more fixes and cleanup

* fix penpot multi secre

* fix disc gsm secret name and enable it

* fix CFddns

* fix shiori

* fix soft-serve

* fix focalborad

* whoops on penpot

* fix immich

* fix inventree

* fix k8s-gateway

* whoops on k8s-gateway

* fix mealie

* fix nocodb

* fix nextcloud

* fix statpingng

* fix synapse

* fix tailscale

* whoops on mealie

* whops on noco

* whoops on synapse

* fix wbo

* fix wireguard

* fix wger

* fix meshcentral

* fix authentik

* whoops

* fix typo

* fix more

* fix

* fix more

.github/lintconf.yaml

@@ -0,0 +1,46 @@
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 2
+  document-end: disable
+  # No --- to start a file
+  document-start: disable
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    # - list indentation will handle both indentation and without
+    indent-sequences: whatever
+    check-multi-line-strings: false
+  key-duplicates:
+    enable
+    # Lines can be any length
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.pre-commit-config.yaml

@@ -8,23 +8,33 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:
-      - id: trailing-whitespace # trims trailing whitespace.
-      - id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
+      # trims trailing whitespace.
+      - id: trailing-whitespace
+      # ensures that a file is either empty, or ends with one newline.
+      - id: end-of-file-fixer
       - id: fix-byte-order-marker
-      - id: mixed-line-ending # replaces or checks mixed line ending.
-      - id: check-merge-conflict # checks for files that contain merge conflict strings.
-      - id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
-      - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
-      - id: check-shebang-scripts-are-executable # ensures that (non-binary) files with a shebang are executable.
+      # replaces or checks mixed line ending.
+      - id: mixed-line-ending
+      # checks for files that contain merge conflict strings.
+      - id: check-merge-conflict
+      # checks for files that would conflict in case-insensitive filesystems.
+      - id: check-case-conflict
+      # ensures that (non-binary) executables have a shebang.
+      - id: check-executables-have-shebangs
+      # ensures that (non-binary) files with a shebang are executable.
+      - id: check-shebang-scripts-are-executable
       - id: check-docstring-first
       - id: check-symlinks
       - id: destroyed-symlinks
-      - id: fix-byte-order-marker # removes utf-8 byte order marker.
-      - id: requirements-txt-fixer # sorts entries in requirements.txt.
-      - id: check-added-large-files # prevents giant files from being committed.
-      - id: check-yaml # checks yaml files for parseable syntax.
+      # removes utf-8 byte order marker.
+      - id: fix-byte-order-marker
+      # sorts entries in requirements.txt.
+      - id: requirements-txt-fixer
+      # checks yaml files for parseable syntax.
+      - id: check-yaml
         exclude: (templates\/.*|crds\/.*|questions.yaml|chart_schema.yaml)
-      - id: detect-private-key # detects the presence of private keys.
+        # detects the presence of private keys.
+      - id: detect-private-key
 
   - repo: https://github.com/pre-commit/pygrep-hooks
     rev: v1.9.0
@@ -38,3 +48,13 @@ repos:
       - id: prettier
         exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json)
         files: \.(js|ts|jsx|tsx|css|less|html|json|markdown|md|yaml|yml)$
+
+  # Update the rev variable with the release version that you want, from the yamllint repo
+  # You can pass your custom .yamllint with args attribute.
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json|chart_schema.yaml)
+        files: \.(yaml|yml)$
+        args: [-c=.github/lintconf.yaml]

charts/stable/actualserver/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "23.2.9"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: Actual is a super fast privacy-focused app for managing your finances.
 home: https://truecharts.org/charts/stable/actualserver

charts/stable/actualserver/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/actualserver/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/actualserver/values.yaml

@@ -2,23 +2,13 @@ image:
   repository: tccr.io/truecharts/actualserver
   pullPolicy: IfNotPresent
   tag: 23.2.9@sha256:e31029c78b69a0cea6b2f10c29db49199141acd6721779ca8d6e2b6939cd295c
-
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
 service:
   main:
     ports:
       main:
         port: 10293
-        protocol: HTTP
+        protocol: http
         targetPort: 5006
-
 persistence:
   server-files:
     enabled: true
@@ -26,6 +16,12 @@ persistence:
   user-files:
     enabled: true
     mountPath: "/app/user-files"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0

charts/stable/adguard-home/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "0.107.25"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: Free and open source, powerful network-wide ads & trackers blocking DNS server.
 home: https://truecharts.org/charts/stable/adguard-home
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/adguard-home.png
@@ -24,4 +24,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/adguard-home/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/adguard-home/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/adguard-home/values.yaml

@@ -2,45 +2,12 @@ image:
   repository: tccr.io/truecharts/adguard-home
   tag: 0.107.25@sha256:90e78953b5e15126b151ac655e37ad161bf5a6f10e2cdbb50da7f68166f57719
   pullPolicy: IfNotPresent
-
-# Those args are copied from the upstream Dockerfile.
-# Only port was added. So Adguard won't change port after initial setup
-args:
-  - --no-check-update
-  - --host
-  - "0.0.0.0"
-  - --config
-  - /opt/adguardhome/conf/AdGuardHome.yaml
-  - --work-dir
-  - /opt/adguardhome/work
-  - --port
-  - "{{ .Values.service.main.ports.main.port }}"
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-probes:
-  liveness:
-    type: HTTP
-    path: /
-  readiness:
-    type: HTTP
-    path: /
-  startup:
-    type: HTTP
-    path: /
-
 service:
   main:
     ports:
       main:
         port: 10232
-        protocol: HTTP
+        protocol: http
   dns-tcp:
     enabled: true
     ports:
@@ -53,7 +20,7 @@ service:
     ports:
       dns-udp:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 53
         targetPort: 53
   dns-https:
@@ -61,7 +28,7 @@ service:
     ports:
       dns-https:
         enabled: true
-        protocol: HTTPS
+        protocol: https
         port: 10234
         targetPort: 443
   dns-https-udp:
@@ -69,7 +36,7 @@ service:
     ports:
       dns-https-udp:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 10234
         targetPort: 443
   dns-crypt:
@@ -77,7 +44,7 @@ service:
     ports:
       dns-crypt:
         enabled: true
-        protocol: HTTP
+        protocol: http
         port: 5443
         targetPort: 5443
   dns-crypt-udp:
@@ -85,7 +52,7 @@ service:
     ports:
       dns-crypt-udp:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 5443
         targetPort: 5443
   dns-quic-udp-1:
@@ -93,20 +60,19 @@ service:
     ports:
       dns-quic-udp-1:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 784
         targetPort: 784
       dns-quic-udp-2:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 853
         targetPort: 853
       dns-quic-udp-3:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 8853
         targetPort: 8853
-
 persistence:
   config:
     enabled: true
@@ -114,6 +80,37 @@ persistence:
   data:
     enabled: true
     mountPath: "/opt/adguardhome/work"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: HTTP
+              path: /
+            readiness:
+              type: HTTP
+              path: /
+            startup:
+              type: HTTP
+              path: /
+          args:
+            - --no-check-update
+            - --host
+            - "0.0.0.0"
+            - --config
+            - /opt/adguardhome/conf/AdGuardHome.yaml
+            - --work-dir
+            - /opt/adguardhome/work
+            - --port
+            - "{{ .Values.service.main.ports.main.port }}"

charts/stable/adminer/Chart.yaml

@@ -7,7 +7,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP.
 home: https://truecharts.org/charts/stable/adminer

charts/stable/adminer/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/adminer/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/adminer/values.yaml

@@ -2,25 +2,26 @@ image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/adminer
   tag: latest@sha256:e8f1fb2dff7f1b5ac02002966e38824f1ff0cddde27b7e83aa0cfe61bd1c197a
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-env:
-  ADMINER_DESIGN: ""
-  ADMINER_PLUGINS: ""
-
 service:
   main:
     ports:
       main:
         port: 18080
-        protocol: HTTP
+        protocol: http
         targetPort: 8080
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          ADMINER_DESIGN: ""
+          ADMINER_PLUGINS: ""

charts/stable/airdcpp-webclient/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.11.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: AirDC++ Web Client is a locally installed application, which is designed for flexible sharing of files or directories within groups of people in a local network or over internet.
 home: https://truecharts.org/charts/stable/airdcpp-webclient
@@ -29,4 +29,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/airdcpp-webclient/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/airdcpp-webclient/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/airdcpp-webclient/values.yaml

@@ -2,7 +2,6 @@ image:
   repository: tccr.io/truecharts/airdcpp-webclient
   pullPolicy: IfNotPresent
   tag: 2.11.3@sha256:517455edfda62b11eb6f6246e87244ef104bbdf6b51c83c2e470c917b54400c8
-
 service:
   main:
     ports:
@@ -28,14 +27,13 @@ service:
     ports:
       search-udp:
         enabled: true
-        protocol: UDP
+        protocol: udp
         port: 21248
         targetPort: 21248
-
 persistence:
   config:
     enabled: true
     mountPath: "/.airdcpp"
-
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/stable/airsonic-advanced/Chart.yaml

@@ -3,11 +3,8 @@ appVersion: "11.0.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://deps.truecharts.org/
-    version: 11.0.31
+    version: 12.2.26
+
 description: Airsonic is a Free and Open Source community driven media server
 home: https://truecharts.org/charts/stable/airsonic-advanced
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic-advanced.png
@@ -28,4 +25,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/airsonic-advanced/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/airsonic-advanced/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/airsonic-advanced/values.yaml

@@ -2,45 +2,19 @@ image:
   repository: tccr.io/truecharts/airsonic-advanced
   tag: v11.0.0@sha256:b6a1b30ecc3e16c39ca56392cd13d55af80235b57ec2d27c2e5f1a21fec34bd9
   pullPolicy: IfNotPresent
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-env:
-  AIRSONIC_DIR: "/"
-  # -- For passing additional java options. For some reverse proxies, you may need to pass `JAVA_OPTS=-Dserver.use-forward-headers=true` for airsonic to generate the proper URL schemes.
-  JAVA_OPTS:
-  CONTEXT_PATH: "/"
-  spring_liquibase_parameters_userTableQuote: '"'
-  spring_datasource_username: "{{ .Values.postgresql.postgresqlUsername }}"
-  spring_datasource_url:
-    secretKeyRef:
-      name: dbcreds
-      key: jdbc
-  spring_datasource_password:
-    secretKeyRef:
-      name: dbcreds
-      key: postgresql-password
-
 service:
   main:
     ports:
       main:
         port: 10122
         targetPort: 4040
-
 # Enabled postgres
-postgresql:
-  enabled: true
-  existingSecret: "dbcreds"
-  postgresqlUsername: airsonic-advanced
-  postgresqlDatabase: airsonic-advanced
+cnpg:
+  main:
+    enabled: true
 
+    user: airsonic-advanced
+    database: airsonic-advanced
 persistence:
   config:
     enabled: true
@@ -54,6 +28,31 @@ persistence:
   playlists:
     enabled: true
     mountPath: "/playlists"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          AIRSONIC_DIR: "/"
+          # -- For passing additional java options. For some reverse proxies, you may need to pass `JAVA_OPTS=-Dserver.use-forward-headers=true` for airsonic to generate the proper URL schemes.
+          JAVA_OPTS:
+          CONTEXT_PATH: "/"
+          spring_liquibase_parameters_userTableQuote: '"'
+          spring_datasource_username: "{{ .Values.cnpg.main.user }}"
+          spring_datasource_url:
+            secretKeyRef:
+              name: cnpg-main-urls
+              key: jdbc
+          spring_datasource_password:
+            secretKeyRef:
+              name: cnpg-main-urls
+              key: postgresql-password

charts/stable/airsonic/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "10.6.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: Airsonic is a Free and Open Source community driven media server
 home: https://truecharts.org/charts/stable/airsonic
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic.png
@@ -26,4 +26,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/airsonic/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/airsonic/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/airsonic/values.yaml

@@ -2,32 +2,31 @@ image:
   repository: tccr.io/truecharts/airsonic
   tag: version-v10.6.2@sha256:f0065aa44fb1c38b7fc30d34e220138dc0a0c6477b78eb7f59015622c2052030
   pullPolicy: IfNotPresent
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-env:
-  # -- sets the context path parameter
-  # Example: "url-base"
-  CONTEXT_PATH:
-  JAVA_OPTS:
-
 service:
   main:
     ports:
       main:
         port: 10047
         targetPort: 4040
-
 persistence:
   config:
     enabled: true
     mountPath: "/config"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          # -- sets the context path parameter
+          # Example: "url-base"
+          CONTEXT_PATH:
+          JAVA_OPTS:

charts/stable/alist/Chart.yaml

@@ -22,7 +22,7 @@ sources:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
     # condition:
 maintainers:
   - email: info@truecharts.org
@@ -32,4 +32,3 @@ annotations:
   truecharts.org/catagories: |
     - cloud
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/alist/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/alist/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/alist/values.yaml

@@ -2,26 +2,22 @@ image:
   repository: tccr.io/truecharts/alist
   pullPolicy: IfNotPresent
   tag: 3.12.2@sha256:5e31a45b1291a1efb2c87f635c8efac0bf7698be3fc8db4b5e85b520377328eb
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
 service:
   main:
     ports:
       main:
         targetPort: 5244
         port: 10167
-
 persistence:
   data:
     enabled: true
     mountPath: "/opt/alist/data"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0

charts/stable/amcrest2mqtt/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.0.16"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: Expose all events from an Amcrest device to an MQTT broker
 home: https://truecharts.org/charts/stable/amcrest2mqtt
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/amcrest2mqtt.png
@@ -24,4 +24,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/amcrest2mqtt/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/amcrest2mqtt/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/amcrest2mqtt/values.yaml

@@ -2,45 +2,46 @@ image:
   repository: tccr.io/truecharts/amcrest2mqtt
   tag: v1.0.16@sha256:3f7154baa1187aa1e5f7fe7d8416c9e165da33ac651a482a3a261aed74560f56
   pullPolicy: IfNotPresent
-
 service:
   main:
     enabled: false
     ports:
       main:
         enabled: false
-
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false
-
-secretEnv:
-  # -- User name used to connect to the Amcrest device
-  AMCREST_USERNAME: "admin"
-  # -- Password used to connect to the Amcrest device
-  AMCREST_PASSWORD: "changeme"
-  # -- User name used to connect to the MQTT broker
-  MQTT_USERNAME: "mqttuser"
-  # -- Password used to connect to the MQTT broker
-  MQTT_PASSWORD: "changeme"
-
-env:
-  # -- Host name used to connect to the Amcrest device
-  AMCREST_HOST: "localhost"
-  # -- Port used to connect to the Amcrest device
-  AMCREST_PORT: 80
-  # -- Host name used to connect to the MQTT broker
-  MQTT_HOST: "localhost"
-  # -- Port used to connect to the MQTT broker
-  MQTT_PORT: 1883
-  # -- Enable Home Assistant autodiscovery
-  HOME_ASSISTANT: "false"
-  # -- Home Assistant autodiscovery prefix
-  HOME_ASSISTANT_PREFIX: "homeassistant"
-
 portal:
-  enabled: false
+  open:
+    enabled: false
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
+        env:
+          # -- Host name used to connect to the Amcrest device
+          AMCREST_HOST: "localhost"
+          # -- Port used to connect to the Amcrest device
+          AMCREST_PORT: 80
+          # -- Host name used to connect to the MQTT broker
+          MQTT_HOST: "localhost"
+          # -- Port used to connect to the MQTT broker
+          MQTT_PORT: 1883
+          # -- Enable Home Assistant autodiscovery
+          HOME_ASSISTANT: "false"
+          # -- Home Assistant autodiscovery prefix
+          HOME_ASSISTANT_PREFIX: "homeassistant"
+          # -- User name used to connect to the Amcrest device
+          AMCREST_USERNAME: "admin"
+          # -- Password used to connect to the Amcrest device
+          AMCREST_PASSWORD: "changeme"
+          # -- User name used to connect to the MQTT broker
+          MQTT_USERNAME: "mqttuser"
+          # -- Password used to connect to the MQTT broker
+          MQTT_PASSWORD: "changeme"

charts/stable/amule/Chart.yaml

@@ -9,7 +9,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: aMule is an eMule-like client for the eDonkey and Kademlia networks.
 home: https://truecharts.org/charts/stable/amule

charts/stable/amule/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/amule/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/amule/values.yaml

@@ -2,24 +2,12 @@ image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/amule
   tag: latest@sha256:08ac5dd2895ac3ebbee27dbee5ddff5cdbd1fc36624aff0651976d5eee52b217
-
-env:
-  WEBUI_PWD: ""
-  WEBUI_TEMPLATE: default
-
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
 service:
   main:
     ports:
       main:
         port: 4711
-        protocol: HTTP
+        protocol: http
         targetPort: 4711
   porttcp:
     enabled: true
@@ -27,7 +15,7 @@ service:
       porttcp:
         enabled: true
         port: 4662
-        protocol: TCP
+        protocol: tcp
         targetPort: 4662
   portudp:
     enabled: true
@@ -35,9 +23,8 @@ service:
       portudp:
         enabled: true
         port: 4672
-        protocol: UDP
+        protocol: udp
         targetPort: 4672
-
 persistence:
   complete:
     enabled: true
@@ -48,6 +35,19 @@ persistence:
   incomplete:
     enabled: true
     mountPath: /temp
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          WEBUI_PWD: ""
+          WEBUI_TEMPLATE: default

charts/stable/anonaddy/Chart.yaml

@@ -3,15 +3,15 @@ appVersion: "0.13.13"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
   - condition: mariadb.enabled
     name: mariadb
     repository: https://deps.truecharts.org/
-    version: 5.0.35
+    version: 7.0.0
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 5.0.33
+    version: 6.0.15
 description: "Protect your email from spam using disposable addresses."
 home: https://truecharts.org/charts/stable/anonaddy
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/anonaddy.png
@@ -32,4 +32,3 @@ annotations:
   truecharts.org/catagories: |
     - email
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/anonaddy/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/anonaddy/templates/_appkey.tpl

@@ -2,14 +2,7 @@
 This template generates a random password and ensures it persists across updates/edits to the chart
 */}}
 {{- define "anonaddy.appkey" -}}
----
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-  name: appkey
+enabled: true
 {{- $keyprevious := lookup "v1" "Secret" .Release.Namespace "appkey" }}
 {{- $appkey := "" }}
 {{- $secret := "" }}

charts/stable/anonaddy/templates/common.yaml

@@ -1,9 +1,11 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
 {{/* Render appkey for anonaddy */}}
-{{- include "anonaddy.appkey" . }}
-
+{{- $secret := include "anonaddy.appkey" . | fromYaml -}}
+{{- if $secret -}}
+  {{- $_ := set .Values.secret "appkey" $secret -}}
+{{- end -}}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/stable/anonaddy/values.yaml

@@ -2,47 +2,8 @@ image:
   repository: tccr.io/truecharts/anonaddy
   tag: 0.13.13@sha256:495809d341b08ea6d02c7b0b318d48b00b7243392affd0d278ec1aa188a76ccd
   pullPolicy: IfNotPresent
-
 strategy:
   type: Recreate
-
-securityContext:
-  runAsNonRoot: false
-  readOnlyRootFilesystem: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-env:
-  ANONADDY_DOMAIN: "chart-example.local"
-  DB_DATABASE: anonaddy
-  DB_USERNAME: anonaddy
-  DB_HOST:
-    secretKeyRef:
-      name: mariadbcreds
-      key: plainhost
-  DB_PASSWORD:
-    secretKeyRef:
-      name: mariadbcreds
-      key: mariadb-password
-  REDIS_HOST:
-    secretKeyRef:
-      name: rediscreds
-      key: plainhost
-  REDIS_PASSWORD:
-    secretKeyRef:
-      name: rediscreds
-      key: redis-password
-  APP_KEY:
-    secretKeyRef:
-      name: appkey
-      key: appkey
-  ANONADDY_SECRET:
-    secretKeyRef:
-      name: appkey
-      key: secret
-
 service:
   main:
     ports:
@@ -56,23 +17,58 @@ service:
         enabled: true
         port: 25
         targetPort: 25
-
 persistence:
   varrun:
     enabled: true
   config:
     enabled: true
     mountPath: "/config"
-
 redis:
   enabled: true
   existingSecret: "rediscreds"
-
 mariadb:
   enabled: true
   mariadbUsername: anonaddy
   mariadbDatabase: anonaddy
   existingSecret: "mariadbcreds"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    runAsNonRoot: false
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          ANONADDY_DOMAIN: "chart-example.local"
+          DB_DATABASE: anonaddy
+          DB_USERNAME: anonaddy
+          DB_HOST:
+            secretKeyRef:
+              name: mariadbcreds
+              key: plainhost
+          DB_PASSWORD:
+            secretKeyRef:
+              name: mariadbcreds
+              key: mariadb-password
+          REDIS_HOST:
+            secretKeyRef:
+              name: rediscreds
+              key: plainhost
+          REDIS_PASSWORD:
+            secretKeyRef:
+              name: rediscreds
+              key: redis-password
+          APP_KEY:
+            secretKeyRef:
+              name: appkey
+              key: appkey
+          ANONADDY_SECRET:
+            secretKeyRef:
+              name: appkey
+              key: secret

charts/stable/apache-musicindex/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.4.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: Index and stream music using apache-musicindex and m3u playlists
 home: https://truecharts.org/charts/stable/apache-musicindex
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/apache-musicindex.png
@@ -27,4 +27,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/apache-musicindex/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/apache-musicindex/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/apache-musicindex/values.yaml

@@ -2,21 +2,18 @@ image:
   repository: tccr.io/truecharts/apache-musicindex
   tag: v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9
   pullPolicy: IfNotPresent
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
 service:
   main:
     ports:
       main:
         port: 10006
         targetPort: 80
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0

charts/stable/appdaemon/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "4.2.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: AppDaemon is a loosely coupled, multi-threaded, sandboxed python execution environment for writing automation apps.
 home: https://truecharts.org/charts/stable/appdaemon
@@ -30,4 +30,3 @@ annotations:
   truecharts.org/catagories: |
     - utilities
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/appdaemon/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/appdaemon/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/appdaemon/values.yaml

@@ -2,39 +2,36 @@ image:
   repository: tccr.io/truecharts/appdaemon
   pullPolicy: IfNotPresent
   tag: 4.2.3@sha256:3fa8d88560d0dd12259812ad7a0869ede726da24d82090230e07bf66cd0b4c0e
-
-securityContext:
-  runAsNonRoot: false
-  readOnlyRootFilesystem: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-secretEnv:
-  TOKEN: "REPLACETHIS"
-
-env:
-  DASH_URL: "http://$HOSTNAME:5050"
-  HA_URL: ""
-  LATITUDE: 46
-  LONGITUDE: -94
-  ELEVATION: 1217
-  TIMEZONE: "{{ .Values.TZ }}"
-
 service:
   main:
     ports:
       main:
         port: 5050
         targetPort: 5050
-
 persistence:
   conf:
     enabled: true
     mountPath: "/conf"
   varrun:
     enabled: true
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    runAsNonRoot: false
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          DASH_URL: "http://$HOSTNAME:5050"
+          HA_URL: ""
+          LATITUDE: 46
+          LONGITUDE: -94
+          ELEVATION: 1217
+          TIMEZONE: "{{ .Values.TZ }}"
+          TOKEN: "REPLACETHIS"

charts/stable/apt-cacher-ng/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "3.7.4"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: Apt-Cacher NG is a caching proxy, specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those.
 home: https://truecharts.org/charts/stable/apt-cacher-ng

charts/stable/apt-cacher-ng/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/apt-cacher-ng/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/apt-cacher-ng/values.yaml

@@ -2,27 +2,23 @@ image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/apt-cacher-ng
   tag: v3.7.4@sha256:230be67941a442e6a47f4928cf8d7882d645d1c21752155c42e104e10520ace4
-
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
 service:
   main:
     ports:
       main:
         port: 3142
-        protocol: TCP
+        protocol: tcp
         targetPort: 3142
-
 persistence:
   apt-cacher-ng:
     enabled: true
     mountPath: /var/cache/apt-cacher-ng
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0

charts/stable/aria2/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: aria server for downloading web content
 home: https://truecharts.org/charts/stable/aria2
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/aria2.png
@@ -23,4 +23,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/aria2/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/aria2/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/aria2/values.yaml

@@ -2,27 +2,6 @@ image:
   repository: tccr.io/truecharts/aria2-pro
   tag: latest@sha256:08a35fe3204c00dbdc609b1abc8c05c349764c3caecb9dadb970dc470c5b1f41
   pullPolicy: IfNotPresent
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-secretEnv:
-  RPC_SECRET: "ChangemeNow"
-
-env:
-  RPC_PORT: "{{ .Values.service.main.ports.main.port }}"
-  LISTEN_PORT: "{{ .Values.service.listen.ports.listen.port }}"
-  UMASK_SET: "{{ .Values.security.UMASK }}"
-  DISK_CACHE: 64M
-  IPV6_MODE: false
-  UPDATE_TRACKERS: false
-  CUSTOM_TRACKER_URL: "https://trackerslist.com/all_aria2.txt"
-
 service:
   main:
     ports:
@@ -34,13 +13,31 @@ service:
       listen:
         enabled: true
         port: 6888
-
 persistence:
   config:
     enabled: true
     mountPath: /config
   varrun:
     enabled: true
-
 portal:
-  enabled: false
+  open:
+    enabled: false
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          RPC_PORT: "{{ .Values.service.main.ports.main.port }}"
+          LISTEN_PORT: "{{ .Values.service.listen.ports.listen.port }}"
+          UMASK_SET: "{{ .Values.security.UMASK }}"
+          DISK_CACHE: 64M
+          IPV6_MODE: false
+          UPDATE_TRACKERS: false
+          CUSTOM_TRACKER_URL: "https://trackerslist.com/all_aria2.txt"
+          RPC_SECRET: "ChangemeNow"

charts/stable/ariang/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.3.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: A modern web frontend making aria2 easier to use | Aria2 WebUI.
 home: https://truecharts.org/charts/stable/ariang
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/ariang.png
@@ -24,4 +24,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/ariang/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/ariang/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/ariang/values.yaml

@@ -2,14 +2,13 @@ image:
   repository: tccr.io/truecharts/ariang
   pullPolicy: IfNotPresent
   tag: 1.3.2@sha256:a50d73c166c8d44ea95a8a09daf4f35992ec78bfd80cd99099217410cdba9d28
-
 service:
   main:
     ports:
       main:
-        protocol: HTTP
+        protocol: http
         targetPort: 8080
         port: 10276
-
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/stable/audacity/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "3.0.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: An easy-to-use, multi-track audio editor and recorder
 home: https://truecharts.org/charts/stable/audacity
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/audacity.png
@@ -30,4 +30,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/audacity/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/audacity/templates/common.yaml

@@ -1,2 +1,2 @@
 
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/audacity/values.yaml

@@ -2,28 +2,24 @@ image:
   repository: tccr.io/truecharts/audacity
   pullPolicy: IfNotPresent
   tag: v3.0.2@sha256:fa1bf994f5c37b38f78872daba4921b6d78f17d94d1390cd6913474c6fcee9d8
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
 service:
   main:
     ports:
       main:
         port: 10032
         targetPort: 3000
-
 persistence:
   config:
     enabled: true
     mountPath: "/config"
   varrun:
     enabled: true
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0

charts/stable/audiobookshelf/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.2.15"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 description: Audiobookshelf is a self-hosted audiobook server for managing and playing your audiobooks.
 home: https://truecharts.org/charts/stable/audiobookshelf
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/audiobookshelf.png
@@ -24,4 +24,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/audiobookshelf/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/audiobookshelf/templates/_secrets.tpl

@@ -1,20 +1,15 @@
 {{/* Define the secrets */}}
 {{- define "audiobookshelf.secrets" -}}
----
-
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: audiobookshelf-secrets
-{{- $audiobookshelfprevious := lookup "v1" "Secret" .Release.Namespace "audiobookshelf-secrets" }}
+{{- $secretName := (printf "%s-audiobookshelf-secrets" (include "tc.v1.common.lib.chart.names.fullname" $)) }}
+{{- $audiobookshelfprevious := lookup "v1" "Secret" .Release.Namespace $secretName }}
 {{- $token_secret := "" }}
+enabled: true
 data:
-  {{- if $audiobookshelfprevious}}
-  TOKEN_SECRET: {{ index $audiobookshelfprevious.data "TOKEN_SECRET" }}
+  {{- if $audiobookshelfprevious }}
+  TOKEN_SECRET: {{ index $audiobookshelfprevious.data "TOKEN_SECRET" | b64dec }}
   {{- else }}
   {{- $token_secret := randAlphaNum 32 }}
-  TOKEN_SECRET: {{ $token_secret | b64enc }}
+  TOKEN_SECRET: {{ $token_secret  }}
   {{- end }}
 
 {{- end -}}

charts/stable/audiobookshelf/templates/common.yaml

@@ -1,11 +1,14 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
 {{/* Render secrets for audiobookshelf */}}
-{{- include "audiobookshelf.secrets" . }}
+{{- $secrets := include "audiobookshelf.secrets" . | fromYaml -}}
+{{- if $secrets -}}
+  {{- $_ := set .Values.secret "audiobookshelf-secrets" $secrets -}}
+{{- end -}}
 
 {{- $newMiddlewares :=  list "tc-opencors-chain" }}
 {{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/stable/audiobookshelf/values.yaml

@@ -2,38 +2,11 @@ image:
   repository: tccr.io/truecharts/audiobookshelf
   tag: 2.2.15@sha256:76c2038e41ff1472530fe280f55d952bb5b67beefa8f93e95a7b2f73d7dc1ccc
   pullPolicy: IfNotPresent
-
-env:
-  AUDIOBOOKSHELF_UID: "{{ .Values.security.PUID }}"
-  AUDIOBOOKSHELF_GID: "{{ .Values.podSecurityContext.fsGroup }}"
-  PORT: "{{ .Values.service.main.ports.main.port }}"
-  TOKEN_SECRET:
-    secretKeyRef:
-      name: audiobookshelf-secrets
-      key: TOKEN_SECRET
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
 service:
   main:
     ports:
       main:
         port: 10223
-
-probes:
-  liveness:
-    path: "/ping"
-  readiness:
-    path: "/ping"
-  startup:
-    path: "/ping"
-
 persistence:
   config:
     enabled: true
@@ -44,6 +17,32 @@ persistence:
   metadata:
     enabled: true
     mountPath: "/metadata"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              path: "/ping"
+            readiness:
+              path: "/ping"
+            startup:
+              path: "/ping"
+        env:
+          AUDIOBOOKSHELF_UID: "{{ .Values.security.PUID }}"
+          AUDIOBOOKSHELF_GID: "{{ .Values.podSecurityContext.fsGroup }}"
+          PORT: "{{ .Values.service.main.ports.main.port }}"
+          TOKEN_SECRET:
+            secretKeyRef:
+              name: audiobookshelf-secrets
+              key: TOKEN_SECRET

charts/stable/authentik/Chart.yaml

@@ -3,15 +3,12 @@ appVersion: "2023.2.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://deps.truecharts.org/
-    version: 11.0.31
+    version: 12.2.26
+
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 5.0.33
+    version: 6.0.15
 description: authentik is an open-source Identity Provider focused on flexibility and versatility.
 home: https://truecharts.org/charts/stable/authentik
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
@@ -33,4 +30,3 @@ annotations:
   truecharts.org/catagories: |
     - authentication
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/authentik/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/authentik/templates/_config.tpl

@@ -1,11 +1,6 @@
 {{/* Define the configmap */}}
 {{- define "authentik.config" -}}
 
-{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.common.names.fullname" .) }}
-{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.common.names.fullname" .) }}
-{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }}
-{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.common.names.fullname" .) }}
-{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.common.names.fullname" .) }}
 {{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }}
 {{- if .Values.ingress.main.enabled }}
   {{ $first := (first .Values.ingress.main.hosts) }}
@@ -14,130 +9,95 @@
   {{- end }}
 {{- end }}
 
----
+authentik-config:
+  enabled: true
+  data:
+    {{/* Dependencies */}}
+    AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }}
+    AUTHENTIK_REDIS__PORT: "6379"
+    AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
+    AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
+    AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
+    AUTHENTIK_POSTGRESQL__PORT: "5432"
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.port }}
+    AUTHENTIK_EMAIL__PORT: {{ . | quote }}
+    {{- end }}
+    AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
+    AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
+    {{- with .Values.authentik.mail.timeout }}
+    AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
+    {{- end }}
+    {{/* Logging */}}
+    {{- with .Values.authentik.logging.log_level }}
+    AUTHENTIK_LOG_LEVEL: {{ . }}
+    {{- end }}
+    {{/* General */}}
+    AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
+    AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
+    {{- with .Values.authentik.general.avatars }}
+    AUTHENTIK_AVATARS: {{ . }}
+    {{- end }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
+    AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
+    AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
+    AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
+    {{- with .Values.authentik.general.footer_links }}
+    AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
+    {{- end }}
+    {{/* Error Reporting */}}
+    AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
+    AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
+    {{- with .Values.authentik.error_reporting.environment }}
+    AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
+    {{- end }}
+    {{/* LDAP */}}
+    {{- with .Values.authentik.ldap.tls_ciphers }}
+    AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
+    {{- end }}
+    {{/* Outposts */}}
+    AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
 
-{{/* This configmap are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $authServerWorkerConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Dependencies */}}
-  AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }}
-  AUTHENTIK_REDIS__PORT: "6379"
-  AUTHENTIK_POSTGRESQL__NAME: {{ .Values.postgresql.postgresqlDatabase }}
-  AUTHENTIK_POSTGRESQL__USER: {{ .Values.postgresql.postgresqlUsername }}
-  AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
-  AUTHENTIK_POSTGRESQL__PORT: "5432"
-  {{/* Mail */}}
-  {{- with .Values.authentik.mail.port }}
-  AUTHENTIK_EMAIL__PORT: {{ . | quote }}
-  {{- end }}
-  AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
-  AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
-  {{- with .Values.authentik.mail.timeout }}
-  AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
-  {{- end }}
-  {{/* Logging */}}
-  {{- with .Values.authentik.logging.log_level }}
-  AUTHENTIK_LOG_LEVEL: {{ . }}
-  {{- end }}
-  {{/* General */}}
-  AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
-  AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
-  {{- with .Values.authentik.general.avatars }}
-  AUTHENTIK_AVATARS: {{ . }}
-  {{- end }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
-  AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
-  AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
-  AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
-  {{- with .Values.authentik.general.footer_links }}
-  AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
-  {{- end }}
-  {{/* Error Reporting */}}
-  AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
-  AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
-  {{- with .Values.authentik.error_reporting.environment }}
-  AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
-  {{- end }}
-  {{/* LDAP */}}
-  {{- with .Values.authentik.ldap.tls_ciphers }}
-  AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
-  {{- end }}
-  {{/* Outposts */}}
-  AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
+authentik-server-config:
+  enabled: true
+  data:
+    {{/* Listen */}}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
 
----
+ldap-config:
+  enabled: true
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
+    AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
+    AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
 
-{{/* This configmap are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $authServerConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Listen */}}
-  AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
-  AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
+proxy-config:
+  enabled: true
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
 
----
-
-{{/* This configmap is loaded on ldap container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $ldapConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
-  AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
-  AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
-  AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
-  AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
-
----
-
-{{/* This configmap is loaded on ldap container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $proxyConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
-  AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
-  AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
-  AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
-  AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
-
----
-
-{{/* This configmap is loaded on geoip container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $geoipConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.geoip.edition_ids }}
-  GEOIPUPDATE_EDITION_IDS: {{ . }}
-  {{- end }}
-  GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
-  {{- with .Values.geoip.host_server }}
-  GEOIPUPDATE_HOST: {{ . }}
-  {{- end }}
-  GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
-  GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
+geoip-config:
+  enabled: true
+  data:
+    {{- with .Values.geoip.edition_ids }}
+    GEOIPUPDATE_EDITION_IDS: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
+    {{- with .Values.geoip.host_server }}
+    GEOIPUPDATE_HOST: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
+    GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
 {{- end -}}

charts/stable/authentik/templates/_geoip.tpl

@@ -12,9 +12,9 @@ volumeMounts:
     mountPath: "/usr/share/GeoIP"
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-geoip-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-geoip-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-config'
 {{/* TODO: Add healthchecks */}}
 {{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}}
 {{- end -}}

charts/stable/authentik/templates/_ldap.tpl

@@ -9,9 +9,9 @@ securityContext:
   runAsNonRoot: true
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-ldap-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-ldap-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-config'
 ports:
   - containerPort: {{ .Values.service.ldapldaps.ports.ldapldaps.targetPort }}
     name: ldapldaps

charts/stable/authentik/templates/_proxy.tpl

@@ -9,9 +9,9 @@ securityContext:
   runAsNonRoot: true
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-proxy-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-proxy-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-config'
 ports:
   - containerPort: {{ .Values.service.proxyhttps.ports.proxyhttps.targetPort }}
     name: proxyhttps

charts/stable/authentik/templates/_secret.tpl

@@ -1,106 +1,76 @@
 {{/* Define the secret */}}
 {{- define "authentik.secret" -}}
 
-{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.common.names.fullname" .) }}
-{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.common.names.fullname" .) }}
-{{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.common.names.fullname" .) }}
-{{- $proxySecretName := printf "%s-proxy-secret" (include "tc.common.names.fullname" .) }}
-{{- $token := randAlphaNum 128 | b64enc }}
+{{- $token := randAlphaNum 128 }}
+{{- $authentikSecretName := (printf "%s-authentik-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) }}
 
----
-{{/* This secrets are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $authentikSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Secret Key */}}
-  {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }}
-  AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }}
-  {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" }}
-  {{- else }}
-  AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 | b64enc }}
-  {{- end }}
-  AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }}
-  {{/* Dependencies */}}
-  AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
-  AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }}
-  {{/* Credentials */}}
-  {{- with .Values.authentik.credentials.password }}
-  AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . | b64enc }}
-  {{- end }}
-  {{/* Mail */}}
-  {{- with .Values.authentik.mail.host }}
-  AUTHENTIK_EMAIL__HOST: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.user }}
-  AUTHENTIK_EMAIL__USERNAME: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.pass }}
-  AUTHENTIK_EMAIL__PASSWORD: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.from }}
-  AUTHENTIK_EMAIL__FROM: {{ . | b64enc }}
-  {{- end }}
+authentik-secret:
+  enabled: true
+  data:
+    {{/* Secret Key */}}
+    {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }}
+    AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" | b64dec }}
+    {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" | b64dec }}
+    {{- else }}
+    AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 }}
+    {{- end }}
+    AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }}
+    {{/* Dependencies */}}
+    AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+    AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" }}
+    {{/* Credentials */}}
+    {{- with .Values.authentik.credentials.password }}
+    AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . }}
+    {{- end }}
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.host }}
+    AUTHENTIK_EMAIL__HOST: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.user }}
+    AUTHENTIK_EMAIL__USERNAME: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.pass }}
+    AUTHENTIK_EMAIL__PASSWORD: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.from }}
+    AUTHENTIK_EMAIL__FROM: {{ . }}
+    {{- end }}
 
 {{- if .Values.geoip.enabled }}
----
-{{/* This secrets are loaded on geoip container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $geoipSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Credentials */}}
-  {{- with .Values.geoip.account_id }}
-  GEOIPUPDATE_ACCOUNT_ID: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.geoip.license_key }}
-  GEOIPUPDATE_LICENSE_KEY: {{ . | b64enc }}
-  {{- end }}
-  {{/* Proxy */}}
-  {{- with .Values.geoip.proxy }}
-  GEOIPUPDATE_PROXY: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.geoip.proxy_user_pass }}
-  GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . | b64enc }}
-  {{- end }}
-{{- end }}
----
-{{/* This secrets are loaded on ldap container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $ldapSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.outposts.ldap.token }}
-  AUTHENTIK_TOKEN: {{ . | b64enc }}
-  {{- else }}
-  AUTHENTIK_TOKEN: {{ $token }}
+geoip-secret:
+  enabled: true
+  data:
+    {{/* Credentials */}}
+    {{- with .Values.geoip.account_id }}
+    GEOIPUPDATE_ACCOUNT_ID: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.license_key }}
+    GEOIPUPDATE_LICENSE_KEY: {{ . }}
+    {{- end }}
+    {{/* Proxy */}}
+    {{- with .Values.geoip.proxy }}
+    GEOIPUPDATE_PROXY: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.proxy_user_pass }}
+    GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . }}
+    {{- end }}
   {{- end }}
 
----
-{{/* This secrets are loaded on ldap container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $proxySecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.outposts.proxy.token }}
-  AUTHENTIK_TOKEN: {{ . | b64enc }}
-  {{- else }}
-  AUTHENTIK_TOKEN: {{ $token }}
-  {{- end }}
+ldap-secret:
+  enabled: true
+  data:
+    {{- with .Values.outposts.ldap.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
+
+proxy-secret:
+  enabled: true
+  data:
+    {{- with .Values.outposts.proxy.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
 {{- end }}

charts/stable/authentik/templates/_worker.tpl

@@ -10,9 +10,9 @@ securityContext:
 args: ["worker"]
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config'
 volumeMounts:
   - name: media
     mountPath: "/media"

charts/stable/authentik/templates/common.yaml

@@ -1,30 +1,28 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
-{{/* Render secret */}}
-{{- include "authentik.secret" . }}
-
-{{/* Render config */}}
-{{- include "authentik.config" . }}
-
-{{- if hasKey .Values "metrics" -}}
-{{- if .Values.metrics.enabled -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.metrics.ports.metrics.targetPort | default 9301 | quote) -}}
+{{/* Render configmap for authentik */}}
+{{- $configmap := include "authentik.config" . | fromYaml -}}
+{{- if $configmap -}}
+  {{- $_ := mustMergeOverwrite .Values.configmap $configmap -}}
 {{- end -}}
+
+{{/* Render secret for authentik */}}
+{{- $secret := include "authentik.secret" . | fromYaml -}}
+{{- if $secret -}}
+  {{- $_ := mustMergeOverwrite .Values.secret $secret -}}
 {{- end -}}
 
 {{- if .Values.workerContainer.enabled -}}
-{{- $_ := set .Values.additionalContainers "worker" (include "authentik.worker" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "worker" (include "authentik.worker" . | fromYaml) -}}
 {{- end -}}
 
 {{- if .Values.geoip.enabled -}}
-{{- $_ := set .Values.additionalContainers "geoip" (include "authentik.geoip" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "geoip" (include "authentik.geoip" . | fromYaml) -}}
 {{- end -}}
 
 {{- if .Values.outposts.ldap.enabled -}}
-{{- $_ := set .Values.additionalContainers "ldap-outpost" (include "authentik.ldap" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "ldap-outpost" (include "authentik.ldap" . | fromYaml) -}}
 {{/* - if .Values.metrics.enabled - */}}
 {{/* https://github.com/prometheus/prometheus/issues/3756 */}}
 {{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
@@ -33,7 +31,7 @@
 {{- end -}}
 
 {{- if .Values.outposts.proxy.enabled -}}
-{{- $_ := set .Values.additionalContainers "proxy-outpost" (include "authentik.proxy" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "proxy-outpost" (include "authentik.proxy" . | fromYaml) -}}
 {{/* - if .Values.metrics.enabled - */}}
 {{/* https://github.com/prometheus/prometheus/issues/3756 */}}
 {{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
@@ -42,4 +40,4 @@
 {{- end -}}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/stable/authentik/templates/prometheusrules.yaml

@@ -1,160 +0,0 @@
-{{- if hasKey .Values "metrics" }}
-{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.prometheusRule.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-    - name: {{ include "tc.common.names.fullname" . }}
-      rules:
-        {{- with .Values.metrics.prometheusRule.rules }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    {{- if .Values.metrics.prometheusRule.useDefault }}
-    - name: authentik Aggregate request counters
-      rules:
-        - record: job:django_http_requests_before_middlewares_total:sum_rate30s
-          expr: sum(rate(django_http_requests_before_middlewares_total[30s])) by (job)
-        - record: job:django_http_requests_unknown_latency_total:sum_rate30s
-          expr: sum(rate(django_http_requests_unknown_latency_total[30s])) by (job)
-        - record: job:django_http_ajax_requests_total:sum_rate30s
-          expr: sum(rate(django_http_ajax_requests_total[30s])) by (job)
-        - record: job:django_http_responses_before_middlewares_total:sum_rate30s
-          expr: sum(rate(django_http_responses_before_middlewares_total[30s])) by (job)
-        - record: job:django_http_requests_unknown_latency_including_middlewares_total:sum_rate30s
-          expr: sum(rate(django_http_requests_unknown_latency_including_middlewares_total[30s])) by (job)
-        - record: job:django_http_requests_body_total_bytes:sum_rate30s
-          expr: sum(rate(django_http_requests_body_total_bytes[30s])) by (job)
-        - record: job:django_http_responses_streaming_total:sum_rate30s
-          expr: sum(rate(django_http_responses_streaming_total[30s])) by (job)
-        - record: job:django_http_responses_body_total_bytes:sum_rate30s
-          expr: sum(rate(django_http_responses_body_total_bytes[30s])) by (job)
-        - record: job:django_http_requests_total:sum_rate30s
-          expr: sum(rate(django_http_requests_total_by_method[30s])) by (job)
-        - record: job:django_http_requests_total_by_method:sum_rate30s
-          expr: sum(rate(django_http_requests_total_by_method[30s])) by (job,method)
-        - record: job:django_http_requests_total_by_transport:sum_rate30s
-          expr: sum(rate(django_http_requests_total_by_transport[30s])) by (job,transport)
-        - record: job:django_http_requests_total_by_view:sum_rate30s
-          expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view)
-        - record: job:django_http_requests_total_by_view_transport_method:sum_rate30s
-          expr: sum(rate(django_http_requests_total_by_view_transport_method[30s])) by (job,view,transport,method)
-        - record: job:django_http_responses_total_by_templatename:sum_rate30s
-          expr: sum(rate(django_http_responses_total_by_templatename[30s])) by (job,templatename)
-        - record: job:django_http_responses_total_by_status:sum_rate30s
-          expr: sum(rate(django_http_responses_total_by_status[30s])) by (job,status)
-        - record: job:django_http_responses_total_by_status_name_method:sum_rate30s
-          expr: sum(rate(django_http_responses_total_by_status_name_method[30s])) by (job,status,name,method)
-        - record: job:django_http_responses_total_by_charset:sum_rate30s
-          expr: sum(rate(django_http_responses_total_by_charset[30s])) by (job,charset)
-        - record: job:django_http_exceptions_total_by_type:sum_rate30s
-          expr: sum(rate(django_http_exceptions_total_by_type[30s])) by (job,type)
-        - record: job:django_http_exceptions_total_by_view:sum_rate30s
-          expr: sum(rate(django_http_exceptions_total_by_view[30s])) by (job,view)
-    - name: authentik Aggregate latency histograms
-      rules:
-        - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
-          expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "50"
-        - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
-          expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "95"
-        - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
-          expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "99"
-        - record: job:django_http_requests_latency_including_middlewares_seconds:quantile_rate30s
-          expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_including_middlewares_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "99.9"
-        - record: job:django_http_requests_latency_seconds:quantile_rate30s
-          expr: histogram_quantile(0.50, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "50"
-        - record: job:django_http_requests_latency_seconds:quantile_rate30s
-          expr: histogram_quantile(0.95, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "95"
-        - record: job:django_http_requests_latency_seconds:quantile_rate30s
-          expr: histogram_quantile(0.99, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "99"
-        - record: job:django_http_requests_latency_seconds:quantile_rate30s
-          expr: histogram_quantile(0.999, sum(rate(django_http_requests_latency_seconds_bucket[30s])) by (job, le))
-          labels:
-            quantile: "99.9"
-    - name: authentik Aggregate model operations
-      rules:
-        - record: job:django_model_inserts_total:sum_rate1m
-          expr: sum(rate(django_model_inserts_total[1m])) by (job, model)
-        - record: job:django_model_updates_total:sum_rate1m
-          expr: sum(rate(django_model_updates_total[1m])) by (job, model)
-        - record: job:django_model_deletes_total:sum_rate1m
-          expr: sum(rate(django_model_deletes_total[1m])) by (job, model)
-    - name: authentik Aggregate database operations
-      rules:
-        - record: job:django_db_new_connections_total:sum_rate30s
-          expr: sum(rate(django_db_new_connections_total[30s])) by (alias, vendor)
-        - record: job:django_db_new_connection_errors_total:sum_rate30s
-          expr: sum(rate(django_db_new_connection_errors_total[30s])) by (alias, vendor)
-        - record: job:django_db_execute_total:sum_rate30s
-          expr: sum(rate(django_db_execute_total[30s])) by (alias, vendor)
-        - record: job:django_db_execute_many_total:sum_rate30s
-          expr: sum(rate(django_db_execute_many_total[30s])) by (alias, vendor)
-        - record: job:django_db_errors_total:sum_rate30s
-          expr: sum(rate(django_db_errors_total[30s])) by (alias, vendor, type)
-    - name: authentik Aggregate migrations
-      rules:
-        - record: job:django_migrations_applied_total:max
-          expr: max(django_migrations_applied_total) by (job, connection)
-        - record: job:django_migrations_unapplied_total:max
-          expr: max(django_migrations_unapplied_total) by (job, connection)
-    - name: authentik Alerts
-      rules:
-        - alert: NoWorkersConnected
-          expr: max without (pid) (authentik_admin_workers) < 1
-          annotations:
-            message: |
-              authentik instance {{ printf "{{ $labels.instance }}" }}'s worker are either not running or not connected.
-            summary: No workers connected
-          for: 10m
-          labels:
-            severity: critical
-        - alert: PendingMigrations
-          expr: max without (pid) (django_migrations_unapplied_total) > 0
-          annotations:
-            message: |
-              authentik instance {{ printf "{{ $labels.instance }}" }} has pending database migrations
-            summary: Pending database migrations
-          for: 10m
-          labels:
-            severity: critical
-        - alert: FailedSystemTasks
-          expr: sum(increase(authentik_system_tasks{status="TaskResultStatus.ERROR"}[2h])) > 0
-          annotations:
-            message: |
-              System task {{ printf "{{ $labels.task_name }}" }} has failed
-            summary: Failed system tasks
-          for: 2h
-          labels:
-            severity: critical
-        - alert: DisconnectedOutposts
-          expr: sum by (outpost) (max without (pid) (authentik_outposts_connected{uid!~"specific.*"}))  < 1
-          annotations:
-            message: |
-              Outpost {{ printf "{{ $labels.outpost }}" }} has at least 1 disconnected instance
-            summary: Disconnected outpost
-          for: 30m
-          labels:
-            severity: critical
-    {{- end }}
-{{- end }}
-{{- end }}

charts/stable/authentik/templates/servicemonitor.yaml

@@ -1,44 +0,0 @@
-{{- if hasKey .Values "metrics" }}
-{{- if .Values.metrics.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ include "tc.common.names.fullname" . }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-    {{- with .Values.metrics.serviceMonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
-  endpoints:
-    - port: metrics
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-
-    - port: ldapmetrics
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-
-    - port: proxymetrics
-      {{- with .Values.metrics.serviceMonitor.interval }}
-      interval: {{ . }}
-      {{- end }}
-      {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
-      scrapeTimeout: {{ . }}
-      {{- end }}
-      path: /metrics
-{{- end }}
-{{- end }}

charts/stable/authentik/values.yaml

@@ -2,34 +2,20 @@ image:
   repository: tccr.io/truecharts/authentik
   tag: 2023.2.2@sha256:c58f1206dbf3ab2f0f7479707967c8a41b126712be748d0f29ade9743bd35797
   pullPolicy: IfNotPresent
-
 geoipImage:
   repository: tccr.io/truecharts/geoipupdate
   tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce
   pullPolicy: IfNotPresent
-
 ldapImage:
   repository: tccr.io/truecharts/authentik-ldap
   tag: 2023.2.2@sha256:1d22f1280e38534e3088c1665db719e287d868bb6d5e010351ddfa7c46b6ff14
   pullPolicy: IfNotPresent
-
 proxyImage:
   repository: tccr.io/truecharts/authentik-proxy
   tag: 2023.2.2@sha256:364fb27d6f011735aac844c797a0c5a122288de9dd69b1be96b9ab2db234affa
   pullPolicy: IfNotPresent
-
-args: ["server"]
-
-podSecurityContext:
-  runAsUser: 1000
-  runAsGroup: 1000
-
-securityContext:
-  readOnlyRootFilesystem: false
-
 workerContainer:
   enabled: true
-
 authentik:
   credentials:
     password: "supersecret"
@@ -73,7 +59,6 @@ geoip:
   host_server: "updates.maxmind.com"
   preserve_file_times: false
   verbose: false
-
 outposts:
   ldap:
     # -- First you have to create an Outpost in the GUI. Applications > Outposts
@@ -97,62 +82,25 @@ outposts:
     # host: ""
     # -- Token is only needed if you accidentally deleted the token within the UI
     # token: ""
-
 metrics:
-  # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
-  # @default -- See values.yaml
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    labels: {}
-  # -- Enable and configure Prometheus Rules for the chart under this key.
-  # @default -- See values.yaml
-  prometheusRule:
-    enabled: false
-    useDefault: true
-    labels: {}
-    # -- Configure additional rules for the chart under this key.
-    # @default -- See prometheusrules.yaml
-    rules:
-      []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
-
-envFrom:
-  - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-secret'
-  - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-config'
-  - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-server-config'
-
-probes:
-  liveness:
-    type: HTTPS
-    path: /-/health/live/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
-  readiness:
-    type: HTTPS
-    path: /-/health/ready/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
-  startup:
-    type: HTTPS
-    path: /-/health/ready/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
+  main:
+    enabled: true
+    type: "servicemonitor"
+    endpoints:
+      - port: metrics
+        path: /metrics
+      - port: ldapmetrics
+        path: /metrics
+      - port: proxymetrics
+        path: /metrics
+    prometheusRule:
+      enabled: false
 
 service:
   main:
     ports:
       main:
-        protocol: HTTPS
+        protocol: https
         port: 10229
         targetPort: 9443
   http:
@@ -161,7 +109,7 @@ service:
     ports:
       http:
         enabled: true
-        protocol: HTTP
+        protocol: http
         port: 10230
         targetPort: 9000
   # LDAP Outpost Services
@@ -186,7 +134,7 @@ service:
       proxyhttps:
         enabled: true
         port: 10233
-        protocol: HTTPS
+        protocol: https
         targetPort: 9444
   proxyhttp:
     enabled: true
@@ -195,7 +143,7 @@ service:
       proxyhttp:
         enabled: true
         port: 10234
-        protocol: HTTP
+        protocol: http
         targetPort: 9001
   # Metrics Services
   metrics:
@@ -204,7 +152,7 @@ service:
     ports:
       metrics:
         enabled: true
-        protocol: HTTP
+        protocol: http
         port: 10231
         targetPort: 9301
   ldapmetrics:
@@ -214,7 +162,7 @@ service:
       ldapmetrics:
         enabled: true
         port: 10232
-        protocol: HTTP
+        protocol: http
         targetPort: 9302
   proxymetrics:
     enabled: true
@@ -223,13 +171,11 @@ service:
       proxymetrics:
         enabled: true
         port: 10235
-        protocol: HTTP
+        protocol: http
         targetPort: 9303
-
 ingress:
   proxyhttps:
     autoLink: true
-
 persistence:
   media:
     enabled: true
@@ -243,16 +189,46 @@ persistence:
   geoip:
     enabled: true
     mountPath: "/geoip"
+cnpg:
+  main:
+    enabled: true
 
-postgresql:
-  enabled: true
-  existingSecret: "dbcreds"
-  postgresqlUsername: authentik
-  postgresqlDatabase: authentik
-
+    user: authentik
+    database: authentik
 redis:
   enabled: true
   existingSecret: "rediscreds"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsUser: 1000
+    runAsGroup: 1000
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: HTTPS
+              path: /-/health/live/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            readiness:
+              type: HTTPS
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            startup:
+              type: HTTPS
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+          envFrom:
+            - secretRef:
+                name: "authentik-secret"
+            - configMapRef:
+                name: "authentik-config"
+            - configMapRef:
+                name: "authentik-server-config"
+          args: ["server"]

charts/stable/autobrr/Chart.yaml

@@ -18,7 +18,7 @@ sources:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 maintainers:
   - email: info@truecharts.org
     name: TrueCharts
@@ -27,4 +27,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/autobrr/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/autobrr/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/autobrr/values.yaml

@@ -2,51 +2,54 @@ image:
   repository: tccr.io/truecharts/autobrr
   pullPolicy: IfNotPresent
   tag: 1.18.0@sha256:dc1ae14e3584cd6ddc7d4e5962c12974ca31cfe943508677670b9aef09770e5c
-
 service:
   main:
     ports:
       main:
-        protocol: HTTP
+        protocol: http
         port: 7474
         targetPort: 7474
-
-probes:
-  liveness:
-    enabled: true
-    custom: true
-    spec:
-      exec:
-        command:
-          - /bin/sh
-          - -c
-          - curl --fail localhost:7474/
-      failureThreshold: 5
-      initialDelaySeconds: 60
-      periodSeconds: 10
-      successThreshold: 1
-      timeoutSeconds: 10
-  readiness:
-    enabled: true
-    custom: true
-    spec:
-      exec:
-        command:
-          - /bin/sh
-          - -c
-          - curl --fail localhost:7474/
-      failureThreshold: 5
-      initialDelaySeconds: 60
-      periodSeconds: 10
-      successThreshold: 1
-      timeoutSeconds: 10
-  startup:
-    enabled: false
-
 persistence:
   config:
     enabled: true
     mountPath: "/config"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - /bin/sh
+                    - -c
+                    - curl --fail localhost:7474/
+                failureThreshold: 5
+                initialDelaySeconds: 60
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 10
+            readiness:
+              enabled: true
+              custom: true
+              spec:
+                exec:
+                  command:
+                    - /bin/sh
+                    - -c
+                    - curl --fail localhost:7474/
+                failureThreshold: 5
+                initialDelaySeconds: 60
+                periodSeconds: 10
+                successThreshold: 1
+                timeoutSeconds: 10
+            startup:
+              enabled: false

charts/stable/automatic-music-downloader/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: A Lidarr companion script to automatically download music for Lidarr.
 home: https://truecharts.org/charts/stable/automatic-music-downloader
@@ -29,4 +29,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/automatic-music-downloader/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/automatic-music-downloader/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/automatic-music-downloader/values.yaml

@@ -2,59 +2,12 @@ image:
   repository: tccr.io/truecharts/automatic-music-downloader
   pullPolicy: IfNotPresent
   tag: latest@sha256:541eff647695209e9071e9483f434420e2d333068865e75e9db40b045e1a8358
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-env:
-  AUTOSTART: true
-  SCRIPTINTERVAL: "1h"
-  DOWNLOADMODE: "wanted"
-  FALLBACKSEARCH: true
-  LIST: "both"
-  SearchType: "both"
-  Concurrency: 1
-  EMBEDDED_COVER_QUALITY: 80
-  FORMAT: "FLAC"
-  BITRATE: 320
-  ENABLEPOSTPROCESSING: true
-  FORCECONVERT: true
-  requirequality: true
-  MatchDistance: 10
-  replaygain: true
-  FolderPermissions: 766
-  FilePermissions: 666
-  MBRAINZMIRROR: "https://musicbrainz.org"
-  LidarrUrl: "http://x.x.x.x:8686"
-  LidarrAPIkey: "LIDARRAPI"
-  ARL_TOKEN: "ARLTOKEN"
-  NOTIFYPLEX: false
-  PLEXLIBRARYNAME: "Music"
-  PLEXURL: "http://x.x.x.x:32400"
-  PLEXTOKEN: "plextoken"
-  ALBUM_TYPE_FILTER: "COMPILE"
-  POSTPROCESSTHREADS: 1
-
 service:
   main:
     enabled: false
     ports:
       main:
         enabled: false
-
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false
-
 persistence:
   config:
     enabled: true
@@ -62,6 +15,52 @@ persistence:
   data:
     enabled: true
     mountPath: "/downloads-amd"
-
 portal:
-  enabled: false
+  open:
+    enabled: false
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
+        env:
+          AUTOSTART: true
+          SCRIPTINTERVAL: "1h"
+          DOWNLOADMODE: "wanted"
+          FALLBACKSEARCH: true
+          LIST: "both"
+          SearchType: "both"
+          Concurrency: 1
+          EMBEDDED_COVER_QUALITY: 80
+          FORMAT: "FLAC"
+          BITRATE: 320
+          ENABLEPOSTPROCESSING: true
+          FORCECONVERT: true
+          requirequality: true
+          MatchDistance: 10
+          replaygain: true
+          FolderPermissions: 766
+          FilePermissions: 666
+          MBRAINZMIRROR: "https://musicbrainz.org"
+          LidarrUrl: "http://x.x.x.x:8686"
+          LidarrAPIkey: "LIDARRAPI"
+          ARL_TOKEN: "ARLTOKEN"
+          NOTIFYPLEX: false
+          PLEXLIBRARYNAME: "Music"
+          PLEXURL: "http://x.x.x.x:32400"
+          PLEXTOKEN: "plextoken"
+          ALBUM_TYPE_FILTER: "COMPILE"
+          POSTPROCESSTHREADS: 1

charts/stable/autoscan/Chart.yaml

@@ -17,7 +17,7 @@ sources:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 maintainers:
   - email: info@truecharts.org
     name: TrueCharts
@@ -26,4 +26,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/autoscan/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/autoscan/templates/common.yaml

@@ -1,2 +1,2 @@
 {{/* Render the templates */}}
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/autoscan/values.yaml

@@ -2,38 +2,37 @@ image:
   pullPolicy: IfNotPresent
   repository: tccr.io/truecharts/autoscan
   tag: latest@sha256:ceb9d233765da84b959484fd6dcf05743c4e85f4f78cd4871fc89ece122fc571
-
-podSecurityContext:
-  runAsGroup: 0
-  runAsUser: 0
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-secretEnv:
-  PLEX_LOGIN: ""
-  PLEX_PASSWORD: ""
-
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false
-
 service:
   main:
     ports:
       main:
         port: 3030
         targetPort: 3030
-
 persistence:
   config:
     enabled: true
     mountPath: /config
-
 portal:
-  enabled: false
+  open:
+    enabled: false
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
+        env:
+          PLEX_LOGIN: ""
+          PLEX_PASSWORD: ""

charts/stable/avidemux/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.4.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.2.26
 deprecated: false
 description: Avidemux is a free video editor designed for simple cutting, filtering and encoding tasks.
 home: https://truecharts.org/charts/stable/avidemux
@@ -27,4 +27,3 @@ annotations:
   truecharts.org/catagories: |
     - media
   truecharts.org/SCALE-support: "true"
-  truecharts.org/grade: U

charts/stable/avidemux/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/stable/avidemux/templates/common.yaml

@@ -1 +1 @@
-{{ include "tc.common.loader.all" . }}
+{{ include "tc.v1.common.loader.all" . }}

charts/stable/avidemux/values.yaml

@@ -2,15 +2,6 @@ image:
   repository: tccr.io/truecharts/avidemux
   tag: v1.4.0@sha256:38c59d301698c84ac7c3ca6b40af1ccaf32ad6dc80073413e20ac5f3af739281
   pullPolicy: IfNotPresent
-
-securityContext:
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
 service:
   main:
     ports:
@@ -24,21 +15,12 @@ service:
         enabled: true
         port: 10273
         targetPort: 5900
-
-envFrom:
-  - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-avidemux'
-
-secretEnv:
-  VNC_PASSWORD: ""
-
 avidemux:
   KEEP_APP_RUNNING: false
   DISPLAY_WIDTH: 1280
   DISPLAY_HEIGHT: 768
   SECURE_CONNECTION: false
   ENABLE_CJK_FONT: false
-
 configmap:
   avidemux:
     enabled: true
@@ -48,7 +30,6 @@ configmap:
       SECURE_CONNECTION: '{{ ternary "1" "0" .Values.avidemux.SECURE_CONNECTION }}'
       DISPLAY_WIDTH: "{{ .Values.avidemux.DISPLAY_WIDTH }}"
       DISPLAY_HEIGHT: "{{ .Values.avidemux.DISPLAY_HEIGHT }}"
-
 persistence:
   config:
     enabled: true
@@ -56,6 +37,22 @@ persistence:
   storage:
     enabled: true
     mountPath: "/storage"
-
 portal:
-  enabled: true
+  open:
+    enabled: true
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+workload:
+  main:
+    podSpec:
+      containers:
+        env:
+          VNC_PASSWORD: ""
+        main:
+          envFrom:
+            - configMapRef:
+                name: "avidemux"