reintroduce helmignore (#522)

Signed-off-by: Ryan Holt <ryan@ryanholt.net>

.github/stale.yml

@@ -1,18 +1,32 @@
-daysUntilStale: 60
-daysUntilClose: 7
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 45
+
+# Number of days of inactivity before a stale Issue or Pull Request is closed.
+daysUntilClose: 5
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
 exemptLabels:
+  - on-hold
   - pinned
-staleLabel: lifecycle/stale
-pulls:
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
+
+# Label to use when marking as stale
+staleLabel: stale
+
 issues:
+  # Comment to post when marking as stale. Set to `false` to disable
   markComment: >
-    This issue request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
-closeComment: false
-unmarkComment: >
-  /remove-lifecycle stale
+    This Issue has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thanks for the feedback.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
+pulls:
+  # Comment to post when marking as stale. Set to `false` to disable
+  markComment: >
+    This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thank you for your contribution.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30

.github/workflows/charts-lint-test.yaml

@@ -1,6 +1,10 @@
-name: Lint and Test Charts
+name: "Charts: Lint and test"
 
-on: pull_request
+on:
+  pull_request:
+    paths:
+    - 'charts/**'
+    - '!charts/**/README.md'
 
 jobs:
   lint:
@@ -64,13 +68,13 @@ jobs:
       - name: Install Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7            
-  
+          ruby-version: 2.7
+
       - name: Install dependencies
         run: |
           export RUBYJQ_USE_SYSTEM_LIBRARIES=1
           bundle install
-      
+
       - name: Run tests
         run: |
           bundle exec m -r test/charts
@@ -101,7 +105,7 @@ jobs:
         if: needs.lint.outputs.changed == 'true' || needs.lint.outputs.common == 'true'
 
       - name: Run chart-testing (install)
-        run: ct install --config .github/ct.yaml
+        run: ct install --config .github/ct.yaml --excluded-charts ""
         if: needs.lint.outputs.changed == 'true'
 
       - name: Run chart-testing (common-test)

.github/workflows/charts-release.yaml

@@ -1,11 +1,12 @@
-name: Release Charts
+name: "Charts: Release"
 
 on:
   push:
     branches:
       - master
     paths:
-      - "charts/**"
+      - 'charts/**'
+      - '!charts/**/README.md'
 
 jobs:
   pre-release:

.gitignore

@@ -1,3 +1,6 @@
+# Developer dependencies
+.bin
+
 # IDE resources
 .vscode
 .idea
@@ -9,4 +12,5 @@ charts/*/charts
 
 # Other rsources
 .env
+.envrc
 Gemfile.lock

.taskfiles/Taskfile_chart.yml

@@ -0,0 +1,48 @@
+---
+version: '3'
+
+tasks:
+
+  create:
+    desc: create new chart
+    cmds:
+    - git checkout -b add-chart-{{.CHART}}
+    - cp -r {{.GIT_ROOT}}/templates/chart {{.GIT_ROOT}}/charts/{{.CHART}}
+    - ./.bin/go-replace -s '${CHARTNAME}' -r "{{.CHART}}" --path={{.GIT_ROOT}}/charts/{{.CHART}} --path-pattern='*.*'
+    - task: dependency
+    - echo "Congratulations, charts/{{.CHART}} successfully generated, you can now edit chart informations ( Chart.yaml and values.yaml )"
+    status:
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}
+    deps:
+    - check-chart
+    silent: true
+
+
+  dependency:
+    cmds:
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}/Chart.lock && rm {{.GIT_ROOT}}/charts/{{.CHART}}/Chart.lock || exit 0
+    - test -d {{.GIT_ROOT}}/charts/{{.CHART}}/tmpcharts && rm -rf {{.GIT_ROOT}}/charts/{{.CHART}}/tmpcharts || exit 0
+    - cd {{.GIT_ROOT}}/charts/{{.CHART}} && helm dependency update
+    silent: true
+
+  lint:
+    desc: lint your chart code
+    cmds:
+    - cd {{.GIT_ROOT}}/charts/{{.CHART}} && helm lint
+    deps:
+    - dependency
+    - check-chart
+
+  test:
+    desc: test your chart code
+    cmds:
+    - docker run --rm -it --user $(id -u):$(id -g) -e "HELM_CONFIG_HOME=/tmp/helm" -e "HELM_CACHE_HOME=/tmp/helm" -v {{.GIT_ROOT}}:/ci -w /ci quay.io/helmpack/chart-testing:latest ct lint --charts charts/{{.CHART}} --config /ci/.github/ct.yaml
+    deps:
+    - check-chart
+    - lint
+
+  # Checks Parameters
+  check-chart:
+    cmds:
+    - cmd: test ! -z "{{.CHART}}" || (echo "Please define CHART parameter"; exit 1)
+    silent: true

.taskfiles/Taskfile_darwin.yml

@@ -0,0 +1,41 @@
+---
+version: '3'
+
+# Todo: add all darwin requirements
+
+env:
+  URL_GOREPLACE: https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-osx
+
+tasks:
+
+  install:
+    desc: Install all developer dependencies
+    deps:
+    - distrib-requirements
+    - go-replace
+
+  distrib-requirements:
+    desc: Check needed distribution packages
+    cmds:
+    - task deps:need BIN=wget
+    - task deps:need BIN=python3
+    - task deps:need BIN=docker
+    silent: true
+
+  need:
+    desc: Check needed binary is present
+    cmds:
+    - type {{.BIN}} 2>&1 >/dev/null || (echo "Please install {{.BIN}}"; exit 1)
+    silent: true
+
+  go-replace:
+    desc: Install go-replace
+    cmds:
+    - echo "Installing go-replace"
+    - mkdir -p ".bin"
+    - wget -q "https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-osx" -O .bin/go-replace && chmod +x .bin/go-replace
+    status:
+    - test -e .bin/go-replace
+    deps:
+    - distrib-requirements
+    silent: true

.taskfiles/Taskfile_linux.yml

@@ -0,0 +1,64 @@
+---
+version: '3'
+
+env:
+  URL_GOREPLACE: https://github.com/webdevops/go-replace/releases/download/1.1.2/gr-64-linux
+  URL_HELM: https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+
+tasks:
+
+  install:
+    desc: Install all developer dependencies
+    deps:
+    - distrib-requirements
+    - helm
+    - pre-commit
+    - go-replace
+
+  distrib-requirements:
+    desc: Check needed distribution packages
+    cmds:
+    - task deps:need BIN=wget
+    - task deps:need BIN=python3
+    - task deps:need BIN=docker
+    silent: true
+
+  need:
+    desc: Check needed binary is present
+    cmds:
+    - type {{.BIN}} 2>&1 >/dev/null || (echo "Please install {{.BIN}}"; exit 1)
+    silent: true
+
+  helm:
+    desc: Install helm client
+    cmds:
+    - echo "Installing helm"
+    - wget -q -O - "$URL_HELM" | USE_SUDO=false HELM_INSTALL_DIR=.bin bash
+    status:
+    - test -e .bin/helm
+    deps:
+    - distrib-requirements
+    silent: true
+
+  pre-commit:
+    desc: Install a precommit pip package
+    cmds:
+    - echo "Installing pre-commit"
+    - python3 -m pip install --user pre-commit
+    status:
+    - type pre-commit
+    deps:
+    - distrib-requirements
+    silent: true
+
+  go-replace:
+    desc: Install go-replace
+    cmds:
+    - echo "Installing go-replace"
+    - mkdir -p ".bin"
+    - wget -q "$URL_GOREPLACE" -O .bin/go-replace && chmod +x .bin/go-replace
+    status:
+    - test -e .bin/go-replace
+    deps:
+    - distrib-requirements
+    silent: true

.taskfiles/Taskfile_windows.yml

@@ -0,0 +1,10 @@
+---
+version: '3'
+
+# Todo: add windows requirements
+
+tasks:
+  default:
+    cmds:
+    - task -l
+    silent: true

CONTRIBUTING.md

@@ -39,6 +39,23 @@ See `git help commit`:
 
 Once changes have been merged, the release job will automatically run to package and release changed charts.
 
+### Create new chart
+```
+# Clone
+git clone
+cd charts
+sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b .bin
+
+# Create chart
+PATH=$PATH:$PWD/.bin
+task chart:create CHART=chart_name
+# Don't forgot edit some chart informations in charts/char_name/Chart.yaml and charts/char_name/values.yaml
+
+# Lint & Test
+task chart:lint CHART=chart_name
+task chart:test CHART=chart_name
+```
+
 ### Immutability
 
 Chart releases must be immutable. Any change to a chart warrants a chart version bump even if it is only changed to the documentation.

README.md

@@ -1,6 +1,6 @@
 # k8s@Home collection of helm charts
 
-[![Discord](https://img.shields.io/badge/discord-chat-7289DA.svg)](https://discord.gg/stmx7vh)
+[![Discord](https://img.shields.io/badge/discord-chat-7289DA.svg)](https://discord.com/invite/7PbmHRK)
 [![](https://github.com/k8s-at-home/charts/workflows/Release%20Charts/badge.svg?branch=master)](https://github.com/k8s-at-home/charts/actions)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/k8s-at-home)](https://artifacthub.io/packages/search?repo=k8s-at-home)

Taskfile.yml

@@ -0,0 +1,16 @@
+---
+version: '3'
+
+vars:
+  GIT_ROOT:
+    sh: git rev-parse --show-toplevel
+
+includes:
+  deps: .taskfiles/Taskfile_{{OS}}.yml
+  chart: .taskfiles/Taskfile_chart.yml
+
+tasks:
+  default:
+    cmds:
+    - task -l
+    silent: true

charts/README.templates.md.gotmpl

@@ -14,7 +14,7 @@
     {{ template "repository.organization" . }}/{{ template "chart.name" . }}
 {{- end -}}
 {{- define "badge.artifactHub" -}}
-  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/{{ template "chart.name" . }})
+  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/k8s-at-home/{{ template "chart.name" . }})
 {{- end -}}
 {{- define "description.multiarch" -}}
 The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
@@ -69,4 +69,4 @@ For example,
 ```console
 helm install {{ template "chart.name" . }} {{ template "helm.path" . }} --values values.yaml
 ```
-{{- end -}}
+{{- end -}}

charts/bitwardenrs/Chart.yaml

@@ -2,15 +2,15 @@ apiVersion: v2
 name: bitwardenrs
 description: Unofficial Bitwarden compatible server written in Rust
 type: application
-version: 1.0.1
-appVersion: 1.16.3
+version: 2.0.0
+appVersion: 1.18.0
 keywords:
   - bitwarden
   - bitwardenrs
   - bitwarden_rs
   - password
   - rust
-home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
 sources:
   - https://github.com/dani-garcia/bitwarden_rs
 maintainers:

charts/bitwardenrs/README.md

@@ -46,3 +46,13 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 helm install bitwarden k8s-at-home/bitwardenrs  --values values.yaml 
 ```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.1.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 1.x.x to 2.x.x
+
+Chart version 2.0.0 introduces external database support.
+ * No actions required to continue with the default sqlite backend.
+ * Refer to the `bitwardenrs.externalDatabase` section of [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) to configure MySQL or PostgreSQL database backends.

charts/bitwardenrs/templates/_database.tpl

@@ -0,0 +1,38 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate environment variables for external database
+*/}}
+{{- define "bitwardenrs.externalDatabaseConfigMap" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if and (not .existingSecret.enabled) .user }}
+DATABASE_USER: {{ .user | quote }}
+{{- end }}
+{{- if and (not .existingSecret.enabled) .password }}
+DATABASE_PASSWORD: {{ .password | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "bitwardenrs.externalDatabaseEnv" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if .existingSecret.enabled }}
+- name: DATABASE_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.userKey | quote }}
+- name: DATABASE_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.passwordKey | quote }}
+{{- end }}
+{{- $dbport := not (empty .port) | ternary (printf ":%v" .port) "" }}
+- name: DATABASE_URL
+  value: {{ printf "%v://$(DATABASE_USER):$(DATABASE_PASSWORD)@%v%v/%v" .type .host $dbport .database }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/bitwardenrs/templates/configmap.yaml

@@ -12,8 +12,8 @@ data:
   WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
   {{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
   DISABLE_ADMIN_TOKEN: "true"
-    {{- end }}
-    {{- with .Values.bitwardenrs.smtp }}
+  {{- end }}
+  {{- with .Values.bitwardenrs.smtp }}
   {{- if .enabled }}
   SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
   SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
@@ -31,6 +31,20 @@ data:
   {{- end }}
   {{- end }}
   {{- end }}
+  {{- with .Values.bitwardenrs.yubico }}
+  {{- if .enabled }}
+  {{- if .server }}
+  YUBICO_SERVER: {{ .server | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .clientId }}
+  YUBICO_CLIENT_ID: {{ .clientId | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .secretKey }}
+  YUBICO_SECRET_KEY: {{ .secretKey | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- include "bitwardenrs.externalDatabaseConfigMap" . | nindent 2 }}
   {{- if .Values.env }}
   {{- toYaml .Values.env | nindent 2 }}
   {{- end }}

charts/bitwardenrs/templates/deployment.yaml

@@ -54,11 +54,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -70,12 +70,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/templates/ingress.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "bitwardenrs.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
+{{- $websockets := .Values.bitwardenrs.websockets -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
@@ -36,6 +37,16 @@ spec:
             backend:
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+          {{- if $websockets.enabled }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $websockets.port }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort}}
+          {{- end }}
           {{- end }}
     {{- end }}
   {{- end }}

charts/bitwardenrs/templates/statefulset.yaml

@@ -55,11 +55,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -71,12 +71,27 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
-              containerPort: 80
+              containerPort: {{ .Values.bitwardenrs.gui.port }}
               protocol: TCP
             {{- if .Values.bitwardenrs.websockets.enabled }}
             - name: websocket

charts/bitwardenrs/values.yaml

@@ -14,6 +14,9 @@ fullnameOverride: ""
 bitwardenrs:
   domain: ""
   signupsAllowed: false
+  gui:
+    # If you set a different port here, you must also provide it under env
+    port: 80
   websockets:
     enabled: true
     port: 3012
@@ -24,6 +27,31 @@ bitwardenrs:
       enabled: false
       name: ""
       tokenKey: ""
+  # External database configuration.
+  # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
+  # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
+  #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
+  externalDatabase:
+    enabled: false
+    # Supported values: 'mysql', 'postgresql'.
+    type: ""
+    # Database host. Required if external database is enabled.
+    host: ""
+    # Database port. Optional, default value is specific to the database backend.
+    port: ""
+    # Database name.
+    database: ""
+    # Database user.
+    user: ""
+    # Database password. Special characters must be escaped with percent encoding.
+    password: ""
+    # Use existing secret for database credentials.
+    existingSecret:
+      enabled: false
+      name: ""
+      userKey: ""
+      # Special characters in the password value must be escaped with percent encoding.
+      passwordKey: ""
   # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
   smtp:
     enabled: false
@@ -47,8 +75,26 @@ bitwardenrs:
       name: ""
       userKey: ""
       passwordKey: ""
+  # Enable Yubikey 2FA: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
+  yubico:
+    enabled: false
+    # OTP verification server. Will use the default YubiCloud servers if not specified
+    server: ""
+    # API Client ID for OTP server. Ignored if existingSecret is provided.
+    clientId: ""
+    # API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
+    secretKey: ""
+    # Use existing secret for API keys
+    existingSecret:
+      enabled: false
+      name: ""
+      clientIdKey: ""
+      secretKeyKey: ""
 
 env: {}
+# If you plan to run the WebUI on a port other than port 80, specify that here:
+# For example, if running the container as a non-root user.
+#  ROCKET_PORT: "80"
 
 persistence:
   type: statefulset

charts/blocky/Chart.yaml

@@ -1,11 +1,12 @@
 apiVersion: v2
-appVersion: v0.11
+appVersion: v0.12
 description: DNS proxy as ad-blocker for local network
 name: blocky
-version: 4.1.1
+version: 5.0.0
 keywords:
   - blocky
-  - dbs
+  - adblock
+  - dns
 home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
 icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
 sources:

charts/blocky/README.md

@@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 helm install --name blocky -f values.yaml k8s-at-home/blocky
 ```
 
+---
+
 ## Upgrading an existing Release to a new major version
 
 A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
@@ -72,3 +74,6 @@ kubectl delete svc/blocky
 
 This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
 
+### Upgrading from 4.x.x to 5.x.x
+
+Configuration inside `config` is no longer a yaml object, it is now a multiline string

charts/blocky/templates/configmap.yaml

@@ -9,12 +9,5 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-{{- if .Values.config }}
-{{ $root := . }}
   config.yml: |
-{{ tpl (toYaml .Values.config | indent 4) $root }}
-{{- end }}
-{{- range $name, $value := .Values.extraLists }}
-  {{ $name }}: |-
-{{ $value | indent 4}}
-{{- end }}
+{{ .Values.config | indent 4 }}

charts/blocky/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $blockyConfig := .Values.config | fromYaml }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -45,9 +46,9 @@ spec:
               subPath: {{ $name }}
               readOnly: true
             {{- end }}
-            {{- if .Values.config.queryLog }}
+            {{- if hasKey $blockyConfig "queryLog" }}
             - name: data
-              mountPath: {{ .Values.config.queryLog.dir }}
+              mountPath: {{ $blockyConfig.queryLog.dir }}
               {{- if .Values.persistence.subPath }}
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
@@ -96,7 +97,7 @@ spec:
                     - key: {{ $name }}
                       path: {{ $name }}
                   {{- end }}
-        {{- if .Values.config.queryLog }}
+        {{- if hasKey $blockyConfig "queryLog" }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/blocky/values.yaml

@@ -1,6 +1,6 @@
 image:
   repository: spx01/blocky
-  tag: v0.11
+  tag: v0.12
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -10,29 +10,30 @@ replicas: 1
 
 timeZone: "UTC"
 
-# blocky configuration - will translate to config.yml file inside the pod
-config:
+# Blocky configuration, for a full list of options see
+# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
+config: |
   upstream:
     # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
-    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
     externalResolvers:
-      - udp:8.8.8.8
-      - udp:8.8.4.4
-      - udp:1.1.1.1
-      - tcp-tls:1.0.0.1:853
-      - https://cloudflare-dns.com/dns-query
+      - 46.182.19.48
+      - 80.241.218.68
+      - tcp-tls:fdns1.dismail.de:853
+      - https://dns.digitale-gesellschaft.ch/dns-query
 
   # optional: custom IP address for domain name (with all sub-domains)
   # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
-  # customDNS:
-  #   mapping:
-  #     printer.lan: 192.168.178.3
+  customDNS:
+    mapping:
+      printer.lan: 192.168.178.3
 
-  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
   # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
-  # conditional:
-  #   mapping:
-  #     fritz.box: udp:192.168.178.1
+  conditional:
+    mapping:
+      fritz.box: udp:192.168.178.1
+      lan.net: udp:192.168.178.1,udp:192.168.178.2
 
   # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
   blocking:
@@ -46,77 +47,95 @@ config:
         - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
         - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
       special:
-        - https://hosts-file.net/ad_servers.txt
-    # definition of whitelist groups. Attention: if the same group has black and whitelists,
-    # whitelists will be used to disable particular blacklist entries. If a group has only
-    # whitelist entries -> this means only domains from this list are allowed,
-    # all other domains will be blocked.
-    # Also see the extraLists section below to add your own in-line whitelists
-    # whiteLists:
-    #   ads:
-    #     - whitelist.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
+    # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
+    whiteLists:
+      ads:
+        - whitelist.txt
     # definition: which groups should be applied for which client
     clientGroupsBlock:
       # default will be used, if no special definition for a client name exists
       default:
         - ads
         - special
-      # use client name or ip address
-      # laptop.fritz.box:
-      #   - ads
-
+      # use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
+      # or single ip address / client subnet as CIDR notation
+      laptop*:
+        - ads
+      192.168.178.1/24:
+        - special
     # which response will be sent, if query is blocked:
-    #   zeroIp: 0.0.0.0 will be returned (default)
-    #   nxDomain: return NXDOMAIN as return code
-    # blockType: zeroIp
-
+    # zeroIp: 0.0.0.0 will be returned (default)
+    # nxDomain: return NXDOMAIN as return code
+    # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
+    blockType: zeroIp
     # optional: automatically list refresh period in minutes. Default: 4h.
     # Negative value -> deactivate automatically refresh.
     # 0 value -> use default
-    # refreshPeriod: 1
+    refreshPeriod: 0
 
   # optional: configuration for caching of DNS responses
-  # caching:
-  #   # amount in minutes, how long a response must be cached (min value).
-  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
-  #   # Default: 0
-  #   minTime: 40
-  #   # amount in minutes, how long a response must be cached (max value).
-  #   # If <0, do not cache responses
-  #   # If 0, use TTL
-  #   # If > 0, use this value, if TTL is greater
-  #   # Default: 0
-  #   maxTime: -1
+  caching:
+    # amount in minutes, how long a response must be cached (min value).
+    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+    # Default: 0
+    minTime: 5
+    # amount in minutes, how long a response must be cached (max value).
+    # If <0, do not cache responses
+    # If 0, use TTL
+    # If > 0, use this value, if TTL is greater
+    # Default: 0
+    maxTime: -1
+    # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
+    # this improves the response time for often used queries, but significantly increases external traffic
+    # default: false
+    prefetching: true
 
   # optional: configuration of client name resolution
-  # clientLookup:
-  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
-  #   upstream: udp:192.168.178.1
-  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
-  #   # Example: take second name if present, if not take first name
-  #   singleNameOrder:
-  #     - 2
-  #     - 1
+  clientLookup:
+    # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+    upstream: udp:192.168.178.1
+    # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+    # Example: take second name if present, if not take first name
+    singleNameOrder:
+      - 2
+      - 1
+    # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
+    clients:
+      laptop:
+        - 192.168.178.29
+
   # optional: configuration for prometheus metrics endpoint
-  prometheus:
-    # enabled if true
-    enable: true
-    # url path, optional (default '/metrics')
-    path: /metrics
+  # prometheus:
+  #   # enabled if true
+  #   enable: true
+  #   # url path, optional (default '/metrics')
+  #   path: /metrics
 
   # optional: write query information (question, answer, client, duration etc) to daily csv file
   # queryLog:
-  #     # directory (will be mounted as volume in the pod)
-  #     dir: /logs
-  #     # if true, write one file per client. Writes all queries to single file otherwise
-  #     perClient: true
-  #     # if > 0, deletes log files which are older than ... days
-  #     logRetentionDays: 7
+  #   # directory (should be mounted as volume in docker)
+  #   dir: /logs
+  #   # if true, write one file per client. Writes all queries to single file otherwise
+  #   perClient: true
+  #   # if > 0, deletes log files which are older than ... days
+  #   logRetentionDays: 7
 
-  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
+  port: 53
+  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
   httpPort: 4000
+  # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
+  #httpsPort: 443
+  # mandatory, if https port > 0: path to cert and key file for SSL encryption
+  #httpsCertFile: server.crt
+  #httpsKeyFile: server.key
+  # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
+  bootstrapDns: tcp:1.1.1.1
   # optional: Log level (one from debug, info, warn, error). Default: info
   logLevel: info
+  # optional: Log format (text or json). Default: text
+  logFormat: text
 
 ## Add persistence for query logs (if enabled)
 persistence:

charts/flaresolverr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/flaresolverr/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: v1.2.3
+description: FlareSolverr is a proxy server to bypass Cloudflare protection
+name: flaresolverr
+version: 1.0.0
+keywords:
+  - flaresolverr
+  - jackett
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flaresolverr
+sources:
+  - https://github.com/FlareSolverr/FlareSolverr
+  - https://hub.docker.com/r/flaresolverr/flaresolverr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/flaresolverr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/flaresolverr/README.md

@@ -0,0 +1,67 @@
+# FlareSolverr
+
+This is a helm chart for [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/flaresolverr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/flaresolverr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flaresolverr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install flaresolverr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/flaresolverr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install flaresolverr k8s-at-home/flaresolverr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/flaresolverr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/flaresolverr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/flaresolverr/values.yaml

@@ -0,0 +1,16 @@
+# Default values for FlareSolverr.
+
+image:
+  repository: flaresolverr/flaresolverr
+  pullPolicy: IfNotPresent
+  tag: v1.2.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 8191
+
+env: {}
+  # LOG_LEVEL: UTC

charts/gonic/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/gonic/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: latest
+description: Music streaming server / subsonic server API implementation
+name: gonic
+version: 1.0.0
+keywords:
+  - music
+  - subsonic
+home: https://github.com/k8s-at-home/charts/tree/master/charts/gonic
+icon: https://raw.githubusercontent.com/sentriz/gonic/master/.github/logo.png
+sources:
+  - https://github.com/sentriz/gonic
+  - https://hub.docker.com/r/sentriz/gonic
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/gonic/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/gonic/README.md

@@ -0,0 +1,67 @@
+# Gonic
+
+This is a helm chart for [Gonic](https://github.com/sentriz/gonic).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/gonic
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/gonic
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/gonic/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install gonic \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/gonic
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install gonic k8s-at-home/gonic --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/gonic/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/gonic/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/gonic/values.yaml

@@ -0,0 +1,40 @@
+# Default values for Gonic.
+
+image:
+  repository: sentriz/gonic
+  pullPolicy: IfNotPresent
+  tag: latest
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+# # See more environment variables in the gonic documentation
+# https://github.com/sentriz/gonic#configuration-options
+env: {}
+  # TZ: UTC
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+
+  music:
+    enabled: false
+    emptyDir: false
+    mountPath: /music
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/home-assistant/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 2020.12.1
+appVersion: 2021.1.5
 description: Home Assistant
 name: home-assistant
-version: 5.4.1
+version: 5.4.3
 keywords:
 - home-assistant
 - hass

charts/home-assistant/values.yaml

@@ -1,9 +1,9 @@
-# Default values for zwave2mqtt.
+# Default values for home-assistant.
 
 image:
   repository: homeassistant/home-assistant
   pullPolicy: IfNotPresent
-  tag: 2020.12.1
+  tag: 2021.1.5
 
 strategy:
   type: Recreate

charts/icantbelieveitsnotvaletudo/README.md

@@ -1,6 +1,6 @@
 # I can't belive it's not Valetudo
 
-Map generation companion service for [Valetudo](valetudo.cloud)
+Map generation companion service for [Valetudo](https://valetudo.cloud/)
 
 ## TL;DR;
 

charts/mosquitto/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "1.6.12"
+appVersion: "2.0.4"
 description: Eclipse Mosquitto - An open source MQTT broker
 name: mosquitto
-version: 0.6.0
+version: 0.7.0
 keywords:
   - message queue
   - MQTT

charts/mosquitto/templates/configmap.yaml

@@ -40,20 +40,6 @@ data:
     #per_listener_settings false
 
 
-    # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
-    # and foo/+/baz , then MQTT expects that when the broker receives a message on
-    # a topic that matches both subscriptions, such as foo/bar/baz, then the client
-    # should only receive the message once.
-    # Mosquitto keeps track of which clients a message has been sent to in order to
-    # meet this requirement. The allow_duplicate_messages option allows this
-    # behaviour to be disabled, which may be useful if you have a large number of
-    # clients subscribed to the same set of topics and are very concerned about
-    # minimising memory usage.
-    # It can be safely set to true if you know in advance that your clients will
-    # never have overlapping subscriptions, otherwise your clients must be able to
-    # correctly deal with duplicate messages even when then have QoS=2.
-    #allow_duplicate_messages false
-
     # This option controls whether a client is allowed to connect with a zero
     # length client id or not. This option only affects clients using MQTT v3.1.1
     # and later. If set to false, clients connecting with a zero length client id
@@ -120,12 +106,16 @@ data:
     # be queued until the first limit is reached.
     #max_queued_bytes 0
 
+    # Set the maximum QoS supported. Clients publishing at a QoS higher than
+    # specified here will be disconnected.
+    #max_qos 2
+
     # The maximum number of QoS 1 and 2 messages to hold in a queue per client
-    # above those that are currently in-flight.  Defaults to 100. Set
+    # above those that are currently in-flight.  Defaults to 1000. Set
     # to 0 for no maximum (not recommended).
     # See also queue_qos0_messages.
     # See also max_queued_bytes.
-    #max_queued_messages 100
+    #max_queued_messages 1000
     #
     # This option sets the maximum number of heap memory bytes that the broker will
     # allocate, and hence sets a hard limit on memory use by the broker.  Memory
@@ -164,7 +154,7 @@ data:
 
     # Write process id to a file. Default is a blank string which means
     # a pid file shouldn't be written.
-    # This should be set to /var/run/mosquitto.pid if mosquitto is
+    # This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
     # being run automatically on boot with an init script and
     # start-stop-daemon or similar.
     #pid_file
@@ -201,171 +191,15 @@ data:
     # When run as root, drop privileges to this user and its primary
     # group.
     # Set to root to stay as root, but this is not recommended.
+    # If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+    # then it will drop privileges to the "nobody" user instead.
     # If run as a non-root user, this setting has no effect.
-    # Note that on Windows this has no effect and so mosquitto should
-    # be started by the user you wish it to run as.
+    # Note that on Windows this has no effect and so mosquitto should be started by
+    # the user you wish it to run as.
     #user mosquitto
 
     # =================================================================
-    # Default listener
-    # =================================================================
-
-    # IP address/hostname to bind the default listener to. If not
-    # given, the default listener will not be bound to a specific
-    # address and so will be accessible to all network interfaces.
-    # bind_address ip-address/host name
-    #bind_address
-
-    # Port to use for the default listener.
-    #port 1883
-
-    # Bind the listener to a specific interface. This is similar to
-    # bind_address above but is useful when an interface has multiple addresses or
-    # the address may change. It is valid to use this with the bind_address option,
-    # but take care that the interface you are binding to contains the address you
-    # are binding to, otherwise you will not be able to connect.
-    # Example: bind_interface eth0
-    #bind_interface
-
-    # When a listener is using the websockets protocol, it is possible to serve
-    # http data as well. Set http_dir to a directory which contains the files you
-    # wish to serve. If this option is not specified, then no normal http
-    # connections will be possible.
-    #http_dir
-
-    # The maximum number of client connections to allow. This is
-    # a per listener setting.
-    # Default is -1, which means unlimited connections.
-    # Note that other process limits mean that unlimited connections
-    # are not really possible. Typically the default maximum number of
-    # connections possible is around 1024.
-    #max_connections -1
-
-    # Choose the protocol to use when listening.
-    # This can be either mqtt or websockets.
-    # Websockets support is currently disabled by default at compile time.
-    # Certificate based TLS may be used with websockets, except that
-    # only the cafile, certfile, keyfile and ciphers options are supported.
-    #protocol mqtt
-
-    # Set use_username_as_clientid to true to replace the clientid that a client
-    # connected with with its username. This allows authentication to be tied to
-    # the clientid, which means that it is possible to prevent one client
-    # disconnecting another by using the same clientid.
-    # If a client connects with no username it will be disconnected as not
-    # authorised when this option is set to true.
-    # Do not use in conjunction with clientid_prefixes.
-    # See also use_identity_as_username.
-    #use_username_as_clientid
-
-    # -----------------------------------------------------------------
-    # Certificate based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS
-    # is 8883, but this must be set manually.
-    #
-    # See also the mosquitto-tls man page.
-
-    # At least one of cafile or capath must be defined. They both
-    # define methods of accessing the PEM encoded Certificate
-    # Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
-
-    # Path to the PEM encoded server certificate.
-    #certfile
-
-    # Path to the PEM encoded keyfile.
-    #keyfile
-
-
-    # If you have require_certificate set to true, you can create a certificate
-    # revocation list file to revoke access to particular client certificates. If
-    # you have done this, use crlfile to point to the PEM encoded revocation file.
-    #crlfile
-
-    # If you wish to control which encryption ciphers are used, use the ciphers
-    # option. The list of available ciphers can be obtained using the "openssl
-    # ciphers" command and should be provided in the same format as the output of
-    # that command.
-    # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-    #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
-
-    # To allow the use of ephemeral DH key exchange, which provides forward
-    # security, the listener must load DH parameters. This can be specified with
-    # the dhparamfile option. The dhparamfile can be generated with the command
-    # e.g. "openssl dhparam -out dhparam.pem 2048"
-    #dhparamfile
-
-    # By default a TLS enabled listener will operate in a similar fashion to a
-    # https enabled web server, in that the server has a certificate signed by a CA
-    # and the client will verify that it is a trusted certificate. The overall aim
-    # is encryption of the network traffic. By setting require_certificate to true,
-    # the client must provide a valid certificate in order for the network
-    # connection to proceed. This allows access to the broker to be controlled
-    # outside of the mechanisms provided by MQTT.
-    #require_certificate false
-
-    # This option defines the version of the TLS protocol to use for this listener.
-    # The default value allows all of v1.3, v1.2 and v1.1. The valid values are
-    # tlsv1.3 tlsv1.2 and tlsv1.1.
-    #tls_version
-
-    # If require_certificate is true, you may set use_identity_as_username to true
-    # to use the CN value from the client certificate as a username. If this is
-    # true, the password_file option will not be used for this listener.
-    # This takes priority over use_subject_as_username.
-    # See also use_subject_as_username.
-    #use_identity_as_username false
-
-    # If require_certificate is true, you may set use_subject_as_username to true
-    # to use the complete subject value from the client certificate as a username.
-    # If this is true, the password_file option will not be used for this listener.
-    # See also use_identity_as_username
-    #use_subject_as_username false
-
-    # -----------------------------------------------------------------
-    # Pre-shared-key based SSL/TLS support
-    # -----------------------------------------------------------------
-    # The following options can be used to enable PSK based SSL/TLS support for
-    # this listener. Note that the recommended port for MQTT over TLS is 8883, but
-    # this must be set manually.
-    #
-    # See also the mosquitto-tls man page and the "Certificate based SSL/TLS
-    # support" section. Only one of certificate or PSK encryption support can be
-    # enabled for any listener.
-
-    # The psk_hint option enables pre-shared-key support for this listener and also
-    # acts as an identifier for this listener. The hint is sent to clients and may
-    # be used locally to aid authentication. The hint is a free form string that
-    # doesn't have much meaning in itself, so feel free to be creative.
-    # If this option is provided, see psk_file to define the pre-shared keys to be
-    # used or create a security plugin to handle them.
-    #psk_hint
-
-    # When using PSK, the encryption ciphers used will be chosen from the list of
-    # available PSK ciphers. If you want to control which ciphers are available,
-    # use the "ciphers" option.  The list of available ciphers can be obtained
-    # using the "openssl ciphers" command and should be provided in the same format
-    # as the output of that command.
-    #ciphers
-
-    # Set use_identity_as_username to have the psk identity sent by the client used
-    # as its username. Authentication will be carried out using the PSK rather than
-    # the MQTT username/password and so password_file will not be used for this
-    # listener.
-    #use_identity_as_username false
-
-
-    # =================================================================
-    # Extra listeners
+    # Listeners
     # =================================================================
 
     # Listen on a port/ip address combination. By using this variable
@@ -379,8 +213,28 @@ data:
     # interface. By default, mosquitto will listen on all interfaces.
     # Note that for a websockets listener it is not possible to bind to a host
     # name.
-    # listener port-number [ip address/host name]
-    #listener
+    #
+    # On systems that support Unix Domain Sockets, it is also possible
+    # to create a # Unix socket rather than opening a TCP socket. In
+    # this case, the port number should be set to 0 and a unix socket
+    # path must be provided, e.g.
+    # listener 0 /tmp/mosquitto.sock
+    #
+    # listener port-number [ip address/host name/unix socket path]
+    listener {{ .Values.service.port }}
+
+    # By default, a listener will attempt to listen on all supported IP protocol
+    # versions. If you do not have an IPv4 or IPv6 interface you may wish to
+    # disable support for either of those protocol versions. In particular, note
+    # that due to the limitations of the websockets library, it will only ever
+    # attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
+    # if IPv6 is not available.
+    #
+    # Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
+    # force the listener to only use IPv6. If you want support for both IPv4 and
+    # IPv6, then do not use the socket_domain option.
+    #
+    #socket_domain
 
     # Bind the listener to a specific interface. This is similar to
     # the [ip address/host name] part of the listener definition, but is useful
@@ -416,7 +270,7 @@ data:
     # Choose the protocol to use when listening.
     # This can be either mqtt or websockets.
     # Certificate based TLS may be used with websockets, except that only the
-    # cafile, certfile, keyfile and ciphers options are supported.
+    # cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
     #protocol mqtt
 
     # Set use_username_as_clientid to true to replace the clientid that a client
@@ -447,17 +301,8 @@ data:
     # support" section. Only one of certificate or PSK encryption support can be
     # enabled for any listener.
 
-    # At least one of cafile or capath must be defined to enable certificate based
-    # TLS encryption. They both define methods of accessing the PEM encoded
-    # Certificate Authority certificates that have signed your server certificate
-    # and that you wish to trust.
-    # cafile defines the path to a file containing the CA certificates.
-    # capath defines a directory that will be searched for files
-    # containing the CA certificates. For capath to work correctly, the
-    # certificate files must have ".crt" as the file ending and you must run
-    # "openssl rehash <path to capath>" each time you add/remove a certificate.
-    #cafile
-    #capath
+    # Both of certfile and keyfile must be defined to enable certificate based
+    # TLS encryption.
 
     # Path to the PEM encoded server certificate.
     #certfile
@@ -465,13 +310,17 @@ data:
     # Path to the PEM encoded keyfile.
     #keyfile
 
-
     # If you wish to control which encryption ciphers are used, use the ciphers
     # option. The list of available ciphers can be optained using the "openssl
     # ciphers" command and should be provided in the same format as the output of
-    # that command.
+    # that command. This applies to TLS 1.2 and earlier versions only. Use
+    # ciphers_tls1.3 for TLS v1.3.
     #ciphers
 
+    # Choose which TLS v1.3 ciphersuites are used for this listener.
+    # Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+    #ciphers_tls1.3
+
     # If you have require_certificate set to true, you can create a certificate
     # revocation list file to revoke access to particular client certificates. If
     # you have done this, use crlfile to point to the PEM encoded revocation file.
@@ -492,6 +341,18 @@ data:
     # outside of the mechanisms provided by MQTT.
     #require_certificate false
 
+    # cafile and capath define methods of accessing the PEM encoded
+    # Certificate Authority certificates that will be considered trusted when
+    # checking incoming client certificates.
+    # cafile defines the path to a file containing the CA certificates.
+    # capath defines a directory that will be searched for files
+    # containing the CA certificates. For capath to work correctly, the
+    # certificate files must have ".crt" as the file ending and you must run
+    # "openssl rehash <path to capath>" each time you add/remove a certificate.
+    #cafile
+    #capath
+
+
     # If require_certificate is true, you may set use_identity_as_username to true
     # to use the CN value from the client certificate as a username. If this is
     # true, the password_file option will not be used for this listener.
@@ -566,9 +427,9 @@ data:
     # the path.
     #persistence_file mosquitto.db
 
-    # Location for persistent database. Must include trailing /
+    # Location for persistent database.
     # Default is an empty string (current directory).
-    # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
+    # Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
     # similar.
     #persistence_location
     {{- if .Values.persistence.enabled }}
@@ -582,7 +443,7 @@ data:
 
     # Places to log to. Use multiple log_dest lines for multiple
     # logging destinations.
-    # Possible destinations are: stdout stderr syslog topic file
+    # Possible destinations are: stdout stderr syslog topic file dlt
     #
     # stdout and stderr log to the console on the named output.
     #
@@ -600,6 +461,9 @@ data:
     # closed and reopened when the broker receives a HUP signal. Only a single file
     # destination may be configured.
     #
+    # The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
+    # This requires that Mosquitto has been compiled with DLT support.
+    #
     # Note that if the broker is running as a Windows service it will default to
     # "log_dest none" and neither stdout nor stderr logging is available.
     # Use "log_dest none" if you wish to disable logging.
@@ -661,12 +525,11 @@ data:
     # false then a password file should be created (see the
     # password_file option) to control authenticated client access.
     #
-    # Defaults to true if no other security options are set. If `password_file` or
-    # `psk_file` is set, or if an authentication plugin is loaded which implements
-    # username/password or TLS-PSK checks, then `allow_anonymous` defaults to
-    # false.
-    #
-    #allow_anonymous true
+    # Defaults to false, unless there are no listeners defined in the configuration
+    # file, in which case it is set to true, but connections are only allowed from
+    # the local machine.
+    #allow_anonymous false
+    allow_anonymous true
 
     # -----------------------------------------------------------------
     # Default authentication and topic access control
@@ -701,13 +564,17 @@ data:
     # comment.
     # Topic access is added with lines of the format:
     #
-    # topic [read|write|readwrite] <topic>
+    # topic [read|write|readwrite|deny] <topic>
     #
-    # The access type is controlled using "read", "write" or "readwrite". This
-    # parameter is optional (unless <topic> contains a space character) - if not
-    # given then the access is read/write.  <topic> can contain the + or #
+    # The access type is controlled using "read", "write", "readwrite" or "deny".
+    # This parameter is optional (unless <topic> contains a space character) - if
+    # not given then the access is read/write.  <topic> can contain the + or #
     # wildcards as in subscriptions.
     #
+    # The "deny" option can used to explicity deny access to a topic that would
+    # otherwise be granted by a broader read/write/readwrite statement. Any "deny"
+    # topics are handled before topics that grant read/write access.
+    #
     # The first set of topics are applied to anonymous clients, assuming
     # allow_anonymous is true. User specific topic ACLs are added after a
     # user line as follows:
@@ -811,6 +678,10 @@ data:
     #address <host>[:<port>] [<host>[:<port>]]
     #topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
 
+    # If you need to have the bridge connect over a particular network interface,
+    # use bridge_bind_address to tell the bridge which local IP address the socket
+    # should bind to, e.g. `bridge_bind_address 192.168.1.10`
+    #bridge_bind_address
 
     # If a bridge has topics that have "out" direction, the default behaviour is to
     # send an unsubscribe request to the remote broker on that topic. This means
@@ -821,7 +692,7 @@ data:
     #bridge_attempt_unsubscribe true
 
     # Set the version of the MQTT protocol to use with for this bridge. Can be one
-    # of mqttv311 or mqttv11. Defaults to mqttv311.
+    # of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
     #bridge_protocol_version mqttv311
 
     # Set the clean session variable for this bridge.
@@ -939,6 +810,23 @@ data:
     # properly.
     #try_private true
 
+    # Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
+    # for brokers to tell clients that they do not support retained messages, but
+    # this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
+    # v3.1.1 or v3.1 broker that does not support retained messages, set the
+    # bridge_outgoing_retain option to false. This will remove the retain bit on
+    # all outgoing messages to that bridge, regardless of any other setting.
+    #bridge_outgoing_retain true
+
+    # If you wish to restrict the size of messages sent to a remote bridge, use the
+    # bridge_max_packet_size option. This sets the maximum number of bytes for
+    # the total message, including headers and payload.
+    # Note that MQTT v5 brokers may provide their own maximum-packet-size property.
+    # In this case, the smaller of the two limits will be used.
+    # Set to 0 for "unlimited".
+    #bridge_max_packet_size 0
+
+
     # -----------------------------------------------------------------
     # Certificate based SSL/TLS support
     # -----------------------------------------------------------------

charts/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 4.1.0
+version: 4.3.0
 apiVersion: v1
 appVersion: 5.1.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

charts/oauth2-proxy/README.md

@@ -119,6 +119,10 @@ Parameter | Description | Default
 `serviceAccount.name` | the service account name | ``
 `serviceAccount.annotations` | (optional) annotations for the service account | `{}`
 `tolerations` | list of node taints to tolerate | `[]`
+`topologySpreadConstraints.enabled` | enable Kubernetes [topologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `false`
+`topologySpreadConstraints.maxSkew` | the degree to which Pods may be unevenly distributed | `1`
+`topologySpreadConstraints.topologyKey` | the key of node labels | `topology.kubernetes.io/zone`
+`topologySpreadConstraints.whenUnsatisfiable` | how to deal with a Pod if it doesn't satisfy the spread constraint (`DoNotSchedule`, `ScheduleAnyway`) | `DoNotSchedule`
 `securityContext.enabled` | enable Kubernetes security context on container | `false`
 `securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
 `proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`

charts/oauth2-proxy/templates/deployment.yaml

@@ -208,3 +208,15 @@ spec:
     {{- end }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
+{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Values.topologySpreadConstraints.enabled }}
+      topologySpreadConstraints:
+      - labelSelector:
+          matchLabels:
+            app: {{ template "oauth2-proxy.name" . }}
+            release: "{{ .Release.Name }}"
+        maxSkew: {{ .Values.topologySpreadConstraints.maxSkew }}
+        topologyKey: {{ .Values.topologySpreadConstraints.topologyKey }}
+        whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/values.yaml

@@ -9,7 +9,7 @@ config:
   # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
   # Example:
   # existingSecret: secret
-  cookieSecret: "XXXXXXXXXX"
+  cookieSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   google: {}
     # adminEmail: xxxx
     # serviceAccountJson: xxxx
@@ -29,8 +29,8 @@ config:
   # existingConfig: config
 
 image:
-  repository: "quay.io/pusher/oauth2_proxy"
-  tag: "v5.1.0"
+  repository: "quay.io/oauth2-proxy/oauth2-proxy"
+  tag: "v6.1.1"
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -186,3 +186,13 @@ htpasswdFile:
   # example:
   # entries:
   #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv
+
+## Configure Pod Topology Spread Constraints
+## See https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+## Requires Kubernetes >= v1.16
+topologySpreadConstraints:
+  enabled: false
+  maxSkew: 1
+  # See https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/
+  topologyKey: topology.kubernetes.io/zone
+  whenUnsatisfiable: DoNotSchedule

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.681
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 name: ombi
-version: 6.4.1
+version: 7.0.0
 keywords:
   - ombi
   - plex
@@ -22,7 +22,3 @@ dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
     version: 2.2.1
-  - name: mariadb
-    version: 9.2.0
-    repository: https://charts.bitnami.com/bitnami
-    condition: mariadb.enabled

charts/ombi/values.yaml

@@ -21,16 +21,3 @@ persistence:
   config:
     enabled: false
     emptyDir: false
-
-# Enabled mariadb
-# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/mariadb
-mariadb:
-  enabled: false
-  architecture: standalone
-  auth:
-    database: ombi
-    username: ombi
-    password: ombi
-  primary:
-    persistence:
-      enabled: false

charts/overseerr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/overseerr/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: Overseerr is a free and open source software application for managing requests for your media library. It integrates with your existing services such as Sonarr, Radarr and Plex!
+name: overseerr
+version: 1.0.0
+keywords:
+  - overseerr
+  - plex
+  - sonarr
+  - radarr
+home: https://github.com/k8s-at-home/charts/tree/master/charts/overseerr
+icon: https://i.imgur.com/TMoEG7g.png
+sources:
+  - https://github.com/sct/overseerr
+  - https://hub.docker.com/r/sctx/overseerr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/overseerr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/overseerr/README.md

@@ -0,0 +1,67 @@
+# Overseerr
+
+This is a helm chart for [Overseerr](https://github.com/sct/overseerr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/overseerr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/overseerr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/overseerr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install overseerr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/overseerr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install overseerr k8s-at-home/overseerr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/overseerr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/overseerr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/overseerr/values.yaml

@@ -0,0 +1,23 @@
+# Default values for Overseerr.
+
+image:
+  repository: sctx/overseerr
+  pullPolicy: IfNotPresent
+  tag: 1.16.0
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 5055
+
+env: {}
+  # TZ: UTC
+  # LOG_LEVEL: info
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /app/config

charts/plex/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.1.1
+version: 2.3.0
 keywords:
   - plex
 home: https://plex.tv/

charts/plex/templates/deployment.yaml

@@ -191,25 +191,18 @@ spec:
             value: "customCertificateDomain={{.Values.certificate.pkcsMangler.setPlexPreferences.customCertificateDomain}}"
 {{- end }}
 {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
           readinessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+            {{- omit .Values.probes.readiness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+            {{- omit .Values.probes.liveness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
           startupProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+            {{- omit .Values.probes.startup "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           volumeMounts:
           {{- if .Values.persistence.data.enabled }}
           - name: data
@@ -310,6 +303,9 @@ spec:
       - name: {{ .name }}
         persistentVolumeClaim:
           claimName: {{ .claimName }}
+  {{- else if .volume }}
+      - name: {{ .name }}
+        {{- toYaml .volume | nindent 8 }}
   {{- end }}
 {{- end }}
       - name: shared

charts/plex/values.yaml

@@ -223,6 +223,16 @@ persistence:
   #   claimName: optional-claim
   #   mountPath: /mnt/path/in/pod
   #   subPath: optional/sub/path
+  #
+  ## Example using an existing NFS filer directly. Below the 'volume' key all volume types are allowed (eg. nfs, iscsi, hostPath).
+  ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#volume-v1-core for further information
+  # - name: example2
+  #   mountPath: mnt/example2
+  #   volume:
+  #     nfs:
+  #       server: <nfs server fqdn or ip>
+  #       path: <nfs export path>
+  #       readOnly: true
 
   config:
     # Optionally specify claimName to manually override the PVC to be used for
@@ -309,12 +319,24 @@ logging:
 # Probes configuration
 probes:
   liveness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   readiness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   startup:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     initialDelaySeconds: 5
     failureThreshold: 30
     periodSeconds: 10

charts/powerdns/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.3.1
 description: PowerDNS is a DNS server, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms. A DNS recursor is provided as a separate program.
 name: powerdns
-version: 3.0.1
+version: 3.0.2
 home: https://www.powerdns.com/
 sources:
   - http://www.github.com/PowerDNS/

charts/powerdns/templates/deployment.yaml

@@ -94,6 +94,9 @@ spec:
             - name: dns-udp
               containerPort: 53
               protocol: UDP
+            - name: dns-webserver
+              containerPort: 8081
+              protocol: TCP
           {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
             tcpSocket:
@@ -121,13 +124,13 @@ spec:
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "mariadb"}} 3306;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "mariadb"}} 3306; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
 {{- if .Values.postgresql.enabled }}
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "postgresql"}} 5432;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "postgresql"}} 5432; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
           resources:
 {{- toYaml .Values.resources | nindent 12 }}

charts/rtorrent-flood/README.md

@@ -1,3 +1,27 @@
 # rTorrent/flood BitTorrent client
 
-TBD
+## Setup
+
+NB: This chart will start 2 containers in a single pod, when both containers are started, you will be able to configure flood.
+
+1. Install the chart `helm install rtorrent k8s-at-home/rtorrent-flood`
+
+2. Port-forward to the container `kubectl port-forward $(kubectl get pods -A -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name"=="rtorrent-flood")' | jq .metadata.name -r) 3000:3000`
+
+3. To connect flood to rtorrent, provide the socket path : `/tmp/rtorrent.sock`
+
+4. When connected with flood to rtorrent, go to the settings and change the download path to `/data` which is set by default by the chart
+
+5. You should be able to start downloading torrents now :)
+
+
+## Custom parameters
+
+Like any other chart, you can provide a file with your own values (check `./values.yaml` for reference) :
+
+`helm install rtorrent k8s-at-home/rtorrent-flood -f my-values.yaml`
+
+
+## Pitfalls
+
+You may need to change the StorageClass depending on your kubernetes setup or the containers won't start, use a custom `values.yaml` file to do so.

charts/speedtest-prometheus/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: speedtest-prometheus
 description: Prometheus Exporter for the official Speedtest CLI
 type: application
-version: 2.0.0
+version: 2.1.0
 appVersion: 1.1.0
 keywords:
 - speedtest

charts/speedtest-prometheus/templates/deployment.yaml

@@ -11,6 +11,10 @@ spec:
       {{- include "speedtest-prometheus.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
         {{- include "speedtest-prometheus.selectorLabels" . | nindent 8 }}
     spec:

charts/speedtest-prometheus/values.yaml

@@ -46,6 +46,8 @@ tolerations: []
 
 affinity: {}
 
+podAnnotations: {}
+
 serviceMonitor:
   enabled: false
   interval: "60m"

charts/teedy/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/teedy/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+appVersion: v1.9
+description: Teedy is an open source, lightweight document management system for individuals and businesses.
+name: teedy
+version: 1.0.1
+keywords:
+  - teedy
+  - documents
+  - management
+home: https://github.com/k8s-at-home/charts/tree/master/charts/teedy
+icon: https://camo.githubusercontent.com/529d95bcf95198a51c7176ed59068238a6099ee6828aa47a3aac697d6c5ee5f4/68747470733a2f2f74656564792e696f2f696d672f6769746875622d7469746c652e706e67
+sources:
+  - https://github.com/sismics/docs
+  - https://github.com/k8s-at-home/charts/tree/master/charts/teedy
+maintainers:
+  - name: carpenike
+    email: ryan@ryanholt.net
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1
+  - name: postgresql
+    version: 10.2.5
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled

charts/teedy/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/teedy/README.md

@@ -0,0 +1,68 @@
+# teedy
+
+This is a helm chart for [teedy](https://github.com/sismics/docs).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/teedy
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/teedy
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/teedy/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install teedy \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/teedy
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install teedy k8s-at-home/teedy --values values.yaml
+```
+
+These values will be nested as it is a dependency, for example
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/teedy/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/teedy/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/teedy/values.yaml

@@ -0,0 +1,46 @@
+# Default values for teedy.
+
+image:
+  repository: sismics/docs
+  pullPolicy: IfNotPresent
+  tag: v1.9
+
+strategy:
+  type: Recreate
+
+# See more environment varaibles in the teedy documentation
+# https://github.com/sismics/docs
+env: {}
+  # DOCS_DEFAULT_LANGUAGE: eng
+  # DOCS_BASE_URL:
+  # DOCS_ADMIN_EMAIL_INIT:
+  # DOCS_ADMIN_PASSWORD_INIT:
+  # DATABASE_URL: 'jdbc:postgresql://teedy-postgresql:5432/teedydb"
+  # DATABASE_USER: teedyuser
+  # DATABASE_PASSWORD: "$2y$12$/MehlbYmXDq8sz1xdqOupOOHNUdsVrBLakdev6y5qqTUeHZqicYA6" # teedypassword
+  # DOCS_SMTP_HOSTNAME:
+  # DOCS_SMTP_PORT:
+  # DOCS_SMTP_USERNAME:
+  # DOCS_SMTP_PASSWORD:
+  # TZ:
+
+service:
+  port:
+    port: 8080
+
+persistence:
+  data:
+    enabled: false
+    emptyDir: false
+    mountPath: /data
+
+# Enables postgres
+# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/postgresql
+postgresql:
+  enabled: false
+  postgresqlUsername: teedyuser
+  postgresqlPassword: teedypassword
+  postgresqlDatabase: teedydb
+  persistence:
+    enabled: false
+    # storageClass: ""

charts/traefik-forward-auth/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: traefik-forward-auth
 description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
 type: application
-version: 1.0.4
+version: 1.0.5
 appVersion: 2.2.0
 keywords:
   - traefik

charts/traefik-forward-auth/README.md

@@ -1,6 +1,6 @@
 # traefik-forward-auth
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/traefik-forward-auth)](https://artifacthub.io/packages/helm/traefik-forward-auth)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.0.5](https://img.shields.io/badge/Version-1.0.5-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/traefik-forward-auth)](https://artifacthub.io/packages/helm/k8s-at-home/traefik-forward-auth)
 
 A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
 
@@ -61,11 +61,11 @@ helm install traefik-forward-auth k8s-at-home/traefik-forward-auth --values valu
 | cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) |
 | cookie.insecure | string | `""` | Use insecure cookies |
 | cookie.name | string | `""` | Cookie Name (default: _forward_auth) |
-| cookie.secret | string| `""` | Cookie Secret - useful when running multiple instances |
+| cookie.secret | string | `""` | Cookie Secret used for authentication across multiple instances / clusters (default: randomly generated) |
 | default.action | string | `""` | [auth|allow] Default action (default: auth) |
 | default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) |
 | env | list | `[]` |  |
-| envFrom | list | `[]` | Load environment variables from secrets or configmaps |
+| envFrom | string | `nil` |  |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"thomseddon/traefik-forward-auth"` |  |

charts/unpackerr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/unpackerr/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 0.7.2
+description: This application runs as a daemon on your download host. It checks for completed downloads and extracts them so Radarr, Lidarr, Sonarr, and Readarr may import them.
+name: unpackerr
+version: 1.0.0
+keywords:
+  - unpackerr
+  - sonarr
+  - radarr
+  - lidarr
+  - readarr
+home: https://github.com/k8s-at-home/charts/tree/master/charts/unpackerr
+icon: https://raw.githubusercontent.com/wiki/davidnewhall/unpackerr/images/unpackerr-logo-text.png
+sources:
+  - https://github.com/davidnewhall/unpackerr
+  - https://hub.docker.com/r/golift/unpackerr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/unpackerr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/unpackerr/README.md

@@ -0,0 +1,67 @@
+# Unpackerr
+
+This is a helm chart for [Unpackerr](https://github.com/davidnewhall/unpackerr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/unpackerr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/unpackerr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/unpackerr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install unpackerr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/unpackerr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install unpackerr k8s-at-home/unpackerr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/unpackerr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/unpackerr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/unpackerr/values.yaml

@@ -0,0 +1,43 @@
+# Default values for Unpackerr.
+
+image:
+  repository: golift/unpackerr
+  pullPolicy: IfNotPresent
+  tag: 0.7.2
+
+strategy:
+  type: Recreate
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
+# # See more environment variables in the unpackerr documentation
+# https://github.com/davidnewhall/unpackerr#docker-env-variables
+env: {}
+  # TZ: UTC
+
+persistence:
+  downloads:
+    enabled: false
+    emptyDir: false
+    mountPath: /downloads
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""

charts/xbackbone/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/xbackbone/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 3.3.3
+description: XBackBone is a simple, self-hosted, lightweight PHP file manager that support the instant sharing tool ShareX and *NIX systems. It supports uploading and displaying images, GIF, video, code, formatted text, and file downloading and uploading. Also have a web UI with multi user management, past uploads history and search support.
+name: xbackbone
+version: 1.0.0
+keywords:
+  - xbackbone
+  - xshare
+home: https://github.com/k8s-at-home/charts/tree/master/charts/xbackbone
+icon: https://github.com/SergiX44/XBackBone/raw/master/.github/xbackbone.png
+sources:
+  - https://github.com/SergiX44/XBackBone
+  - https://hub.docker.com/r/pe46dro/xbackbone-docker
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/xbackbone/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/xbackbone/README.md

@@ -0,0 +1,67 @@
+# XBackBone
+
+This is a helm chart for [XBackBone](https://github.com/SergiX44/XBackBone).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/xbackbone
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/xbackbone
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/xbackbone/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install xbackbone \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/xbackbone
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install xbackbone k8s-at-home/xbackbone --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/xbackbone/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/xbackbone/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/xbackbone/values.yaml

@@ -0,0 +1,23 @@
+# Default values for XBackbone.
+
+image:
+  repository: pe46dro/xbackbone-docker
+  pullPolicy: IfNotPresent
+  tag: 3.3.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+env: {}
+  # TZ: UTC
+  # LOG_LEVEL: info
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /app/config

charts/zigbee2mqtt/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.17.0
 description: Bridges events and allows you to control your Zigbee devices via MQTT
 name: zigbee2mqtt
-version: 4.2.1
+version: 5.0.0
 keywords:
   - zigbee
   - mqtt

charts/zigbee2mqtt/values.yaml

@@ -1,4 +1,6 @@
 # Default values for zigbee2mqtt.
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/charts/tree/master/charts/common
 
 image:
   repository: koenkk/zigbee2mqtt
@@ -15,8 +17,9 @@ service:
   port:
     port: 8080
 
-securityContext:
-  privileged: true
+# Privileged may be required if USB controller is accessed directly through the host machine
+# securityContext:
+#   privileged: true
 
 persistence:
   data:
@@ -37,15 +40,15 @@ persistence:
     # existingClaim: ""
 
 # Path to your zigbee device in the container
-additionalVolumeMounts:
-  - name: usb
-    mountPath: /dev/ttyACM0
+additionalVolumeMounts: []
+#  - name: usb
+#    mountPath: /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2400981-if00
 
 # Path to your zigbee device on the host
-additionalVolumes:
-  - name: usb
-    hostPath:
-      path: /dev/ttyACM0
+additionalVolumes: []
+#  - name: usb
+#    hostPath:
+#      path: /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2400981-if00
 
 # affinity:
 #   nodeAffinity:
@@ -65,6 +68,8 @@ config:
   homeassistant: false
 
   # allow new devices to join
+  # WARNING: Disable this after all devices have been paired! (default: false)
+  # Note: this will be controllable in the UI
   permit_join: true
 
   # MQTT settings
@@ -76,16 +81,49 @@ config:
     # MQTT server authentication, uncomment if required:
     # user: my_user
     # password: my_password
+    # client_id: my_id
+    # Alternatively, credentials may be put into a separate file, managed through a secret:
+    # password: '!secret password'
+
+    # Optional: Include device information to mqtt messages (default: false)
+    include_device_information: true
 
   # USB / Serial settings
   serial:
     # Location of your zigbee device
-    port: /dev/ttyACM0
+    # port: /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2400981-if00
+
+    # Optional: adapter type, not needed unless you are experiencing problems (options: zstack, deconz)
+    # adapter: deconz
 
   advanced:
     network_key: GENERATE
     log_output:
       - console
+    log_level: info
+
+    # Optional: ZigBee channel, changing requires re-pairing of all devices. (Note: use a ZLL channel: 11, 15, 20, or 25 to avoid Problems)
+    # default: 11
+    # channel: 11
+
+    # Optional: Baudrate for serial port (default: 115200 for Z-Stack, 38400 for Deconz)
+    # baudrate: 38400
+
+    # Optional: RTS / CTS Hardware Flow Control for serial port (default: false)
+    # rtscts: true
+
+    # Optional: Add a last_seen attribute to MQTT messages, contains date/time of last Zigbee message
+    # possible values are: disable (default), ISO_8601, ISO_8601_local, epoch (default: disable)
+    last_seen: 'ISO_8601'
+
+    homeassistant_discovery_topic: 'homeassistant'
+    homeassistant_status_topic: 'homeassistant/status'
+
+    # Optional: Enables report feature (see information -> report for more details) (default: false)
+    # report: true
+
+    # Optional: Add an elapsed attribute to MQTT messages, contains milliseconds since the previous msg (default: false)
+    # elapsed: true
 
   # Both of these need to be enabled for the webui
   frontend:

charts/zwave2mqtt/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.6
 description: Fully configurable Zwave to MQTT gateway and Control Panel using NodeJS and Vue
 name: zwave2mqtt
-version: 6.2.1
+version: 6.3.0
 keywords:
   - zwave
   - mqtt

charts/zwave2mqtt/values.yaml

@@ -11,6 +11,50 @@ strategy:
 env:
   OZW_AUTO_UPDATE_CONFIG: true
 
+probes:
+  liveness:
+    enabled: true
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+  readiness:
+    enabled: true
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+  startup:
+    enabled: false
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+
 service:
   port:
     port: 8091

charts/zwavejs2mqtt/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/zwavejs2mqtt/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+appVersion: 1.0.0-alpha.2
+description: Fully configurable Zwave to MQTT Gateway and Control Panel
+name: zwavejs2mqtt
+version: 1.1.0
+keywords:
+  - zwave
+  - mqtt
+  - home-assistant
+home: https://github.com/k8s-at-home/charts/tree/master/charts/zwavejs2mqtt
+icon: https://github.com/OpenZWave/Zwave2Mqtt/raw/master/docs/OZW_Logo.png
+sources:
+  - https://github.com/zwave-js/zwavejs2mqtt
+  - https://hub.docker.com/r/zwavejs/zwavejs2mqtt
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/zwavejs2mqtt/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/zwavejs2mqtt/README.md

@@ -0,0 +1,97 @@
+# zwavejs2mqtt
+
+This is a helm chart for [zwavejs2mqtt](https://github.com/zwave-js/zwavejs2mqtt).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/zwavejs2mqtt
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/zwavejs2mqtt
+```
+
+**IMPORTANT NOTE:** a zwave controller device must be accessible on the node where this pod runs, in order for this chart to function properly.
+
+First, you will need to mount your zwave device into the pod, you can do so by adding the following to your values:
+
+```yaml
+additionalVolumeMounts:
+  - name: usb
+    mountPath: /path/to/device
+
+additionalVolumes:
+  - name: usb
+    hostPath:
+      path: /path/to/device
+```
+
+Second you will need to set a nodeAffinity rule, for example:
+
+```yaml
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: app
+          operator: In
+          values:
+          - zwave-controller
+```
+
+... where a node with an attached zwave controller USB device is labeled with `app: zwave-controller`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/zwavejs2mqtt/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install my-release \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/zwavejs2mqtt
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install my-release k8s-at-home/zwavejs2mqtt --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/zwavejs2mqtt/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/zwavejs2mqtt/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/zwavejs2mqtt/values.yaml

@@ -0,0 +1,107 @@
+# Default values for zwavejs2mqtt.
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/charts/tree/master/charts/common
+
+image:
+  repository: zwavejs/zwavejs2mqtt
+  pullPolicy: IfNotPresent
+  tag: 1.0.0-alpha.2
+
+strategy:
+  type: Recreate
+
+# # See more environment variables in the zwavejs2mqtt documentation
+# https://zwave-js.github.io/zwavejs2mqtt/#/guide/env-vars
+env: {}
+  # OZW_NETWORK_KEY:
+
+probes:
+  liveness:
+    enabled: true
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+  readiness:
+    enabled: true
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+  startup:
+    enabled: false
+    # custom: true
+    # spec:
+    #   failureThreshold: 5
+    #   httpGet:
+    #     path: /health
+    #     port: http
+    #     httpHeaders:
+    #       - name: Accept
+    #         value: text/plain
+    #   initialDelaySeconds: 30
+    #   periodSeconds: 10
+    #   timeoutSeconds: 10
+
+service:
+  port:
+    port: 8091
+
+# Privileged may be required if USB controller is accessed directly through the host machine
+# securityContext:
+#   privileged: true
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /usr/src/app/store
+    ## Persistent Volume Storage Class
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    # storageClass: "-"
+    # accessMode: ReadWriteOnce
+    # size: 1Gi
+    ## Do not delete the pvc upon helm uninstall
+    # skipuninstall: false
+    # existingClaim: ""
+
+# Path to your zwave device in the container
+additionalVolumeMounts: []
+#  - name: usb
+#    mountPath: /dev/serial/by-id/usb-0658_0200-if00
+
+# Path to your zwave device on the host
+additionalVolumes: []
+#  - name: usb
+#    hostPath:
+#      path: /dev/serial/by-id/usb-0658_0200-if00
+
+# affinity:
+#   nodeAffinity:
+#     requiredDuringSchedulingIgnoredDuringExecution:
+#       nodeSelectorTerms:
+#       - matchExpressions:
+#         - key: app
+#           operator: In
+#           values:
+#           - zwave-controller