move wip to dev train

**Description**
<!--
Please include a summary of the change and which issue is fixed. Please
also include relevant motivation and context. List any dependencies that
are required for this change.
-->
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

**➕ App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._

---------

Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>

.github/CODEOWNERS

@@ -5,5 +5,5 @@
 /charts/dependency/     @truecharts/enterprise-maintainers @ornias1993
 /charts/enterprise/     @truecharts/enterprise-maintainers @ornias1993
 /charts/dev/            @ornias1993
-/.github/               @truecharts/ci-maintainers @ornias1993 
+/.github/               @truecharts/ci-maintainers @ornias1993
 docs/                   @truecharts/docs-maintainers @ornias1993

.github/SUPPORT.md

@@ -12,7 +12,7 @@ We also document which versions of TrueNAS will receive TrueCharts updates and f
 
 | TrueNAS version  | Branch   | Supported with updates | Accepting Support tickets | Accepting Bug Reports | Notes                                                                                                          |
 | ---------------- | -------- | ---------------------- | ------------------------- | --------------------- | -------------------------------------------------------------------------------------------------------------- | --- |
-| 22.02.4 or prior | `master` | :x:     | :x:                       | :x:                   | Advised to update to 22.12.1 release of [TrueNAS SCALE](https://www.truenas.com/docs/scale/scalereleasenotes/) |     |
+| 22.02.4 or prior | `master` | :x:                    | :x:                       | :x:                   | Advised to update to 22.12.1 release of [TrueNAS SCALE](https://www.truenas.com/docs/scale/scalereleasenotes/) |     |
 | 22.12.1          | `master` | :white_check_mark:     | :white_check_mark:        | :white_check_mark:    | Most Stable Release as of 2023-02-21                                                                           |
 | Nightly          | `master` | :white_check_mark:     | :x:                       | :white_check_mark:    | Please only submit bug reports during codefreeze                                                               |
 

.github/lintconf.yaml

@@ -0,0 +1,46 @@
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 2
+  document-end: disable
+  # No --- to start a file
+  document-start: disable
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    # - list indentation will handle both indentation and without
+    indent-sequences: whatever
+    check-multi-line-strings: false
+  key-duplicates:
+    enable
+    # Lines can be any length
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.github/workflows/catalog-test.yaml

@@ -36,9 +36,9 @@ jobs:
         run: |
           tools/build-release.sh
 
-      - uses: vishnudxb/cancel-workflow@c3c77eb4383ba7d023e6614a07d94fe990501ac6 # tag=v1.2
-        if: failure()
-        with:
-          repo: truecharts/charts
-          workflow_id: ${{ github.run_id }}
-          access_token: ${{ github.token }}
+      # - uses: vishnudxb/cancel-workflow@c3c77eb4383ba7d023e6614a07d94fe990501ac6 # tag=v1.2
+      #   if: failure()
+      #   with:
+      #     repo: truecharts/charts
+      #     workflow_id: ${{ github.run_id }}
+      #     access_token: ${{ github.token }}

.github/workflows/charts-release.yaml

@@ -11,7 +11,6 @@ on:
       - "charts/**"
 
 jobs:
-
   release-helm:
     runs-on: ubuntu-latest
     container:
@@ -22,7 +21,7 @@ jobs:
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1
-          
+
       - name: Checkout Helm-Staging
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
         with:
@@ -30,7 +29,7 @@ jobs:
           repository: truecharts/helm-staging
           token: ${{ secrets.BOT_TOKEN }}
           path: helm
-          
+
       - name: Fix Pre-Commit issues
         shell: bash
         run: |
@@ -38,7 +37,7 @@ jobs:
           pre-commit run --all ||:
           # Fix sh files to always be executable
           find . -name '*.sh' | xargs chmod +x
-          
+
       - name: Commit Helm Changes
         run: |
           rm -rf helm/charts
@@ -223,7 +222,6 @@ jobs:
           git add --all
           git commit -sm "Commit released docs for TrueCharts" || exit 0
           git push
-        
 
       - name: Checkout Catalog
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3

.github/workflows/charts-test.yaml

@@ -28,23 +28,6 @@ jobs:
             helmv3
           helm: "3.8.0"
 
-      - name: Install Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: 2.7
-
-      - name: Install dependencies
-        env:
-          RUBYJQ_USE_SYSTEM_LIBRARIES: 1
-        run: |
-          sudo apt-get update
-          sudo apt-get install libjq-dev
-          bundle install
-
-      - name: Run tests
-        run: |
-          bundle exec m -r ./test/
-
   generate-install-matrix:
     name: Generate matrix for install
     runs-on: ubuntu-latest

.pre-commit-config.yaml

@@ -8,23 +8,33 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.0.1
     hooks:
-      - id: trailing-whitespace # trims trailing whitespace.
-      - id: end-of-file-fixer # ensures that a file is either empty, or ends with one newline.
+      # trims trailing whitespace.
+      - id: trailing-whitespace
+      # ensures that a file is either empty, or ends with one newline.
+      - id: end-of-file-fixer
       - id: fix-byte-order-marker
-      - id: mixed-line-ending # replaces or checks mixed line ending.
-      - id: check-merge-conflict # checks for files that contain merge conflict strings.
-      - id: check-case-conflict # checks for files that would conflict in case-insensitive filesystems.
-      - id: check-executables-have-shebangs # ensures that (non-binary) executables have a shebang.
-      - id: check-shebang-scripts-are-executable # ensures that (non-binary) files with a shebang are executable.
+      # replaces or checks mixed line ending.
+      - id: mixed-line-ending
+      # checks for files that contain merge conflict strings.
+      - id: check-merge-conflict
+      # checks for files that would conflict in case-insensitive filesystems.
+      - id: check-case-conflict
+      # ensures that (non-binary) executables have a shebang.
+      - id: check-executables-have-shebangs
+      # ensures that (non-binary) files with a shebang are executable.
+      - id: check-shebang-scripts-are-executable
       - id: check-docstring-first
       - id: check-symlinks
       - id: destroyed-symlinks
-      - id: fix-byte-order-marker # removes utf-8 byte order marker.
-      - id: requirements-txt-fixer # sorts entries in requirements.txt.
-      - id: check-added-large-files # prevents giant files from being committed.
-      - id: check-yaml # checks yaml files for parseable syntax.
+      # removes utf-8 byte order marker.
+      - id: fix-byte-order-marker
+      # sorts entries in requirements.txt.
+      - id: requirements-txt-fixer
+      # checks yaml files for parseable syntax.
+      - id: check-yaml
         exclude: (templates\/.*|crds\/.*|questions.yaml|chart_schema.yaml)
-      - id: detect-private-key # detects the presence of private keys.
+        # detects the presence of private keys.
+      - id: detect-private-key
 
   - repo: https://github.com/pre-commit/pygrep-hooks
     rev: v1.9.0
@@ -38,3 +48,13 @@ repos:
       - id: prettier
         exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json)
         files: \.(js|ts|jsx|tsx|css|less|html|json|markdown|md|yaml|yml)$
+
+  # Update the rev variable with the release version that you want, from the yamllint repo
+  # You can pass your custom .yamllint with args attribute.
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        exclude: (templates\/.*|crds\/.*|README.md|CHANGELOG.md|questions.yaml|devcontainer.json|chart_schema.yaml)
+        files: \.(yaml|yml)$
+        args: [-c=.github/lintconf.yaml]

charts/dev/airsonic-advanced/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+appVersion: "11.0.0"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+
+description: Airsonic is a Free and Open Source community driven media server
+home: https://truecharts.org/charts/stable/airsonic-advanced
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic-advanced.png
+keywords:
+  - airsonic
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: airsonic-advanced
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/airsonic-advanced
+  - https://github.com/airsonic/airsonic-advanced
+version: 9.0.0
+annotations:
+  truecharts.org/catagories: |
+    - media
+  truecharts.org/SCALE-support: "true"

charts/dev/airsonic-advanced/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/dev/airsonic-advanced/values.yaml

@@ -0,0 +1,76 @@
+image:
+  repository: tccr.io/truecharts/airsonic-advanced
+  tag: v11.0.0@sha256:b6a1b30ecc3e16c39ca56392cd13d55af80235b57ec2d27c2e5f1a21fec34bd9
+  pullPolicy: IfNotPresent
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: true
+    runAsUser: 568
+    runAsGroup: 568
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: http
+              path: /
+            readiness:
+              type: http
+              path: /
+            startup:
+              type: http
+              path: /
+          env:
+            AIRSONIC_DIR: "/"
+            # -- For passing additional java options. For some reverse proxies, you may need to pass `JAVA_OPTS=-Dserver.use-forward-headers=true` for airsonic to generate the proper URL schemes.
+
+            JAVA_OPTS:
+            CONTEXT_PATH: "/"
+            spring_liquibase_parameters_userTableQuote: '"'
+            spring_datasource_username: "{{ .Values.cnpg.main.user }}"
+            spring_datasource_url:
+              secretKeyRef:
+                name: cnpg-main-urls
+                key: jdbc
+            spring_datasource_password:
+              secretKeyRef:
+                name: cnpg-main-user
+                key: password
+
+service:
+  main:
+    ports:
+      main:
+        port: 10122
+        protocol: http
+        targetPort: 4040
+
+# Enabled postgres
+cnpg:
+  main:
+    enabled: true
+    user: airsonic-advanced
+    database: airsonic-advanced
+
+persistence:
+  config:
+    enabled: true
+    mountPath: /airsonic
+  music:
+    enabled: true
+    mountPath: /music
+  podcasts:
+    enabled: true
+    mountPath: /podcasts
+  playlists:
+    enabled: true
+    mountPath: /playlists
+
+portal:
+  open:
+    enabled: true

charts/dev/anonaddy/Chart.yaml

@@ -0,0 +1,33 @@
+apiVersion: v2
+appVersion: "0.13.13"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+  - condition: mariadb.enabled
+    name: mariadb
+    repository: https://deps.truecharts.org/
+    version: 7.0.0
+  - condition: redis.enabled
+    name: redis
+    repository: https://deps.truecharts.org
+    version: 6.0.18
+description: "Protect your email from spam using disposable addresses."
+home: https://truecharts.org/charts/stable/anonaddy
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/anonaddy.png
+keywords:
+  - anonaddy
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: anonaddy
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/anonaddy
+  - https://github.com/anonaddy/docker
+version: 13.0.0
+annotations:
+  truecharts.org/catagories: |
+    - email
+  truecharts.org/SCALE-support: "true"

charts/dev/anonaddy/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/anonaddy/templates/_appkey.tpl

@@ -0,0 +1,21 @@
+{{/*
+This template generates a random password and ensures it persists across updates/edits to the chart
+*/}}
+{{- define "anonaddy.appkey" -}}
+enabled: true
+{{- $keyprevious := lookup "v1" "Secret" .Release.Namespace "appkey" }}
+{{- $appkey := "" }}
+{{- $secret := "" }}
+data:
+{{- if $keyprevious }}
+  {{- $appkey = ( index $keyprevious.data "appkey" ) }}
+  {{- $secret = ( index $keyprevious.data "secret" ) }}
+  appkey: {{ ( index $keyprevious.data "appkey" ) }}
+  secret: {{ ( index $keyprevious.data "secret" ) }}
+{{- else }}
+  {{- $appkey = randAlphaNum 32 }}
+  {{- $secret = randAlphaNum 32 }}
+  appkey: {{ $appkey | b64enc }}
+  secret: {{ $secret | b64enc }}
+{{- end }}
+{{- end -}}

charts/dev/anonaddy/templates/common.yaml

@@ -0,0 +1,11 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render appkey for anonaddy */}}
+{{- $secret := include "anonaddy.appkey" . | fromYaml -}}
+{{- if $secret -}}
+  {{- $_ := set .Values.secret "appkey" $secret -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/dev/anonaddy/values.yaml

@@ -0,0 +1,93 @@
+image:
+  repository: tccr.io/truecharts/anonaddy
+  tag: 0.13.13@sha256:495809d341b08ea6d02c7b0b318d48b00b7243392affd0d278ec1aa188a76ccd
+  pullPolicy: IfNotPresent
+
+strategy:
+  type: Recreate
+
+securityContext:
+  container:
+    runAsNonRoot: false
+    readOnlyRootFilesystem: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        port: 10110
+        targetPort: 8000
+  smtp:
+    enabled: true
+    ports:
+      smtp:
+        enabled: true
+        port: 25
+        targetPort: 25
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: http
+              path: /
+            readiness:
+              type: http
+              path: /
+            startup:
+              type: http
+              path: /
+          env:
+            ANONADDY_DOMAIN: "chart-example.local"
+            DB_DATABASE: anonaddy
+            DB_USERNAME: anonaddy
+            DB_HOST:
+              secretKeyRef:
+                expandObjectName: false
+                name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
+                key: plainhost
+            DB_PASSWORD:
+              secretKeyRef:
+                expandObjectName: false
+                name: '{{ printf "%s-%s" .Release.Name "mariadbcreds" }}'
+                key: mariadb-password
+            REDIS_HOST:
+              secretKeyRef:
+                expandObjectName: false
+                name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
+                key: plainhost
+            REDIS_PASSWORD:
+              secretKeyRef:
+                expandObjectName: false
+                name: '{{ printf "%s-%s" .Release.Name "rediscreds" }}'
+                key: redis-password
+            APP_KEY:
+              secretKeyRef:
+                name: appkey
+                key: appkey
+            ANONADDY_SECRET:
+              secretKeyRef:
+                name: appkey
+                key: secret
+
+persistence:
+  config:
+    enabled: true
+    mountPath: /config
+
+portal:
+  open:
+    enabled: true
+
+redis:
+  enabled: true
+
+mariadb:
+  enabled: true
+  mariadbUsername: anonaddy
+  mariadbDatabase: anonaddy

charts/dev/apache-musicindex/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+appVersion: "1.4.1"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+description: Index and stream music using apache-musicindex and m3u playlists
+home: https://truecharts.org/charts/stable/apache-musicindex
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/apache-musicindex.png
+keywords:
+  - apache-musicindex
+  - streaming
+  - m3u
+  - playlist
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: apache-musicindex
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/apache-musicindex
+  - http://hacks.slashdirt.org/sw/musicindex/
+version: 7.0.0
+annotations:
+  truecharts.org/catagories: |
+    - media
+  truecharts.org/SCALE-support: "true"

charts/dev/apache-musicindex/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/apache-musicindex/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/dev/apache-musicindex/values.yaml

@@ -0,0 +1,40 @@
+image:
+  repository: tccr.io/truecharts/apache-musicindex
+  tag: v1.4.1-2@sha256:442d1edfbf89b8a2a42c0d649f53f091c39256c65f922078ad38ff60bdbdadf9
+  pullPolicy: IfNotPresent
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        port: 10006
+        protocol: http
+        targetPort: 80
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: http
+              path: /
+            readiness:
+              type: http
+              path: /
+            startup:
+              type: http
+              path: /
+          env: {}
+
+portal:
+  open:
+    enabled: true

charts/dev/apt-cacher-ng/Chart.yaml

@@ -0,0 +1,32 @@
+apiVersion: v2
+appVersion: "3.7.4"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+deprecated: false
+description: Apt-Cacher NG is a caching proxy, specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those.
+home: https://truecharts.org/charts/stable/apt-cacher-ng
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/apt-cacher-ng.png
+keywords:
+  - apt-cacher-ng
+  - Network-Proxy
+  - Network-Other
+  - Tools-Utilities
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: apt-cacher-ng
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/apt-cacher-ng
+  - https://www.unix-ag.uni-kl.de/~bloch/acng/
+type: application
+version: 4.0.0
+annotations:
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/catagories: |
+    - Network-Proxy
+    - Network-Other
+    - Tools-Utilities

charts/dev/apt-cacher-ng/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/apt-cacher-ng/templates/common.yaml

@@ -0,0 +1,2 @@
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.all" . }}

charts/dev/apt-cacher-ng/values.yaml

@@ -0,0 +1,45 @@
+image:
+  pullPolicy: IfNotPresent
+  repository: tccr.io/truecharts/apt-cacher-ng
+  tag: v3.7.4@sha256:230be67941a442e6a47f4928cf8d7882d645d1c21752155c42e104e10520ace4
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsGroup: 0
+    runAsUser: 0
+
+service:
+  main:
+    ports:
+      main:
+        port: 3142
+        protocol: tcp
+        targetPort: 3142
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: http
+              path: /
+            readiness:
+              type: http
+              path: /
+            startup:
+              type: http
+              path: /
+          env: {}
+
+persistence:
+  apt-cacher-ng:
+    enabled: true
+    mountPath: /var/cache/apt-cacher-ng
+
+portal:
+  open:
+    enabled: true

charts/dev/aria2/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+appVersion: "latest"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+description: aria server for downloading web content
+home: https://truecharts.org/charts/stable/aria2
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/aria2.png
+keywords:
+  - aria2
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: aria2
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/aria2
+  - https://github.com/P3TERX/Aria2-Pro-Docker
+version: 8.0.0
+annotations:
+  truecharts.org/catagories: |
+    - media
+  truecharts.org/SCALE-support: "true"

charts/dev/aria2/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/aria2/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "tc.v1.common.loader.all" . }}

charts/dev/aria2/values.yaml

@@ -0,0 +1,58 @@
+image:
+  repository: tccr.io/truecharts/aria2-pro
+  tag: latest@sha256:08a35fe3204c00dbdc609b1abc8c05c349764c3caecb9dadb970dc470c5b1f41
+  pullPolicy: IfNotPresent
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        port: 6800
+        protocol: http
+  listen:
+    enabled: true
+    ports:
+      listen:
+        enabled: true
+        port: 6888
+        protocol: tcp
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: http
+              path: /
+            readiness:
+              type: http
+              path: /
+            startup:
+              type: http
+              path: /
+          env:
+            RPC_PORT: "{{ .Values.service.main.ports.main.port }}"
+            LISTEN_PORT: "{{ .Values.service.listen.ports.listen.port }}"
+            DISK_CACHE: 64M
+            IPV6_MODE: false
+            UPDATE_TRACKERS: false
+            CUSTOM_TRACKER_URL: "https://trackerslist.com/all_aria2.txt"
+            RPC_SECRET: "ChangemeNow"
+
+persistence:
+  config:
+    enabled: true
+    mountPath: /config
+
+portal:
+  open:
+    enabled: false

charts/dev/audiobookshelf/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+appVersion: "2.2.15"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+description: Audiobookshelf is a self-hosted audiobook server for managing and playing your audiobooks.
+home: https://truecharts.org/charts/stable/audiobookshelf
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/audiobookshelf.png
+keywords:
+  - audiobookshelf
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: audiobookshelf
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/audiobookshelf
+  - https://github.com/advplyr/audiobookshelf
+version: 5.0.0
+annotations:
+  truecharts.org/catagories: |
+    - media
+  truecharts.org/SCALE-support: "true"

charts/dev/audiobookshelf/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/audiobookshelf/templates/_secrets.tpl

@@ -0,0 +1,15 @@
+{{/* Define the secrets */}}
+{{- define "audiobookshelf.secrets" -}}
+{{- $secretName := (printf "%s-audiobookshelf-secrets" (include "tc.v1.common.lib.chart.names.fullname" $)) }}
+{{- $audiobookshelfprevious := lookup "v1" "Secret" .Release.Namespace $secretName }}
+{{- $token_secret := "" }}
+enabled: true
+data:
+  {{- if $audiobookshelfprevious }}
+  TOKEN_SECRET: {{ index $audiobookshelfprevious.data "TOKEN_SECRET" | b64dec }}
+  {{- else }}
+  {{- $token_secret := randAlphaNum 32 }}
+  TOKEN_SECRET: {{ $token_secret  }}
+  {{- end }}
+
+{{- end -}}

charts/dev/audiobookshelf/templates/common.yaml

@@ -0,0 +1,14 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render secrets for audiobookshelf */}}
+{{- $secrets := include "audiobookshelf.secrets" . | fromYaml -}}
+{{- if $secrets -}}
+  {{- $_ := set .Values.secret "secrets" $secrets -}}
+{{- end -}}
+
+{{- $newMiddlewares :=  list "tc-opencors-chain" }}
+{{- $_ := set .Values.ingress.main "fixedMiddlewares" $newMiddlewares -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/dev/audiobookshelf/values.yaml

@@ -0,0 +1,53 @@
+image:
+  repository: tccr.io/truecharts/audiobookshelf
+  tag: 2.2.15@sha256:76c2038e41ff1472530fe280f55d952bb5b67beefa8f93e95a7b2f73d7dc1ccc
+  pullPolicy: IfNotPresent
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
+
+service:
+  main:
+    ports:
+      main:
+        port: 10223
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              path: "/ping"
+            readiness:
+              path: "/ping"
+            startup:
+              path: "/ping"
+          env:
+            AUDIOBOOKSHELF_UID: "{{ .Values.securityContext.container.PUID }}"
+            AUDIOBOOKSHELF_GID: "{{ .Values.securityContext.pod.fsGroup }}"
+            PORT: "{{ .Values.service.main.ports.main.port }}"
+            TOKEN_SECRET:
+              secretKeyRef:
+                name: secrets
+                key: TOKEN_SECRET
+
+persistence:
+  config:
+    enabled: true
+    mountPath: /config
+  audiobooks:
+    enabled: true
+    mountPath: /audiobooks
+  metadata:
+    enabled: true
+    mountPath: /metadata
+
+portal:
+  open:
+    enabled: true

charts/dev/authentik/Chart.yaml

@@ -0,0 +1,31 @@
+apiVersion: v2
+appVersion: "2023.2.2"
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+
+  - condition: redis.enabled
+    name: redis
+    repository: https://deps.truecharts.org
+    version: 6.0.18
+description: authentik is an open-source Identity Provider focused on flexibility and versatility.
+home: https://truecharts.org/charts/stable/authentik
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
+keywords:
+  - authentik
+kubeVersion: ">=1.16.0-0"
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+name: authentik
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/authentik
+  - https://github.com/goauthentik/authentik
+  - https://goauthentik.io/docs/
+version: 11.0.0
+annotations:
+  truecharts.org/catagories: |
+    - authentication
+  truecharts.org/SCALE-support: "true"

charts/dev/authentik/LICENSE

@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             The TrueCharts Project, it's owner and it's contributors
+Licensed Work:        The TrueCharts "Blocky" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+                      as it is directly sourced from a TrueCharts provided
+                      official repository, catalog or source. You may also make private
+                      modification to the directly sourced licenced work,
+                      when used in production.
+
+                      The following cases are, due to their nature, also
+                      defined as 'production use' and explicitly prohibited:
+                      - Bundling, including or displaying the licensed work
+                      with(in) another work intended for production use,
+                      with the apparent intend of facilitating and/or
+                      promoting production use by third parties in
+                      violation of this license.
+
+Change Date:          2050-01-01
+
+Change License:       3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where “compatible” means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.

charts/dev/authentik/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/dev/authentik/templates/_config.tpl

@@ -0,0 +1,103 @@
+{{/* Define the configmap */}}
+{{- define "authentik.config" -}}
+
+{{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }}
+{{- if .Values.ingress.main.enabled }}
+  {{ $first := (first .Values.ingress.main.hosts) }}
+  {{- if $first }}
+    {{ $host = printf "https://%s" $first.host }}
+  {{- end }}
+{{- end }}
+
+authentik-config:
+  enabled: true
+  data:
+    {{/* Dependencies */}}
+    AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }}
+    AUTHENTIK_REDIS__PORT: "6379"
+    AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
+    AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
+    AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
+    AUTHENTIK_POSTGRESQL__PORT: "5432"
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.port }}
+    AUTHENTIK_EMAIL__PORT: {{ . | quote }}
+    {{- end }}
+    AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
+    AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
+    {{- with .Values.authentik.mail.timeout }}
+    AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
+    {{- end }}
+    {{/* Logging */}}
+    {{- with .Values.authentik.logging.log_level }}
+    AUTHENTIK_LOG_LEVEL: {{ . }}
+    {{- end }}
+    {{/* General */}}
+    AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
+    AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
+    {{- with .Values.authentik.general.avatars }}
+    AUTHENTIK_AVATARS: {{ . }}
+    {{- end }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
+    AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
+    AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
+    AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
+    {{- with .Values.authentik.general.footer_links }}
+    AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
+    {{- end }}
+    {{/* Error Reporting */}}
+    AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
+    AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
+    {{- with .Values.authentik.error_reporting.environment }}
+    AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
+    {{- end }}
+    {{/* LDAP */}}
+    {{- with .Values.authentik.ldap.tls_ciphers }}
+    AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
+    {{- end }}
+    {{/* Outposts */}}
+    AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
+
+authentik-server-config:
+  enabled: true
+  data:
+    {{/* Listen */}}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
+
+ldap-config:
+  enabled: true
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
+    AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
+    AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
+
+proxy-config:
+  enabled: true
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
+
+geoip-config:
+  enabled: true
+  data:
+    {{- with .Values.geoip.edition_ids }}
+    GEOIPUPDATE_EDITION_IDS: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
+    {{- with .Values.geoip.host_server }}
+    GEOIPUPDATE_HOST: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
+    GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
+{{- end -}}

charts/dev/authentik/templates/_geoip.tpl

@@ -0,0 +1,19 @@
+{{/* Define the geoip container */}}
+{{- define "authentik.geoip" -}}
+enabled: true
+imageSelector: geoipImage
+envFrom:
+  - secretRef:
+      name: 'geoip-secret'
+  - configMapRef:
+      name: 'geoip-config'
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+{{/* TODO: Add healthchecks */}}
+{{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}}
+{{- end -}}

charts/dev/authentik/templates/_ldap.tpl

@@ -0,0 +1,26 @@
+{{/* Define the ldap container */}}
+{{- define "authentik.ldap" -}}
+enabled: true
+imageSelector: ldapImage
+envFrom:
+  - secretRef:
+      name: 'ldap-secret'
+  - configMapRef:
+      name: 'ldap-config'
+probes:
+  readiness:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
+  liveness:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
+  startup:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
+{{- end -}}

charts/dev/authentik/templates/_proxy.tpl

@@ -0,0 +1,26 @@
+{{/* Define the proxy container */}}
+{{- define "authentik.proxy" -}}
+enabled: true
+imageSelector: proxyImage
+envFrom:
+  - secretRef:
+      name: 'proxy-secret'
+  - configMapRef:
+      name: 'proxy-config'
+probes:
+  readiness:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
+  liveness:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
+  startup:
+    enabled: true
+    type: http
+    path: /outpost.goauthentik.io/ping
+    port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
+{{- end -}}

charts/dev/authentik/templates/_secret.tpl

@@ -0,0 +1,76 @@
+{{/* Define the secret */}}
+{{- define "authentik.secret" -}}
+
+{{- $token := randAlphaNum 128 }}
+{{- $authentikSecretName := (printf "%s-authentik-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) }}
+
+authentik-secret:
+  enabled: true
+  data:
+    {{/* Secret Key */}}
+    {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }}
+    AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" | b64dec }}
+    {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" | b64dec }}
+    {{- else }}
+    AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 }}
+    {{- end }}
+    AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }}
+    {{/* Dependencies */}}
+    AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+    AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" }}
+    {{/* Credentials */}}
+    {{- with .Values.authentik.credentials.password }}
+    AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . }}
+    {{- end }}
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.host }}
+    AUTHENTIK_EMAIL__HOST: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.user }}
+    AUTHENTIK_EMAIL__USERNAME: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.pass }}
+    AUTHENTIK_EMAIL__PASSWORD: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.from }}
+    AUTHENTIK_EMAIL__FROM: {{ . }}
+    {{- end }}
+
+{{- if .Values.geoip.enabled }}
+geoip-secret:
+  enabled: true
+  data:
+    {{/* Credentials */}}
+    {{- with .Values.geoip.account_id }}
+    GEOIPUPDATE_ACCOUNT_ID: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.license_key }}
+    GEOIPUPDATE_LICENSE_KEY: {{ . }}
+    {{- end }}
+    {{/* Proxy */}}
+    {{- with .Values.geoip.proxy }}
+    GEOIPUPDATE_PROXY: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.proxy_user_pass }}
+    GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . }}
+    {{- end }}
+  {{- end }}
+
+ldap-secret:
+  enabled: true
+  data:
+    {{- with .Values.outposts.ldap.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
+
+proxy-secret:
+  enabled: true
+  data:
+    {{- with .Values.outposts.proxy.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
+{{- end }}

charts/dev/authentik/templates/_worker.tpl

@@ -0,0 +1,30 @@
+{{/* Define the worker container */}}
+{{- define "authentik.worker" -}}
+enabled: true
+imageSelector: image
+args: ["worker"]
+envFrom:
+  - secretRef:
+      name: 'authentik-secret'
+  - configMapRef:
+      name: 'authentik-config'
+probes:
+  readiness:
+    enabled: true
+    type: exec
+    command:
+      - /lifecycle/ak
+      - healthcheck
+  liveness:
+    enabled: true
+    type: exec
+    command:
+      - /lifecycle/ak
+      - healthcheck
+  startup:
+    enabled: true
+    type: exec
+    command:
+      - /lifecycle/ak
+      - healthcheck
+{{- end -}}

charts/dev/authentik/templates/common.yaml

@@ -0,0 +1,43 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render configmap for authentik */}}
+{{- $configmap := include "authentik.config" . | fromYaml -}}
+{{- if $configmap -}}
+  {{- $_ := mustMergeOverwrite .Values.configmap $configmap -}}
+{{- end -}}
+
+{{/* Render secret for authentik */}}
+{{- $secret := include "authentik.secret" . | fromYaml -}}
+{{- if $secret -}}
+  {{- $_ := mustMergeOverwrite .Values.secret $secret -}}
+{{- end -}}
+
+{{- if .Values.workerContainer.enabled -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "worker" (include "authentik.worker" . | fromYaml) -}}
+{{- end -}}
+
+{{- if .Values.geoip.enabled -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "geoip" (include "authentik.geoip" . | fromYaml) -}}
+{{- end -}}
+
+{{- if .Values.outposts.ldap.enabled -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "ldap-outpost" (include "authentik.ldap" . | fromYaml) -}}
+{{/* - if .Values.metrics.enabled - */}}
+{{/* https://github.com/prometheus/prometheus/issues/3756 */}}
+{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
+{{/* We can't define multiple ports/endpoints with annotations */}}
+{{/* - end - */}}
+{{- end -}}
+
+{{- if .Values.outposts.proxy.enabled -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "proxy-outpost" (include "authentik.proxy" . | fromYaml) -}}
+{{/* - if .Values.metrics.enabled - */}}
+{{/* https://github.com/prometheus/prometheus/issues/3756 */}}
+{{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
+{{/* We can't define multiple ports/endpoints with annotations */}}
+{{/* - end - */}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/dev/authentik/values.yaml

@@ -0,0 +1,279 @@
+image:
+  repository: tccr.io/truecharts/authentik
+  tag: 2023.2.2@sha256:c58f1206dbf3ab2f0f7479707967c8a41b126712be748d0f29ade9743bd35797
+  pullPolicy: IfNotPresent
+geoipImage:
+  repository: tccr.io/truecharts/geoipupdate
+  tag: v4.9@sha256:ce42b4252c8cd4a9e39275fd7c3312e5df7bda0d7034df565af4362d7e0d26ce
+  pullPolicy: IfNotPresent
+ldapImage:
+  repository: tccr.io/truecharts/authentik-ldap
+  tag: 2023.2.2@sha256:1d22f1280e38534e3088c1665db719e287d868bb6d5e010351ddfa7c46b6ff14
+  pullPolicy: IfNotPresent
+proxyImage:
+  repository: tccr.io/truecharts/authentik-proxy
+  tag: 2023.2.2@sha256:364fb27d6f011735aac844c797a0c5a122288de9dd69b1be96b9ab2db234affa
+  pullPolicy: IfNotPresent
+
+workerContainer:
+  enabled: true
+
+securityContext:
+  container:
+    readOnlyRootFilesystem: false
+    runAsUser: 1000
+    runAsGroup: 1000
+
+service:
+  main:
+    ports:
+      main:
+        protocol: https
+        port: 10229
+        targetPort: 9443
+  http:
+    enabled: true
+    type: ClusterIP
+    ports:
+      http:
+        enabled: true
+        protocol: http
+        port: 10230
+        targetPort: 9000
+  # LDAP Outpost Services
+
+  ldapldaps:
+    enabled: true
+    ports:
+      ldapldaps:
+        enabled: true
+        port: 636
+        targetPort: 6636
+  ldapldap:
+    enabled: true
+    ports:
+      ldapldap:
+        enabled: true
+        port: 389
+        targetPort: 3389
+  # Proxy Outpost Services
+
+  proxyhttps:
+    enabled: true
+    ports:
+      proxyhttps:
+        enabled: true
+        port: 10233
+        protocol: https
+        targetPort: 9444
+  proxyhttp:
+    enabled: true
+    type: ClusterIP
+    ports:
+      proxyhttp:
+        enabled: true
+        port: 10234
+        protocol: http
+        targetPort: 9001
+  # Metrics Services
+
+  metrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      metrics:
+        enabled: true
+        protocol: http
+        port: 10231
+        targetPort: 9301
+  ldapmetrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      ldapmetrics:
+        enabled: true
+        port: 10232
+        protocol: http
+        targetPort: 9302
+  proxymetrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      proxymetrics:
+        enabled: true
+        port: 10235
+        protocol: http
+        targetPort: 9303
+
+authentik:
+  credentials:
+    password: "supersecret"
+  general:
+    disable_update_check: false
+    disable_startup_analytics: true
+    allow_user_name_change: true
+    allow_user_mail_change: true
+    allow_user_username_change: true
+    gdpr_compliance: true
+    impersonation: true
+    avatars: "gravatar,initials"
+    token_length: 128
+    # Use single quotes for footer_links
+
+    footer_links: '[{"name": "Link Name", "href": "https://mylink.com"}]'
+  mail:
+    host: ""
+    port: 25
+    tls: false
+    ssl: false
+    timeout: 10
+    user: ""
+    pass: ""
+    from: ""
+  error_reporting:
+    enabled: false
+    send_pii: false
+    environment: "customer"
+  logging:
+    log_level: "info"
+  ldap:
+    tls_ciphers: "null"
+
+geoip:
+  enabled: false
+  account_id: ""
+  license_key: ""
+  proxy: ""
+  proxy_user_pass: ""
+  edition_ids: "GeoLite2-City"
+  frequency: 8
+  host_server: "updates.maxmind.com"
+  preserve_file_times: false
+  verbose: false
+
+outposts:
+  ldap:
+    # -- First you have to create an Outpost in the GUI. Applications > Outposts
+    enabled: false
+    # -- Host Browser by default is set to the first ingress host you set
+  # host_browser: ""
+
+  # -- Host should not need to be overridden. Defaults to https://localhost:9443
+
+  # host: ""
+
+  # -- As we use https://localhost:9443 it's an unsecure connection
+
+  # insecure: false
+
+  # -- Token is only needed if you accidentally deleted the token within the UI
+
+  # token: ""
+  proxy:
+    # -- First you have to create an Outpost in the GUI. Applications > Outposts
+    enabled: false
+    # -- Host Browser by default is set to the first ingress host you set
+# host_browser: ""
+
+# -- As we use https://localhost:9443 it's an unsecure connection
+
+# insecure: false
+
+# -- Host should not need to be overridden. Defaults to https://localhost:9443
+
+# host: ""
+
+# -- Token is only needed if you accidentally deleted the token within the UI
+
+# token: ""
+
+metrics:
+  main:
+    enabled: true
+    type: "servicemonitor"
+    endpoints:
+      - port: metrics
+        path: /metrics
+      - port: ldapmetrics
+        path: /metrics
+      - port: proxymetrics
+        path: /metrics
+    prometheusRule:
+      enabled: false
+
+ingress:
+  proxyhttps:
+    autoLink: true
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          probes:
+            liveness:
+              type: https
+              path: /-/health/live/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            readiness:
+              type: https
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            startup:
+              type: https
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+          envFrom:
+            - secretRef:
+                name: "authentik-secret"
+            - configMapRef:
+                name: "authentik-config"
+            - configMapRef:
+                name: "authentik-server-config"
+          args: ["server"]
+          env: {}
+
+persistence:
+  media:
+    enabled: true
+    mountPath: /media
+    targetSelector:
+      main:
+        main: {}
+        worker: {}
+  templates:
+    enabled: true
+    mountPath: /templates
+    targetSelector:
+      main:
+        main: {}
+        worker: {}
+  certs:
+    enabled: true
+    mountPath: /certs
+    targetSelector:
+      main:
+        main: {}
+        worker: {}
+  geoip:
+    enabled: true
+    mountPath: /geoip
+    targetSelector:
+      main:
+        main: {}
+        geoip:
+          mountPath: /usr/share/GeoIP"
+        worker: {}
+
+portal:
+  open:
+    enabled: true
+
+cnpg:
+  main:
+    enabled: true
+    user: authentik
+    database: authentik
+
+redis:
+  enabled: true

charts/dev/autobrr/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+kubeVersion: ">=1.16.0-0"
+name: autobrr
+version: 4.0.0
+appVersion: "1.18.0"
+description: The modern download automation tool for torrents.
+type: application
+deprecated: false
+home: https://truecharts.org/charts/stable/autobrr
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/autobrr.png
+keywords:
+  - autobrr
+  - torrent
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/stable/autobrr
+  - https://github.com/autobrr/autobrr
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version: 12.2.32
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+annotations:
+  truecharts.org/catagories: |
+    - media
+  truecharts.org/SCALE-support: "true"