fix(forgejo-runner): Fix job image for generate-config after added global.image override

fix(grampsweb): image with prefix
fix(grampsweb): add global (and improve docs)
2025-02-28 12:21:43 +01:00 · 2025-02-27 23:10:39 +01:00 · 2025-02-27 13:29:57 +01:00 · 2025-02-27 13:29:52 +01:00 · 2025-02-27 13:29:47 +01:00 · 2025-02-27 13:29:42 +01:00
343 changed files with 16549 additions and 10183 deletions
--- a/README.adoc.gotmpl
+++ b/README.adoc.gotmpl
@ -1,72 +0,0 @@
-{{ define "chart.header" }}= {{ .Name }}
-{{ end }}
-{{ define "chart.versionBadge" }}
-image::https://img.shields.io/badge/Version-{{ .Version | replace "-" "--" }}-informational?style=flat-square[Version: {{ .Version }}]{{end}}
-{{ define "chart.typeBadge" }}
-image::https://img.shields.io/badge/Version-{{ .Type }}-informational?style=flat-square[Type: {{ .Type }}]{{end}}
-{{ define "chart.appVersionBadge" }}{{- if (ne .AppVersion "") }}
-image::https://img.shields.io/badge/AppVersion-{{ .AppVersion }}-informational?style=flat-square[AppVersion: {{ .AppVersion }}]{{ end }}{{end}}
-{{ define "chart.maintainersHeader" }}== Maintainers{{ end }}
-{{ define "chart.maintainersTable" }}.Maintainers
-|===
-| Name | Email | Url
-  {{- range .Maintainers }}
-
-| {{ .Name }}
-| {{ if .Email }}<{{ .Email }}>{{ end }}
-| {{ if .Url }}<{{ .Url }}>{{ end }}
-  {{- end }}
-|===
-{{ end }}
-{{ define "chart.valuesHeader" }}== Values{{ end }}
-{{ define "chart.valuesTable" }}.Values
-|===
-| Key | Type | Default | Description
-  {{- range .Values }}
-
-| {{ .Key }}
-| {{ .Type }}
-| {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}
-| {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }}
-  {{- end }}
-|===
-{{ end }}
-
-{{- define "chart.prerequirements" -}}{{- end -}}
-
-{{ template "chart.header" . }}
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.prerequirements" . }}
-
-== Usage
-
-Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
-Once Helm has been set up correctly, fetch the charts as follows:
-
-[source,bash]
----
-helm pull oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }}
----
-
-You can install a chart release using the following command:
-
-[source,bash]
----
-helm install {{ template "chart.name" . }}-release oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} --values values.yaml
----
-
-To uninstall a chart release use `helm`'s delete command:
-
-[source,bash]
----
-helm uninstall {{ template "chart.name" . }}-release
----
-
-{{ template "chart.valuesSection" . }}
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/README.adoc
+++ b/README.adoc
@ -1,26 +1,29 @@
-= helm-charts
+---
+title: "Helm-Charts"
+weight: 1
+cascade:
+  - url: /:sections/:title/
+url: /:sections
+---

-== Usage
+## Usage

 Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:

-[source,bash]
----
+```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/<chart.name>
----
+```

 You can install a chart release using the following command:

-[source,bash]
----
+```bash
 helm install <release> oci://codeberg.org/wrenix/helm-charts/<chart.name> --values values.yaml
----
+```

 To uninstall a chart release use `helm`'s delete command:

-[source,bash]
----
+```bash
 helm uninstall <release>
----
+```
--- a/README.md.gotmpl
+++ b/README.md.gotmpl
@ -0,0 +1,54 @@
+---
+title: {{ .Name | quote }}
+{{ if .Description }}
+description: {{.Description | quote }}
+{{ end }}
+---
+
+{{- define "chart.prerequirements" }}
+{{- end }}
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+
+
+{{ template "chart.prerequirements" . }}
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/{{ .Name }}
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install {{ .Name }}-release oci://codeberg.org/wrenix/helm-charts/{{ .Name }} --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall {{ .Name }}-release
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-matrix/Chart.yaml
+++ b/alertmanager-matrix/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: alertmanager-matrix
 description: Service for managing and receiving Alertmanager alerts on Matrix
 type: application
-version: 0.1.8
+version: "0.1.12"
 # renovate: image=docker.io/silkeh/alertmanager_matrix
-appVersion: "0.4.3"
+appVersion: "0.5.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/alertmanager-matrix/README.adoc
+++ b/alertmanager-matrix/README.adoc
@ -1,366 +0,0 @@
-
-
-= alertmanager-matrix
-
-image::https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square[Version: 0.1.8]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-image::https://img.shields.io/badge/AppVersion-0.4.3-informational?style=flat-square[AppVersion: 0.4.3]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Usage
-
-Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
-Once Helm has been set up correctly, fetch the charts as follows:
-
-[source,bash]
----
-helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix
----
-
-You can install a chart release using the following command:
-
-[source,bash]
----
-helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml
----
-
-To uninstall a chart release use `helm`'s delete command:
-
-[source,bash]
----
-helm uninstall alertmanager-matrix-release
----
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| affinity
-| object
-| `{}`
-|
-
-| autoscaling.enabled
-| bool
-| `false`
-|
-
-| autoscaling.maxReplicas
-| int
-| `100`
-|
-
-| autoscaling.minReplicas
-| int
-| `1`
-|
-
-| autoscaling.targetCPUUtilizationPercentage
-| int
-| `80`
-|
-
-| bot.alertmanager
-| string
-| `"http://localhost:9093"`
-|
-
-| bot.colors.alert
-| string
-| `"black"`
-|
-
-| bot.colors.critical
-| string
-| `"red"`
-|
-
-| bot.colors.error
-| string
-| `"red"`
-|
-
-| bot.colors.info
-| string
-| `"blue"`
-|
-
-| bot.colors.information
-| string
-| `"blue"`
-|
-
-| bot.colors.resolved
-| string
-| `"green"`
-|
-
-| bot.colors.silenced
-| string
-| `"gray"`
-|
-
-| bot.colors.warning
-| string
-| `"orange"`
-|
-
-| bot.icons.alert
-| string
-| `"🔔️"`
-|
-
-| bot.icons.critical
-| string
-| `"🚨"`
-|
-
-| bot.icons.error
-| string
-| `"🚨"`
-|
-
-| bot.icons.info
-| string
-| `"ℹ️"`
-|
-
-| bot.icons.information
-| string
-| `"ℹ️"`
-|
-
-| bot.icons.resolved
-| string
-| `"✅"`
-|
-
-| bot.icons.silenced
-| string
-| `"🔕"`
-|
-
-| bot.icons.warning
-| string
-| `"⚠️"`
-|
-
-| bot.matrix.homeserver
-| string
-| `"http://localhost:8008"`
-|
-
-| bot.matrix.rooms[0]
-| string
-| `"!not_existing:matrix.org"`
-|
-
-| bot.matrix.rooms[1]
-| string
-| `"!also_not_existing:matrix.org"`
-|
-
-| bot.matrix.token
-| string
-| `"SECRET_TOKEN"`
-|
-
-| bot.matrix.userID
-| string
-| `"bot"`
-|
-
-| bot.messageType
-| string
-| `"m.notice"`
-|
-
-| bot.showLabels
-| bool
-| `false`
-|
-
-| bot.template.html
-| string
-| `"{{ range .Alerts }}\n  <font color=\"{{.StatusString|color}}\">\n    {{.StatusString|icon}}\n    <b>{{.StatusString|upper}}</b>\n    {{.AlertName}}:\n  </font>\n  {{.Summary}}\n  {{if ne .Fingerprint \"\"}}\n    ({{.Fingerprint}})\n  {{end}}\n  {{if $.ShowLabels}}\n    <br/>\n    <b>Labels:</b>\n    <code>{{.LabelString}}</code>\n   {{end}}\n   <br/>\n{{- end -}}\n"`
-|
-
-| bot.template.text
-| string
-| `"{{ range .Alerts }}\n  {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n    ({{.Fingerprint}})\n  {{- end}}\n  {{- if $.ShowLabels -}}\n    , labels:\n    {{- .LabelString}}\n  {{- end }}\n{{ end -}}\n"`
-|
-
-| fullnameOverride
-| string
-| `""`
-|
-
-| image.pullPolicy
-| string
-| `"IfNotPresent"`
-|
-
-| image.registry
-| string
-| `"docker.io"`
-|
-
-| image.repository
-| string
-| `"silkeh/alertmanager_matrix"`
-|
-
-| image.tag
-| string
-| `""`
-|
-
-| imagePullSecrets
-| list
-| `[]`
-|
-
-| ingress.annotations
-| object
-| `{}`
-|
-
-| ingress.className
-| string
-| `""`
-|
-
-| ingress.enabled
-| bool
-| `false`
-|
-
-| ingress.hosts[0].host
-| string
-| `"chart-example.local"`
-|
-
-| ingress.hosts[0].paths[0].path
-| string
-| `"/"`
-|
-
-| ingress.hosts[0].paths[0].pathType
-| string
-| `"ImplementationSpecific"`
-|
-
-| ingress.tls
-| list
-| `[]`
-|
-
-| logging.additionalFilters
-| list
-| `[]`
-| Add other filters to Flow
-
-| logging.dedot
-| string
-| `nil`
-| if an filter (here or global) for dedot is active - for disable set `null`
-
-| logging.enabled
-| bool
-| `false`
-| Deploy Flow for logging-operator
-
-| logging.globalOutputRefs
-| list
-| `["default"]`
-| Flows globalOutputRefs for use of ClusterOutputs
-
-| logging.localOutputRefs
-| list
-| `[]`
-| Flows localOutputRefs for use of Outputs
-
-| nameOverride
-| string
-| `""`
-|
-
-| nodeSelector
-| object
-| `{}`
-|
-
-| podAnnotations
-| object
-| `{}`
-|
-
-| podLabels
-| object
-| `{}`
-|
-
-| podSecurityContext
-| object
-| `{}`
-|
-
-| replicaCount
-| int
-| `1`
-|
-
-| resources
-| object
-| `{}`
-|
-
-| securityContext
-| object
-| `{}`
-|
-
-| service.port
-| int
-| `4051`
-|
-
-| service.type
-| string
-| `"ClusterIP"`
-|
-
-| serviceAccount.annotations
-| object
-| `{}`
-|
-
-| serviceAccount.create
-| bool
-| `true`
-|
-
-| serviceAccount.name
-| string
-| `""`
-|
-
-| tolerations
-| list
-| `[]`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/alertmanager-matrix/README.md
+++ b/alertmanager-matrix/README.md
@ -0,0 +1,112 @@
+---
+title: "alertmanager-matrix"
+
+description: "Service for managing and receiving Alertmanager alerts on Matrix"
+
+---
+
+# alertmanager-matrix
+
+![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
+
+Service for managing and receiving Alertmanager alerts on Matrix
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall alertmanager-matrix-release
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| bot.alertmanager | string | `"http://localhost:9093"` |  |
+| bot.colors.alert | string | `"black"` |  |
+| bot.colors.critical | string | `"red"` |  |
+| bot.colors.error | string | `"red"` |  |
+| bot.colors.info | string | `"blue"` |  |
+| bot.colors.information | string | `"blue"` |  |
+| bot.colors.resolved | string | `"green"` |  |
+| bot.colors.silenced | string | `"gray"` |  |
+| bot.colors.warning | string | `"orange"` |  |
+| bot.icons.alert | string | `"🔔️"` |  |
+| bot.icons.critical | string | `"🚨"` |  |
+| bot.icons.error | string | `"🚨"` |  |
+| bot.icons.info | string | `"ℹ️"` |  |
+| bot.icons.information | string | `"ℹ️"` |  |
+| bot.icons.resolved | string | `"✅"` |  |
+| bot.icons.silenced | string | `"🔕"` |  |
+| bot.icons.warning | string | `"⚠️"` |  |
+| bot.matrix.homeserver | string | `"http://localhost:8008"` |  |
+| bot.matrix.rooms[0] | string | `"!not_existing:matrix.org"` |  |
+| bot.matrix.rooms[1] | string | `"!also_not_existing:matrix.org"` |  |
+| bot.matrix.token | string | `"SECRET_TOKEN"` |  |
+| bot.matrix.userID | string | `"bot"` |  |
+| bot.messageType | string | `"m.notice"` |  |
+| bot.showLabels | bool | `false` |  |
+| bot.template.html | string | `"{{ range .Alerts }}\n  <font color=\"{{.StatusString|color}}\">\n    {{.StatusString|icon}}\n    <b>{{.StatusString|upper}}</b>\n    {{.AlertName}}:\n  </font>\n  {{.Summary}}\n  {{if ne .Fingerprint \"\"}}\n    ({{.Fingerprint}})\n  {{end}}\n  {{if $.ShowLabels}}\n    <br/>\n    <b>Labels:</b>\n    <code>{{.LabelString}}</code>\n  {{end}}\n  <br/>\n{{- end -}}\n"` |  |
+| bot.template.text | string | `"{{ range .Alerts }}\n  {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n    ({{.Fingerprint}})\n  {{- end}}\n  {{- if $.ShowLabels -}}\n    , labels:\n    {{- .LabelString}}\n  {{- end }}\n{{ end -}}\n"` |  |
+| fullnameOverride | string | `""` |  |
+| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
+| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
+| image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| image.registry | string | `"registry.gitlab.com"` | image registry (could be overwritten by global.image.registry) |
+| image.repository | string | `"wrenix/alertmanager_matrix"` | image repository |
+| image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. latest with current:  - amd64      @sha256:2afd6d70f39fdfa98f11758090506f7845aee33cc8d900f9fe39a2574c272063  - 386 /x86   @sha256:beca95e9595de7169ab34406936b585d6676ce03a7fe51815b3a6a4944f9dd6d  - arm v6     @sha256:ce40ea204497bfc9b2e796cf984eba53ba7c59164d39dcd4c11f0ca561e57eca  - arm v7     @sha256:59ce3dfc73be5f70b873fe095e1eee4e0fe1f256b39f8f051ad0a2ffe9d1177e  - arm v8     @sha256:fdbf50e944f8118dd1a44dde21b9cc098fb13837031e2f2492c148848c3d3cc8  - ppc64le    @sha256:4ce02adbf4efe3ad04422e35bd4e87442a7c899fea13988adaeb985c720e0c63  - s390x      @sha256:a202252cc00664a17caa5760f749b35a7b71253d1b1474b861f233e83ada1c76 |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| logging.additionalFilters | list | `[]` | Add other filters to Flow |
+| logging.dedot | string | `nil` | if an filter (here or global) for dedot is active - for disable set `null` |
+| logging.enabled | bool | `false` | Deploy Flow for logging-operator |
+| logging.globalOutputRefs | list | `["default"]` | Flows globalOutputRefs for use of ClusterOutputs |
+| logging.localOutputRefs | list | `[]` | Flows localOutputRefs for use of Outputs |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` | replicas |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `4051` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-matrix/templates/deployment.yaml
+++ b/alertmanager-matrix/templates/deployment.yaml
@ -37,8 +37,10 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
          command:
            - "/usr/local/bin/alertmanager_matrix"
            {{- if .Values.bot.showLabels }}
--- a/alertmanager-matrix/values.yaml
+++ b/alertmanager-matrix/values.yaml
@ -1,14 +1,22 @@
-# Default values for alertmanager-matrix.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+global:
+  image:
+    # -- if set it will overwrite all registry entries
+    registry:
+    # -- if set it will overwrite all pullPolicy
+    pullPolicy:

+
+# -- replicas
 replicaCount: 1

 image:
-  registry: docker.io
-  repository: silkeh/alertmanager_matrix
+  # -- image registry (could be overwritten by global.image.registry)
+  registry: registry.gitlab.com
+  # -- image repository
+  repository: wrenix/alertmanager_matrix
+  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- image tag - Overrides the image tag whose default is the chart appVersion.
  # latest with current:
  #  - amd64      @sha256:2afd6d70f39fdfa98f11758090506f7845aee33cc8d900f9fe39a2574c272063
  #  - 386 /x86   @sha256:beca95e9595de7169ab34406936b585d6676ce03a7fe51815b3a6a4944f9dd6d
@ -79,8 +87,8 @@ bot:
          <br/>
          <b>Labels:</b>
          <code>{{.LabelString}}</code>
-         {{end}}
-         <br/>
+        {{end}}
+        <br/>
      {{- end -}}

 serviceAccount:
--- a/alertmanager-ntfy/Chart.yaml
+++ b/alertmanager-ntfy/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: alertmanager-ntfy
 description: Receiver for alertmanager to forward to ntfy.sh
 type: application
-version: 0.1.4
-# renovate: image=docker.io/xenrox/ntfy-alertmanager
-appVersion: "0.3.0"
+version: "0.1.6"
+# renovate: image=codeberg.org/xenrox/ntfy-alertmanager
+appVersion: "0.4.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/alertmanager-ntfy/README.adoc
+++ b/alertmanager-ntfy/README.adoc
@ -1,301 +0,0 @@
-
-
-= alertmanager-ntfy
-
-image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-image::https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square[AppVersion: 0.3.0]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Usage
-
-Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
-Once Helm has been set up correctly, fetch the charts as follows:
-
-[source,bash]
----
-helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy
----
-
-You can install a chart release using the following command:
-
-[source,bash]
----
-helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml
----
-
-To uninstall a chart release use `helm`'s delete command:
-
-[source,bash]
----
-helm uninstall alertmanager-ntfy-release
----
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| affinity
-| object
-| `{}`
-|
-
-| autoscaling.enabled
-| bool
-| `false`
-|
-
-| autoscaling.maxReplicas
-| int
-| `100`
-|
-
-| autoscaling.minReplicas
-| int
-| `1`
-|
-
-| autoscaling.targetCPUUtilizationPercentage
-| int
-| `80`
-|
-
-| fullnameOverride
-| string
-| `""`
-|
-
-| image.pullPolicy
-| string
-| `"IfNotPresent"`
-|
-
-| image.registry
-| string
-| `"docker.io"`
-|
-
-| image.repository
-| string
-| `"xenrox/ntfy-alertmanager"`
-|
-
-| image.tag
-| string
-| `""`
-|
-
-| imagePullSecrets
-| list
-| `[]`
-|
-
-| ingress.annotations
-| object
-| `{}`
-|
-
-| ingress.className
-| string
-| `""`
-|
-
-| ingress.enabled
-| bool
-| `false`
-|
-
-| ingress.hosts[0].host
-| string
-| `"chart-example.local"`
-|
-
-| ingress.hosts[0].paths[0].path
-| string
-| `"/"`
-|
-
-| ingress.hosts[0].paths[0].pathType
-| string
-| `"ImplementationSpecific"`
-|
-
-| ingress.tls
-| list
-| `[]`
-|
-
-| nameOverride
-| string
-| `""`
-|
-
-| nodeSelector
-| object
-| `{}`
-|
-
-| ntfyAlertmanager.labels.entries[0].label
-| string
-| `"severity"`
-|
-
-| ntfyAlertmanager.labels.entries[0].priority
-| int
-| `5`
-|
-
-| ntfyAlertmanager.labels.entries[0].tags[0]
-| string
-| `"rotating_light"`
-|
-
-| ntfyAlertmanager.labels.entries[0].value
-| string
-| `"critical"`
-|
-
-| ntfyAlertmanager.labels.entries[1].label
-| string
-| `"severity"`
-|
-
-| ntfyAlertmanager.labels.entries[1].priority
-| int
-| `1`
-|
-
-| ntfyAlertmanager.labels.entries[1].value
-| string
-| `"info"`
-|
-
-| ntfyAlertmanager.labels.entries[2].label
-| string
-| `"instance"`
-|
-
-| ntfyAlertmanager.labels.entries[2].tags[0]
-| string
-| `"computer"`
-|
-
-| ntfyAlertmanager.labels.entries[2].tags[1]
-| string
-| `"example"`
-|
-
-| ntfyAlertmanager.labels.entries[2].value
-| string
-| `"example.com"`
-|
-
-| ntfyAlertmanager.labels.order[0]
-| string
-| `"severity"`
-|
-
-| ntfyAlertmanager.labels.order[1]
-| string
-| `"instance"`
-|
-
-| ntfyAlertmanager.logLevel
-| string
-| `"info"`
-|
-
-| ntfyAlertmanager.ntfy.topic
-| string
-| `"https://ntfy.sh/alertmanager-alerts"`
-|
-
-| ntfyAlertmanager.port
-| int
-| `80`
-|
-
-| ntfyAlertmanager.resolved.tags[0]
-| string
-| `"resolved"`
-|
-
-| ntfyAlertmanager.resolved.tags[1]
-| string
-| `"partying_face"`
-|
-
-| podAnnotations
-| object
-| `{}`
-|
-
-| podLabels
-| object
-| `{}`
-|
-
-| podSecurityContext
-| object
-| `{}`
-|
-
-| replicaCount
-| int
-| `1`
-|
-
-| resources
-| object
-| `{}`
-|
-
-| securityContext
-| object
-| `{}`
-|
-
-| service.port
-| int
-| `80`
-|
-
-| service.type
-| string
-| `"ClusterIP"`
-|
-
-| serviceAccount.annotations
-| object
-| `{}`
-|
-
-| serviceAccount.create
-| bool
-| `true`
-|
-
-| serviceAccount.name
-| string
-| `""`
-|
-
-| tolerations
-| list
-| `[]`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/alertmanager-ntfy/README.md
+++ b/alertmanager-ntfy/README.md
@ -0,0 +1,99 @@
+---
+title: "alertmanager-ntfy"
+
+description: "Receiver for alertmanager to forward to ntfy.sh"
+
+---
+
+# alertmanager-ntfy
+
+![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square)
+
+Receiver for alertmanager to forward to ntfy.sh
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall alertmanager-ntfy-release
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| fullnameOverride | string | `""` |  |
+| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
+| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
+| image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
+| image.repository | string | `"xenrox/ntfy-alertmanager"` | image repository |
+| image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| ntfyAlertmanager.labels.entries[0].label | string | `"severity"` |  |
+| ntfyAlertmanager.labels.entries[0].priority | int | `5` |  |
+| ntfyAlertmanager.labels.entries[0].tags[0] | string | `"rotating_light"` |  |
+| ntfyAlertmanager.labels.entries[0].value | string | `"critical"` |  |
+| ntfyAlertmanager.labels.entries[1].label | string | `"severity"` |  |
+| ntfyAlertmanager.labels.entries[1].priority | int | `1` |  |
+| ntfyAlertmanager.labels.entries[1].value | string | `"info"` |  |
+| ntfyAlertmanager.labels.entries[2].label | string | `"instance"` |  |
+| ntfyAlertmanager.labels.entries[2].tags[0] | string | `"computer"` |  |
+| ntfyAlertmanager.labels.entries[2].tags[1] | string | `"example"` |  |
+| ntfyAlertmanager.labels.entries[2].value | string | `"example.com"` |  |
+| ntfyAlertmanager.labels.order[0] | string | `"severity"` |  |
+| ntfyAlertmanager.labels.order[1] | string | `"instance"` |  |
+| ntfyAlertmanager.logLevel | string | `"info"` |  |
+| ntfyAlertmanager.ntfy.topic | string | `"https://ntfy.sh/alertmanager-alerts"` |  |
+| ntfyAlertmanager.port | int | `80` |  |
+| ntfyAlertmanager.resolved.tags[0] | string | `"resolved"` |  |
+| ntfyAlertmanager.resolved.tags[1] | string | `"partying_face"` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` | replicas |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-ntfy/templates/deployment.yaml
+++ b/alertmanager-ntfy/templates/deployment.yaml
@ -35,8 +35,10 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.ntfyAlertmanager.port }}
--- a/alertmanager-ntfy/values.yaml
+++ b/alertmanager-ntfy/values.yaml
@ -1,14 +1,22 @@
-# Default values for ntfy-alertmanager.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+global:
+  image:
+    # -- if set it will overwrite all registry entries
+    registry:
+    # -- if set it will overwrite all pullPolicy
+    pullPolicy:

+
+# -- replicas
 replicaCount: 1

 image:
-  registry: docker.io
+  # -- image registry (could be overwritten by global.image.registry)
+  registry: codeberg.org
+  # -- image repository
  repository: xenrox/ntfy-alertmanager
+  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- image tag - Overrides the image tag whose default is the chart appVersion.
  tag: ""

 ntfyAlertmanager:
--- a/authentik-application/Chart.yaml
+++ b/authentik-application/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: authentik-application
 description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
 type: application
-version: 0.4.1
+version: "0.4.6"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/authentik-application/README.adoc
+++ b/authentik-application/README.adoc
@ -1,274 +0,0 @@
-
-
-= authentik-application
-
-image::https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square[Version: 0.4.1]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-## Pre-Requirement
-Usage of https://github.com/goauthentik/helm/pull/146
-
-## or manual:
-Install authentik with this `values.yaml`:
-```yaml
-serviceAccount:
-  create: true
-
-additionalContainers:
-  - name: sidecar-blueprints
-    image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
-    env:
-      - name: "FOLDER"
-        value: "/blueprints/sidecar"
-      - name: "LABEL"
-        value: "goauthentik_blueprint"
-      - name: "LABEL_VALUE"
-        value: "1"
-      # - name: "NAMESPACE"
-      #   value: "ALL"
-      - name: "RESOURCE"
-        value: "both"
-      - name: "UNIQUE_FILENAMES"
-        value: "true"
-    volumeMounts:
-      - name: sidecar-blueprints
-        mountPath: /blueprints/sidecar
-
-volumeMounts:
-  - name: sidecar-blueprints
-    mountPath: /blueprints/sidecar
-
-volumes:
-  - name: sidecar-blueprints
-    emptyDir: {}
-```
-
-And create an Role and bind them on to the ServiceAccount to read secrets:
-```yaml
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: authentik-blueprint-sidecar
-rules:
-  - apiGroups: [""]
-    resources: ["configmaps", "secrets"]
-    verbs: ["get", "watch", "list"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: authentik-blueprint-sidecar
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: authentik-blueprint-sidecar
-subjects:
-  - kind: ServiceAccount
-    name: authentik
-```
-
-== Usage
-
-Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
-Once Helm has been set up correctly, fetch the charts as follows:
-
-[source,bash]
----
-helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
----
-
-You can install a chart release using the following command:
-
-[source,bash]
----
-helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
----
-
-To uninstall a chart release use `helm`'s delete command:
-
-[source,bash]
----
-helm uninstall authentik-application-release
----
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| blueprint.application.bindPolicyID
-| string
-| `nil`
-| uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
-
-| blueprint.application.description
-| string
-| `""`
-| description of application
-
-| blueprint.application.group
-| string
-| `""`
-| put this application in authentik in group
-
-| blueprint.application.icon
-| string
-| `""`
-| icon of application (url)
-
-| blueprint.application.launchURL
-| string
-| `""`
-|
-
-| blueprint.application.name
-| string
-| `""`
-| application name in menu
-
-| blueprint.application.openInNewTab
-| bool
-| `false`
-| open application in new tab
-
-| blueprint.application.policyEngineMode
-| string
-| `"any"`
-|
-
-| blueprint.application.publisher
-| string
-| `""`
-| publisher of application
-
-| blueprint.application.slug
-| string
-| `"app-name"`
-| application slug
-
-| blueprint.authentik.domain
-| string
-| `"https://auth.wrenix.eu"`
-| domain to authentik, used in generated url (like issuer)
-
-| blueprint.groups
-| string
-| `nil`
-| authentik groups created / give access to this application  disable any groups by set groups: [] (to a slice) example:   - slug: "app: grafana-admin"     parent: "app: infra"     bindID: uuid
-
-| blueprint.labels
-| object
-| `{"goauthentik_blueprint":"1"}`
-| label of generated secret with blueprint
-
-| blueprint.provider.authorizationFlow
-| string
-| `"default-provider-authorization-implicit-consent"`
-|
-
-| blueprint.provider.enabled
-| bool
-| `true`
-| creat an provider for authentification (otherwise just a like in menu is created)
-
-| blueprint.provider.name
-| string
-| `""`
-|
-
-| blueprint.provider.oidc.clientID
-| string
-| `nil`
-| client id - generated if secret enabled
-
-| blueprint.provider.oidc.clientSecret
-| string
-| `nil`
-| client secret - generated if secret enabled
-
-| blueprint.provider.oidc.clientType
-| string
-| `"confidential"`
-|
-
-| blueprint.provider.oidc.redirectURL
-| string
-| `""`
-|
-
-| blueprint.provider.oidc.scopes
-| string
-| `nil`
-| Scope
-
-| blueprint.provider.oidc.signingKey
-| string
-| `""`
-| Need for non-curve / RSA
-
-| blueprint.provider.proxy.cookieDomain
-| string
-| `""`
-|
-
-| blueprint.provider.proxy.externalHost
-| string
-| `nil`
-|
-
-| blueprint.provider.proxy.ingress.backend
-| string
-| `"authentik"`
-| service backend to authentik
-
-| blueprint.provider.proxy.ingress.domain
-| string
-| `nil`
-| domain of application (where outpost should be deployed)
-
-| blueprint.provider.proxy.ingress.enabled
-| bool
-| `false`
-| deploy ingress on application domain for e.g. logout (WIP)
-
-| blueprint.provider.proxy.skipPathRegex
-| string
-| `""`
-|
-
-| blueprint.provider.saml
-| string
-| `nil`
-|
-
-| blueprint.provider.type
-| string
-| `"oidc"`
-| type of application connection, current support: oidc, saml and proxy
-
-| secret.labels
-| object
-| `{}`
-| label of secret to store generated secret
-
-| secret.name
-| string
-| `""`
-| name of secret to store generated secret (like clientI)
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
-
--- a/authentik-application/README.md
+++ b/authentik-application/README.md
@ -0,0 +1,146 @@
+---
+title: "authentik-application"
+
+description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
+
+---
+
+# authentik-application
+
+![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+A Chart to deploy a secret for the authentik blueprint-sidecar.
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Pre-Requirement
+Usage of https://github.com/goauthentik/helm/pull/146
+
+## or manual:
+Install authentik with this `values.yaml`:
+```yaml
+serviceAccount:
+  create: true
+
+additionalContainers:
+  - name: sidecar-blueprints
+    image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
+    env:
+      - name: "FOLDER"
+        value: "/blueprints/sidecar"
+      - name: "LABEL"
+        value: "goauthentik_blueprint"
+      - name: "LABEL_VALUE"
+        value: "1"
+      # - name: "NAMESPACE"
+      #   value: "ALL"
+      - name: "RESOURCE"
+        value: "both"
+      - name: "UNIQUE_FILENAMES"
+        value: "true"
+    volumeMounts:
+      - name: sidecar-blueprints
+        mountPath: /blueprints/sidecar
+
+volumeMounts:
+  - name: sidecar-blueprints
+    mountPath: /blueprints/sidecar
+
+volumes:
+  - name: sidecar-blueprints
+    emptyDir: {}
+```
+
+And create an Role and bind them on to the ServiceAccount to read secrets:
+```yaml
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: authentik-blueprint-sidecar
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps", "secrets"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: authentik-blueprint-sidecar
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: authentik-blueprint-sidecar
+subjects:
+  - kind: ServiceAccount
+    name: authentik
+```
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall authentik-application-release
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) |
+| blueprint.application.description | string | `""` | description of application |
+| blueprint.application.group | string | `""` | put this application in authentik in group |
+| blueprint.application.icon | string | `""` | icon of application (url) |
+| blueprint.application.launchURL | string | `""` |  |
+| blueprint.application.name | string | `""` | application name in menu |
+| blueprint.application.openInNewTab | bool | `false` | open application in new tab |
+| blueprint.application.policyEngineMode | string | `"any"` |  |
+| blueprint.application.publisher | string | `""` | publisher of application |
+| blueprint.application.slug | string | `"app-name"` | application slug |
+| blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) |
+| blueprint.groups | string | `nil` | authentik groups created / give access to this application  disable any groups by set groups: [] (to a slice) example:   - slug: "app: grafana-admin"     parent: "app: infra"     bindID: uuid  |
+| blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint |
+| blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` |  |
+| blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) |
+| blueprint.provider.invalidationFlow | string | `"default-provider-invalidation-flow"` |  |
+| blueprint.provider.name | string | `""` |  |
+| blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled |
+| blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled |
+| blueprint.provider.oidc.clientType | string | `"confidential"` |  |
+| blueprint.provider.oidc.redirectURL | string | `""` |  |
+| blueprint.provider.oidc.scopes | string | `nil` | Scope |
+| blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA |
+| blueprint.provider.proxy.cookieDomain | string | `""` |  |
+| blueprint.provider.proxy.externalHost | string | `nil` |  |
+| blueprint.provider.proxy.ingress.annotations | list | `[]` | annotations to ingress for outpost |
+| blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik |
+| blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) |
+| blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) |
+| blueprint.provider.proxy.ingress.tls | list | `[]` | tls to ingress for outpost |
+| blueprint.provider.proxy.skipPathRegex | string | `""` |  |
+| blueprint.provider.saml | string | `nil` |  |
+| blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy |
+| secret.labels | object | `{}` | label of secret to store generated secret |
+| secret.name | string | `""` | name of secret to store generated secret (like clientI) |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
+
--- a/authentik-application/files/provider/oidc.yaml.gotmpl
+++ b/authentik-application/files/provider/oidc.yaml.gotmpl
@ -22,11 +22,14 @@
  state: present
  attrs:
    authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
+    invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]]
    {{- with .Values.blueprint.provider.oidc }}
    client_type: {{ .clientType | quote }}
    client_id: {{ $clientID | quote }}
    client_secret: {{ $clientSecret | quote }}
-    redirect_uris: {{ .redirectURL }}
+    redirect_uris:
+      - matching_mode: "strict"
+        url: {{ .redirectURL | quote }}
    {{- with .tokenDuration }}
    access_token_validity: {{ . | quote }}
    {{- end }} 
--- a/authentik-application/files/provider/proxy.yaml.gotmpl
+++ b/authentik-application/files/provider/proxy.yaml.gotmpl
@ -6,6 +6,7 @@
  state: present
  attrs:
    authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
+    invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]]
    mode: "forward_single"
    {{- with .Values.blueprint.provider.proxy }}
    external_host: {{ .externalHost | quote }}
--- a/authentik-application/templates/ingress.yaml
+++ b/authentik-application/templates/ingress.yaml
@ -6,6 +6,10 @@ metadata:
  name: {{ include "authentik-application.fullname" . }}
  labels:
    {{- include "authentik-application.labels" . | nindent 4 }}
+  {{- with .Values.blueprint.provider.proxy.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
  rules:
    - host: {{ .Values.blueprint.provider.proxy.ingress.domain | quote }}
@ -18,4 +22,8 @@ spec:
                name: {{ .Values.blueprint.provider.proxy.ingress.backend | quote }}
                port:
                  name: http
+  {{- with .Values.blueprint.provider.proxy.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}
--- a/authentik-application/values.yaml
+++ b/authentik-application/values.yaml
@ -16,6 +16,7 @@ blueprint:
    enabled: true
    name: ""
    authorizationFlow: "default-provider-authorization-implicit-consent"
+    invalidationFlow: "default-provider-invalidation-flow"
    # -- type of application connection, current support: oidc, saml and proxy
    type: "oidc"
    oidc:
@ -44,6 +45,10 @@ blueprint:
        domain:
        # -- service backend to authentik
        backend: authentik
+        # -- annotations to ingress for outpost
+        annotations: []
+        # -- tls to ingress for outpost
+        tls: []
  application:
    # -- application name in menu
    name: ""
--- a/autopush/.gitignore
+++ b/autopush/.gitignore
@ -0,0 +1,2 @@
+charts/*.tgz
+values_test.yaml
--- a/autopush/.helmignore
+++ b/autopush/.helmignore
@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/autopush/Chart.lock
+++ b/autopush/Chart.lock
@ -0,0 +1,6 @@
+dependencies:
+- name: redis
+  repository: oci://docker.io/bitnamicharts
+  version: 20.8.0
+digest: sha256:030743b5498fc7245f4ed04df18386496aa8a33e1cefd992caf3fe839476f2b1
+generated: "2025-02-21T08:29:11.593498546+01:00"
--- a/autopush/Chart.yaml
+++ b/autopush/Chart.yaml
@ -0,0 +1,17 @@
+apiVersion: v2
+name: autopush
+description: A Helm chart for Kubernetes
+icon:
+type: application
+version: "0.0.13"
+# renovate: image=docker.io/mozilla-services/autopush-rs
+appVersion: "1.72.2"
+maintainers:
+  - name: WrenIX
+    url: https://wrenix.eu
+
+dependencies:
+  - name: redis
+    version: "20.8.0"
+    repository: "oci://docker.io/bitnamicharts"
+    condition: redis.internal
--- a/autopush/README.md
+++ b/autopush/README.md
@ -0,0 +1,199 @@
+---
+title: "autopush"
+
+description: "A Helm chart for Kubernetes"
+
+---
+
+# autopush
+
+![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.72.2](https://img.shields.io/badge/AppVersion-1.72.2-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+= Beta
+
+WARNING
+====
+We let it run in production, but it is not stable / complete.
+
+TODOs:
+  - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813
+  - [ ] automatical create CRYPT_KEY (instatt of key)
+  - [ ] better ingress / host name support
+  - [ ] Improve monitoring with alerts and grafana dashboard
+ 
+====
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/autopush
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install autopush-release oci://codeberg.org/wrenix/helm-charts/autopush --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall autopush-release
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://docker.io/bitnamicharts | redis | 20.8.0 |
+
+## Values
+
+### Autoconnect
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoconnect.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| autoconnect.image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
+| autoconnect.image.repository | string | `"wrenix/autopush/autoconnect"` | image repository |
+| autoconnect.image.tag | string | `"latest"` | image tag - Overrides the image tag whose default is the chart appVersion. |
+| autoconnect.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| autoconnect.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
+| autoconnect.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
+| autoconnect.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| autoconnect.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
+| autoconnect.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| autoconnect.securityContext | object | `{}` | securityContext capabilities:   drop:   - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 |
+| autoconnect.service.ports.http | int | `80` | port of http service |
+| autoconnect.service.ports.router | int | `8081` | port of internal router service |
+| autoconnect.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
+| autoconnect.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
+
+### Autoendpoint
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoendpoint.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| autoendpoint.image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
+| autoendpoint.image.repository | string | `"wrenix/autopush/autoendpoint"` | image repository |
+| autoendpoint.image.tag | string | `"latest"` | image tag - Overrides the image tag whose default is the chart appVersion. |
+| autoendpoint.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| autoendpoint.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
+| autoendpoint.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
+| autoendpoint.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| autoendpoint.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
+| autoendpoint.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| autoendpoint.service.port | int | `80` | This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports |
+| autoendpoint.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
+| autoendpoint.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
+
+### UnifiedPush
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| unifiedPush.enabled | bool | `false` | enable/deploy common-proxy for unifiedpush |
+| unifiedPush.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| unifiedPush.image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
+| unifiedPush.image.repository | string | `"unifiedpush/common-proxies"` | image repository |
+| unifiedPush.image.tag | string | `"v2.2.0"` | image tag |
+| unifiedPush.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| unifiedPush.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
+| unifiedPush.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
+| unifiedPush.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| unifiedPush.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
+| unifiedPush.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| unifiedPush.service.port | int | `80` | This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports |
+| unifiedPush.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
+| unifiedPush.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoconnect.affinity | object | `{}` |  |
+| autoconnect.nodeSelector | object | `{}` |  |
+| autoconnect.podSecurityContext | object | `{}` |  |
+| autoconnect.tolerations | list | `[]` |  |
+| autoendpoint.affinity | object | `{}` |  |
+| autoendpoint.nodeSelector | object | `{}` |  |
+| autoendpoint.podSecurityContext | object | `{}` |  |
+| autoendpoint.securityContext | object | `{}` |  |
+| autoendpoint.tolerations | list | `[]` |  |
+| config.cryptoKey | string | `""` | run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py |
+| config.logs.backtrace | bool | `false` | enable backtrace of autopush |
+| config.logs.level | string | `"warn"` | set log level of autopush |
+| fullnameOverride | string | `""` |  |
+| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
+| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
+| grafana.dashboards.annotations | object | `{}` |  |
+| grafana.dashboards.enabled | bool | `false` |  |
+| grafana.dashboards.labels.grafana_dashboard | string | `"1"` |  |
+| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.host | string | `"chart-example.local"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` | This is to override the chart name. |
+| prometheus.enabled | bool | `true` | start statsd sidecar and configure |
+| prometheus.image.pullPolicy | string | `"IfNotPresent"` |  |
+| prometheus.image.registry | string | `"docker.io"` |  |
+| prometheus.image.repository | string | `"prom/statsd-exporter"` |  |
+| prometheus.image.tag | string | `"v0.28.0"` |  |
+| prometheus.livenessProbe | object | `{"httpGet":{"path":"/","port":"metrics"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| prometheus.readinessProbe.httpGet.path | string | `"/"` |  |
+| prometheus.readinessProbe.httpGet.port | string | `"metrics"` |  |
+| prometheus.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| prometheus.rules.additionalRules | list | `[]` |  |
+| prometheus.rules.default.alertLabels | object | `{}` |  |
+| prometheus.rules.default.enabled | bool | `true` |  |
+| prometheus.rules.enabled | bool | `false` |  |
+| prometheus.rules.labels | object | `{}` |  |
+| prometheus.securityContext | object | `{}` | securityContext capabilities:   drop:   - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 |
+| prometheus.servicemonitor.enabled | bool | `false` |  |
+| prometheus.servicemonitor.labels | object | `{}` |  |
+| prometheus.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
+| redis.architecture | string | `"standalone"` |  |
+| redis.auth.enabled | bool | `true` |  |
+| redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time |
+| redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret |
+| redis.auth.password | string | `"autopush"` | XXX Change me! |
+| redis.dbid | int | `0` | Database ID for non-default database |
+| redis.external.existingSecretPasswordKey | string | `"redis-password"` | Password key to be retrieved from existing secret |
+| redis.external.host | string | `"redis"` |  |
+| redis.external.port | int | `6379` |  |
+| redis.global.storageClass | string | `""` |  |
+| redis.internal | bool | `true` |  |
+| redis.master.persistence.enabled | bool | `true` |  |
+| redis.master.service.port | int | `6379` |  |
+| redis.replica.persistence.enabled | bool | `true` |  |
+| unifiedPush.affinity | object | `{}` |  |
+| unifiedPush.config.gateway.allowedHosts | list | `[]` |  |
+| unifiedPush.config.gateway.generic.enable | bool | `true` |  |
+| unifiedPush.config.gateway.matrix.enable | bool | `true` |  |
+| unifiedPush.config.uaid | string | `""` |  |
+| unifiedPush.config.verbose | bool | `false` |  |
+| unifiedPush.nodeSelector | object | `{}` |  |
+| unifiedPush.podSecurityContext | object | `{}` |  |
+| unifiedPush.securityContext | object | `{}` |  |
+| unifiedPush.tolerations | list | `[]` |  |
+| volumes | list | `[]` | Additional volumes on the output Deployment definition. - name: foo   secret:     secretName: mysecret     optional: false |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
+
--- a/autopush/_docs.gotmpl
+++ b/autopush/_docs.gotmpl
@ -0,0 +1,15 @@
+{{ define "chart.prerequirements" -}}
+= Beta
+
+WARNING
+====
+We let it run in production, but it is not stable / complete.
+
+TODOs:
+  - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813
+  - [ ] automatical create CRYPT_KEY (instatt of key)
+  - [ ] better ingress / host name support
+  - [ ] Improve monitoring with alerts and grafana dashboard
+  
+====
+{{ end }}
--- a/autopush/ci/ct-empty-values.yaml
+++ b/autopush/ci/ct-empty-values.yaml
--- a/autopush/ci/ct-monitor-values.yaml
+++ b/autopush/ci/ct-monitor-values.yaml
@ -0,0 +1,6 @@
+prometheus:
+  enabled: true
+  servicemonitor:
+    enabled: true
+    labels:
+      prometheus: default
--- a/autopush/container/Containerfile
+++ b/autopush/container/Containerfile
@ -0,0 +1,15 @@
+FROM python:3.13-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the requirements file
+COPY requirements.txt .
+
+# Install any needed packages
+RUN pip install -r requirements.txt
+
+# Copy the application code into the container
+COPY setup.py setup.py
+
+CMD ["python", "setup.py"]
--- a/autopush/container/requirements.txt
+++ b/autopush/container/requirements.txt
@ -0,0 +1 @@
+cryptography
--- a/autopush/container/setup.py
+++ b/autopush/container/setup.py
@ -0,0 +1,5 @@
+#!/bin/env python3
+from cryptography.fernet import Fernet
+
+if __name__ == '__main__':
+    print(Fernet.generate_key().decode("UTF-8"))
--- a/autopush/grafana_dashboards/overview.json
+++ b/autopush/grafana_dashboards/overview.json
@ -0,0 +1,355 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "links": [],
+  "panels": [
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 4,
+      "panels": [],
+      "title": "Push",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": []
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 9,
+        "x": 0,
+        "y": 1
+      },
+      "id": 1,
+      "options": {
+        "legend": {
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true,
+          "values": [
+            "percent"
+          ]
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.4.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(increase(autopush_notification_message_retrieved{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
+          "legendFormat": "Retrieved: {{namespace}}",
+          "range": true,
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(increase(autopush_notification_message_deleted{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "Deleted: {{namespace}}",
+          "range": true,
+          "refId": "B"
+        }
+      ],
+      "title": "Notification Message",
+      "transparent": true,
+      "type": "piechart"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": []
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 8,
+        "x": 10,
+        "y": 1
+      },
+      "id": 2,
+      "options": {
+        "legend": {
+          "displayMode": "list",
+          "placement": "right",
+          "showLegend": true,
+          "values": [
+            "percent"
+          ]
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.4.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(increase(autopush_ua_notification_sent{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
+          "hide": false,
+          "instant": false,
+          "legendFormat": "OS: {{namespace}}/{{os}}",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "UA Notify Send",
+      "transparent": true,
+      "type": "piechart"
+    },
+    {
+      "collapsed": false,
+      "gridPos": {
+        "h": 1,
+        "w": 24,
+        "x": 0,
+        "y": 9
+      },
+      "id": 5,
+      "panels": [],
+      "title": "Endpoint",
+      "type": "row"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 10
+      },
+      "id": 3,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.4.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "editorMode": "code",
+          "expr": "sum(increase(autoendpoint_api_error_no_subscription{namespace=~\"$namespace\"}[$__range])) without(container,endpoint,instance,pod,service,job)",
+          "legendFormat": "__auto",
+          "range": true,
+          "refId": "A"
+        }
+      ],
+      "title": "No Subscription API Error",
+      "transparent": true,
+      "type": "timeseries"
+    }
+  ],
+  "preload": false,
+  "refresh": "",
+  "schemaVersion": 40,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {
+          "text": "Prometheus",
+          "value": "prometheus"
+        },
+        "label": "datasource",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {
+          "text": [
+            "chaos-autopush"
+          ],
+          "value": [
+            "chaos-autopush"
+          ]
+        },
+        "datasource": {
+          "type": "prometheus",
+          "uid": "${DS_PROMETHEUS}"
+        },
+        "definition": "label_values(statsd_exporter_build_info,namespace)",
+        "includeAll": true,
+        "multi": true,
+        "name": "namespace",
+        "options": [],
+        "query": {
+          "qryType": 1,
+          "query": "label_values(statsd_exporter_build_info,namespace)",
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
+        },
+        "refresh": 1,
+        "regex": "",
+        "type": "query"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-24h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "browser",
+  "title": "Autopush: Overview",
+  "version": 0,
+  "weekStart": ""
+}
--- a/autopush/templates/_helpers.tpl
+++ b/autopush/templates/_helpers.tpl
@ -0,0 +1,93 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "autopush.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "autopush.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "autopush.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "autopush.labels" -}}
+helm.sh/chart: {{ include "autopush.chart" . }}
+{{ include "autopush.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "autopush.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "autopush.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "autopush.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "autopush.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Prometheus-sidecar
+*/}}
+{{- define "autopush.containerPrometheus" -}}
+{{- with .Values.prometheus }}
+{{- if .enabled }}
+- name: statsd-exporter
+  securityContext:
+    {{- toYaml .securityContext | nindent 4 }}
+  {{- with .image }}
+  image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
+  imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+  {{- end }}
+  ports:
+    - name: metrics
+      containerPort: 9102
+      protocol: TCP
+  livenessProbe:
+    {{- toYaml .livenessProbe | nindent 4 }}
+  readinessProbe:
+    {{- toYaml .readinessProbe | nindent 4 }}
+  resources:
+    {{- toYaml .resources | nindent 4 }}
+  {{- with .volumeMounts }}
+  volumeMounts:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/autopush/templates/autoconnect/deployment.yaml
+++ b/autopush/templates/autoconnect/deployment.yaml
@ -0,0 +1,91 @@
+{{- with .Values.autoconnect }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "autopush.fullname" $ }}-autoconnect
+  labels:
+    {{- include "autopush.labels" $ | nindent 4 }}
+spec:
+  replicas: {{ .replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "autopush.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: autoconnect
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "autopush.labels" $ | nindent 8 }}
+        app.kubernetes.io/component: autoconnect
+        {{- with .podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: autoconnect
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- with .image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ include "autopush.fullname" $ }}-env
+          env:
+            - name: "AUTOCONNECT__DB_DSN"
+              {{- if $.Values.redis.auth.enabled }}
+              value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)"
+              {{- else }}
+              value: "redis://$(REDIS_HOST)"
+              {{- end }}
+            - name: "AUTOCONNECT__CRYPTO_KEY"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "autopush.fullname" $ }}-env
+                  key: "CRYPTO_KEY"
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+            - name: router
+              containerPort: {{ .service.ports.router }}
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          {{- with .volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- include "autopush.containerPrometheus" $ | nindent 8 }}
+      {{- with .volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
--- a/autopush/templates/autoconnect/service.yaml
+++ b/autopush/templates/autoconnect/service.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "autopush.fullname" . }}-autoconnect
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+    app.kubernetes.io/metrics: "true"
+spec:
+  type: {{ .Values.autoconnect.service.type }}
+  selector:
+    {{- include "autopush.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: autoconnect
+  ports:
+    - port: {{ .Values.autoconnect.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: {{ .Values.autoconnect.service.ports.router }}
+      targetPort: router
+      protocol: TCP
+      name: router
+    {{- if .Values.prometheus.enabled }}
+    - port: 9100
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+    {{- end }}
--- a/autopush/templates/autoendpoint/deployment.yaml
+++ b/autopush/templates/autoendpoint/deployment.yaml
@ -0,0 +1,88 @@
+{{- with .Values.autoendpoint }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "autopush.fullname" $ }}-autoendpoint
+  labels:
+    {{- include "autopush.labels" $ | nindent 4 }}
+spec:
+  replicas: {{ .replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "autopush.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: autoendpoint
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "autopush.labels" $ | nindent 8 }}
+        app.kubernetes.io/component: autoendpoint
+        {{- with .podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: autoendpoint
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- with .image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ include "autopush.fullname" $ }}-env
+          env:
+            - name: "AUTOEND__DB_DSN"
+              {{- if $.Values.redis.auth.enabled }}
+              value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)"
+              {{- else }}
+              value: "redis://$(REDIS_HOST)"
+              {{- end }}
+            - name: "AUTOEND__CRYPTO_KEYS"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "autopush.fullname" $ }}-env
+                  key: "CRYPTO_KEY"
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          {{- with .volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- include "autopush.containerPrometheus" $ | nindent 8 }}
+      {{- with .volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
--- a/autopush/templates/autoendpoint/service.yaml
+++ b/autopush/templates/autoendpoint/service.yaml
@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "autopush.fullname" . }}-autoendpoint
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+    app.kubernetes.io/metrics: "true"
+spec:
+  type: {{ .Values.autoendpoint.service.type }}
+  selector:
+    {{- include "autopush.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: autoendpoint
+  ports:
+    - port: {{ .Values.autoendpoint.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+    {{- if .Values.prometheus.enabled }}
+    - port: 9100
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+    {{- end }}
--- a/autopush/templates/configmap_grafana_dashboards.yaml
+++ b/autopush/templates/configmap_grafana_dashboards.yaml
@ -0,0 +1,14 @@
+{{- if .Values.grafana.dashboards.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "autopush.fullname" . }}-grafana-dashboards
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+    {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }}
+data:
+  {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }}
+{{- end }}
--- a/autopush/templates/ingress.yaml
+++ b/autopush/templates/ingress.yaml
@ -0,0 +1,63 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "autopush.fullname" . }}
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- with .Values.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "autopush.fullname" $ }}-autoconnect
+                port:
+                  name: http
+    - host: {{ printf "updates.%s" .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "autopush.fullname" $ }}-autoendpoint
+                port:
+                  name: http
+          {{- with .Values.unifiedPush }}
+          {{- if .enabled }}
+          {{- if .config.gateway.generic.enable }}
+          - path: /generic/
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "autopush.fullname" $ }}-unifiedpush
+                port:
+                  name: http
+          {{- end }}
+          {{- if .config.gateway.matrix.enable }}
+          - path: /_matrix/push/v1/notify
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "autopush.fullname" $ }}-unifiedpush
+                port:
+                  name: http
+          {{- end }}
+          {{- end }}
+          {{- end }}
+{{- end }}
--- a/autopush/templates/prometheus-rules.yaml
+++ b/autopush/templates/prometheus-rules.yaml
@ -0,0 +1,38 @@
+{{- if and .Values.prometheus.rules.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ include "autopush.fullname" . }}
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+    {{- with .Values.prometheus.rules.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  groups:
+    {{- if .Values.prometheus.rules.default.enabled }}
+    - name: {{ template "autopush.fullname" . }}-Endpoint
+      rules:
+        - alert: "autopush: No Subscription API Error"
+          expr: 'sum(increase(autoendpoint_api_error_no_subscription{}[1h])) without (container,endpoint,pod,instance) > 0'
+          for: 5m
+          labels:
+            severity: critical
+            {{- with .Values.prometheus.rules.default.alertLabels }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          annotations:
+            {{`
+            summary: "autoendpoint: No Subscription API Error in {{ $labels.namespace }}/{{ $labels.job }} increate in the last hour"
+            `}}
+    {{/*
+    - name: {{ template "autopush.fullname" . }}-Push
+      rules:
+    */}}
+    {{- end }}
+    {{- with .Values.prometheus.rules.additionalRules }}
+    - name: {{ template "autopush.fullname" $ }}-Additional
+      rules:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+{{- end }}
--- a/autopush/templates/secret.yaml
+++ b/autopush/templates/secret.yaml
@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "autopush.fullname" . }}-env
+  annotations:
+    "helm.sh/hook": "pre-install,pre-upgrade"
+type: Opaque
+data:
+  {{/* GLOBAL */}}
+  RUST_BACKTRACE: {{ ternary "1" "0" .Values.config.logs.backtrace | b64enc }}
+  RUST_LOG: {{ .Values.config.logs.level | b64enc }}
+  {{- with .Values.redis }}
+  {{- if .auth.enabled }}
+  {{- with .auth.password }}
+  REDIS_HOST_PASSWORD: {{ . | b64enc }}
+  {{- end }}
+  {{- end }}
+  {{- if .internal }}
+  REDIS_HOST: {{ printf "%s-redis-master:%.0f/%.0f" (include "autopush.fullname" $) .master.service.port .dbid | b64enc }}
+  {{- else }}
+  REDIS_HOST: {{ printf "%s:%s/$.0f" .external.host .external.port .dbid | b64enc }}
+  {{- end }}
+  {{- end }}
+  CRYPTO_KEY: {{ printf "[%s]" .Values.config.cryptoKey | b64enc }}
+  {{/* autoconnect */}}
+  {{- if .Values.ingress.tls }}
+  AUTOCONNECT__ENDPOINT_SCHEME: {{ "https" | b64enc }}
+  AUTOCONNECT__ENDPOINT_PORT: {{ "443" | b64enc }}
+  {{- else }}
+  AUTOCONNECT__ENDPOINT_SCHEME: {{ "http" | b64enc }}
+  AUTOCONNECT__ENDPOINT_PORT: {{ "80" | b64enc }}
+  {{- end }}
+  AUTOCONNECT__ENDPOINT_HOSTNAME: {{ printf "updates.%s" .Values.ingress.host | b64enc }}
+  AUTOCONNECT__ROUTER_HOSTNAME: {{ printf "%s-autoconnect" (include "autopush.fullname" .) | b64enc }}
+  AUTOCONNECT__ROUTER_PORT: {{ toYaml .Values.autoconnect.service.ports.router | b64enc }}
+  {{- if .Values.prometheus.enabled }}
+  AUTOCONNECT__STATSD_HOST: {{ "127.0.0.1" | b64enc}}
+  AUTOCONNECT__STATSD_PORT: {{ "9125" | b64enc }}
+  {{- end }}
+  {{/* autoendpoint */}}
+  AUTOEND__HOST: {{ "::" | b64enc }}
+  {{- if .Values.ingress.tls }}
+  AUTOEND__ENDPOINT_URL: {{ printf "https://updates.%s" .Values.ingress.host | b64enc }}
+  {{- else }}
+  AUTOEND__ENDPOINT_URL: {{ printf "http://updates.%s" .Values.ingress.host | b64enc }}
+  {{- end }}
+  {{- if .Values.prometheus.enabled }}
+  AUTOEND__STATSD_HOST: {{ "127.0.0.1" | b64enc }}
+  AUTOEND__STATSD_PORT: {{ "9125" | b64enc }}
+  {{- end }}
--- a/mautrix-signal/templates/serviceaccount.yaml
+++ b/mautrix-signal/templates/serviceaccount.yaml
@ -2,9 +2,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "mautrix-signal.serviceAccountName" . }}
+  name: {{ include "autopush.serviceAccountName" . }}
  labels:
-    {{- include "mautrix-signal.labels" . | nindent 4 }}
+    {{- include "autopush.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/autopush/templates/servicemonitor.yaml
+++ b/autopush/templates/servicemonitor.yaml
@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "autopush.fullname" . }}
+  labels:
+    {{- include "autopush.labels" . | nindent 4 }}
+    {{- with .Values.prometheus.servicemonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "autopush.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/metrics: "true"
+  endpoints:
+    - port: metrics
+{{- end }}
--- a/autopush/templates/unifiedpush/deployment.yaml
+++ b/autopush/templates/unifiedpush/deployment.yaml
@ -0,0 +1,97 @@
+{{- with .Values.unifiedPush }}
+{{- if .enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "autopush.fullname" $ }}-unifiedpush
+  labels:
+    {{- include "autopush.labels" $ | nindent 4 }}
+spec:
+  replicas: {{ .replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "autopush.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: unifiedpush
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "autopush.labels" $ | nindent 8 }}
+        app.kubernetes.io/component: unifiedpush
+        {{- with .podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: common-proxies
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- with .image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
+          env:
+            - name: "UP_LISTEN"
+              value: ":8080"
+            {{- if .config.verbose }}
+            - name: "UP_VERBOSE"
+              value: "true"
+            {{- end }}
+            {{- with .config.uaid }}
+            - name: "UP_UAID"
+              value: {{ . | quote }}
+            {{- end }}
+            {{- if .config.gateway.generic.enable }}
+            - name: "UP_GATEWAY_GENERIC_ENABLE"
+              value: "true"
+            {{- end }}
+            {{- if .config.gateway.matrix.enable }}
+            - name: "UP_GATEWAY_MATRIX_ENABLE"
+              value: "true"
+            {{- end }}
+            {{- with .config.gateway.allowedHosts }}
+            - name: "UP_GATEWAY_ALLOWEDHOSTS"
+              value: {{ join "," . | quote }}
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          {{- with .volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
+{{- end }}
--- a/autopush/templates/unifiedpush/service.yaml
+++ b/autopush/templates/unifiedpush/service.yaml
@ -0,0 +1,19 @@
+{{- if .Values.unifiedPush.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "autopush.fullname" . }}-unifiedpush
+  labels:
+    app.kubernetes.io/metrics: "true"
+    {{- include "autopush.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.unifiedPush.service.type }}
+  selector:
+    {{- include "autopush.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: unifiedpush
+  ports:
+    - port: {{ .Values.unifiedPush.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+{{- end }}
--- a/autopush/values.yaml
+++ b/autopush/values.yaml
@ -0,0 +1,440 @@
+global:
+  image:
+    # -- if set it will overwrite all registry entries
+    registry:
+    # -- if set it will overwrite all pullPolicy
+    pullPolicy:
+
+# -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# -- This is to override the chart name.
+nameOverride: ""
+fullnameOverride: ""
+
+
+config:
+  logs:
+    # -- set log level of autopush
+    level: warn
+    # -- enable backtrace of autopush
+    backtrace: false
+  # -- run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py
+  cryptoKey: ""
+
+prometheus:
+  # -- start statsd sidecar and configure
+  enabled: true
+
+  servicemonitor:
+    enabled: false
+    labels: {}
+  rules:
+    enabled: false
+    labels: {}
+    default:
+      enabled: true
+      alertLabels: {}
+    additionalRules: []
+
+  image:
+    registry: docker.io
+    repository: prom/statsd-exporter
+    pullPolicy: IfNotPresent
+    tag: v0.28.0
+
+  # -- securityContext
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+  securityContext: {}
+
+  # -- We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  resources: {}
+
+  # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  livenessProbe:
+    httpGet:
+      path: /
+      port: metrics
+  readinessProbe:
+    httpGet:
+      path: /
+      port: metrics
+
+  # -- Additional volumeMounts on the output Deployment definition.
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+  volumeMounts: []
+
+grafana:
+  dashboards:
+    enabled: false
+    labels:
+      grafana_dashboard: "1"
+    annotations: {}
+
+## This configuration is for the internal Redis that's deployed for use with
+## workers/sharding, for an external Redis server you want to set enabled to
+## false and configure the externalRedis block.
+##
+redis:
+  internal: true
+  # -- Database ID for non-default database
+  dbid: 0
+
+  auth:
+    enabled: true
+    # -- XXX Change me!
+    password: autopush
+    # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time
+    existingSecret: ""
+    # -- Password key to be retrieved from existing secret
+    existingSecretPasswordKey: ""
+
+  external:
+    host: redis
+    port: 6379
+
+    # -- Password key to be retrieved from existing secret
+    existingSecretPasswordKey: redis-password
+
+
+  architecture: standalone
+  global:
+    storageClass: ""
+  master:
+    persistence:
+      enabled: true
+    service:
+      port: 6379
+  replica:
+    persistence:
+      enabled: true
+
+autoconnect:
+  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+  # @section -- Autoconnect
+  replicaCount: 1
+  image:
+    # -- image registry (could be overwritten by global.image.registry)
+    # @section -- Autoconnect
+    registry: codeberg.org
+    # -- image repository
+    # @section -- Autoconnect
+    repository: wrenix/autopush/autoconnect
+    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+    # @section -- Autoconnect
+    pullPolicy: IfNotPresent
+    # -- image tag - Overrides the image tag whose default is the chart appVersion.
+    # @section -- Autoconnect
+    tag: latest
+  # -- This is for setting Kubernetes Annotations to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  # @section -- Autoconnect
+  podAnnotations: {}
+  # -- This is for setting Kubernetes Labels to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  # @section -- Autoconnect
+  podLabels: {}
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  # -- securityContext
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+  # @section -- Autoconnect
+  securityContext: {}
+
+  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+  service:
+    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+    # @section -- Autoconnect
+    type: ClusterIP
+    # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+    ports:
+      # -- port of http service
+      # @section -- Autoconnect
+      http: 80
+      # -- port of internal router service
+        # @section -- Autoconnect
+      router: 8081
+
+  # -- We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # @section -- Autoconnect
+  resources: {}
+
+  # -- This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- Autoconnect
+  livenessProbe:
+    httpGet:
+      path: /health
+      port: http
+  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- Autoconnect
+  readinessProbe:
+    httpGet:
+      path: /health
+      port: http
+
+  # -- Additional volumeMounts on the output Deployment definition.
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+  # @section -- Autoconnect
+  volumeMounts: []
+
+autoendpoint:
+  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+  # @section -- Autoendpoint
+  replicaCount: 1
+  image:
+    # -- image registry (could be overwritten by global.image.registry)
+    # @section -- Autoendpoint
+    registry: codeberg.org
+    # -- image repository
+    # @section -- Autoendpoint
+    repository: wrenix/autopush/autoendpoint
+    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+    # @section -- Autoendpoint
+    pullPolicy: IfNotPresent
+    # -- image tag - Overrides the image tag whose default is the chart appVersion.
+    # @section -- Autoendpoint
+    tag: latest
+
+  # -- This is for setting Kubernetes Annotations to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  # @section -- Autoendpoint
+  podAnnotations: {}
+  # -- This is for setting Kubernetes Labels to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  # @section -- Autoendpoint
+  podLabels: {}
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  securityContext: {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+  service:
+    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+    # @section -- Autoendpoint
+    type: ClusterIP
+    # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+    # @section -- Autoendpoint
+    port: 80
+
+  # -- We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # @section -- Autoendpoint
+  resources: {}
+
+  # -- This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- Autoendpoint
+  livenessProbe:
+    httpGet:
+      path: /health
+      port: http
+  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- Autoendpoint
+  readinessProbe:
+    httpGet:
+      path: /health
+      port: http
+
+  # -- Additional volumeMounts on the output Deployment definition.
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+  # @section -- Autoendpoint
+  volumeMounts: []
+
+unifiedPush:
+  # -- enable/deploy common-proxy for unifiedpush
+  # @section -- UnifiedPush
+  enabled: false
+  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+  # @section -- UnifiedPush
+  replicaCount: 1
+  image:
+    # -- image registry (could be overwritten by global.image.registry)
+    # @section -- UnifiedPush
+    registry: docker.io
+    # -- image repository
+    # @section -- UnifiedPush
+    repository: unifiedpush/common-proxies
+    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+    # @section -- UnifiedPush
+    pullPolicy: IfNotPresent
+    # -- image tag
+    # @section -- UnifiedPush
+    tag: "v2.2.0"
+
+  config:
+    verbose: false
+    uaid: ""
+    gateway:
+      generic:
+        enable: true
+      matrix:
+        enable: true
+      allowedHosts: []
+
+  # -- This is for setting Kubernetes Annotations to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  # @section -- UnifiedPush
+  podAnnotations: {}
+  # -- This is for setting Kubernetes Labels to a Pod.
+  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  # @section -- UnifiedPush
+  podLabels: {}
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  securityContext: {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+  service:
+    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+    # @section -- UnifiedPush
+    type: ClusterIP
+    # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+    # @section -- UnifiedPush
+    port: 80
+
+  # -- We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # @section -- UnifiedPush
+  resources: {}
+
+  # -- This is to setup the liveness more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- UnifiedPush
+  livenessProbe:
+    httpGet:
+      path: /health
+      port: http
+  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+  # @section -- UnifiedPush
+  readinessProbe:
+    httpGet:
+      path: /health
+      port: http
+
+  # -- Additional volumeMounts on the output Deployment definition.
+  # - name: foo
+  #   mountPath: "/etc/foo"
+  #   readOnly: true
+  # @section -- UnifiedPush
+  volumeMounts: []
+
+
+# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  # @section -- UnifiedPush
+  create: true
+  # -- Automatically mount a ServiceAccount's API credentials?
+  # @section -- UnifiedPush
+  automount: true
+  # -- Annotations to add to the service account
+  # @section -- UnifiedPush
+  annotations: {}
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  # @section -- UnifiedPush
+  name: ""
+
+# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  host: chart-example.local
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+# -- Additional volumes on the output Deployment definition.
+# - name: foo
+#   secret:
+#     secretName: mysecret
+#     optional: false
+volumes: []
--- a/conduit/Chart.yaml
+++ b/conduit/Chart.yaml
@ -3,9 +3,9 @@ name: conduit
 description: Conduit is a simple, fast and reliable chat server powered by Matrix.
 icon: https://conduit.rs/conduit.svg
 type: application
-version: 0.2.5
-# renovate: image=registry.gitlab.com/famedly/conduit/matrix-conduit
-appVersion: "0.6.0"
+version: "1.0.4"
+# renovate: image=docker.io/matrixconduit/matrix-conduit
+appVersion: "0.9.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/conduit/README.adoc
+++ b/conduit/README.adoc
@ -1,406 +0,0 @@
-
-
-= conduit
-
-image::https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square[Version: 0.2.5]
-image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
-image::https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square[AppVersion: 0.6.0]
-== Maintainers
-
-.Maintainers
-|===
-| Name | Email | Url
-
-| WrenIX
-|
-| <https://wrenix.eu>
-|===
-
-== Usage
-
-Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's https://helm.sh/docs[documentation] to get started.
-Once Helm has been set up correctly, fetch the charts as follows:
-
-[source,bash]
----
-helm pull oci://codeberg.org/wrenix/helm-charts/conduit
----
-
-You can install a chart release using the following command:
-
-[source,bash]
----
-helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml
----
-
-To uninstall a chart release use `helm`'s delete command:
-
-[source,bash]
----
-helm uninstall conduit-release
----
-
-== Values
-
-.Values
-|===
-| Key | Type | Default | Description
-
-| affinity
-| object
-| `{}`
-|
-
-| autoscaling.enabled
-| bool
-| `false`
-|
-
-| autoscaling.maxReplicas
-| int
-| `100`
-|
-
-| autoscaling.minReplicas
-| int
-| `1`
-|
-
-| autoscaling.targetCPUUtilizationPercentage
-| int
-| `80`
-|
-
-| conduit.allowEncryption
-| bool
-| `true`
-|
-
-| conduit.allowFederation
-| bool
-| `true`
-|
-
-| conduit.allowRegistration
-| bool
-| `false`
-|
-
-| conduit.allowRoomCreation
-| bool
-| `true`
-|
-
-| conduit.allowUnstableRoomVersions
-| bool
-| `true`
-|
-
-| conduit.log
-| string
-| `nil`
-|
-
-| conduit.maxConcurrentRequests
-| string
-| `nil`
-|
-
-| conduit.maxRequestSize
-| string
-| `"20000000"`
-| in bytes default 20 MB
-
-| conduit.registrationToken
-| string
-| `nil`
-|
-
-| conduit.server_name
-| string
-| `"your.server.name"`
-|
-
-| conduit.trustedServers[0]
-| string
-| `"matrix.org"`
-|
-
-| conduit.wellKnownClient
-| string
-| `"your.server.name"`
-|
-
-| fullnameOverride
-| string
-| `""`
-|
-
-| image.pullPolicy
-| string
-| `"IfNotPresent"`
-|
-
-| image.repository
-| string
-| `"registry.gitlab.com/famedly/conduit/matrix-conduit"`
-|
-
-| image.tag
-| string
-| `""`
-|
-
-| imagePullSecrets
-| list
-| `[]`
-|
-
-| ingress.annotations
-| object
-| `{}`
-|
-
-| ingress.className
-| string
-| `""`
-|
-
-| ingress.enabled
-| bool
-| `false`
-|
-
-| ingress.hosts[0].host
-| string
-| `"chart-example.local"`
-|
-
-| ingress.hosts[0].paths[0].path
-| string
-| `"/"`
-|
-
-| ingress.hosts[0].paths[0].pathType
-| string
-| `"ImplementationSpecific"`
-|
-
-| ingress.tls
-| list
-| `[]`
-|
-
-| nameOverride
-| string
-| `""`
-|
-
-| nodeSelector
-| object
-| `{}`
-|
-
-| persistence.accessMode
-| string
-| `"ReadWriteOnce"`
-|
-
-| persistence.annotations
-| object
-| `{}`
-|
-
-| persistence.enabled
-| bool
-| `true`
-|
-
-| persistence.existingClaim
-| string
-| `nil`
-| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
-
-| persistence.hostPath
-| string
-| `nil`
-| Do not create an PVC, direct use hostPath in Pod
-
-| persistence.size
-| string
-| `"1Gi"`
-|
-
-| persistence.storageClass
-| string
-| `nil`
-| Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is   set, choosing the default provisioner.  (gp2 on AWS, standard on   GKE, AWS & OpenStack)
-
-| podAnnotations
-| object
-| `{}`
-|
-
-| podLabels
-| object
-| `{}`
-|
-
-| podSecurityContext
-| object
-| `{}`
-|
-
-| replicaCount
-| int
-| `1`
-|
-
-| resources
-| object
-| `{}`
-|
-
-| securityContext
-| object
-| `{}`
-|
-
-| service.port
-| int
-| `6167`
-|
-
-| service.type
-| string
-| `"ClusterIP"`
-|
-
-| serviceAccount.annotations
-| object
-| `{}`
-|
-
-| serviceAccount.create
-| bool
-| `true`
-|
-
-| serviceAccount.name
-| string
-| `""`
-|
-
-| tolerations
-| list
-| `[]`
-|
-
-| wellknown.affinity
-| object
-| `{}`
-|
-
-| wellknown.client."m.homeserver".base_url
-| string
-| `"https://your.server.name/"`
-|
-
-| wellknown.client."org.matrix.msc3575.proxy".url
-| string
-| `"https://your.server.name/"`
-|
-
-| wellknown.containerPort
-| int
-| `80`
-|
-
-| wellknown.enabled
-| bool
-| `true`
-|
-
-| wellknown.env
-| list
-| `[]`
-|
-
-| wellknown.image.pullPolicy
-| string
-| `"IfNotPresent"`
-|
-
-| wellknown.image.repository
-| string
-| `"nginx"`
-|
-
-| wellknown.image.tag
-| string
-| `"1.25"`
-|
-
-| wellknown.nodeSelector
-| object
-| `{}`
-|
-
-| wellknown.podAnnotations
-| list
-| `[]`
-|
-
-| wellknown.podLabels
-| object
-| `{}`
-|
-
-| wellknown.podSecurityContext
-| object
-| `{}`
-|
-
-| wellknown.replicaCount
-| int
-| `1`
-|
-
-| wellknown.resources
-| object
-| `{}`
-|
-
-| wellknown.securityContext
-| object
-| `{}`
-|
-
-| wellknown.server."m.server"
-| string
-| `"your.server.name:443"`
-|
-
-| wellknown.service.annotations
-| object
-| `{}`
-|
-
-| wellknown.service.port
-| int
-| `8080`
-|
-
-| wellknown.service.type
-| string
-| `"ClusterIP"`
-|
-
-| wellknown.tolerations
-| list
-| `[]`
-|
-|===
-
-Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/conduit/README.md
+++ b/conduit/README.md
@ -0,0 +1,131 @@
+---
+title: "conduit"
+
+description: "Conduit is a simple, fast and reliable chat server powered by Matrix."
+
+---
+
+# conduit
+
+![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
+
+Conduit is a simple, fast and reliable chat server powered by Matrix.
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/conduit
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall conduit-release
+```
+
+## Values
+
+### well known
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| wellknown.affinity | object | `{}` | pod affinity |
+| wellknown.client | object | `{"m.homeserver":{"base_url":"https://your.server.name/"},"org.matrix.msc3575.proxy":{"url":"https://your.server.name/"}}` | client entry in well-known |
+| wellknown.containerPort | int | `80` | port webservice |
+| wellknown.enabled | bool | `false` | enable/deploy add extra webservice for well-known urls |
+| wellknown.env | list | `[]` | pod env |
+| wellknown.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| wellknown.image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
+| wellknown.image.repository | string | `"library/nginx"` | image repository |
+| wellknown.image.tag | string | `"1.27.4"` | image tag |
+| wellknown.nginxServerConf | string | `"server {\n    listen       {{ .containerPort }};\n    server_name  localhost;\n\n    location /.well-known/matrix/server {\n      return 200 {{ toJson .server | quote }};\n      types { } default_type \"application/json; charset=utf-8\";\n    }\n\n    location /.well-known/matrix/client {\n      return 200 {{ toJson .client | quote }};\n      types { } default_type \"application/json; charset=utf-8\";\n      add_header \"Access-Control-Allow-Origin\" *;\n    }\n\n    location / {\n      # return 200 'Welcome to the your.server.name conduit server!';\n      # types { } default_type \"text/plain; charset=utf-8\";\n      return 404;\n    }\n\n    location /nginx_health {\n      return 200 'OK';\n      types { } default_type \"text/plain; charset=utf-8\";\n    }\n}"` | nginx config |
+| wellknown.nodeSelector | object | `{}` | pod node selector |
+| wellknown.podAnnotations | list | `[]` | pod annotations |
+| wellknown.podLabels | object | `{}` | pod labels |
+| wellknown.podSecurityContext | object | `{}` | securityContext of Pod |
+| wellknown.replicaCount | int | `1` | replicas |
+| wellknown.resources | object | `{}` | pod resources |
+| wellknown.rewriteRoot | bool | `false` | if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server |
+| wellknown.securityContext | object | `{}` | securityContext of container |
+| wellknown.server | object | `{"m.server":"your.server.name:443"}` | server entry in well-known |
+| wellknown.service.annotations | object | `{}` | annotations of service |
+| wellknown.service.port | int | `8080` | port of service |
+| wellknown.service.type | string | `"ClusterIP"` | service type |
+| wellknown.tolerations | list | `[]` | pod tolerations |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| conduit.allowEncryption | bool | `true` |  |
+| conduit.allowFederation | bool | `true` |  |
+| conduit.allowRegistration | bool | `false` |  |
+| conduit.allowRoomCreation | bool | `true` |  |
+| conduit.allowUnstableRoomVersions | bool | `true` |  |
+| conduit.log | string | `nil` |  |
+| conduit.maxConcurrentRequests | string | `nil` |  |
+| conduit.maxRequestSize | string | `"20000000"` | in bytes default 20 MB |
+| conduit.registrationToken | string | `nil` |  |
+| conduit.server_name | string | `"your.server.name"` |  |
+| conduit.trustedServers[0] | string | `"matrix.org"` |  |
+| conduit.wellKnown.client | string | `""` | client well-known configuration in conduit |
+| conduit.wellKnown.server | string | `"https://your.server.name"` | server well-known configuration in conduit |
+| fullnameOverride | string | `""` |  |
+| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
+| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
+| image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
+| image.repository | string | `"matrixconduit/matrix-conduit"` | image repository |
+| image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistence.accessMode | string | `"ReadWriteOnce"` |  |
+| persistence.annotations | object | `{}` |  |
+| persistence.enabled | bool | `true` |  |
+| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
+| persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod |
+| persistence.size | string | `"1Gi"` |  |
+| persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is   set, choosing the default provisioner.  (gp2 on AWS, standard on   GKE, AWS & OpenStack) |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` | replicas |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `6167` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/conduit/ci/empty-values.yaml
+++ b/conduit/ci/empty-values.yaml
--- a/conduit/ci/well-known-values.yaml
+++ b/conduit/ci/well-known-values.yaml
@ -0,0 +1,22 @@
+conduit:
+  server_name: test.wrenix.eu
+  wellKnown:
+    server: "overwritten-test:443"
+    client: "https://overwritten-test"
+
+wellknown:
+  enabled: true
+
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: test.wrenix.eu
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: test
+      hosts:
+        - test.wrenix.eu
--- a/conduit/templates/deployment.yaml
+++ b/conduit/templates/deployment.yaml
@ -38,8 +38,10 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
@ -95,10 +97,14 @@ spec:
            - name: "CONDUIT_REGISTRATION_TOKEN"
              value: {{ . | quote }}
            {{- end }}
-            {{- with .Values.conduit.wellKnownClient }}
+            {{- with .Values.conduit.wellKnown.client }}
            - name: "CONDUIT_WELL_KNOWN_CLIENT"
              value: {{ . | quote }}
            {{- end }}
+            {{- with .Values.conduit.wellKnown.server }}
+            - name: "CONDUIT_WELL_KNOWN_SERVER"
+              value: {{ . | quote }}
+            {{- end }}
          volumeMounts:
            - name: "data"
              mountPath: "/var/lib/matrix-conduit"
--- a/conduit/templates/ingress.yaml
+++ b/conduit/templates/ingress.yaml
@ -76,5 +76,14 @@ spec:
               name: {{ include "conduit.fullname" . }}-wellknown
               port:
                 name: http
+         {{- if .Values.wellknown.rewriteRoot }}
+         - path: /
+           pathType: Exact
+           backend:
+             service:
+               name: {{ include "conduit.fullname" . }}-wellknown
+               port:
+                 name: http
+         {{- end }}
    {{- end }}
 {{- end }}
--- a/conduit/templates/wellknown/configmap.yaml
+++ b/conduit/templates/wellknown/configmap.yaml
@ -2,10 +2,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "conduit.fullname" . }}-wellknown
+  name: {{ include "conduit.fullname" . }}-nginx-wellknown
  labels:
    {{- include "conduit.labels" . | nindent 4 }}
 data:
-  server: {{ toJson .Values.wellknown.server | quote }}
-  client: {{ toJson .Values.wellknown.client | quote }}
+  {{- with .Values.wellknown}}
+  default.conf: {{ tpl .nginxServerConf . | toYaml | nindent 4 }}
+  {{- end }}
 {{- end }}
--- a/conduit/templates/wellknown/deployment.yaml
+++ b/conduit/templates/wellknown/deployment.yaml
@ -24,6 +24,7 @@ spec:
        {{- with .Values.wellknown.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
+        type: wellknown
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
@ -36,25 +37,29 @@ spec:
        - name: wellknown
          securityContext:
            {{- toYaml .Values.wellknown.securityContext | nindent 12 }}
-          image: "{{ .Values.wellknown.image.repository }}:{{ .Values.wellknown.image.tag }}"
-          imagePullPolicy: {{ .Values.wellknown.image.pullPolicy }}
+          {{- with .Values.wellknown.image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.wellknown.containerPort }}
              protocol: TCP
          livenessProbe:
            httpGet:
-              path: /
+              path: /nginx_health
              port: http
          readinessProbe:
            httpGet:
-              path: /
+              path: /nginx_health
              port: http
          resources:
            {{- toYaml .Values.wellknown.resources | nindent 12 }}
          volumeMounts:
-            - name: "data"
-              mountPath: "/usr/share/nginx/html/.well-known/matrix/"
+            - name: "wellknown-nginx-conf"
+              mountPath: "/etc/nginx/conf.d/default.conf"
+              subPath: default.conf
+              readOnly: true
      {{- with .Values.wellknown.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -68,7 +73,7 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
-        - name: "data"
+        - name: "wellknown-nginx-conf"
          configMap:
-            name: {{ include "conduit.fullname" . }}-wellknown
+            name: {{ include "conduit.fullname" . }}-nginx-wellknown
 {{- end }}
--- a/conduit/values.yaml
+++ b/conduit/values.yaml
@ -1,13 +1,22 @@
-# Default values for conduit.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+global:
+  image:
+    # -- if set it will overwrite all registry entries
+    registry:
+    # -- if set it will overwrite all pullPolicy
+    pullPolicy:

+
+# -- replicas
 replicaCount: 1

 image:
-  repository: registry.gitlab.com/famedly/conduit/matrix-conduit
+  # -- image registry (could be overwritten by global.image.registry)
+  registry: docker.io
+  # -- image repository
+  repository: matrixconduit/matrix-conduit
+  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- image tag - Overrides the image tag whose default is the chart appVersion.
  tag: ""

 imagePullSecrets: []
@ -39,41 +48,121 @@ conduit:
  # log: "warn,rocket=off,_=off,sled=off"
  log:
  registrationToken:
-  wellKnownClient: "your.server.name"
+  wellKnown:
+    # -- client well-known configuration in conduit
+    client: ""
+    # -- server well-known configuration in conduit
+    server: "https://your.server.name"

 wellknown:
-  enabled: true
+  # -- enable/deploy add extra webservice for well-known urls
+  # @section -- well known
+  enabled: false
  image:
-    repository: nginx
+    # -- image registry (could be overwritten by global.image.registry)
+    # @section -- well known
+    registry: docker.io
+    # -- image repository
+    # @section -- well known
+    repository: library/nginx
+    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+    # @section -- well known
    pullPolicy: IfNotPresent
-    tag: "1.25"
+    # -- image tag
+    # @section -- well known
+    tag: "1.27.4"

+  # -- replicas
+  # @section -- well known
  replicaCount: 1
+  # -- pod labels
+  # @section -- well known
  podLabels: {}
+  # -- pod annotations
+  # @section -- well known
  podAnnotations: []
+  # -- securityContext of Pod
+  # @section -- well known
  podSecurityContext: {}
+  # -- securityContext of container
+  # @section -- well known
  securityContext: {}
+  # -- port webservice
+  # @section -- well known
  containerPort: 80
+  # -- pod env
+  # @section -- well known
  env: []
+  # -- pod resources
+  # @section -- well known
  resources: {}
+  # -- pod node selector
+  # @section -- well known
  nodeSelector: {}
+  # -- pod tolerations
+  # @section -- well known
  tolerations: []
+  # -- pod affinity
+  # @section -- well known
  affinity: {}

  service:
+    # -- service type
+    # @section -- well known
    type: ClusterIP
+    # -- port of service
+    # @section -- well known
    port: 8080
+    # -- annotations of service
+    # @section -- well known
    annotations: {}

-  # TO EDIT:
+  # -- if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server
+  # @section -- well known
+  rewriteRoot: false
+
+  # -- server entry in well-known
+  # @section -- well known
  server:
    "m.server": "your.server.name:443"
+  # -- client entry in well-known
+  # @section -- well known
  client:
    "m.homeserver":
      "base_url": "https://your.server.name/"
    "org.matrix.msc3575.proxy":
      "url": "https://your.server.name/"

+  # -- nginx config
+  # @section -- well known
+  nginxServerConf: |-
+      server {
+          listen       {{ .containerPort }};
+          server_name  localhost;
+
+          location /.well-known/matrix/server {
+            return 200 {{ toJson .server | quote }};
+            types { } default_type "application/json; charset=utf-8";
+          }
+
+          location /.well-known/matrix/client {
+            return 200 {{ toJson .client | quote }};
+            types { } default_type "application/json; charset=utf-8";
+            add_header "Access-Control-Allow-Origin" *;
+          }
+
+          location / {
+            # return 200 'Welcome to the your.server.name conduit server!';
+            # types { } default_type "text/plain; charset=utf-8";
+            return 404;
+          }
+
+          location /nginx_health {
+            return 200 'OK';
+            types { } default_type "text/plain; charset=utf-8";
+          }
+      }
+
 podLabels: {}
 podAnnotations: {}

--- a/docs/antora.yml
+++ b/docs/antora.yml
@ -1,8 +0,0 @@
-name: wrenix-helm
-title: "WrenIX's Helm charts"
-version:
-  main: latest
-
-nav:
-  - modules/ROOT/nav.adoc
-  - modules/charts/nav.adoc
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@ -1 +0,0 @@
-* xref:index.adoc[Home]
--- a/docs/modules/ROOT/pages/index.adoc
+++ b/docs/modules/ROOT/pages/index.adoc
@ -1 +0,0 @@
-../../../../README.adoc
--- a/docs/modules/charts/generate.sh
+++ b/docs/modules/charts/generate.sh
@ -1,16 +0,0 @@
-#!/bin/sh
-ROOT_DIR="./docs/modules/charts/"
-
-rm "${ROOT_DIR}/pages/"*".adoc"
-
-echo "* charts" > "${ROOT_DIR}/nav.adoc"
-for name in * ; do
-  if \
-    [ ! -d $name ] || \
-    [ ! -f $name/Chart.yaml ] \
-    ; then
-    continue;
-  fi
-  ln -sf "../../../../${name}/README.adoc" "${ROOT_DIR}/pages/${name}.adoc";
-  echo "** xref:${name}.adoc[${name}]" >> "${ROOT_DIR}/nav.adoc"
-done
--- a/docs/modules/charts/nav.adoc
+++ b/docs/modules/charts/nav.adoc
@ -1,21 +0,0 @@
-* charts
-** xref:alertmanager-matrix.adoc[alertmanager-matrix]
-** xref:alertmanager-ntfy.adoc[alertmanager-ntfy]
-** xref:authentik-application.adoc[authentik-application]
-** xref:conduit.adoc[conduit]
-** xref:forgejo-runner.adoc[forgejo-runner]
-** xref:gotosocial.adoc[gotosocial]
-** xref:grampsweb.adoc[grampsweb]
-** xref:headscale.adoc[headscale]
-** xref:headscale-ui.adoc[headscale-ui]
-** xref:hydrogen-web.adoc[hydrogen-web]
-** xref:jellyfin.adoc[jellyfin]
-** xref:matrix-authentication-service.adoc[matrix-authentication-service]
-** xref:matrix-sliding-sync.adoc[matrix-sliding-sync]
-** xref:matrix-synapse.adoc[matrix-synapse]
-** xref:mautrix-signal.adoc[mautrix-signal]
-** xref:miniserve.adoc[miniserve]
-** xref:monitoring.adoc[monitoring]
-** xref:ntfy.adoc[ntfy]
-** xref:postgresql.adoc[postgresql]
-** xref:stalwart-mail.adoc[stalwart-mail]
--- a/docs/modules/charts/pages/alertmanager-matrix.adoc
+++ b/docs/modules/charts/pages/alertmanager-matrix.adoc
@ -1 +0,0 @@
-../../../../alertmanager-matrix/README.adoc
--- a/docs/modules/charts/pages/alertmanager-ntfy.adoc
+++ b/docs/modules/charts/pages/alertmanager-ntfy.adoc
@ -1 +0,0 @@
-../../../../alertmanager-ntfy/README.adoc
--- a/docs/modules/charts/pages/authentik-application.adoc
+++ b/docs/modules/charts/pages/authentik-application.adoc
@ -1 +0,0 @@
-../../../../authentik-application/README.adoc
--- a/docs/modules/charts/pages/conduit.adoc
+++ b/docs/modules/charts/pages/conduit.adoc
@ -1 +0,0 @@
-../../../../conduit/README.adoc
--- a/docs/modules/charts/pages/forgejo-runner.adoc
+++ b/docs/modules/charts/pages/forgejo-runner.adoc
@ -1 +0,0 @@
-../../../../forgejo-runner/README.adoc
--- a/docs/modules/charts/pages/gotosocial.adoc
+++ b/docs/modules/charts/pages/gotosocial.adoc
@ -1 +0,0 @@
-../../../../gotosocial/README.adoc
--- a/docs/modules/charts/pages/grampsweb.adoc
+++ b/docs/modules/charts/pages/grampsweb.adoc
@ -1 +0,0 @@
-../../../../grampsweb/README.adoc
--- a/docs/modules/charts/pages/headscale-ui.adoc
+++ b/docs/modules/charts/pages/headscale-ui.adoc
@ -1 +0,0 @@
-../../../../headscale-ui/README.adoc
--- a/docs/modules/charts/pages/headscale.adoc
+++ b/docs/modules/charts/pages/headscale.adoc
@ -1 +0,0 @@
-../../../../headscale/README.adoc
--- a/docs/modules/charts/pages/hydrogen-web.adoc
+++ b/docs/modules/charts/pages/hydrogen-web.adoc
@ -1 +0,0 @@
-../../../../hydrogen-web/README.adoc
--- a/docs/modules/charts/pages/jellyfin.adoc
+++ b/docs/modules/charts/pages/jellyfin.adoc
@ -1 +0,0 @@
-../../../../jellyfin/README.adoc
--- a/docs/modules/charts/pages/matrix-authentication-service.adoc
+++ b/docs/modules/charts/pages/matrix-authentication-service.adoc
@ -1 +0,0 @@
-../../../../matrix-authentication-service/README.adoc
--- a/docs/modules/charts/pages/matrix-sliding-sync.adoc
+++ b/docs/modules/charts/pages/matrix-sliding-sync.adoc
@ -1 +0,0 @@
-../../../../matrix-sliding-sync/README.adoc
--- a/docs/modules/charts/pages/matrix-synapse.adoc
+++ b/docs/modules/charts/pages/matrix-synapse.adoc
@ -1 +0,0 @@
-../../../../matrix-synapse/README.adoc
--- a/docs/modules/charts/pages/mautrix-signal.adoc
+++ b/docs/modules/charts/pages/mautrix-signal.adoc
@ -1 +0,0 @@
-../../../../mautrix-signal/README.adoc
--- a/docs/modules/charts/pages/miniserve.adoc
+++ b/docs/modules/charts/pages/miniserve.adoc
@ -1 +0,0 @@
-../../../../miniserve/README.adoc
--- a/docs/modules/charts/pages/monitoring.adoc
+++ b/docs/modules/charts/pages/monitoring.adoc
@ -1 +0,0 @@
-../../../../monitoring/README.adoc
--- a/docs/modules/charts/pages/ntfy.adoc
+++ b/docs/modules/charts/pages/ntfy.adoc
@ -1 +0,0 @@
-../../../../ntfy/README.adoc
--- a/docs/modules/charts/pages/postgresql.adoc
+++ b/docs/modules/charts/pages/postgresql.adoc
@ -1 +0,0 @@
-../../../../postgresql/README.adoc
--- a/docs/modules/charts/pages/stalwart-mail.adoc
+++ b/docs/modules/charts/pages/stalwart-mail.adoc
@ -1 +0,0 @@
-../../../../stalwart-mail/README.adoc
--- a/mautrix-signal/.helmignore
+++ b/mautrix-signal/.helmignore
--- a/element-call/Chart.yaml
+++ b/element-call/Chart.yaml
@ -0,0 +1,10 @@
+apiVersion: v2
+name: element-call
+description: Run Element-Call and his dependencies
+type: application
+version: "0.1.8"
+# renovate: image=ghcr.io/element-hq/element-call
+appVersion: "0.7.1"
+maintainers:
+  - name: WrenIX
+    url: https://wrenix.eu
--- a/element-call/README.md
+++ b/element-call/README.md
@ -0,0 +1,125 @@
+---
+title: "element-call"
+
+description: "Run Element-Call and his dependencies"
+
+---
+
+# element-call
+
+![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.1](https://img.shields.io/badge/AppVersion-0.7.1-informational?style=flat-square)
+
+Run Element-Call and his dependencies
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| WrenIX |  | <https://wrenix.eu> |
+
+## Usage
+
+Helm must be installed and setup to your kubernetes cluster to use the charts.
+Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Once Helm has been set up correctly, fetch the charts as follows:
+
+```bash
+helm pull oci://codeberg.org/wrenix/helm-charts/element-call
+```
+
+You can install a chart release using the following command:
+
+```bash
+helm install element-call-release oci://codeberg.org/wrenix/helm-charts/element-call --values values.yaml
+```
+
+To uninstall a chart release use `helm`'s delete command:
+
+```bash
+helm uninstall element-call-release
+```
+
+## Values
+
+### livekit JWT
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| service.lkJWT.config.key | string | `"devkey"` | key to livekit |
+| service.lkJWT.config.secret | string | `"secret"` | secret to livekit |
+| service.lkJWT.config.url | string | `""` | url to livekit |
+| service.lkJWT.enabled | bool | `true` | enable to deploy livekit jwt service for element-call |
+| service.lkJWT.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| service.lkJWT.image.registry | string | `"ghcr.io"` | image registry (could be overwritten by global.image.registry) |
+| service.lkJWT.image.repository | string | `"element-hq/lk-jwt-service"` | image repository |
+| service.lkJWT.image.tag | string | `"sha-4a29504"` | image tag |
+| service.lkJWT.networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy |
+| service.lkJWT.networkPolicy.egress.extra | list | `[]` | egress rules |
+| service.lkJWT.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
+| service.lkJWT.replicaCount | int | `1` | replicas |
+| service.lkJWT.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| service.lkJWT.serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| service.lkJWT.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| service.lkJWT.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+
+### Other Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| fullnameOverride | string | `""` |  |
+| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
+| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| service.call.affinity | object | `{}` |  |
+| service.call.config | object | `{}` |  |
+| service.call.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
+| service.call.image.registry | string | `"ghcr.io"` | image registry (could be overwritten by global.image.registry) |
+| service.call.image.repository | string | `"element-hq/element-call"` | image repository |
+| service.call.image.tag | string | `nil` | image tag - Overrides the image tag whose default is the chart appVersion |
+| service.call.ingress.host | string | `nil` |  |
+| service.call.livenessProbe.httpGet.path | string | `"/"` |  |
+| service.call.livenessProbe.httpGet.port | string | `"http"` |  |
+| service.call.networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
+| service.call.networkPolicy.egress.extra | list | `[]` | egress rules |
+| service.call.networkPolicy.enabled | bool | `false` |  |
+| service.call.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
+| service.call.nodeSelector | object | `{}` |  |
+| service.call.podAnnotations | object | `{}` |  |
+| service.call.podLabels | object | `{}` |  |
+| service.call.podSecurityContext | object | `{}` |  |
+| service.call.readinessProbe.httpGet.path | string | `"/"` |  |
+| service.call.readinessProbe.httpGet.port | string | `"http"` |  |
+| service.call.replicaCount | int | `1` | replicas |
+| service.call.resources | object | `{}` |  |
+| service.call.securityContext | object | `{}` |  |
+| service.call.serviceAccount.annotations | object | `{}` |  |
+| service.call.serviceAccount.automount | bool | `true` |  |
+| service.call.serviceAccount.create | bool | `true` |  |
+| service.call.serviceAccount.name | string | `""` |  |
+| service.call.tolerations | list | `[]` |  |
+| service.lkJWT.affinity | object | `{}` |  |
+| service.lkJWT.ingress.host | string | `nil` |  |
+| service.lkJWT.livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| service.lkJWT.livenessProbe.httpGet.port | string | `"http"` |  |
+| service.lkJWT.networkPolicy.enabled | bool | `false` |  |
+| service.lkJWT.nodeSelector | object | `{}` |  |
+| service.lkJWT.podAnnotations | object | `{}` |  |
+| service.lkJWT.podLabels | object | `{}` |  |
+| service.lkJWT.podSecurityContext | object | `{}` |  |
+| service.lkJWT.readinessProbe.httpGet.path | string | `"/healthz"` |  |
+| service.lkJWT.readinessProbe.httpGet.port | string | `"http"` |  |
+| service.lkJWT.resources | object | `{}` |  |
+| service.lkJWT.securityContext | object | `{}` |  |
+| service.lkJWT.tolerations | list | `[]` |  |
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
+
--- a/element-call/_docs.gotmpl
+++ b/element-call/_docs.gotmpl
@ -0,0 +1 @@
+
--- a/element-call/templates/_helpers.tpl
+++ b/element-call/templates/_helpers.tpl
@ -0,0 +1,70 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "element-call.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "element-call.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "element-call.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "element-call.labels" -}}
+helm.sh/chart: {{ include "element-call.chart" . }}
+{{ include "element-call.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "element-call.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "element-call.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "element-call.serviceAccountName" -}}
+{{- $ := get . "root" }}
+{{- $suffix := get . "suffix" }}
+{{- with get . "ctx" }}
+{{- if .serviceAccount.create }}
+{{- if $suffix }}
+{{- default (printf "%s-%s" (include "element-call.fullname" $) $suffix) .serviceAccount.name }}
+{{- else }}
+{{- default (include "element-call.fullname" $) .serviceAccount.name }}
+{{- end }}
+{{- else }}
+{{- default "default" .serviceAccount.name }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/element-call/templates/configmap.yaml
+++ b/element-call/templates/configmap.yaml
@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "element-call.fullname" . }}
+  labels:
+    {{- include "element-call.labels" . | nindent 4 }}
+data:
+  "config.json": |
+    {{- toJson .Values.service.call.config | nindent 4 }} 
--- a/element-call/templates/deployment.yaml
+++ b/element-call/templates/deployment.yaml
@ -0,0 +1,76 @@
+{{- $fullName := include "element-call.fullname" . -}}
+{{- with .Values.service.call }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+    app.kubernetes.io/component: call
+spec:
+  {{- if not $.Values.autoscaling.enabled }}
+  replicas: {{ .replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "element-call.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: call
+  template:
+    metadata:
+      {{- with .podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "element-call.labels" $ | nindent 8 }}
+        app.kubernetes.io/component: call
+        {{- with .podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with $.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" .) }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: call
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- with .image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          volumeMounts:
+            - mountPath: /app/config.json
+              name: config
+              subPath: config.json
+      volumes:
+        - name: config
+          configMap:
+            name: {{ $fullName }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}{{/* end-with .service.call */}}
--- a/mautrix-signal/templates/hpa.yaml
+++ b/mautrix-signal/templates/hpa.yaml
@ -2,14 +2,14 @@
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "mautrix-signal.fullname" . }}
+  name: {{ include "element-call.fullname" . }}
  labels:
-    {{- include "mautrix-signal.labels" . | nindent 4 }}
+    {{- include "element-call.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
-    name: {{ include "mautrix-signal.fullname" . }}
+    name: {{ include "element-call.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
--- a/element-call/templates/ingress.yaml
+++ b/element-call/templates/ingress.yaml
@ -0,0 +1,46 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "element-call.fullname" . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "element-call.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- with .Values.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.service.call.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+    {{- if .Values.service.lkJWT.enabled }}
+    {{- if (eq .Values.service.lkJWT.ingress.host .Values.service.call.ingress.host)}}
+    - host: {{ .Values.service.lkJWT.ingress.host | quote }}
+      http:
+        paths:
+    {{- end }}
+          - path: /sfu/get
+            pathType: Exact
+            backend:
+              service:
+                name: {{ $fullName }}-lk-jwt
+                port:
+                  name: http
+    {{- end }}
+{{- end }}
--- a/element-call/templates/lk-jwt/deployment.yaml
+++ b/element-call/templates/lk-jwt/deployment.yaml
@ -0,0 +1,79 @@
+{{- $fullName := include "element-call.fullname" . -}}
+{{- with .Values.service.lkJWT }}
+{{- if .enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullName }}-lk-jwt
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+    app.kubernetes.io/component: lk-jwt
+spec:
+  {{- if not $.Values.autoscaling.enabled }}
+  replicas: {{ .replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "element-call.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: lk-jwt
+  template:
+    metadata:
+      annotations:
+        secret-env-hash: {{ include (print $.Template.BasePath "/lk-jwt/secret.yaml") $ | sha256sum }}
+        {{- with .podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "element-call.labels" $ | nindent 8 }}
+        app.kubernetes.io/component: lk-jwt
+        {{- with .podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with $.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }}
+      securityContext:
+        {{- toYaml .podSecurityContext | nindent 8 }}
+      containers:
+        - name: lk-jwt
+          securityContext:
+            {{- toYaml .securityContext | nindent 12 }}
+          {{- with .image }}
+          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
+          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
+          {{- end }}
+          env:
+            - name: "LK_JWT_PORT"
+              value: "8080"
+            - name: "LIVEKIT_URL"
+              value: {{ .config.url }}
+          envFrom:
+            - secretRef:
+                name: {{ $fullName }}-lk-jwt
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{- toYaml .readinessProbe | nindent 12 }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}{{/* end-if .enabled */}}
+{{- end }}{{/* end-with .Values.service.lkJWT */}}
--- a/element-call/templates/lk-jwt/networkpolicy.yaml
+++ b/element-call/templates/lk-jwt/networkpolicy.yaml
@ -0,0 +1,31 @@
+{{- with .Values.service.lkJWT.networkPolicy }}
+{{- if and $.Values.service.lkJWT.enabled .enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "element-call.fullname" $ }}-lk-jwt
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "element-call.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: lk-jwt
+  policyTypes:
+    - Ingress
+    {{- if .egress.enabled }}
+    - Egress
+    {{- end }}
+  ingress:
+    - ports:
+        - port: 8080
+          protocol: TCP
+      from:
+        {{- toYaml .ingress.http | nindent 8 }}
+  {{- with .egress }}
+  egress:
+    {{- toYaml .extra | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
--- a/element-call/templates/lk-jwt/secret.yaml
+++ b/element-call/templates/lk-jwt/secret.yaml
@ -0,0 +1,14 @@
+{{- if .Values.service.lkJWT.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "element-call.fullname" . }}-lk-jwt
+  labels:
+    {{- include "element-call.labels" . | nindent 4 }}
+data:
+  {{- with .Values.service.lkJWT.config }}
+  LIVEKIT_KEY: {{ .key | b64enc }}
+  LIVEKIT_SECRET: {{ .secret | b64enc }}
+  {{- end }}
+{{- end }}
--- a/element-call/templates/lk-jwt/service.yaml
+++ b/element-call/templates/lk-jwt/service.yaml
@ -0,0 +1,19 @@
+{{- if .Values.service.lkJWT.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "element-call.fullname" . }}-lk-jwt
+  labels:
+    {{- include "element-call.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "element-call.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: lk-jwt
+{{- end }}
--- a/element-call/templates/lk-jwt/serviceaccount.yaml
+++ b/element-call/templates/lk-jwt/serviceaccount.yaml
@ -0,0 +1,15 @@
+{{- with .Values.service.lkJWT }}
+{{- if and .enabled .serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }}
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+  {{- with .serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .serviceAccount.automount }}
+{{- end }}
+{{- end }}
--- a/element-call/templates/networkpolicy.yaml
+++ b/element-call/templates/networkpolicy.yaml
@ -0,0 +1,31 @@
+{{- with .Values.service.call.networkPolicy }}
+{{- if .enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "element-call.fullname" $ }}
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      {{- include "element-call.selectorLabels" $ | nindent 6 }}
+      app.kubernetes.io/component: call
+  policyTypes:
+    - Ingress
+    {{- if .egress.enabled }}
+    - Egress
+    {{- end }}
+  ingress:
+    - ports:
+        - port: 8080
+          protocol: TCP
+      from:
+        {{- toYaml .ingress.http | nindent 8 }}
+  {{- with .egress }}
+  egress:
+    {{- toYaml .extra | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
--- a/element-call/templates/service.yaml
+++ b/element-call/templates/service.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "element-call.fullname" . }}
+  labels:
+    {{- include "element-call.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "element-call.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: call
--- a/element-call/templates/serviceaccount.yaml
+++ b/element-call/templates/serviceaccount.yaml
@ -0,0 +1,15 @@
+{{- with .Values.service.call }}
+{{- if .serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "") }}
+  labels:
+    {{- include "element-call.labels" $ | nindent 4 }}
+  {{- with .serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .serviceAccount.automount }}
+{{- end }}
+{{- end }}
--- a/element-call/values.yaml
+++ b/element-call/values.yaml
@ -0,0 +1,175 @@
+global:
+  image:
+    # -- if set it will overwrite all registry entries
+    registry:
+    # -- if set it will overwrite all pullPolicy
+    pullPolicy:
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+service:
+  call:
+    # -- replicas
+    replicaCount: 1
+    image:
+      # -- image registry (could be overwritten by global.image.registry)
+      registry: ghcr.io
+      # -- image repository
+      repository: element-hq/element-call
+      # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+      pullPolicy: IfNotPresent
+      # -- image tag - Overrides the image tag whose default is the chart appVersion
+      tag:
+    config: {}
+    ingress:
+      host:
+    networkPolicy:
+      enabled: false
+      ingress:
+        # -- ingress for http port (e.g. ingress-controller)
+        http: []
+      egress:
+        # -- activate egress no networkpolicy
+        enabled: true
+        # -- egress rules
+        extra: []
+    livenessProbe:
+      httpGet:
+        path: /
+        port: http
+    readinessProbe:
+      httpGet:
+        path: /
+        port: http
+    resources: {}
+    serviceAccount:
+      # Specifies whether a service account should be created
+      create: true
+      # Automatically mount a ServiceAccount's API credentials?
+      automount: true
+      # Annotations to add to the service account
+      annotations: {}
+      # The name of the service account to use.
+      # If not set and create is true, a name is generated using the fullname template
+      name: ""
+
+    podAnnotations: {}
+    podLabels: {}
+
+    podSecurityContext: {}
+      # fsGroup: 2000
+
+    securityContext: {}
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+    nodeSelector: {}
+    tolerations: []
+    affinity: {}
+
+  lkJWT:
+    # -- enable to deploy livekit jwt service for element-call
+    # @section -- livekit JWT
+    enabled: true
+    # -- replicas
+    # @section -- livekit JWT
+    replicaCount: 1
+    image:
+      # -- image registry (could be overwritten by global.image.registry)
+      # @section -- livekit JWT
+      registry: ghcr.io
+      # -- image repository
+      # @section -- livekit JWT
+      repository: element-hq/lk-jwt-service
+      # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
+      # @section -- livekit JWT
+      pullPolicy: IfNotPresent
+      # -- image tag
+      # @section -- livekit JWT
+      tag: sha-4a29504
+    config:
+      # -- url to livekit
+      # @section -- livekit JWT
+      url: ""
+      # -- key to livekit
+      # @section -- livekit JWT
+      key: "devkey"
+      # -- secret to livekit
+      # @section -- livekit JWT
+      secret: "secret"
+    ingress:
+      host:
+    networkPolicy:
+      enabled: false
+      ingress:
+        # -- ingress for http port (e.g. ingress-controller)
+        # @section -- livekit JWT
+        http: []
+      egress:
+        # -- activate egress no networkpolicy
+        # @section -- livekit JWT
+        enabled: false
+        # -- egress rules
+        # @section -- livekit JWT
+        extra: []
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: http
+    readinessProbe:
+      httpGet:
+        path: /healthz
+        port: http
+    resources: {}
+    serviceAccount:
+      # -- Specifies whether a service account should be created
+      # @section -- livekit JWT
+      create: true
+      # -- Automatically mount a ServiceAccount's API credentials?
+      # @section -- livekit JWT
+      automount: true
+      # -- Annotations to add to the service account
+      # @section -- livekit JWT
+      annotations: {}
+      # -- The name of the service account to use.
+      # If not set and create is true, a name is generated using the fullname template
+      # @section -- livekit JWT
+      name: ""
+
+    podAnnotations: {}
+    podLabels: {}
+
+    podSecurityContext: {}
+      # fsGroup: 2000
+
+    securityContext: {}
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+    nodeSelector: {}
+    tolerations: []
+    affinity: {}
--- a/forgejo-runner/Chart.yaml
+++ b/forgejo-runner/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: forgejo-runner
 description: Deploy runner for an forgejo instance (default codeberg.org)
 type: application
-version: 0.1.9
+version: "0.4.18"
 # renovate: image=code.forgejo.org/forgejo/runner
-appVersion: "3.3.0"
+appVersion: "6.2.2"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/Show more
+++ b/Show more
				`@ -1 +0,0 @@`
				`../../../../authentik-application/README.adoc`
				`@ -1 +0,0 @@`
				`../../../../matrix-authentication-service/README.adoc`