Control-Allow-Methods "GET, OPTIONS"
+            Access-Control-Allow-Origin  "*"
+      }
+
+      # Cache
+      header @static {
+            # Cache
+    	Cache-Control "public, max-age=31536000"
+    	defer
+      }
+
+      header @notstatic {
+            # No Cache
+            Cache-Control "no-cache, no-store"
+            Pragma "no-cache"
+      }
+
+      # CSP (see http://content-security-policy.com/ )
+      header @morty {
+    	Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; img-src 'self' data:; font-src 'self'; frame-src 'self'"
+      }
+
+      header @notmorty {
+            Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
+      }
+
+      # Searx-Checker
+      uri replace /status /searx-checker/status.json
+      handle /searx-checker/status.json {
+            root * /srv
+            file_server
+      }
+
+      # Morty
+      handle @morty {
+            reverse_proxy localhost:3000
+      }
+
+      # Filtron
+      handle {
+            encode zstd gzip
+
+            reverse_proxy localhost:4040 {
+                   header_up X-Forwarded-Port {http.request.port}
+                   header_up X-Forwarded-Proto {http.request.scheme}
+                   header_up X-Forwarded-TlsProto {tls_protocol}
+                   header_up X-Forwarded-TlsCipher {tls_cipher}
+                   header_up X-Forwarded-HttpsProto {proto}
+            }
+      }
+
+    }
+  rules.json: |-
+    [
+        {
+            "name": "searx.space",
+            "filters": ["Header:X-Forwarded-For=nslookup(check.searx.space)"],
+            "stop": true,
+            "actions": [{ "name": "log"}]
+        },
+        {
+            "name": "IP limit, all paths",
+            "interval": 3,
+            "limit": 25,
+            "aggregations": ["Header:X-Forwarded-For"],
+            "actions": [
+                {"name": "block",
+                "params": {"message": "Rate limit exceeded, try again later."}}
+            ]
+        },
+        {
+            "name": "useragent limit, all paths",
+            "interval": 30,
+            "limit": 200,
+            "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
+            "stop": true,
+            "actions": [
+                {"name": "block",
+                "params": {"message": "Rate limit exceeded, try again later."}}
+            ]
+        },
+        {
+            "name": "search request",
+            "filters": ["Param:q", "Path=^(/|/search)$"],
+            "subrules": [
+                {
+                    "name": "allow Firefox Android (issue #48 and #60)",
+                    "filters": [
+                        "Param:q=^1$",
+                        "Header:User-Agent=(^MozacFetch/[0-9]{2,3}.[0-9].[0-9]+$|^Mozilla/5.0 \\(Android [0-9]{1,2}(.[0-9]{1,2}.[0-9]{1,2})?; Mobile; rv:[0-9]{2,3}.[0-9]\\) Gecko/[0-9]{2,3}.[0-9] Firefox/[0-9]{2,3}.[0-9]$)"
+                    ],
+                    "stop": true,
+                    "actions": [{"name": "log"}]
+                },
+                {
+                    "name": "robot agent forbidden",
+                    "limit": 0,
+                    "stop": true,
+                    "filters": ["Header:User-Agent=([Cc][Uu][Rr][Ll]|[wW]get|Scrapy|splash|JavaFX|FeedFetcher|python-requests|Go-http-client|Java|Jakarta|okhttp|HttpClient|Jersey|Python|libwww-perl|Ruby|SynHttpClient|UniversalFeedParser)"],
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "bot forbidden",
+                    "limit": 0,
+                    "stop": true,
+                    "filters": ["Header:User-Agent=(Googlebot|GoogleImageProxy|bingbot|Baiduspider|yacybot|YandexMobileBot|YandexBot|Yahoo! Slurp|MJ12bot|AhrefsBot|archive.org_bot|msnbot|MJ12bot|SeznamBot|linkdexbot|Netvibes|SMTBot|zgrab|James BOT|Sogou|Abonti|Pixray|Spinn3r|SemrushBot|Exabot|ZmEu|BLEXBot|bitlybot)"],
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "block missing accept-language",
+                    "filters": ["!Header:Accept-Language"],
+                    "limit": 0,
+                    "stop": true,
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "block Connection:close",
+                    "filters": ["Header:Connection=close"],
+                    "limit": 0,
+                    "stop": true,
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "block no gzip support",
+                    "filters": ["!Header:Accept-Encoding=(^gzip$|^gzip[;,]|[; ]gzip$|[; ]gzip[;,])"],
+                    "limit": 0,
+                    "stop": true,
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "block no deflate support",
+                    "filters": ["!Header:Accept-Encoding=(^deflate$|^deflate[;,]|[; ]deflate$|[; ]deflate[;,])"],
+                    "limit": 0,
+                    "stop": true,
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "block accept everything",
+                    "filters": ["!Header:Accept=text/html"],
+                    "limit": 0,
+                    "stop": true,
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded"}}
+                    ]
+                },
+                {
+                    "name": "rss/json limit",
+                    "interval": 3600,
+                    "limit": 4,
+                    "stop": true,
+                    "filters": ["Param:format=(csv|json|rss)"],
+                    "aggregations": ["Header:X-Forwarded-For"],
+                    "actions": [
+                        {"name": "block",
+            "params": {"message": "Rate limit exceeded, try again later."}}
+                    ]
+                },
+                {
+                    "name": "IP limit",
+                    "interval": 3,
+                    "limit": 3,
+                    "aggregations": ["Header:X-Forwarded-For"],
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded, try again later."}}
+                    ]
+                },
+                {
+                    "name": "IP and useragent limit",
+                    "interval": 600,
+                    "limit": 60,
+                    "stop": true,
+                    "aggregations": ["Header:X-Forwarded-For", "Header:User-Agent"],
+                    "actions": [
+                        {"name": "block",
+                        "params": {"message": "Rate limit exceeded, try again later."}}
+        ]
+                }
+            ]
+        }
+    ]

charts/searx/templates/helpers.tpl

@@ -0,0 +1,27 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "speedtest.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "speedtest.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}

charts/searx/templates/secrets.yaml

@@ -0,0 +1,15 @@
+
+{{/*
+Searx Configuration files.
+*/}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "searx-config"
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+stringData:
+  BIND_ADDRESS: "0.0.0.0:8080"
+  BASE_URL: {{ .Values.searx.baseUrl }}
+  MORTY_URL: {{ print .Values.searx.baseUrl "/morty/" }}
+  MORTY_KEY: {{ .Values.searx.mortyKey }}

charts/searx/values.yaml

@@ -0,0 +1,86 @@
+# Default values for Searx.
+
+image:
+  repository: searx/searx
+  pullPolicy: IfNotPresent
+  tag: 0.18.0
+
+searx:
+  # external URL
+  baseUrl: "https://searx.DOMAIN"
+  # generate a random key used by Morty (Privacy aware web content sanitizer proxy as a service)
+  # example : `openssl rand -base64 24`
+  mortyKey: "changeme"
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+envFrom:
+  - secretRef:
+      name: searx-config
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+
+additionalContainers:
+- name: caddy
+  image: caddy:2.2.0-alpine
+  ports:
+    - containerPort: 80
+      name: http
+  volumeMounts:
+    - name: searx-config
+      mountPath: /etc/caddy/Caddyfile
+      subPath: Caddyfile
+    - name: searx-checker
+      mountPath: /srv/searx-checker
+- image: dalf/filtron:latest
+  imagePullPolicy: Always
+  name: filtron
+  args:
+    [
+      "-listen",
+      "0.0.0.0:4040",
+      "-api",
+      "0.0.0.0:4041",
+      "-target",
+      "localhost:8080",
+    ]
+  ports:
+    - containerPort: 4040
+      name: filtron
+    - containerPort: 4041
+      name: api
+  volumeMounts:
+    - name: searx-config
+      mountPath: /etc/filtron/rules.json
+      subPath: rules.json
+- image: dalf/morty:latest
+  imagePullPolicy: Always
+  name: morty
+  envFrom:
+    - secretRef:
+        name: searx-config
+  args: ["-listen", "localhost:3000", "-timeout", "6", "ipv6"]
+  ports:
+    - containerPort: 3000
+      name: morty
+- name: searx-checker
+  image: searx/searx-checker:latest
+  args:
+    ["-cron", "-o", "html/data/status.json", "http://localhost:8080"]
+  volumeMounts:
+    - name: searx-checker
+      mountPath: /usr/local/searx-checker/html/data
+additionalVolumes:
+- name: searx-config
+  configMap:
+    name: searx-config
+- name: searx-checker
+  emptyDir: {}

charts/zigbee2mqtt/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.16.1
+appVersion: 1.16.2
 description: Bridges events and allows you to control your Zigbee devices via MQTT
 name: zigbee2mqtt
-version: 4.1.1
+version: 4.1.2
 keywords:
   - zigbee
   - mqtt

charts/zigbee2mqtt/values.yaml

@@ -3,7 +3,7 @@
 image:
   repository: koenkk/zigbee2mqtt
   pullPolicy: IfNotPresent
-  tag: 1.16.1
+  tag: 1.16.2
 
 strategy:
   type: Recreate