[traefik-forward-auth] Fix artifact hub links in README.md (#503)

* ombi: remove mariadb dep

* remove mariadb from values

.github/stale.yml

@@ -1,18 +1,32 @@
-daysUntilStale: 60
-daysUntilClose: 7
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 45
+
+# Number of days of inactivity before a stale Issue or Pull Request is closed.
+daysUntilClose: 5
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
 exemptLabels:
+  - on-hold
   - pinned
-staleLabel: lifecycle/stale
-pulls:
-  markComment: >
-    This pull request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
+
+# Label to use when marking as stale
+staleLabel: stale
+
 issues:
+  # Comment to post when marking as stale. Set to `false` to disable
   markComment: >
-    This issue request has been automatically marked as stale because it has not had
-    recent activity. It will be closed if no further activity occurs. Thank you
-    for your contributions.
-closeComment: false
-unmarkComment: >
-  /remove-lifecycle stale
+    This Issue has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thanks for the feedback.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
+pulls:
+  # Comment to post when marking as stale. Set to `false` to disable
+  markComment: >
+    This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 45 days). It will be closed if no further activity occurs. Thank you for your contribution.
+  # Comment to post when closing a stale Issue or Pull Request.
+  closeComment: >
+    Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30

charts/README.templates.md.gotmpl

@@ -14,7 +14,7 @@
     {{ template "repository.organization" . }}/{{ template "chart.name" . }}
 {{- end -}}
 {{- define "badge.artifactHub" -}}
-  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/{{ template "chart.name" . }})
+  [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/{{ template "chart.name" . }})](https://artifacthub.io/packages/helm/k8s-at-home/{{ template "chart.name" . }})
 {{- end -}}
 {{- define "description.multiarch" -}}
 The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
@@ -69,4 +69,4 @@ For example,
 ```console
 helm install {{ template "chart.name" . }} {{ template "helm.path" . }} --values values.yaml
 ```
-{{- end -}}
+{{- end -}}

charts/bitwardenrs/Chart.yaml

@@ -2,15 +2,15 @@ apiVersion: v2
 name: bitwardenrs
 description: Unofficial Bitwarden compatible server written in Rust
 type: application
-version: 1.1.1
-appVersion: 1.16.3
+version: 2.0.0
+appVersion: 1.18.0
 keywords:
   - bitwarden
   - bitwardenrs
   - bitwarden_rs
   - password
   - rust
-home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwarden_rs
+home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
 sources:
   - https://github.com/dani-garcia/bitwarden_rs
 maintainers:

charts/bitwardenrs/README.md

@@ -46,3 +46,13 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 ```console
 helm install bitwarden k8s-at-home/bitwardenrs  --values values.yaml 
 ```
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 1.1.1 -> 2.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.
+
+### Upgrading from 1.x.x to 2.x.x
+
+Chart version 2.0.0 introduces external database support.
+ * No actions required to continue with the default sqlite backend.
+ * Refer to the `bitwardenrs.externalDatabase` section of [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/bitwardenrs/values.yaml) to configure MySQL or PostgreSQL database backends.

charts/bitwardenrs/templates/_database.tpl

@@ -0,0 +1,38 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate environment variables for external database
+*/}}
+{{- define "bitwardenrs.externalDatabaseConfigMap" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if and (not .existingSecret.enabled) .user }}
+DATABASE_USER: {{ .user | quote }}
+{{- end }}
+{{- if and (not .existingSecret.enabled) .password }}
+DATABASE_PASSWORD: {{ .password | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "bitwardenrs.externalDatabaseEnv" -}}
+{{- with .Values.bitwardenrs.externalDatabase }}
+{{- if and .enabled (or (eq .type "postgresql") (eq .type "mysql")) }}
+{{- if .existingSecret.enabled }}
+- name: DATABASE_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.userKey | quote }}
+- name: DATABASE_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ .existingSecret.name | quote }}
+      key: {{ .existingSecret.passwordKey | quote }}
+{{- end }}
+{{- $dbport := not (empty .port) | ternary (printf ":%v" .port) "" }}
+- name: DATABASE_URL
+  value: {{ printf "%v://$(DATABASE_USER):$(DATABASE_PASSWORD)@%v%v/%v" .type .host $dbport .database }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/bitwardenrs/templates/configmap.yaml

@@ -12,8 +12,8 @@ data:
   WEBSOCKET_ENABLED: {{ .Values.bitwardenrs.websockets.enabled | quote }}
   {{- if and .Values.bitwardenrs.admin.enabled .Values.bitwardenrs.admin.disableAdminToken }}
   DISABLE_ADMIN_TOKEN: "true"
-    {{- end }}
-    {{- with .Values.bitwardenrs.smtp }}
+  {{- end }}
+  {{- with .Values.bitwardenrs.smtp }}
   {{- if .enabled }}
   SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .host | quote }}
   SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .from | quote }}
@@ -31,6 +31,20 @@ data:
   {{- end }}
   {{- end }}
   {{- end }}
+  {{- with .Values.bitwardenrs.yubico }}
+  {{- if .enabled }}
+  {{- if .server }}
+  YUBICO_SERVER: {{ .server | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .clientId }}
+  YUBICO_CLIENT_ID: {{ .clientId | quote }}
+  {{- end }}
+  {{- if and (not .existingSecret.enabled) .secretKey }}
+  YUBICO_SECRET_KEY: {{ .secretKey | quote }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- include "bitwardenrs.externalDatabaseConfigMap" . | nindent 2 }}
   {{- if .Values.env }}
   {{- toYaml .Values.env | nindent 2 }}
   {{- end }}

charts/bitwardenrs/templates/deployment.yaml

@@ -54,11 +54,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -70,9 +70,24 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
               containerPort: {{ .Values.bitwardenrs.gui.port }}

charts/bitwardenrs/templates/ingress.yaml

@@ -1,6 +1,7 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "bitwardenrs.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
+{{- $websockets := .Values.bitwardenrs.websockets -}}
 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
@@ -36,6 +37,16 @@ spec:
             backend:
               serviceName: {{ $fullName }}
               servicePort: {{ $svcPort }}
+          {{- if $websockets.enabled }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $websockets.port }}
+          - path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort}}
+          {{- end }}
           {{- end }}
     {{- end }}
   {{- end }}

charts/bitwardenrs/templates/statefulset.yaml

@@ -55,11 +55,11 @@ spec:
                   {{- else }}
                   name: {{ $fullName }}
                   key: admin-token
-                {{- end }}
-                {{- end }}
-                {{- end }}
-                {{- with .Values.bitwardenrs.smtp }}
-                {{- if eq .enabled true }}
+                  {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.smtp }}
+            {{- if eq .enabled true }}
             {{- if and .existingSecret.enabled (not .user) }}
             - name: SMTP_USERNAME
               valueFrom:
@@ -71,9 +71,24 @@ spec:
                 secretKeyRef:
                   name: {{ .existingSecret.name | quote }}
                   key: {{ .existingSecret.passwordKey | quote }}
-              {{- end }}
-          {{- end }}
-          {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- with .Values.bitwardenrs.yubico }}
+            {{- if and .enabled .existingSecret.enabled }}
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.clientIdKey | quote }}
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .existingSecret.name | quote }}
+                  key: {{ .existingSecret.secretKeyKey | quote }}
+            {{- end }}
+            {{- end }}
+            {{- include "bitwardenrs.externalDatabaseEnv" . | nindent 12 }}
           ports:
             - name: http
               containerPort: {{ .Values.bitwardenrs.gui.port }}

charts/bitwardenrs/values.yaml

@@ -27,6 +27,31 @@ bitwardenrs:
       enabled: false
       name: ""
       tokenKey: ""
+  # External database configuration.
+  # Requires bitwardenrs/server >= 1.17.0 or bitwardenrs/server-{mysql,postgres} images
+  # ref: https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-MySQL-Backend
+  #      https://github.com/dani-garcia/bitwarden_rs/wiki/Using-the-PostgreSQL-Backend
+  externalDatabase:
+    enabled: false
+    # Supported values: 'mysql', 'postgresql'.
+    type: ""
+    # Database host. Required if external database is enabled.
+    host: ""
+    # Database port. Optional, default value is specific to the database backend.
+    port: ""
+    # Database name.
+    database: ""
+    # Database user.
+    user: ""
+    # Database password. Special characters must be escaped with percent encoding.
+    password: ""
+    # Use existing secret for database credentials.
+    existingSecret:
+      enabled: false
+      name: ""
+      userKey: ""
+      # Special characters in the password value must be escaped with percent encoding.
+      passwordKey: ""
   # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
   smtp:
     enabled: false
@@ -50,6 +75,21 @@ bitwardenrs:
       name: ""
       userKey: ""
       passwordKey: ""
+  # Enable Yubikey 2FA: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
+  yubico:
+    enabled: false
+    # OTP verification server. Will use the default YubiCloud servers if not specified
+    server: ""
+    # API Client ID for OTP server. Ignored if existingSecret is provided.
+    clientId: ""
+    # API Secret Key for OTP server. Required if clientId is specified, ignored when using existingSecret.
+    secretKey: ""
+    # Use existing secret for API keys
+    existingSecret:
+      enabled: false
+      name: ""
+      clientIdKey: ""
+      secretKeyKey: ""
 
 env: {}
 # If you plan to run the WebUI on a port other than port 80, specify that here:

charts/blocky/Chart.yaml

@@ -1,11 +1,12 @@
 apiVersion: v2
-appVersion: v0.11
+appVersion: v0.12
 description: DNS proxy as ad-blocker for local network
 name: blocky
-version: 4.1.1
+version: 5.0.0
 keywords:
   - blocky
-  - dbs
+  - adblock
+  - dns
 home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
 icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
 sources:

charts/blocky/README.md

@@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 helm install --name blocky -f values.yaml k8s-at-home/blocky
 ```
 
+---
+
 ## Upgrading an existing Release to a new major version
 
 A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
@@ -72,3 +74,6 @@ kubectl delete svc/blocky
 
 This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
 
+### Upgrading from 4.x.x to 5.x.x
+
+Configuration inside `config` is no longer a yaml object, it is now a multiline string

charts/blocky/templates/configmap.yaml

@@ -9,12 +9,5 @@ metadata:
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
-{{- if .Values.config }}
-{{ $root := . }}
   config.yml: |
-{{ tpl (toYaml .Values.config | indent 4) $root }}
-{{- end }}
-{{- range $name, $value := .Values.extraLists }}
-  {{ $name }}: |-
-{{ $value | indent 4}}
-{{- end }}
+{{ .Values.config | indent 4 }}

charts/blocky/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- $blockyConfig := .Values.config | fromYaml }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -45,9 +46,9 @@ spec:
               subPath: {{ $name }}
               readOnly: true
             {{- end }}
-            {{- if .Values.config.queryLog }}
+            {{- if hasKey $blockyConfig "queryLog" }}
             - name: data
-              mountPath: {{ .Values.config.queryLog.dir }}
+              mountPath: {{ $blockyConfig.queryLog.dir }}
               {{- if .Values.persistence.subPath }}
               subPath: {{ .Values.persistence.subPath }}
               {{- end }}
@@ -96,7 +97,7 @@ spec:
                     - key: {{ $name }}
                       path: {{ $name }}
                   {{- end }}
-        {{- if .Values.config.queryLog }}
+        {{- if hasKey $blockyConfig "queryLog" }}
         - name: data
           {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

charts/blocky/values.yaml

@@ -1,6 +1,6 @@
 image:
   repository: spx01/blocky
-  tag: v0.11
+  tag: v0.12
   pullPolicy: IfNotPresent
 
 nameOverride: ""
@@ -10,29 +10,30 @@ replicas: 1
 
 timeZone: "UTC"
 
-# blocky configuration - will translate to config.yml file inside the pod
-config:
+# Blocky configuration, for a full list of options see
+# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
+config: |
   upstream:
     # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
-    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
     externalResolvers:
-      - udp:8.8.8.8
-      - udp:8.8.4.4
-      - udp:1.1.1.1
-      - tcp-tls:1.0.0.1:853
-      - https://cloudflare-dns.com/dns-query
+      - 46.182.19.48
+      - 80.241.218.68
+      - tcp-tls:fdns1.dismail.de:853
+      - https://dns.digitale-gesellschaft.ch/dns-query
 
   # optional: custom IP address for domain name (with all sub-domains)
   # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
-  # customDNS:
-  #   mapping:
-  #     printer.lan: 192.168.178.3
+  customDNS:
+    mapping:
+      printer.lan: 192.168.178.3
 
-  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
   # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
-  # conditional:
-  #   mapping:
-  #     fritz.box: udp:192.168.178.1
+  conditional:
+    mapping:
+      fritz.box: udp:192.168.178.1
+      lan.net: udp:192.168.178.1,udp:192.168.178.2
 
   # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
   blocking:
@@ -46,77 +47,95 @@ config:
         - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
         - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
       special:
-        - https://hosts-file.net/ad_servers.txt
-    # definition of whitelist groups. Attention: if the same group has black and whitelists,
-    # whitelists will be used to disable particular blacklist entries. If a group has only
-    # whitelist entries -> this means only domains from this list are allowed,
-    # all other domains will be blocked.
-    # Also see the extraLists section below to add your own in-line whitelists
-    # whiteLists:
-    #   ads:
-    #     - whitelist.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
+    # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
+    whiteLists:
+      ads:
+        - whitelist.txt
     # definition: which groups should be applied for which client
     clientGroupsBlock:
       # default will be used, if no special definition for a client name exists
       default:
         - ads
         - special
-      # use client name or ip address
-      # laptop.fritz.box:
-      #   - ads
-
+      # use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
+      # or single ip address / client subnet as CIDR notation
+      laptop*:
+        - ads
+      192.168.178.1/24:
+        - special
     # which response will be sent, if query is blocked:
-    #   zeroIp: 0.0.0.0 will be returned (default)
-    #   nxDomain: return NXDOMAIN as return code
-    # blockType: zeroIp
-
+    # zeroIp: 0.0.0.0 will be returned (default)
+    # nxDomain: return NXDOMAIN as return code
+    # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
+    blockType: zeroIp
     # optional: automatically list refresh period in minutes. Default: 4h.
     # Negative value -> deactivate automatically refresh.
     # 0 value -> use default
-    # refreshPeriod: 1
+    refreshPeriod: 0
 
   # optional: configuration for caching of DNS responses
-  # caching:
-  #   # amount in minutes, how long a response must be cached (min value).
-  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
-  #   # Default: 0
-  #   minTime: 40
-  #   # amount in minutes, how long a response must be cached (max value).
-  #   # If <0, do not cache responses
-  #   # If 0, use TTL
-  #   # If > 0, use this value, if TTL is greater
-  #   # Default: 0
-  #   maxTime: -1
+  caching:
+    # amount in minutes, how long a response must be cached (min value).
+    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+    # Default: 0
+    minTime: 5
+    # amount in minutes, how long a response must be cached (max value).
+    # If <0, do not cache responses
+    # If 0, use TTL
+    # If > 0, use this value, if TTL is greater
+    # Default: 0
+    maxTime: -1
+    # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
+    # this improves the response time for often used queries, but significantly increases external traffic
+    # default: false
+    prefetching: true
 
   # optional: configuration of client name resolution
-  # clientLookup:
-  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
-  #   upstream: udp:192.168.178.1
-  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
-  #   # Example: take second name if present, if not take first name
-  #   singleNameOrder:
-  #     - 2
-  #     - 1
+  clientLookup:
+    # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+    upstream: udp:192.168.178.1
+    # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+    # Example: take second name if present, if not take first name
+    singleNameOrder:
+      - 2
+      - 1
+    # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
+    clients:
+      laptop:
+        - 192.168.178.29
+
   # optional: configuration for prometheus metrics endpoint
-  prometheus:
-    # enabled if true
-    enable: true
-    # url path, optional (default '/metrics')
-    path: /metrics
+  # prometheus:
+  #   # enabled if true
+  #   enable: true
+  #   # url path, optional (default '/metrics')
+  #   path: /metrics
 
   # optional: write query information (question, answer, client, duration etc) to daily csv file
   # queryLog:
-  #     # directory (will be mounted as volume in the pod)
-  #     dir: /logs
-  #     # if true, write one file per client. Writes all queries to single file otherwise
-  #     perClient: true
-  #     # if > 0, deletes log files which are older than ... days
-  #     logRetentionDays: 7
+  #   # directory (should be mounted as volume in docker)
+  #   dir: /logs
+  #   # if true, write one file per client. Writes all queries to single file otherwise
+  #   perClient: true
+  #   # if > 0, deletes log files which are older than ... days
+  #   logRetentionDays: 7
 
-  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
+  port: 53
+  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
   httpPort: 4000
+  # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
+  #httpsPort: 443
+  # mandatory, if https port > 0: path to cert and key file for SSL encryption
+  #httpsCertFile: server.crt
+  #httpsKeyFile: server.key
+  # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
+  bootstrapDns: tcp:1.1.1.1
   # optional: Log level (one from debug, info, warn, error). Default: info
   logLevel: info
+  # optional: Log format (text or json). Default: text
+  logFormat: text
 
 ## Add persistence for query logs (if enabled)
 persistence:

charts/flaresolverr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/flaresolverr/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: v1.2.3
+description: FlareSolverr is a proxy server to bypass Cloudflare protection
+name: flaresolverr
+version: 1.0.0
+keywords:
+  - flaresolverr
+  - jackett
+home: https://github.com/k8s-at-home/charts/tree/master/charts/flaresolverr
+sources:
+  - https://github.com/FlareSolverr/FlareSolverr
+  - https://hub.docker.com/r/flaresolverr/flaresolverr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/flaresolverr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/flaresolverr/README.md

@@ -0,0 +1,67 @@
+# FlareSolverr
+
+This is a helm chart for [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/flaresolverr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/flaresolverr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/flaresolverr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install flaresolverr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/flaresolverr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install flaresolverr k8s-at-home/flaresolverr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/flaresolverr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/flaresolverr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/flaresolverr/values.yaml

@@ -0,0 +1,16 @@
+# Default values for FlareSolverr.
+
+image:
+  repository: flaresolverr/flaresolverr
+  pullPolicy: IfNotPresent
+  tag: v1.2.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 8191
+
+env: {}
+  # LOG_LEVEL: UTC

charts/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 4.1.0
+version: 4.3.0
 apiVersion: v1
 appVersion: 5.1.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/

charts/oauth2-proxy/README.md

@@ -119,6 +119,10 @@ Parameter | Description | Default
 `serviceAccount.name` | the service account name | ``
 `serviceAccount.annotations` | (optional) annotations for the service account | `{}`
 `tolerations` | list of node taints to tolerate | `[]`
+`topologySpreadConstraints.enabled` | enable Kubernetes [topologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `false`
+`topologySpreadConstraints.maxSkew` | the degree to which Pods may be unevenly distributed | `1`
+`topologySpreadConstraints.topologyKey` | the key of node labels | `topology.kubernetes.io/zone`
+`topologySpreadConstraints.whenUnsatisfiable` | how to deal with a Pod if it doesn't satisfy the spread constraint (`DoNotSchedule`, `ScheduleAnyway`) | `DoNotSchedule`
 `securityContext.enabled` | enable Kubernetes security context on container | `false`
 `securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
 `proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`

charts/oauth2-proxy/templates/deployment.yaml

@@ -208,3 +208,15 @@ spec:
     {{- end }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
+{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if .Values.topologySpreadConstraints.enabled }}
+      topologySpreadConstraints:
+      - labelSelector:
+          matchLabels:
+            app: {{ template "oauth2-proxy.name" . }}
+            release: "{{ .Release.Name }}"
+        maxSkew: {{ .Values.topologySpreadConstraints.maxSkew }}
+        topologyKey: {{ .Values.topologySpreadConstraints.topologyKey }}
+        whenUnsatisfiable: {{ .Values.topologySpreadConstraints.whenUnsatisfiable }}
+{{- end }}
+{{- end }}

charts/oauth2-proxy/values.yaml

@@ -9,7 +9,7 @@ config:
   # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
   # Example:
   # existingSecret: secret
-  cookieSecret: "XXXXXXXXXX"
+  cookieSecret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   google: {}
     # adminEmail: xxxx
     # serviceAccountJson: xxxx
@@ -29,8 +29,8 @@ config:
   # existingConfig: config
 
 image:
-  repository: "quay.io/pusher/oauth2_proxy"
-  tag: "v5.1.0"
+  repository: "quay.io/oauth2-proxy/oauth2-proxy"
+  tag: "v6.1.1"
   pullPolicy: "IfNotPresent"
 
 # Optionally specify an array of imagePullSecrets.
@@ -186,3 +186,13 @@ htpasswdFile:
   # example:
   # entries:
   #  - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv
+
+## Configure Pod Topology Spread Constraints
+## See https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+## Requires Kubernetes >= v1.16
+topologySpreadConstraints:
+  enabled: false
+  maxSkew: 1
+  # See https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/
+  topologyKey: topology.kubernetes.io/zone
+  whenUnsatisfiable: DoNotSchedule

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.681
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 name: ombi
-version: 6.4.1
+version: 7.0.0
 keywords:
   - ombi
   - plex
@@ -22,7 +22,3 @@ dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
     version: 2.2.1
-  - name: mariadb
-    version: 9.2.0
-    repository: https://charts.bitnami.com/bitnami
-    condition: mariadb.enabled

charts/ombi/values.yaml

@@ -21,16 +21,3 @@ persistence:
   config:
     enabled: false
     emptyDir: false
-
-# Enabled mariadb
-# ... for more options see https://github.com/bitnami/charts/tree/master/bitnami/mariadb
-mariadb:
-  enabled: false
-  architecture: standalone
-  auth:
-    database: ombi
-    username: ombi
-    password: ombi
-  primary:
-    persistence:
-      enabled: false

charts/overseerr/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/overseerr/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: Overseerr is a free and open source software application for managing requests for your media library. It integrates with your existing services such as Sonarr, Radarr and Plex!
+name: overseerr
+version: 1.0.0
+keywords:
+  - overseerr
+  - plex
+  - sonarr
+  - radarr
+home: https://github.com/k8s-at-home/charts/tree/master/charts/overseerr
+icon: https://i.imgur.com/TMoEG7g.png
+sources:
+  - https://github.com/sct/overseerr
+  - https://hub.docker.com/r/sctx/overseerr
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/overseerr/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/overseerr/README.md

@@ -0,0 +1,67 @@
+# Overseerr
+
+This is a helm chart for [Overseerr](https://github.com/sct/overseerr).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/overseerr
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/overseerr
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/overseerr/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install overseerr \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/overseerr
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install overseerr k8s-at-home/overseerr --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/overseerr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/overseerr/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/overseerr/values.yaml

@@ -0,0 +1,23 @@
+# Default values for Overseerr.
+
+image:
+  repository: sctx/overseerr
+  pullPolicy: IfNotPresent
+  tag: 1.16.0
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 5055
+
+env: {}
+  # TZ: UTC
+  # LOG_LEVEL: info
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /app/config

charts/plex/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 1.20.2.3402
 description: Plex Media Server
 name: plex
-version: 2.1.1
+version: 2.3.0
 keywords:
   - plex
 home: https://plex.tv/

charts/plex/templates/deployment.yaml

@@ -191,25 +191,18 @@ spec:
             value: "customCertificateDomain={{.Values.certificate.pkcsMangler.setPlexPreferences.customCertificateDomain}}"
 {{- end }}
 {{- end }}
+          {{- if .Values.probes.readiness.enabled }}
           readinessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+            {{- omit .Values.probes.readiness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
-            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+            {{- omit .Values.probes.liveness "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.probes.startup.enabled }}
           startupProbe:
-            httpGet:
-              path: /identity
-              port: 32400
-            initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
-            failureThreshold: {{ .Values.probes.startup.failureThreshold }}
-            periodSeconds: {{ .Values.probes.startup.periodSeconds }}
+            {{- omit .Values.probes.startup "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           volumeMounts:
           {{- if .Values.persistence.data.enabled }}
           - name: data
@@ -310,6 +303,9 @@ spec:
       - name: {{ .name }}
         persistentVolumeClaim:
           claimName: {{ .claimName }}
+  {{- else if .volume }}
+      - name: {{ .name }}
+        {{- toYaml .volume | nindent 8 }}
   {{- end }}
 {{- end }}
       - name: shared

charts/plex/values.yaml

@@ -223,6 +223,16 @@ persistence:
   #   claimName: optional-claim
   #   mountPath: /mnt/path/in/pod
   #   subPath: optional/sub/path
+  #
+  ## Example using an existing NFS filer directly. Below the 'volume' key all volume types are allowed (eg. nfs, iscsi, hostPath).
+  ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#volume-v1-core for further information
+  # - name: example2
+  #   mountPath: mnt/example2
+  #   volume:
+  #     nfs:
+  #       server: <nfs server fqdn or ip>
+  #       path: <nfs export path>
+  #       readOnly: true
 
   config:
     # Optionally specify claimName to manually override the PVC to be used for
@@ -309,12 +319,24 @@ logging:
 # Probes configuration
 probes:
   liveness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   readiness:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     failureThreshold: 5
     periodSeconds: 10
   startup:
+    enabled: true
+    httpGet:
+      path: /identity
+      port: 32400
     initialDelaySeconds: 5
     failureThreshold: 30
     periodSeconds: 10

charts/powerdns/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v4.3.1
 description: PowerDNS is a DNS server, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms. A DNS recursor is provided as a separate program.
 name: powerdns
-version: 3.0.1
+version: 3.0.2
 home: https://www.powerdns.com/
 sources:
   - http://www.github.com/PowerDNS/

charts/powerdns/templates/deployment.yaml

@@ -94,6 +94,9 @@ spec:
             - name: dns-udp
               containerPort: 53
               protocol: UDP
+            - name: dns-webserver
+              containerPort: 8081
+              protocol: TCP
           {{- if .Values.probes.liveness.enabled }}
           livenessProbe:
             tcpSocket:
@@ -121,13 +124,13 @@ spec:
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "mariadb"}} 3306;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "mariadb"}} 3306; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
 {{- if .Values.postgresql.enabled }}
           lifecycle:
             postStart:
               exec:
-                command: ["/bin/sh", "-c", "a=0;while [ $a -lt 200 ];do sleep 5;a=$[a+1];echo 'stage: '$a;if nc -vz {{- printf "%s-%s" .Release.Name "postgresql"}} 5432;then (! pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null) && pdnsutil create-zone {{ .Values.powerdns.domain }};echo 'End Stage';a=200;fi;done"]
+                command: ["/bin/sh", "-c", "let a=0; while [ $a -lt 200 ]; do sleep 5; let a=a+1; echo 'Attempt: '$a; if nc -vz {{ printf "%s-%s" .Release.Name "postgresql"}} 5432; then pdnsutil list-zone {{ .Values.powerdns.domain }} 2>/dev/null && break; pdnsutil create-zone {{ .Values.powerdns.domain }}; fi; done"]
 {{ end }}
           resources:
 {{- toYaml .Values.resources | nindent 12 }}

charts/traefik-forward-auth/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: traefik-forward-auth
 description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
 type: application
-version: 1.0.4
+version: 1.0.5
 appVersion: 2.2.0
 keywords:
   - traefik

charts/traefik-forward-auth/README.md

@@ -1,6 +1,6 @@
 # traefik-forward-auth
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/traefik-forward-auth)](https://artifacthub.io/packages/helm/traefik-forward-auth)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.0.5](https://img.shields.io/badge/Version-1.0.5-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) [![ArtifactHub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/traefik-forward-auth)](https://artifacthub.io/packages/helm/k8s-at-home/traefik-forward-auth)
 
 A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer
 
@@ -61,11 +61,11 @@ helm install traefik-forward-auth k8s-at-home/traefik-forward-auth --values valu
 | cookie.domain | string | `""` | Domain(s) to set auth cookie on. (Comma delimited) |
 | cookie.insecure | string | `""` | Use insecure cookies |
 | cookie.name | string | `""` | Cookie Name (default: _forward_auth) |
-| cookie.secret | string| `""` | Cookie Secret - useful when running multiple instances |
+| cookie.secret | string | `""` | Cookie Secret used for authentication across multiple instances / clusters (default: randomly generated) |
 | default.action | string | `""` | [auth|allow] Default action (default: auth) |
 | default.provider | string | `""` | [google|oidc|generic-oauth] Default provider (default: google) |
 | env | list | `[]` |  |
-| envFrom | list | `[]` | Load environment variables from secrets or configmaps |
+| envFrom | string | `nil` |  |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"thomseddon/traefik-forward-auth"` |  |

charts/xbackbone/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS

charts/xbackbone/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+appVersion: 3.3.3
+description: XBackBone is a simple, self-hosted, lightweight PHP file manager that support the instant sharing tool ShareX and *NIX systems. It supports uploading and displaying images, GIF, video, code, formatted text, and file downloading and uploading. Also have a web UI with multi user management, past uploads history and search support.
+name: xbackbone
+version: 1.0.0
+keywords:
+  - xbackbone
+  - xshare
+home: https://github.com/k8s-at-home/charts/tree/master/charts/xbackbone
+icon: https://github.com/SergiX44/XBackBone/raw/master/.github/xbackbone.png
+sources:
+  - https://github.com/SergiX44/XBackBone
+  - https://hub.docker.com/r/pe46dro/xbackbone-docker
+maintainers:
+  - name: billimek
+    email: jeff@billimek.com
+dependencies:
+  - name: common
+    repository: https://k8s-at-home.com/charts/
+    version: 2.2.1

charts/xbackbone/OWNERS

@@ -0,0 +1,8 @@
+approvers:
+- billimek
+- onedr0p
+- bjw-s
+reviewers:
+- billimek
+- onedr0p
+- bjw-s

charts/xbackbone/README.md

@@ -0,0 +1,67 @@
+# XBackBone
+
+This is a helm chart for [XBackBone](https://github.com/SergiX44/XBackBone).
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## TL;DR;
+
+```shell
+$ helm repo add k8s-at-home https://k8s-at-home.com/charts/
+$ helm install k8s-at-home/xbackbone
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install --name my-release k8s-at-home/xbackbone
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release --purge
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+Read through the charts [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/xbackbone/values.yaml)
+file. It has several commented out suggested values.
+Additionally you can take a look at the common library [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/common/values.yaml) for more (advanced) configuration options.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+```console
+helm install xbackbone \
+  --set env.TZ="America/New_York" \
+    k8s-at-home/xbackbone
+```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
+chart. For example,
+```console
+helm install xbackbone k8s-at-home/xbackbone --values values.yaml 
+```
+
+```yaml
+image:
+  tag: ...
+```
+
+---
+**NOTE**
+
+If you get
+```console
+Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: ...`
+```
+it may be because you uninstalled the chart with `skipuninstall` enabled, you need to manually delete the pvc or use `existingClaim`.
+
+---
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like 4.0.1 -> 5.0.0) indicates that there is an incompatible breaking change potentially needing manual actions.

charts/xbackbone/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/xbackbone/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/xbackbone/values.yaml

@@ -0,0 +1,23 @@
+# Default values for XBackbone.
+
+image:
+  repository: pe46dro/xbackbone-docker
+  pullPolicy: IfNotPresent
+  tag: 3.3.3
+
+strategy:
+  type: Recreate
+
+service:
+  port:
+    port: 80
+
+env: {}
+  # TZ: UTC
+  # LOG_LEVEL: info
+
+persistence:
+  config:
+    enabled: false
+    emptyDir: false
+    mountPath: /app/config