fix(stalwart-mail): update AppVersion to v0.7.2

2024-04-22 18:35:56 +02:00
343 changed files with 10181 additions and 16547 deletions
--- a/README.adoc
+++ b/README.adoc
@ -1,29 +1,26 @@
---
+= helm-charts
 title: "Helm-Charts"
 weight: 1
 cascade:
  - url: /:sections/:title/
 url: /:sections
 ---
-## Usage
+== Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
-Refer to Helm's [documentation](https://helm.sh/docs) to get started.
+Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
-```bash
+[source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/<chart.name>
-```
+----
 You can install a chart release using the following command:
-```bash
+[source,bash]
 ----
 helm install <release> oci://codeberg.org/wrenix/helm-charts/<chart.name> --values values.yaml
-```
+----
 To uninstall a chart release use `helm`'s delete command:
-```bash
+[source,bash]
 ----
 helm uninstall <release>
-```
+----
--- a/README.adoc.gotmpl
+++ b/README.adoc.gotmpl
@ -0,0 +1,72 @@
 {{ define "chart.header" }}= {{ .Name }}
 {{ end }}
 {{ define "chart.versionBadge" }}
 image::https://img.shields.io/badge/Version-{{ .Version | replace "-" "--" }}-informational?style=flat-square[Version: {{ .Version }}]{{end}}
 {{ define "chart.typeBadge" }}
 image::https://img.shields.io/badge/Version-{{ .Type }}-informational?style=flat-square[Type: {{ .Type }}]{{end}}
 {{ define "chart.appVersionBadge" }}{{- if (ne .AppVersion "") }}
 image::https://img.shields.io/badge/AppVersion-{{ .AppVersion }}-informational?style=flat-square[AppVersion: {{ .AppVersion }}]{{ end }}{{end}}
 {{ define "chart.maintainersHeader" }}== Maintainers{{ end }}
 {{ define "chart.maintainersTable" }}.Maintainers
 |===
 | Name | Email | Url
  {{- range .Maintainers }}
 | {{ .Name }}
 | {{ if .Email }}<{{ .Email }}>{{ end }}
 | {{ if .Url }}<{{ .Url }}>{{ end }}
  {{- end }}
 |===
 {{ end }}
 {{ define "chart.valuesHeader" }}== Values{{ end }}
 {{ define "chart.valuesTable" }}.Values
 |===
 | Key | Type | Default | Description
  {{- range .Values }}
 | {{ .Key }}
 | {{ .Type }}
 | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }}
 | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }}
  {{- end }}
 |===
 {{ end }}
 {{- define "chart.prerequirements" -}}{{- end -}}
 {{ template "chart.header" . }}
 {{ template "chart.deprecationWarning" . }}
 {{ template "chart.badgesSection" . }}
 {{ template "chart.maintainersSection" . }}
 {{ template "chart.prerequirements" . }}
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }}
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install {{ template "chart.name" . }}-release oci://codeberg.org/wrenix/helm-charts/{{ template "chart.name" . }} --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall {{ template "chart.name" . }}-release
 ----
 {{ template "chart.valuesSection" . }}
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/README.md.gotmpl
+++ b/README.md.gotmpl
@ -1,54 +0,0 @@
 ---
 title: {{ .Name | quote }}
 {{ if .Description }}
 description: {{.Description | quote }}
 {{ end }}
 ---
 {{- define "chart.prerequirements" }}
 {{- end }}
 {{ template "chart.header" . }}
 {{ template "chart.deprecationWarning" . }}
 {{ template "chart.badgesSection" . }}
 {{ template "chart.description" . }}
 {{ template "chart.homepageLine" . }}
 {{ template "chart.maintainersSection" . }}
 {{ template "chart.sourcesSection" . }}
 {{ template "chart.prerequirements" . }}
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/{{ .Name }}
 ```
 You can install a chart release using the following command:
 ```bash
 helm install {{ .Name }}-release oci://codeberg.org/wrenix/helm-charts/{{ .Name }} --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall {{ .Name }}-release
 ```
 {{ template "chart.requirementsSection" . }}
 {{ template "chart.valuesSection" . }}
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-matrix/Chart.yaml
+++ b/alertmanager-matrix/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: alertmanager-matrix
 description: Service for managing and receiving Alertmanager alerts on Matrix
 type: application
-version: "0.1.12"
+version: 0.1.8
 # renovate: image=docker.io/silkeh/alertmanager_matrix
-appVersion: "0.5.0"
+appVersion: "0.4.3"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/alertmanager-matrix/README.adoc
+++ b/alertmanager-matrix/README.adoc
@ -0,0 +1,366 @@
 = alertmanager-matrix
 image::https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square[Version: 0.1.8]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.4.3-informational?style=flat-square[AppVersion: 0.4.3]
 == Maintainers
 .Maintainers
 |===
 | Name | Email | Url
 | WrenIX
 |
 | <https://wrenix.eu>
 |===
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall alertmanager-matrix-release
 ----
 == Values
 .Values
 |===
 | Key | Type | Default | Description
 | affinity
 | object
 | `{}`
 |
 | autoscaling.enabled
 | bool
 | `false`
 |
 | autoscaling.maxReplicas
 | int
 | `100`
 |
 | autoscaling.minReplicas
 | int
 | `1`
 |
 | autoscaling.targetCPUUtilizationPercentage
 | int
 | `80`
 |
 | bot.alertmanager
 | string
 | `"http://localhost:9093"`
 |
 | bot.colors.alert
 | string
 | `"black"`
 |
 | bot.colors.critical
 | string
 | `"red"`
 |
 | bot.colors.error
 | string
 | `"red"`
 |
 | bot.colors.info
 | string
 | `"blue"`
 |
 | bot.colors.information
 | string
 | `"blue"`
 |
 | bot.colors.resolved
 | string
 | `"green"`
 |
 | bot.colors.silenced
 | string
 | `"gray"`
 |
 | bot.colors.warning
 | string
 | `"orange"`
 |
 | bot.icons.alert
 | string
 | `"🔔️"`
 |
 | bot.icons.critical
 | string
 | `"🚨"`
 |
 | bot.icons.error
 | string
 | `"🚨"`
 |
 | bot.icons.info
 | string
 | `"ℹ️"`
 |
 | bot.icons.information
 | string
 | `"ℹ️"`
 |
 | bot.icons.resolved
 | string
 | `"✅"`
 |
 | bot.icons.silenced
 | string
 | `"🔕"`
 |
 | bot.icons.warning
 | string
 | `"⚠️"`
 |
 | bot.matrix.homeserver
 | string
 | `"http://localhost:8008"`
 |
 | bot.matrix.rooms[0]
 | string
 | `"!not_existing:matrix.org"`
 |
 | bot.matrix.rooms[1]
 | string
 | `"!also_not_existing:matrix.org"`
 |
 | bot.matrix.token
 | string
 | `"SECRET_TOKEN"`
 |
 | bot.matrix.userID
 | string
 | `"bot"`
 |
 | bot.messageType
 | string
 | `"m.notice"`
 |
 | bot.showLabels
 | bool
 | `false`
 |
 | bot.template.html
 | string
 | `"{{ range .Alerts }}\n  <font color=\"{{.StatusString|color}}\">\n    {{.StatusString|icon}}\n    <b>{{.StatusString|upper}}</b>\n    {{.AlertName}}:\n  </font>\n  {{.Summary}}\n  {{if ne .Fingerprint \"\"}}\n    ({{.Fingerprint}})\n  {{end}}\n  {{if $.ShowLabels}}\n    <br/>\n    <b>Labels:</b>\n    <code>{{.LabelString}}</code>\n   {{end}}\n   <br/>\n{{- end -}}\n"`
 |
 | bot.template.text
 | string
 | `"{{ range .Alerts }}\n  {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n    ({{.Fingerprint}})\n  {{- end}}\n  {{- if $.ShowLabels -}}\n    , labels:\n    {{- .LabelString}}\n  {{- end }}\n{{ end -}}\n"`
 |
 | fullnameOverride
 | string
 | `""`
 |
 | image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | image.registry
 | string
 | `"docker.io"`
 |
 | image.repository
 | string
 | `"silkeh/alertmanager_matrix"`
 |
 | image.tag
 | string
 | `""`
 |
 | imagePullSecrets
 | list
 | `[]`
 |
 | ingress.annotations
 | object
 | `{}`
 |
 | ingress.className
 | string
 | `""`
 |
 | ingress.enabled
 | bool
 | `false`
 |
 | ingress.hosts[0].host
 | string
 | `"chart-example.local"`
 |
 | ingress.hosts[0].paths[0].path
 | string
 | `"/"`
 |
 | ingress.hosts[0].paths[0].pathType
 | string
 | `"ImplementationSpecific"`
 |
 | ingress.tls
 | list
 | `[]`
 |
 | logging.additionalFilters
 | list
 | `[]`
 | Add other filters to Flow
 | logging.dedot
 | string
 | `nil`
 | if an filter (here or global) for dedot is active - for disable set `null`
 | logging.enabled
 | bool
 | `false`
 | Deploy Flow for logging-operator
 | logging.globalOutputRefs
 | list
 | `["default"]`
 | Flows globalOutputRefs for use of ClusterOutputs
 | logging.localOutputRefs
 | list
 | `[]`
 | Flows localOutputRefs for use of Outputs
 | nameOverride
 | string
 | `""`
 |
 | nodeSelector
 | object
 | `{}`
 |
 | podAnnotations
 | object
 | `{}`
 |
 | podLabels
 | object
 | `{}`
 |
 | podSecurityContext
 | object
 | `{}`
 |
 | replicaCount
 | int
 | `1`
 |
 | resources
 | object
 | `{}`
 |
 | securityContext
 | object
 | `{}`
 |
 | service.port
 | int
 | `4051`
 |
 | service.type
 | string
 | `"ClusterIP"`
 |
 | serviceAccount.annotations
 | object
 | `{}`
 |
 | serviceAccount.create
 | bool
 | `true`
 |
 | serviceAccount.name
 | string
 | `""`
 |
 | tolerations
 | list
 | `[]`
 |
 |===
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/alertmanager-matrix/README.md
+++ b/alertmanager-matrix/README.md
@ -1,112 +0,0 @@
 ---
 title: "alertmanager-matrix"
 description: "Service for managing and receiving Alertmanager alerts on Matrix"
 ---
 # alertmanager-matrix
 ![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.5.0](https://img.shields.io/badge/AppVersion-0.5.0-informational?style=flat-square)
 Service for managing and receiving Alertmanager alerts on Matrix
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix
 ```
 You can install a chart release using the following command:
 ```bash
 helm install alertmanager-matrix-release oci://codeberg.org/wrenix/helm-charts/alertmanager-matrix --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall alertmanager-matrix-release
 ```
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
 | autoscaling.enabled | bool | `false` |  |
 | autoscaling.maxReplicas | int | `100` |  |
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | bot.alertmanager | string | `"http://localhost:9093"` |  |
 | bot.colors.alert | string | `"black"` |  |
 | bot.colors.critical | string | `"red"` |  |
 | bot.colors.error | string | `"red"` |  |
 | bot.colors.info | string | `"blue"` |  |
 | bot.colors.information | string | `"blue"` |  |
 | bot.colors.resolved | string | `"green"` |  |
 | bot.colors.silenced | string | `"gray"` |  |
 | bot.colors.warning | string | `"orange"` |  |
 | bot.icons.alert | string | `"🔔️"` |  |
 | bot.icons.critical | string | `"🚨"` |  |
 | bot.icons.error | string | `"🚨"` |  |
 | bot.icons.info | string | `"ℹ️"` |  |
 | bot.icons.information | string | `"ℹ️"` |  |
 | bot.icons.resolved | string | `"✅"` |  |
 | bot.icons.silenced | string | `"🔕"` |  |
 | bot.icons.warning | string | `"⚠️"` |  |
 | bot.matrix.homeserver | string | `"http://localhost:8008"` |  |
 | bot.matrix.rooms[0] | string | `"!not_existing:matrix.org"` |  |
 | bot.matrix.rooms[1] | string | `"!also_not_existing:matrix.org"` |  |
 | bot.matrix.token | string | `"SECRET_TOKEN"` |  |
 | bot.matrix.userID | string | `"bot"` |  |
 | bot.messageType | string | `"m.notice"` |  |
 | bot.showLabels | bool | `false` |  |
 | bot.template.html | string | `"{{ range .Alerts }}\n  <font color=\"{{.StatusString|color}}\">\n    {{.StatusString|icon}}\n    <b>{{.StatusString|upper}}</b>\n    {{.AlertName}}:\n  </font>\n  {{.Summary}}\n  {{if ne .Fingerprint \"\"}}\n    ({{.Fingerprint}})\n  {{end}}\n  {{if $.ShowLabels}}\n    <br/>\n    <b>Labels:</b>\n    <code>{{.LabelString}}</code>\n  {{end}}\n  <br/>\n{{- end -}}\n"` |  |
 | bot.template.text | string | `"{{ range .Alerts }}\n  {{- .StatusString|icon}} {{ .StatusString|upper }}{{ .AlertName }}: {{ .Summary }} {{ if ne .Fingerprint \"\" -}}\n    ({{.Fingerprint}})\n  {{- end}}\n  {{- if $.ShowLabels -}}\n    , labels:\n    {{- .LabelString}}\n  {{- end }}\n{{ end -}}\n"` |  |
 | fullnameOverride | string | `""` |  |
 | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
 | global.image.registry | string | `nil` | if set it will overwrite all registry entries |
 | image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | image.registry | string | `"registry.gitlab.com"` | image registry (could be overwritten by global.image.registry) |
 | image.repository | string | `"wrenix/alertmanager_matrix"` | image repository |
 | image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. latest with current:  - amd64      @sha256:2afd6d70f39fdfa98f11758090506f7845aee33cc8d900f9fe39a2574c272063  - 386 /x86   @sha256:beca95e9595de7169ab34406936b585d6676ce03a7fe51815b3a6a4944f9dd6d  - arm v6     @sha256:ce40ea204497bfc9b2e796cf984eba53ba7c59164d39dcd4c11f0ca561e57eca  - arm v7     @sha256:59ce3dfc73be5f70b873fe095e1eee4e0fe1f256b39f8f051ad0a2ffe9d1177e  - arm v8     @sha256:fdbf50e944f8118dd1a44dde21b9cc098fb13837031e2f2492c148848c3d3cc8  - ppc64le    @sha256:4ce02adbf4efe3ad04422e35bd4e87442a7c899fea13988adaeb985c720e0c63  - s390x      @sha256:a202252cc00664a17caa5760f749b35a7b71253d1b1474b861f233e83ada1c76 |
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"chart-example.local"` |  |
 | ingress.hosts[0].paths[0].path | string | `"/"` |  |
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | logging.additionalFilters | list | `[]` | Add other filters to Flow |
 | logging.dedot | string | `nil` | if an filter (here or global) for dedot is active - for disable set `null` |
 | logging.enabled | bool | `false` | Deploy Flow for logging-operator |
 | logging.globalOutputRefs | list | `["default"]` | Flows globalOutputRefs for use of ClusterOutputs |
 | logging.localOutputRefs | list | `[]` | Flows localOutputRefs for use of Outputs |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
 | replicaCount | int | `1` | replicas |
 | resources | object | `{}` |  |
 | securityContext | object | `{}` |  |
 | service.port | int | `4051` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-matrix/templates/deployment.yaml
+++ b/alertmanager-matrix/templates/deployment.yaml
@ -37,10 +37,8 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- with .Values.image }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          command:
            - "/usr/local/bin/alertmanager_matrix"
            {{- if .Values.bot.showLabels }}
--- a/alertmanager-matrix/values.yaml
+++ b/alertmanager-matrix/values.yaml
@ -1,22 +1,14 @@
-global:
+# Default values for alertmanager-matrix.
-  image:
+# This is a YAML-formatted file.
-    # -- if set it will overwrite all registry entries
+# Declare variables to be passed into your templates.
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:
 # -- replicas
 replicaCount: 1
 image:
-  # -- image registry (could be overwritten by global.image.registry)
+  registry: docker.io
-  registry: registry.gitlab.com
+  repository: silkeh/alertmanager_matrix
  # -- image repository
  repository: wrenix/alertmanager_matrix
  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # -- image tag - Overrides the image tag whose default is the chart appVersion.
+  # Overrides the image tag whose default is the chart appVersion.
  # latest with current:
  #  - amd64      @sha256:2afd6d70f39fdfa98f11758090506f7845aee33cc8d900f9fe39a2574c272063
  #  - 386 /x86   @sha256:beca95e9595de7169ab34406936b585d6676ce03a7fe51815b3a6a4944f9dd6d
@ -87,8 +79,8 @@ bot:
          <br/>
          <b>Labels:</b>
          <code>{{.LabelString}}</code>
-        {{end}}
+         {{end}}
-        <br/>
+         <br/>
      {{- end -}}
 serviceAccount:
--- a/alertmanager-ntfy/Chart.yaml
+++ b/alertmanager-ntfy/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: alertmanager-ntfy
 description: Receiver for alertmanager to forward to ntfy.sh
 type: application
-version: "0.1.6"
+version: 0.1.4
-# renovate: image=codeberg.org/xenrox/ntfy-alertmanager
+# renovate: image=docker.io/xenrox/ntfy-alertmanager
-appVersion: "0.4.0"
+appVersion: "0.3.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/alertmanager-ntfy/README.adoc
+++ b/alertmanager-ntfy/README.adoc
@ -0,0 +1,301 @@
 = alertmanager-ntfy
 image::https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square[Version: 0.1.4]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.3.0-informational?style=flat-square[AppVersion: 0.3.0]
 == Maintainers
 .Maintainers
 |===
 | Name | Email | Url
 | WrenIX
 |
 | <https://wrenix.eu>
 |===
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall alertmanager-ntfy-release
 ----
 == Values
 .Values
 |===
 | Key | Type | Default | Description
 | affinity
 | object
 | `{}`
 |
 | autoscaling.enabled
 | bool
 | `false`
 |
 | autoscaling.maxReplicas
 | int
 | `100`
 |
 | autoscaling.minReplicas
 | int
 | `1`
 |
 | autoscaling.targetCPUUtilizationPercentage
 | int
 | `80`
 |
 | fullnameOverride
 | string
 | `""`
 |
 | image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | image.registry
 | string
 | `"docker.io"`
 |
 | image.repository
 | string
 | `"xenrox/ntfy-alertmanager"`
 |
 | image.tag
 | string
 | `""`
 |
 | imagePullSecrets
 | list
 | `[]`
 |
 | ingress.annotations
 | object
 | `{}`
 |
 | ingress.className
 | string
 | `""`
 |
 | ingress.enabled
 | bool
 | `false`
 |
 | ingress.hosts[0].host
 | string
 | `"chart-example.local"`
 |
 | ingress.hosts[0].paths[0].path
 | string
 | `"/"`
 |
 | ingress.hosts[0].paths[0].pathType
 | string
 | `"ImplementationSpecific"`
 |
 | ingress.tls
 | list
 | `[]`
 |
 | nameOverride
 | string
 | `""`
 |
 | nodeSelector
 | object
 | `{}`
 |
 | ntfyAlertmanager.labels.entries[0].label
 | string
 | `"severity"`
 |
 | ntfyAlertmanager.labels.entries[0].priority
 | int
 | `5`
 |
 | ntfyAlertmanager.labels.entries[0].tags[0]
 | string
 | `"rotating_light"`
 |
 | ntfyAlertmanager.labels.entries[0].value
 | string
 | `"critical"`
 |
 | ntfyAlertmanager.labels.entries[1].label
 | string
 | `"severity"`
 |
 | ntfyAlertmanager.labels.entries[1].priority
 | int
 | `1`
 |
 | ntfyAlertmanager.labels.entries[1].value
 | string
 | `"info"`
 |
 | ntfyAlertmanager.labels.entries[2].label
 | string
 | `"instance"`
 |
 | ntfyAlertmanager.labels.entries[2].tags[0]
 | string
 | `"computer"`
 |
 | ntfyAlertmanager.labels.entries[2].tags[1]
 | string
 | `"example"`
 |
 | ntfyAlertmanager.labels.entries[2].value
 | string
 | `"example.com"`
 |
 | ntfyAlertmanager.labels.order[0]
 | string
 | `"severity"`
 |
 | ntfyAlertmanager.labels.order[1]
 | string
 | `"instance"`
 |
 | ntfyAlertmanager.logLevel
 | string
 | `"info"`
 |
 | ntfyAlertmanager.ntfy.topic
 | string
 | `"https://ntfy.sh/alertmanager-alerts"`
 |
 | ntfyAlertmanager.port
 | int
 | `80`
 |
 | ntfyAlertmanager.resolved.tags[0]
 | string
 | `"resolved"`
 |
 | ntfyAlertmanager.resolved.tags[1]
 | string
 | `"partying_face"`
 |
 | podAnnotations
 | object
 | `{}`
 |
 | podLabels
 | object
 | `{}`
 |
 | podSecurityContext
 | object
 | `{}`
 |
 | replicaCount
 | int
 | `1`
 |
 | resources
 | object
 | `{}`
 |
 | securityContext
 | object
 | `{}`
 |
 | service.port
 | int
 | `80`
 |
 | service.type
 | string
 | `"ClusterIP"`
 |
 | serviceAccount.annotations
 | object
 | `{}`
 |
 | serviceAccount.create
 | bool
 | `true`
 |
 | serviceAccount.name
 | string
 | `""`
 |
 | tolerations
 | list
 | `[]`
 |
 |===
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/alertmanager-ntfy/README.md
+++ b/alertmanager-ntfy/README.md
@ -1,99 +0,0 @@
 ---
 title: "alertmanager-ntfy"
 description: "Receiver for alertmanager to forward to ntfy.sh"
 ---
 # alertmanager-ntfy
 ![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.0](https://img.shields.io/badge/AppVersion-0.4.0-informational?style=flat-square)
 Receiver for alertmanager to forward to ntfy.sh
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy
 ```
 You can install a chart release using the following command:
 ```bash
 helm install alertmanager-ntfy-release oci://codeberg.org/wrenix/helm-charts/alertmanager-ntfy --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall alertmanager-ntfy-release
 ```
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
 | autoscaling.enabled | bool | `false` |  |
 | autoscaling.maxReplicas | int | `100` |  |
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | fullnameOverride | string | `""` |  |
 | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
 | global.image.registry | string | `nil` | if set it will overwrite all registry entries |
 | image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
 | image.repository | string | `"xenrox/ntfy-alertmanager"` | image repository |
 | image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"chart-example.local"` |  |
 | ingress.hosts[0].paths[0].path | string | `"/"` |  |
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | ntfyAlertmanager.labels.entries[0].label | string | `"severity"` |  |
 | ntfyAlertmanager.labels.entries[0].priority | int | `5` |  |
 | ntfyAlertmanager.labels.entries[0].tags[0] | string | `"rotating_light"` |  |
 | ntfyAlertmanager.labels.entries[0].value | string | `"critical"` |  |
 | ntfyAlertmanager.labels.entries[1].label | string | `"severity"` |  |
 | ntfyAlertmanager.labels.entries[1].priority | int | `1` |  |
 | ntfyAlertmanager.labels.entries[1].value | string | `"info"` |  |
 | ntfyAlertmanager.labels.entries[2].label | string | `"instance"` |  |
 | ntfyAlertmanager.labels.entries[2].tags[0] | string | `"computer"` |  |
 | ntfyAlertmanager.labels.entries[2].tags[1] | string | `"example"` |  |
 | ntfyAlertmanager.labels.entries[2].value | string | `"example.com"` |  |
 | ntfyAlertmanager.labels.order[0] | string | `"severity"` |  |
 | ntfyAlertmanager.labels.order[1] | string | `"instance"` |  |
 | ntfyAlertmanager.logLevel | string | `"info"` |  |
 | ntfyAlertmanager.ntfy.topic | string | `"https://ntfy.sh/alertmanager-alerts"` |  |
 | ntfyAlertmanager.port | int | `80` |  |
 | ntfyAlertmanager.resolved.tags[0] | string | `"resolved"` |  |
 | ntfyAlertmanager.resolved.tags[1] | string | `"partying_face"` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
 | replicaCount | int | `1` | replicas |
 | resources | object | `{}` |  |
 | securityContext | object | `{}` |  |
 | service.port | int | `80` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/alertmanager-ntfy/templates/deployment.yaml
+++ b/alertmanager-ntfy/templates/deployment.yaml
@ -35,10 +35,8 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- with .Values.image }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.ntfyAlertmanager.port }}
--- a/alertmanager-ntfy/values.yaml
+++ b/alertmanager-ntfy/values.yaml
@ -1,22 +1,14 @@
-global:
+# Default values for ntfy-alertmanager.
-  image:
+# This is a YAML-formatted file.
-    # -- if set it will overwrite all registry entries
+# Declare variables to be passed into your templates.
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:
 # -- replicas
 replicaCount: 1
 image:
-  # -- image registry (could be overwritten by global.image.registry)
+  registry: docker.io
  registry: codeberg.org
  # -- image repository
  repository: xenrox/ntfy-alertmanager
  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # -- image tag - Overrides the image tag whose default is the chart appVersion.
+  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
 ntfyAlertmanager:
--- a/authentik-application/Chart.yaml
+++ b/authentik-application/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: authentik-application
 description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
 type: application
-version: "0.4.6"
+version: 0.4.1
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/authentik-application/README.adoc
+++ b/authentik-application/README.adoc
@ -0,0 +1,274 @@
 = authentik-application
 image::https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square[Version: 0.4.1]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 == Maintainers
 .Maintainers
 |===
 | Name | Email | Url
 | WrenIX
 |
 | <https://wrenix.eu>
 |===
 ## Pre-Requirement
 Usage of https://github.com/goauthentik/helm/pull/146
 ## or manual:
 Install authentik with this `values.yaml`:
 ```yaml
 serviceAccount:
  create: true
 additionalContainers:
  - name: sidecar-blueprints
    image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
    env:
      - name: "FOLDER"
        value: "/blueprints/sidecar"
      - name: "LABEL"
        value: "goauthentik_blueprint"
      - name: "LABEL_VALUE"
        value: "1"
      # - name: "NAMESPACE"
      #   value: "ALL"
      - name: "RESOURCE"
        value: "both"
      - name: "UNIQUE_FILENAMES"
        value: "true"
    volumeMounts:
      - name: sidecar-blueprints
        mountPath: /blueprints/sidecar
 volumeMounts:
  - name: sidecar-blueprints
    mountPath: /blueprints/sidecar
 volumes:
  - name: sidecar-blueprints
    emptyDir: {}
 ```
 And create an Role and bind them on to the ServiceAccount to read secrets:
 ```yaml
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: authentik-blueprint-sidecar
 rules:
  - apiGroups: [""]
    resources: ["configmaps", "secrets"]
    verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: authentik-blueprint-sidecar
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: authentik-blueprint-sidecar
 subjects:
  - kind: ServiceAccount
    name: authentik
 ```
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall authentik-application-release
 ----
 == Values
 .Values
 |===
 | Key | Type | Default | Description
 | blueprint.application.bindPolicyID
 | string
 | `nil`
 | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled)
 | blueprint.application.description
 | string
 | `""`
 | description of application
 | blueprint.application.group
 | string
 | `""`
 | put this application in authentik in group
 | blueprint.application.icon
 | string
 | `""`
 | icon of application (url)
 | blueprint.application.launchURL
 | string
 | `""`
 |
 | blueprint.application.name
 | string
 | `""`
 | application name in menu
 | blueprint.application.openInNewTab
 | bool
 | `false`
 | open application in new tab
 | blueprint.application.policyEngineMode
 | string
 | `"any"`
 |
 | blueprint.application.publisher
 | string
 | `""`
 | publisher of application
 | blueprint.application.slug
 | string
 | `"app-name"`
 | application slug
 | blueprint.authentik.domain
 | string
 | `"https://auth.wrenix.eu"`
 | domain to authentik, used in generated url (like issuer)
 | blueprint.groups
 | string
 | `nil`
 | authentik groups created / give access to this application  disable any groups by set groups: [] (to a slice) example:   - slug: "app: grafana-admin"     parent: "app: infra"     bindID: uuid
 | blueprint.labels
 | object
 | `{"goauthentik_blueprint":"1"}`
 | label of generated secret with blueprint
 | blueprint.provider.authorizationFlow
 | string
 | `"default-provider-authorization-implicit-consent"`
 |
 | blueprint.provider.enabled
 | bool
 | `true`
 | creat an provider for authentification (otherwise just a like in menu is created)
 | blueprint.provider.name
 | string
 | `""`
 |
 | blueprint.provider.oidc.clientID
 | string
 | `nil`
 | client id - generated if secret enabled
 | blueprint.provider.oidc.clientSecret
 | string
 | `nil`
 | client secret - generated if secret enabled
 | blueprint.provider.oidc.clientType
 | string
 | `"confidential"`
 |
 | blueprint.provider.oidc.redirectURL
 | string
 | `""`
 |
 | blueprint.provider.oidc.scopes
 | string
 | `nil`
 | Scope
 | blueprint.provider.oidc.signingKey
 | string
 | `""`
 | Need for non-curve / RSA
 | blueprint.provider.proxy.cookieDomain
 | string
 | `""`
 |
 | blueprint.provider.proxy.externalHost
 | string
 | `nil`
 |
 | blueprint.provider.proxy.ingress.backend
 | string
 | `"authentik"`
 | service backend to authentik
 | blueprint.provider.proxy.ingress.domain
 | string
 | `nil`
 | domain of application (where outpost should be deployed)
 | blueprint.provider.proxy.ingress.enabled
 | bool
 | `false`
 | deploy ingress on application domain for e.g. logout (WIP)
 | blueprint.provider.proxy.skipPathRegex
 | string
 | `""`
 |
 | blueprint.provider.saml
 | string
 | `nil`
 |
 | blueprint.provider.type
 | string
 | `"oidc"`
 | type of application connection, current support: oidc, saml and proxy
 | secret.labels
 | object
 | `{}`
 | label of secret to store generated secret
 | secret.name
 | string
 | `""`
 | name of secret to store generated secret (like clientI)
 |===
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/authentik-application/README.md
+++ b/authentik-application/README.md
@ -1,146 +0,0 @@
 ---
 title: "authentik-application"
 description: "A Chart to deploy a secret for the authentik blueprint-sidecar."
 ---
 # authentik-application
 ![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 A Chart to deploy a secret for the authentik blueprint-sidecar.
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 ## Pre-Requirement
 Usage of https://github.com/goauthentik/helm/pull/146
 ## or manual:
 Install authentik with this `values.yaml`:
 ```yaml
 serviceAccount:
  create: true
 additionalContainers:
  - name: sidecar-blueprints
    image: "ghcr.io/kiwigrid/k8s-sidecar:1.25.1"
    env:
      - name: "FOLDER"
        value: "/blueprints/sidecar"
      - name: "LABEL"
        value: "goauthentik_blueprint"
      - name: "LABEL_VALUE"
        value: "1"
      # - name: "NAMESPACE"
      #   value: "ALL"
      - name: "RESOURCE"
        value: "both"
      - name: "UNIQUE_FILENAMES"
        value: "true"
    volumeMounts:
      - name: sidecar-blueprints
        mountPath: /blueprints/sidecar
 volumeMounts:
  - name: sidecar-blueprints
    mountPath: /blueprints/sidecar
 volumes:
  - name: sidecar-blueprints
    emptyDir: {}
 ```
 And create an Role and bind them on to the ServiceAccount to read secrets:
 ```yaml
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: authentik-blueprint-sidecar
 rules:
  - apiGroups: [""]
    resources: ["configmaps", "secrets"]
    verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: authentik-blueprint-sidecar
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: authentik-blueprint-sidecar
 subjects:
  - kind: ServiceAccount
    name: authentik
 ```
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/authentik-application
 ```
 You can install a chart release using the following command:
 ```bash
 helm install authentik-application-release oci://codeberg.org/wrenix/helm-charts/authentik-application --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall authentik-application-release
 ```
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | blueprint.application.bindPolicyID | string | `nil` | uuid for bindPolicyID for group - if not set generated on secret for be stable (or groups: [] filled) |
 | blueprint.application.description | string | `""` | description of application |
 | blueprint.application.group | string | `""` | put this application in authentik in group |
 | blueprint.application.icon | string | `""` | icon of application (url) |
 | blueprint.application.launchURL | string | `""` |  |
 | blueprint.application.name | string | `""` | application name in menu |
 | blueprint.application.openInNewTab | bool | `false` | open application in new tab |
 | blueprint.application.policyEngineMode | string | `"any"` |  |
 | blueprint.application.publisher | string | `""` | publisher of application |
 | blueprint.application.slug | string | `"app-name"` | application slug |
 | blueprint.authentik.domain | string | `"https://auth.wrenix.eu"` | domain to authentik, used in generated url (like issuer) |
 | blueprint.groups | string | `nil` | authentik groups created / give access to this application  disable any groups by set groups: [] (to a slice) example:   - slug: "app: grafana-admin"     parent: "app: infra"     bindID: uuid  |
 | blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint |
 | blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` |  |
 | blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) |
 | blueprint.provider.invalidationFlow | string | `"default-provider-invalidation-flow"` |  |
 | blueprint.provider.name | string | `""` |  |
 | blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled |
 | blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled |
 | blueprint.provider.oidc.clientType | string | `"confidential"` |  |
 | blueprint.provider.oidc.redirectURL | string | `""` |  |
 | blueprint.provider.oidc.scopes | string | `nil` | Scope |
 | blueprint.provider.oidc.signingKey | string | `""` | Need for non-curve / RSA |
 | blueprint.provider.proxy.cookieDomain | string | `""` |  |
 | blueprint.provider.proxy.externalHost | string | `nil` |  |
 | blueprint.provider.proxy.ingress.annotations | list | `[]` | annotations to ingress for outpost |
 | blueprint.provider.proxy.ingress.backend | string | `"authentik"` | service backend to authentik |
 | blueprint.provider.proxy.ingress.domain | string | `nil` | domain of application (where outpost should be deployed) |
 | blueprint.provider.proxy.ingress.enabled | bool | `false` | deploy ingress on application domain for e.g. logout (WIP) |
 | blueprint.provider.proxy.ingress.tls | list | `[]` | tls to ingress for outpost |
 | blueprint.provider.proxy.skipPathRegex | string | `""` |  |
 | blueprint.provider.saml | string | `nil` |  |
 | blueprint.provider.type | string | `"oidc"` | type of application connection, current support: oidc, saml and proxy |
 | secret.labels | object | `{}` | label of secret to store generated secret |
 | secret.name | string | `""` | name of secret to store generated secret (like clientI) |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/authentik-application/files/provider/oidc.yaml.gotmpl
+++ b/authentik-application/files/provider/oidc.yaml.gotmpl
@ -22,14 +22,11 @@
  state: present
  attrs:
    authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
    invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]]
    {{- with .Values.blueprint.provider.oidc }}
    client_type: {{ .clientType | quote }}
    client_id: {{ $clientID | quote }}
    client_secret: {{ $clientSecret | quote }}
-    redirect_uris:
+    redirect_uris: {{ .redirectURL }}
      - matching_mode: "strict"
        url: {{ .redirectURL | quote }}
    {{- with .tokenDuration }}
    access_token_validity: {{ . | quote }}
    {{- end }} 
--- a/authentik-application/files/provider/proxy.yaml.gotmpl
+++ b/authentik-application/files/provider/proxy.yaml.gotmpl
@ -6,7 +6,6 @@
  state: present
  attrs:
    authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
    invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]]
    mode: "forward_single"
    {{- with .Values.blueprint.provider.proxy }}
    external_host: {{ .externalHost | quote }}
--- a/authentik-application/templates/ingress.yaml
+++ b/authentik-application/templates/ingress.yaml
@ -6,10 +6,6 @@ metadata:
  name: {{ include "authentik-application.fullname" . }}
  labels:
    {{- include "authentik-application.labels" . | nindent 4 }}
  {{- with .Values.blueprint.provider.proxy.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  rules:
    - host: {{ .Values.blueprint.provider.proxy.ingress.domain | quote }}
@ -22,8 +18,4 @@ spec:
                name: {{ .Values.blueprint.provider.proxy.ingress.backend | quote }}
                port:
                  name: http
-  {{- with .Values.blueprint.provider.proxy.ingress.tls }}
+{{- end }}
  tls:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/authentik-application/values.yaml
+++ b/authentik-application/values.yaml
@ -16,7 +16,6 @@ blueprint:
    enabled: true
    name: ""
    authorizationFlow: "default-provider-authorization-implicit-consent"
    invalidationFlow: "default-provider-invalidation-flow"
    # -- type of application connection, current support: oidc, saml and proxy
    type: "oidc"
    oidc:
@ -45,10 +44,6 @@ blueprint:
        domain:
        # -- service backend to authentik
        backend: authentik
        # -- annotations to ingress for outpost
        annotations: []
        # -- tls to ingress for outpost
        tls: []
  application:
    # -- application name in menu
    name: ""
--- a/autopush/.gitignore
+++ b/autopush/.gitignore
@ -1,2 +0,0 @@
 charts/*.tgz
 values_test.yaml
--- a/autopush/.helmignore
+++ b/autopush/.helmignore
@ -1,22 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/autopush/Chart.lock
+++ b/autopush/Chart.lock
@ -1,6 +0,0 @@
 dependencies:
 - name: redis
  repository: oci://docker.io/bitnamicharts
  version: 20.8.0
 digest: sha256:030743b5498fc7245f4ed04df18386496aa8a33e1cefd992caf3fe839476f2b1
 generated: "2025-02-21T08:29:11.593498546+01:00"
--- a/autopush/Chart.yaml
+++ b/autopush/Chart.yaml
@ -1,17 +0,0 @@
 apiVersion: v2
 name: autopush
 description: A Helm chart for Kubernetes
 icon:
 type: application
 version: "0.0.13"
 # renovate: image=docker.io/mozilla-services/autopush-rs
 appVersion: "1.72.2"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
 dependencies:
  - name: redis
    version: "20.8.0"
    repository: "oci://docker.io/bitnamicharts"
    condition: redis.internal
--- a/autopush/README.md
+++ b/autopush/README.md
@ -1,199 +0,0 @@
 ---
 title: "autopush"
 description: "A Helm chart for Kubernetes"
 ---
 # autopush
 ![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.72.2](https://img.shields.io/badge/AppVersion-1.72.2-informational?style=flat-square)
 A Helm chart for Kubernetes
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 = Beta
 WARNING
 ====
 We let it run in production, but it is not stable / complete.
 TODOs:
  - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813
  - [ ] automatical create CRYPT_KEY (instatt of key)
  - [ ] better ingress / host name support
  - [ ] Improve monitoring with alerts and grafana dashboard
 ====
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/autopush
 ```
 You can install a chart release using the following command:
 ```bash
 helm install autopush-release oci://codeberg.org/wrenix/helm-charts/autopush --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall autopush-release
 ```
 ## Requirements
 | Repository | Name | Version |
 |------------|------|---------|
 | oci://docker.io/bitnamicharts | redis | 20.8.0 |
 ## Values
 ### Autoconnect
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | autoconnect.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | autoconnect.image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
 | autoconnect.image.repository | string | `"wrenix/autopush/autoconnect"` | image repository |
 | autoconnect.image.tag | string | `"latest"` | image tag - Overrides the image tag whose default is the chart appVersion. |
 | autoconnect.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | autoconnect.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | autoconnect.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
 | autoconnect.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | autoconnect.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
 | autoconnect.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
 | autoconnect.securityContext | object | `{}` | securityContext capabilities:   drop:   - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 |
 | autoconnect.service.ports.http | int | `80` | port of http service |
 | autoconnect.service.ports.router | int | `8081` | port of internal router service |
 | autoconnect.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
 | autoconnect.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
 ### Autoendpoint
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | autoendpoint.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | autoendpoint.image.registry | string | `"codeberg.org"` | image registry (could be overwritten by global.image.registry) |
 | autoendpoint.image.repository | string | `"wrenix/autopush/autoendpoint"` | image repository |
 | autoendpoint.image.tag | string | `"latest"` | image tag - Overrides the image tag whose default is the chart appVersion. |
 | autoendpoint.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | autoendpoint.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | autoendpoint.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
 | autoendpoint.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | autoendpoint.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
 | autoendpoint.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
 | autoendpoint.service.port | int | `80` | This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports |
 | autoendpoint.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
 | autoendpoint.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
 ### UnifiedPush
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | unifiedPush.enabled | bool | `false` | enable/deploy common-proxy for unifiedpush |
 | unifiedPush.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | unifiedPush.image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
 | unifiedPush.image.repository | string | `"unifiedpush/common-proxies"` | image repository |
 | unifiedPush.image.tag | string | `"v2.2.0"` | image tag |
 | unifiedPush.livenessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the liveness more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | unifiedPush.podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | unifiedPush.podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
 | unifiedPush.readinessProbe | object | `{"httpGet":{"path":"/health","port":"http"}}` | This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | unifiedPush.replicaCount | int | `1` | This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ |
 | unifiedPush.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
 | unifiedPush.service.port | int | `80` | This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports |
 | unifiedPush.service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
 | unifiedPush.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
 ### Other Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | autoconnect.affinity | object | `{}` |  |
 | autoconnect.nodeSelector | object | `{}` |  |
 | autoconnect.podSecurityContext | object | `{}` |  |
 | autoconnect.tolerations | list | `[]` |  |
 | autoendpoint.affinity | object | `{}` |  |
 | autoendpoint.nodeSelector | object | `{}` |  |
 | autoendpoint.podSecurityContext | object | `{}` |  |
 | autoendpoint.securityContext | object | `{}` |  |
 | autoendpoint.tolerations | list | `[]` |  |
 | config.cryptoKey | string | `""` | run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py |
 | config.logs.backtrace | bool | `false` | enable backtrace of autopush |
 | config.logs.level | string | `"warn"` | set log level of autopush |
 | fullnameOverride | string | `""` |  |
 | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
 | global.image.registry | string | `nil` | if set it will overwrite all registry entries |
 | grafana.dashboards.annotations | object | `{}` |  |
 | grafana.dashboards.enabled | bool | `false` |  |
 | grafana.dashboards.labels.grafana_dashboard | string | `"1"` |  |
 | imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.host | string | `"chart-example.local"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` | This is to override the chart name. |
 | prometheus.enabled | bool | `true` | start statsd sidecar and configure |
 | prometheus.image.pullPolicy | string | `"IfNotPresent"` |  |
 | prometheus.image.registry | string | `"docker.io"` |  |
 | prometheus.image.repository | string | `"prom/statsd-exporter"` |  |
 | prometheus.image.tag | string | `"v0.28.0"` |  |
 | prometheus.livenessProbe | object | `{"httpGet":{"path":"/","port":"metrics"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
 | prometheus.readinessProbe.httpGet.path | string | `"/"` |  |
 | prometheus.readinessProbe.httpGet.port | string | `"metrics"` |  |
 | prometheus.resources | object | `{}` | We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
 | prometheus.rules.additionalRules | list | `[]` |  |
 | prometheus.rules.default.alertLabels | object | `{}` |  |
 | prometheus.rules.default.enabled | bool | `true` |  |
 | prometheus.rules.enabled | bool | `false` |  |
 | prometheus.rules.labels | object | `{}` |  |
 | prometheus.securityContext | object | `{}` | securityContext capabilities:   drop:   - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 |
 | prometheus.servicemonitor.enabled | bool | `false` |  |
 | prometheus.servicemonitor.labels | object | `{}` |  |
 | prometheus.volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. - name: foo   mountPath: "/etc/foo"   readOnly: true |
 | redis.architecture | string | `"standalone"` |  |
 | redis.auth.enabled | bool | `true` |  |
 | redis.auth.existingSecret | string | `""` | name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time |
 | redis.auth.existingSecretPasswordKey | string | `""` | Password key to be retrieved from existing secret |
 | redis.auth.password | string | `"autopush"` | XXX Change me! |
 | redis.dbid | int | `0` | Database ID for non-default database |
 | redis.external.existingSecretPasswordKey | string | `"redis-password"` | Password key to be retrieved from existing secret |
 | redis.external.host | string | `"redis"` |  |
 | redis.external.port | int | `6379` |  |
 | redis.global.storageClass | string | `""` |  |
 | redis.internal | bool | `true` |  |
 | redis.master.persistence.enabled | bool | `true` |  |
 | redis.master.service.port | int | `6379` |  |
 | redis.replica.persistence.enabled | bool | `true` |  |
 | unifiedPush.affinity | object | `{}` |  |
 | unifiedPush.config.gateway.allowedHosts | list | `[]` |  |
 | unifiedPush.config.gateway.generic.enable | bool | `true` |  |
 | unifiedPush.config.gateway.matrix.enable | bool | `true` |  |
 | unifiedPush.config.uaid | string | `""` |  |
 | unifiedPush.config.verbose | bool | `false` |  |
 | unifiedPush.nodeSelector | object | `{}` |  |
 | unifiedPush.podSecurityContext | object | `{}` |  |
 | unifiedPush.securityContext | object | `{}` |  |
 | unifiedPush.tolerations | list | `[]` |  |
 | volumes | list | `[]` | Additional volumes on the output Deployment definition. - name: foo   secret:     secretName: mysecret     optional: false |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/autopush/_docs.gotmpl
+++ b/autopush/_docs.gotmpl
@ -1,15 +0,0 @@
 {{ define "chart.prerequirements" -}}
 = Beta
 WARNING
 ====
 We let it run in production, but it is not stable / complete.
 TODOs:
  - [ ] official container with redis backend, see: https://github.com/mozilla-services/autopush-rs/pull/813
  - [ ] automatical create CRYPT_KEY (instatt of key)
  - [ ] better ingress / host name support
  - [ ] Improve monitoring with alerts and grafana dashboard
 ====
 {{ end }}
--- a/autopush/ci/ct-empty-values.yaml
+++ b/autopush/ci/ct-empty-values.yaml
--- a/autopush/ci/ct-monitor-values.yaml
+++ b/autopush/ci/ct-monitor-values.yaml
@ -1,6 +0,0 @@
 prometheus:
  enabled: true
  servicemonitor:
    enabled: true
    labels:
      prometheus: default
--- a/autopush/container/Containerfile
+++ b/autopush/container/Containerfile
@ -1,15 +0,0 @@
 FROM python:3.13-slim
 # Set the working directory
 WORKDIR /app
 # Copy the requirements file
 COPY requirements.txt .
 # Install any needed packages
 RUN pip install -r requirements.txt
 # Copy the application code into the container
 COPY setup.py setup.py
 CMD ["python", "setup.py"]
--- a/autopush/container/requirements.txt
+++ b/autopush/container/requirements.txt
@ -1 +0,0 @@
 cryptography
--- a/autopush/container/setup.py
+++ b/autopush/container/setup.py
@ -1,5 +0,0 @@
 #!/bin/env python3
 from cryptography.fernet import Fernet
 if __name__ == '__main__':
    print(Fernet.generate_key().decode("UTF-8"))
--- a/autopush/grafana_dashboards/overview.json
+++ b/autopush/grafana_dashboards/overview.json
@ -1,355 +0,0 @@
 {
  "annotations": {
    "list": [
      {
        "builtIn": 1,
        "datasource": {
          "type": "grafana",
          "uid": "-- Grafana --"
        },
        "enable": true,
        "hide": true,
        "iconColor": "rgba(0, 211, 255, 1)",
        "name": "Annotations & Alerts",
        "type": "dashboard"
      }
    ]
  },
  "editable": true,
  "fiscalYearStartMonth": 0,
  "graphTooltip": 0,
  "links": [],
  "panels": [
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 0
      },
      "id": 4,
      "panels": [],
      "title": "Push",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "${DS_PROMETHEUS}"
      },
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            }
          },
          "mappings": []
        },
        "overrides": []
      },
      "gridPos": {
        "h": 8,
        "w": 9,
        "x": 0,
        "y": 1
      },
      "id": 1,
      "options": {
        "legend": {
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true,
          "values": [
            "percent"
          ]
        },
        "pieType": "pie",
        "reduceOptions": {
          "calcs": [
            "lastNotNull"
          ],
          "fields": "",
          "values": false
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "pluginVersion": "11.4.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${DS_PROMETHEUS}"
          },
          "editorMode": "code",
          "expr": "sum(increase(autopush_notification_message_retrieved{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
          "legendFormat": "Retrieved: {{namespace}}",
          "range": true,
          "refId": "A"
        },
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${DS_PROMETHEUS}"
          },
          "editorMode": "code",
          "expr": "sum(increase(autopush_notification_message_deleted{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
          "hide": false,
          "instant": false,
          "legendFormat": "Deleted: {{namespace}}",
          "range": true,
          "refId": "B"
        }
      ],
      "title": "Notification Message",
      "transparent": true,
      "type": "piechart"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "${DS_PROMETHEUS}"
      },
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            }
          },
          "mappings": []
        },
        "overrides": []
      },
      "gridPos": {
        "h": 8,
        "w": 8,
        "x": 10,
        "y": 1
      },
      "id": 2,
      "options": {
        "legend": {
          "displayMode": "list",
          "placement": "right",
          "showLegend": true,
          "values": [
            "percent"
          ]
        },
        "pieType": "pie",
        "reduceOptions": {
          "calcs": [
            "lastNotNull"
          ],
          "fields": "",
          "values": false
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "pluginVersion": "11.4.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${DS_PROMETHEUS}"
          },
          "editorMode": "code",
          "expr": "sum(increase(autopush_ua_notification_sent{namespace=~\"$namespace\"}[$__range])) without (container,endpoint,instance,pod,job,service)",
          "hide": false,
          "instant": false,
          "legendFormat": "OS: {{namespace}}/{{os}}",
          "range": true,
          "refId": "A"
        }
      ],
      "title": "UA Notify Send",
      "transparent": true,
      "type": "piechart"
    },
    {
      "collapsed": false,
      "gridPos": {
        "h": 1,
        "w": 24,
        "x": 0,
        "y": 9
      },
      "id": 5,
      "panels": [],
      "title": "Endpoint",
      "type": "row"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "${DS_PROMETHEUS}"
      },
      "fieldConfig": {
        "defaults": {
          "color": {
            "mode": "palette-classic"
          },
          "custom": {
            "axisBorderShow": false,
            "axisCenteredZero": false,
            "axisColorMode": "text",
            "axisLabel": "",
            "axisPlacement": "auto",
            "barAlignment": 0,
            "barWidthFactor": 0.6,
            "drawStyle": "line",
            "fillOpacity": 0,
            "gradientMode": "none",
            "hideFrom": {
              "legend": false,
              "tooltip": false,
              "viz": false
            },
            "insertNulls": false,
            "lineInterpolation": "linear",
            "lineWidth": 1,
            "pointSize": 5,
            "scaleDistribution": {
              "type": "linear"
            },
            "showPoints": "auto",
            "spanNulls": false,
            "stacking": {
              "group": "A",
              "mode": "none"
            },
            "thresholdsStyle": {
              "mode": "off"
            }
          },
          "mappings": [],
          "thresholds": {
            "mode": "absolute",
            "steps": [
              {
                "color": "green",
                "value": null
              },
              {
                "color": "red",
                "value": 80
              }
            ]
          }
        },
        "overrides": []
      },
      "gridPos": {
        "h": 8,
        "w": 12,
        "x": 0,
        "y": 10
      },
      "id": 3,
      "options": {
        "legend": {
          "calcs": [],
          "displayMode": "list",
          "placement": "bottom",
          "showLegend": true
        },
        "tooltip": {
          "mode": "single",
          "sort": "none"
        }
      },
      "pluginVersion": "11.4.0",
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${DS_PROMETHEUS}"
          },
          "editorMode": "code",
          "expr": "sum(increase(autoendpoint_api_error_no_subscription{namespace=~\"$namespace\"}[$__range])) without(container,endpoint,instance,pod,service,job)",
          "legendFormat": "__auto",
          "range": true,
          "refId": "A"
        }
      ],
      "title": "No Subscription API Error",
      "transparent": true,
      "type": "timeseries"
    }
  ],
  "preload": false,
  "refresh": "",
  "schemaVersion": 40,
  "tags": [],
  "templating": {
    "list": [
      {
        "current": {
          "text": "Prometheus",
          "value": "prometheus"
        },
        "label": "datasource",
        "name": "DS_PROMETHEUS",
        "options": [],
        "query": "prometheus",
        "refresh": 1,
        "regex": "",
        "type": "datasource"
      },
      {
        "current": {
          "text": [
            "chaos-autopush"
          ],
          "value": [
            "chaos-autopush"
          ]
        },
        "datasource": {
          "type": "prometheus",
          "uid": "${DS_PROMETHEUS}"
        },
        "definition": "label_values(statsd_exporter_build_info,namespace)",
        "includeAll": true,
        "multi": true,
        "name": "namespace",
        "options": [],
        "query": {
          "qryType": 1,
          "query": "label_values(statsd_exporter_build_info,namespace)",
          "refId": "PrometheusVariableQueryEditor-VariableQuery"
        },
        "refresh": 1,
        "regex": "",
        "type": "query"
      }
    ]
  },
  "time": {
    "from": "now-24h",
    "to": "now"
  },
  "timepicker": {},
  "timezone": "browser",
  "title": "Autopush: Overview",
  "version": 0,
  "weekStart": ""
 }
--- a/autopush/templates/_helpers.tpl
+++ b/autopush/templates/_helpers.tpl
@ -1,93 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "autopush.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "autopush.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "autopush.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "autopush.labels" -}}
 helm.sh/chart: {{ include "autopush.chart" . }}
 {{ include "autopush.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "autopush.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "autopush.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "autopush.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "autopush.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
 {{/*
 Prometheus-sidecar
 */}}
 {{- define "autopush.containerPrometheus" -}}
 {{- with .Values.prometheus }}
 {{- if .enabled }}
 - name: statsd-exporter
  securityContext:
    {{- toYaml .securityContext | nindent 4 }}
  {{- with .image }}
  image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
  imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
  {{- end }}
  ports:
    - name: metrics
      containerPort: 9102
      protocol: TCP
  livenessProbe:
    {{- toYaml .livenessProbe | nindent 4 }}
  readinessProbe:
    {{- toYaml .readinessProbe | nindent 4 }}
  resources:
    {{- toYaml .resources | nindent 4 }}
  {{- with .volumeMounts }}
  volumeMounts:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/autopush/templates/autoconnect/deployment.yaml
+++ b/autopush/templates/autoconnect/deployment.yaml
@ -1,91 +0,0 @@
 {{- with .Values.autoconnect }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "autopush.fullname" $ }}-autoconnect
  labels:
    {{- include "autopush.labels" $ | nindent 4 }}
 spec:
  replicas: {{ .replicaCount }}
  selector:
    matchLabels:
      {{- include "autopush.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: autoconnect
  template:
    metadata:
      {{- with .podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "autopush.labels" $ | nindent 8 }}
        app.kubernetes.io/component: autoconnect
        {{- with .podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
      securityContext:
        {{- toYaml .podSecurityContext | nindent 8 }}
      containers:
        - name: autoconnect
          securityContext:
            {{- toYaml .securityContext | nindent 12 }}
          {{- with .image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          envFrom:
            - secretRef:
                name: {{ include "autopush.fullname" $ }}-env
          env:
            - name: "AUTOCONNECT__DB_DSN"
              {{- if $.Values.redis.auth.enabled }}
              value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)"
              {{- else }}
              value: "redis://$(REDIS_HOST)"
              {{- end }}
            - name: "AUTOCONNECT__CRYPTO_KEY"
              valueFrom:
                secretKeyRef:
                  name: {{ include "autopush.fullname" $ }}-env
                  key: "CRYPTO_KEY"
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
            - name: router
              containerPort: {{ .service.ports.router }}
              protocol: TCP
          livenessProbe:
            {{- toYaml .livenessProbe | nindent 12 }}
          readinessProbe:
            {{- toYaml .readinessProbe | nindent 12 }}
          resources:
            {{- toYaml .resources | nindent 12 }}
          {{- with .volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
        {{- include "autopush.containerPrometheus" $ | nindent 8 }}
      {{- with .volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
 {{- end }}
--- a/autopush/templates/autoconnect/service.yaml
+++ b/autopush/templates/autoconnect/service.yaml
@ -1,27 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "autopush.fullname" . }}-autoconnect
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
    app.kubernetes.io/metrics: "true"
 spec:
  type: {{ .Values.autoconnect.service.type }}
  selector:
    {{- include "autopush.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: autoconnect
  ports:
    - port: {{ .Values.autoconnect.service.ports.http }}
      targetPort: http
      protocol: TCP
      name: http
    - port: {{ .Values.autoconnect.service.ports.router }}
      targetPort: router
      protocol: TCP
      name: router
    {{- if .Values.prometheus.enabled }}
    - port: 9100
      targetPort: metrics
      protocol: TCP
      name: metrics
    {{- end }}
--- a/autopush/templates/autoendpoint/deployment.yaml
+++ b/autopush/templates/autoendpoint/deployment.yaml
@ -1,88 +0,0 @@
 {{- with .Values.autoendpoint }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "autopush.fullname" $ }}-autoendpoint
  labels:
    {{- include "autopush.labels" $ | nindent 4 }}
 spec:
  replicas: {{ .replicaCount }}
  selector:
    matchLabels:
      {{- include "autopush.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: autoendpoint
  template:
    metadata:
      {{- with .podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "autopush.labels" $ | nindent 8 }}
        app.kubernetes.io/component: autoendpoint
        {{- with .podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
      securityContext:
        {{- toYaml .podSecurityContext | nindent 8 }}
      containers:
        - name: autoendpoint
          securityContext:
            {{- toYaml .securityContext | nindent 12 }}
          {{- with .image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          envFrom:
            - secretRef:
                name: {{ include "autopush.fullname" $ }}-env
          env:
            - name: "AUTOEND__DB_DSN"
              {{- if $.Values.redis.auth.enabled }}
              value: "redis://:$(REDIS_HOST_PASSWORD)@$(REDIS_HOST)"
              {{- else }}
              value: "redis://$(REDIS_HOST)"
              {{- end }}
            - name: "AUTOEND__CRYPTO_KEYS"
              valueFrom:
                secretKeyRef:
                  name: {{ include "autopush.fullname" $ }}-env
                  key: "CRYPTO_KEY"
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          livenessProbe:
            {{- toYaml .livenessProbe | nindent 12 }}
          readinessProbe:
            {{- toYaml .readinessProbe | nindent 12 }}
          resources:
            {{- toYaml .resources | nindent 12 }}
          {{- with .volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
        {{- include "autopush.containerPrometheus" $ | nindent 8 }}
      {{- with .volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
 {{- end }}
--- a/autopush/templates/autoendpoint/service.yaml
+++ b/autopush/templates/autoendpoint/service.yaml
@ -1,23 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "autopush.fullname" . }}-autoendpoint
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
    app.kubernetes.io/metrics: "true"
 spec:
  type: {{ .Values.autoendpoint.service.type }}
  selector:
    {{- include "autopush.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: autoendpoint
  ports:
    - port: {{ .Values.autoendpoint.service.port }}
      targetPort: http
      protocol: TCP
      name: http
    {{- if .Values.prometheus.enabled }}
    - port: 9100
      targetPort: metrics
      protocol: TCP
      name: metrics
    {{- end }}
--- a/autopush/templates/configmap_grafana_dashboards.yaml
+++ b/autopush/templates/configmap_grafana_dashboards.yaml
@ -1,14 +0,0 @@
 {{- if .Values.grafana.dashboards.enabled }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "autopush.fullname" . }}-grafana-dashboards
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
    {{- toYaml .Values.grafana.dashboards.labels | nindent 4 }}
  annotations:
    {{- toYaml .Values.grafana.dashboards.annotations | nindent 4 }}
 data:
  {{- (.Files.Glob "grafana_dashboards/*.json" ).AsConfig | nindent 2 }}
 {{- end }}
--- a/autopush/templates/ingress.yaml
+++ b/autopush/templates/ingress.yaml
@ -1,63 +0,0 @@
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "autopush.fullname" . }}
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- with .Values.ingress.tls }}
  tls:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    - host: {{ .Values.ingress.host | quote }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "autopush.fullname" $ }}-autoconnect
                port:
                  name: http
    - host: {{ printf "updates.%s" .Values.ingress.host | quote }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ include "autopush.fullname" $ }}-autoendpoint
                port:
                  name: http
          {{- with .Values.unifiedPush }}
          {{- if .enabled }}
          {{- if .config.gateway.generic.enable }}
          - path: /generic/
            pathType: Prefix
            backend:
              service:
                name: {{ include "autopush.fullname" $ }}-unifiedpush
                port:
                  name: http
          {{- end }}
          {{- if .config.gateway.matrix.enable }}
          - path: /_matrix/push/v1/notify
            pathType: Prefix
            backend:
              service:
                name: {{ include "autopush.fullname" $ }}-unifiedpush
                port:
                  name: http
          {{- end }}
          {{- end }}
          {{- end }}
 {{- end }}
--- a/autopush/templates/prometheus-rules.yaml
+++ b/autopush/templates/prometheus-rules.yaml
@ -1,38 +0,0 @@
 {{- if and .Values.prometheus.rules.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: {{ include "autopush.fullname" . }}
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
    {{- with .Values.prometheus.rules.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  groups:
    {{- if .Values.prometheus.rules.default.enabled }}
    - name: {{ template "autopush.fullname" . }}-Endpoint
      rules:
        - alert: "autopush: No Subscription API Error"
          expr: 'sum(increase(autoendpoint_api_error_no_subscription{}[1h])) without (container,endpoint,pod,instance) > 0'
          for: 5m
          labels:
            severity: critical
            {{- with .Values.prometheus.rules.default.alertLabels }}
            {{- toYaml . | nindent 12 }}
            {{- end }}
          annotations:
            {{`
            summary: "autoendpoint: No Subscription API Error in {{ $labels.namespace }}/{{ $labels.job }} increate in the last hour"
            `}}
    {{/*
    - name: {{ template "autopush.fullname" . }}-Push
      rules:
    */}}
    {{- end }}
    {{- with .Values.prometheus.rules.additionalRules }}
    - name: {{ template "autopush.fullname" $ }}-Additional
      rules:
        {{- toYaml . | nindent 8 }}
    {{- end }}
 {{- end }}
--- a/autopush/templates/secret.yaml
+++ b/autopush/templates/secret.yaml
@ -1,51 +0,0 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "autopush.fullname" . }}-env
  annotations:
    "helm.sh/hook": "pre-install,pre-upgrade"
 type: Opaque
 data:
  {{/* GLOBAL */}}
  RUST_BACKTRACE: {{ ternary "1" "0" .Values.config.logs.backtrace | b64enc }}
  RUST_LOG: {{ .Values.config.logs.level | b64enc }}
  {{- with .Values.redis }}
  {{- if .auth.enabled }}
  {{- with .auth.password }}
  REDIS_HOST_PASSWORD: {{ . | b64enc }}
  {{- end }}
  {{- end }}
  {{- if .internal }}
  REDIS_HOST: {{ printf "%s-redis-master:%.0f/%.0f" (include "autopush.fullname" $) .master.service.port .dbid | b64enc }}
  {{- else }}
  REDIS_HOST: {{ printf "%s:%s/$.0f" .external.host .external.port .dbid | b64enc }}
  {{- end }}
  {{- end }}
  CRYPTO_KEY: {{ printf "[%s]" .Values.config.cryptoKey | b64enc }}
  {{/* autoconnect */}}
  {{- if .Values.ingress.tls }}
  AUTOCONNECT__ENDPOINT_SCHEME: {{ "https" | b64enc }}
  AUTOCONNECT__ENDPOINT_PORT: {{ "443" | b64enc }}
  {{- else }}
  AUTOCONNECT__ENDPOINT_SCHEME: {{ "http" | b64enc }}
  AUTOCONNECT__ENDPOINT_PORT: {{ "80" | b64enc }}
  {{- end }}
  AUTOCONNECT__ENDPOINT_HOSTNAME: {{ printf "updates.%s" .Values.ingress.host | b64enc }}
  AUTOCONNECT__ROUTER_HOSTNAME: {{ printf "%s-autoconnect" (include "autopush.fullname" .) | b64enc }}
  AUTOCONNECT__ROUTER_PORT: {{ toYaml .Values.autoconnect.service.ports.router | b64enc }}
  {{- if .Values.prometheus.enabled }}
  AUTOCONNECT__STATSD_HOST: {{ "127.0.0.1" | b64enc}}
  AUTOCONNECT__STATSD_PORT: {{ "9125" | b64enc }}
  {{- end }}
  {{/* autoendpoint */}}
  AUTOEND__HOST: {{ "::" | b64enc }}
  {{- if .Values.ingress.tls }}
  AUTOEND__ENDPOINT_URL: {{ printf "https://updates.%s" .Values.ingress.host | b64enc }}
  {{- else }}
  AUTOEND__ENDPOINT_URL: {{ printf "http://updates.%s" .Values.ingress.host | b64enc }}
  {{- end }}
  {{- if .Values.prometheus.enabled }}
  AUTOEND__STATSD_HOST: {{ "127.0.0.1" | b64enc }}
  AUTOEND__STATSD_PORT: {{ "9125" | b64enc }}
  {{- end }}
--- a/autopush/templates/serviceaccount.yaml
+++ b/autopush/templates/serviceaccount.yaml
@ -1,13 +0,0 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "autopush.serviceAccountName" . }}
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
--- a/autopush/templates/servicemonitor.yaml
+++ b/autopush/templates/servicemonitor.yaml
@ -1,18 +0,0 @@
 {{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: {{ include "autopush.fullname" . }}
  labels:
    {{- include "autopush.labels" . | nindent 4 }}
    {{- with .Values.prometheus.servicemonitor.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
  selector:
    matchLabels:
      {{- include "autopush.selectorLabels" . | nindent 6 }}
      app.kubernetes.io/metrics: "true"
  endpoints:
    - port: metrics
 {{- end }}
--- a/autopush/templates/unifiedpush/deployment.yaml
+++ b/autopush/templates/unifiedpush/deployment.yaml
@ -1,97 +0,0 @@
 {{- with .Values.unifiedPush }}
 {{- if .enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "autopush.fullname" $ }}-unifiedpush
  labels:
    {{- include "autopush.labels" $ | nindent 4 }}
 spec:
  replicas: {{ .replicaCount }}
  selector:
    matchLabels:
      {{- include "autopush.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: unifiedpush
  template:
    metadata:
      {{- with .podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "autopush.labels" $ | nindent 8 }}
        app.kubernetes.io/component: unifiedpush
        {{- with .podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "autopush.serviceAccountName" $ }}
      securityContext:
        {{- toYaml .podSecurityContext | nindent 8 }}
      containers:
        - name: common-proxies
          securityContext:
            {{- toYaml .securityContext | nindent 12 }}
          {{- with .image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          env:
            - name: "UP_LISTEN"
              value: ":8080"
            {{- if .config.verbose }}
            - name: "UP_VERBOSE"
              value: "true"
            {{- end }}
            {{- with .config.uaid }}
            - name: "UP_UAID"
              value: {{ . | quote }}
            {{- end }}
            {{- if .config.gateway.generic.enable }}
            - name: "UP_GATEWAY_GENERIC_ENABLE"
              value: "true"
            {{- end }}
            {{- if .config.gateway.matrix.enable }}
            - name: "UP_GATEWAY_MATRIX_ENABLE"
              value: "true"
            {{- end }}
            {{- with .config.gateway.allowedHosts }}
            - name: "UP_GATEWAY_ALLOWEDHOSTS"
              value: {{ join "," . | quote }}
            {{- end }}
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            {{- toYaml .livenessProbe | nindent 12 }}
          readinessProbe:
            {{- toYaml .readinessProbe | nindent 12 }}
          resources:
            {{- toYaml .resources | nindent 12 }}
          {{- with .volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- with .volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
 {{- end }}
 {{- end }}
--- a/autopush/templates/unifiedpush/service.yaml
+++ b/autopush/templates/unifiedpush/service.yaml
@ -1,19 +0,0 @@
 {{- if .Values.unifiedPush.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "autopush.fullname" . }}-unifiedpush
  labels:
    app.kubernetes.io/metrics: "true"
    {{- include "autopush.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.unifiedPush.service.type }}
  selector:
    {{- include "autopush.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: unifiedpush
  ports:
    - port: {{ .Values.unifiedPush.service.port }}
      targetPort: http
      protocol: TCP
      name: http
 {{- end }}
--- a/autopush/values.yaml
+++ b/autopush/values.yaml
@ -1,440 +0,0 @@
 global:
  image:
    # -- if set it will overwrite all registry entries
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:
 # -- This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # -- This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""
 config:
  logs:
    # -- set log level of autopush
    level: warn
    # -- enable backtrace of autopush
    backtrace: false
  # -- run https://github.com/mozilla-services/autopush-rs/blob/master/scripts/fernet_key.py
  cryptoKey: ""
 prometheus:
  # -- start statsd sidecar and configure
  enabled: true
  servicemonitor:
    enabled: false
    labels: {}
  rules:
    enabled: false
    labels: {}
    default:
      enabled: true
      alertLabels: {}
    additionalRules: []
  image:
    registry: docker.io
    repository: prom/statsd-exporter
    pullPolicy: IfNotPresent
    tag: v0.28.0
  # -- securityContext
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
  securityContext: {}
  # -- We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
  resources: {}
  # -- This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  livenessProbe:
    httpGet:
      path: /
      port: metrics
  readinessProbe:
    httpGet:
      path: /
      port: metrics
  # -- Additional volumeMounts on the output Deployment definition.
  # - name: foo
  #   mountPath: "/etc/foo"
  #   readOnly: true
  volumeMounts: []
 grafana:
  dashboards:
    enabled: false
    labels:
      grafana_dashboard: "1"
    annotations: {}
 ## This configuration is for the internal Redis that's deployed for use with
 ## workers/sharding, for an external Redis server you want to set enabled to
 ## false and configure the externalRedis block.
 ##
 redis:
  internal: true
  # -- Database ID for non-default database
  dbid: 0
  auth:
    enabled: true
    # -- XXX Change me!
    password: autopush
    # -- name of an existing secret with Redis credentials (instead of auth.password), must be created ahead of time
    existingSecret: ""
    # -- Password key to be retrieved from existing secret
    existingSecretPasswordKey: ""
  external:
    host: redis
    port: 6379
    # -- Password key to be retrieved from existing secret
    existingSecretPasswordKey: redis-password
  architecture: standalone
  global:
    storageClass: ""
  master:
    persistence:
      enabled: true
    service:
      port: 6379
  replica:
    persistence:
      enabled: true
 autoconnect:
  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
  # @section -- Autoconnect
  replicaCount: 1
  image:
    # -- image registry (could be overwritten by global.image.registry)
    # @section -- Autoconnect
    registry: codeberg.org
    # -- image repository
    # @section -- Autoconnect
    repository: wrenix/autopush/autoconnect
    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
    # @section -- Autoconnect
    pullPolicy: IfNotPresent
    # -- image tag - Overrides the image tag whose default is the chart appVersion.
    # @section -- Autoconnect
    tag: latest
  # -- This is for setting Kubernetes Annotations to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  # @section -- Autoconnect
  podAnnotations: {}
  # -- This is for setting Kubernetes Labels to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  # @section -- Autoconnect
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
    # fsGroup: 2000
  # -- securityContext
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
  # @section -- Autoconnect
  securityContext: {}
  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
  service:
    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
    # @section -- Autoconnect
    type: ClusterIP
    # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
    ports:
      # -- port of http service
      # @section -- Autoconnect
      http: 80
      # -- port of internal router service
        # @section -- Autoconnect
      router: 8081
  # -- We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
  # @section -- Autoconnect
  resources: {}
  # -- This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- Autoconnect
  livenessProbe:
    httpGet:
      path: /health
      port: http
  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- Autoconnect
  readinessProbe:
    httpGet:
      path: /health
      port: http
  # -- Additional volumeMounts on the output Deployment definition.
  # - name: foo
  #   mountPath: "/etc/foo"
  #   readOnly: true
  # @section -- Autoconnect
  volumeMounts: []
 autoendpoint:
  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
  # @section -- Autoendpoint
  replicaCount: 1
  image:
    # -- image registry (could be overwritten by global.image.registry)
    # @section -- Autoendpoint
    registry: codeberg.org
    # -- image repository
    # @section -- Autoendpoint
    repository: wrenix/autopush/autoendpoint
    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
    # @section -- Autoendpoint
    pullPolicy: IfNotPresent
    # -- image tag - Overrides the image tag whose default is the chart appVersion.
    # @section -- Autoendpoint
    tag: latest
  # -- This is for setting Kubernetes Annotations to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  # @section -- Autoendpoint
  podAnnotations: {}
  # -- This is for setting Kubernetes Labels to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  # @section -- Autoendpoint
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
    # fsGroup: 2000
  securityContext: {}
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000
  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
  service:
    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
    # @section -- Autoendpoint
    type: ClusterIP
    # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
    # @section -- Autoendpoint
    port: 80
  # -- We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
  # @section -- Autoendpoint
  resources: {}
  # -- This is to setup the liveness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- Autoendpoint
  livenessProbe:
    httpGet:
      path: /health
      port: http
  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- Autoendpoint
  readinessProbe:
    httpGet:
      path: /health
      port: http
  # -- Additional volumeMounts on the output Deployment definition.
  # - name: foo
  #   mountPath: "/etc/foo"
  #   readOnly: true
  # @section -- Autoendpoint
  volumeMounts: []
 unifiedPush:
  # -- enable/deploy common-proxy for unifiedpush
  # @section -- UnifiedPush
  enabled: false
  # -- This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
  # @section -- UnifiedPush
  replicaCount: 1
  image:
    # -- image registry (could be overwritten by global.image.registry)
    # @section -- UnifiedPush
    registry: docker.io
    # -- image repository
    # @section -- UnifiedPush
    repository: unifiedpush/common-proxies
    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
    # @section -- UnifiedPush
    pullPolicy: IfNotPresent
    # -- image tag
    # @section -- UnifiedPush
    tag: "v2.2.0"
  config:
    verbose: false
    uaid: ""
    gateway:
      generic:
        enable: true
      matrix:
        enable: true
      allowedHosts: []
  # -- This is for setting Kubernetes Annotations to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
  # @section -- UnifiedPush
  podAnnotations: {}
  # -- This is for setting Kubernetes Labels to a Pod.
  # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  # @section -- UnifiedPush
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
    # fsGroup: 2000
  securityContext: {}
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000
  # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
  service:
    # -- This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
    # @section -- UnifiedPush
    type: ClusterIP
    # -- This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
    # @section -- UnifiedPush
    port: 80
  # -- We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
  # @section -- UnifiedPush
  resources: {}
  # -- This is to setup the liveness more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- UnifiedPush
  livenessProbe:
    httpGet:
      path: /health
      port: http
  # -- This is to setup the readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
  # @section -- UnifiedPush
  readinessProbe:
    httpGet:
      path: /health
      port: http
  # -- Additional volumeMounts on the output Deployment definition.
  # - name: foo
  #   mountPath: "/etc/foo"
  #   readOnly: true
  # @section -- UnifiedPush
  volumeMounts: []
 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
  # -- Specifies whether a service account should be created
  # @section -- UnifiedPush
  create: true
  # -- Automatically mount a ServiceAccount's API credentials?
  # @section -- UnifiedPush
  automount: true
  # -- Annotations to add to the service account
  # @section -- UnifiedPush
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  # @section -- UnifiedPush
  name: ""
 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: false
  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  host: chart-example.local
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 # -- Additional volumes on the output Deployment definition.
 # - name: foo
 #   secret:
 #     secretName: mysecret
 #     optional: false
 volumes: []
--- a/conduit/Chart.yaml
+++ b/conduit/Chart.yaml
@ -3,9 +3,9 @@ name: conduit
 description: Conduit is a simple, fast and reliable chat server powered by Matrix.
 icon: https://conduit.rs/conduit.svg
 type: application
-version: "1.0.4"
+version: 0.2.5
-# renovate: image=docker.io/matrixconduit/matrix-conduit
+# renovate: image=registry.gitlab.com/famedly/conduit/matrix-conduit
-appVersion: "0.9.0"
+appVersion: "0.6.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/conduit/README.adoc
+++ b/conduit/README.adoc
@ -0,0 +1,406 @@
 = conduit
 image::https://img.shields.io/badge/Version-0.2.5-informational?style=flat-square[Version: 0.2.5]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square[AppVersion: 0.6.0]
 == Maintainers
 .Maintainers
 |===
 | Name | Email | Url
 | WrenIX
 |
 | <https://wrenix.eu>
 |===
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/conduit
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall conduit-release
 ----
 == Values
 .Values
 |===
 | Key | Type | Default | Description
 | affinity
 | object
 | `{}`
 |
 | autoscaling.enabled
 | bool
 | `false`
 |
 | autoscaling.maxReplicas
 | int
 | `100`
 |
 | autoscaling.minReplicas
 | int
 | `1`
 |
 | autoscaling.targetCPUUtilizationPercentage
 | int
 | `80`
 |
 | conduit.allowEncryption
 | bool
 | `true`
 |
 | conduit.allowFederation
 | bool
 | `true`
 |
 | conduit.allowRegistration
 | bool
 | `false`
 |
 | conduit.allowRoomCreation
 | bool
 | `true`
 |
 | conduit.allowUnstableRoomVersions
 | bool
 | `true`
 |
 | conduit.log
 | string
 | `nil`
 |
 | conduit.maxConcurrentRequests
 | string
 | `nil`
 |
 | conduit.maxRequestSize
 | string
 | `"20000000"`
 | in bytes default 20 MB
 | conduit.registrationToken
 | string
 | `nil`
 |
 | conduit.server_name
 | string
 | `"your.server.name"`
 |
 | conduit.trustedServers[0]
 | string
 | `"matrix.org"`
 |
 | conduit.wellKnownClient
 | string
 | `"your.server.name"`
 |
 | fullnameOverride
 | string
 | `""`
 |
 | image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | image.repository
 | string
 | `"registry.gitlab.com/famedly/conduit/matrix-conduit"`
 |
 | image.tag
 | string
 | `""`
 |
 | imagePullSecrets
 | list
 | `[]`
 |
 | ingress.annotations
 | object
 | `{}`
 |
 | ingress.className
 | string
 | `""`
 |
 | ingress.enabled
 | bool
 | `false`
 |
 | ingress.hosts[0].host
 | string
 | `"chart-example.local"`
 |
 | ingress.hosts[0].paths[0].path
 | string
 | `"/"`
 |
 | ingress.hosts[0].paths[0].pathType
 | string
 | `"ImplementationSpecific"`
 |
 | ingress.tls
 | list
 | `[]`
 |
 | nameOverride
 | string
 | `""`
 |
 | nodeSelector
 | object
 | `{}`
 |
 | persistence.accessMode
 | string
 | `"ReadWriteOnce"`
 |
 | persistence.annotations
 | object
 | `{}`
 |
 | persistence.enabled
 | bool
 | `true`
 |
 | persistence.existingClaim
 | string
 | `nil`
 | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
 | persistence.hostPath
 | string
 | `nil`
 | Do not create an PVC, direct use hostPath in Pod
 | persistence.size
 | string
 | `"1Gi"`
 |
 | persistence.storageClass
 | string
 | `nil`
 | Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is   set, choosing the default provisioner.  (gp2 on AWS, standard on   GKE, AWS & OpenStack)
 | podAnnotations
 | object
 | `{}`
 |
 | podLabels
 | object
 | `{}`
 |
 | podSecurityContext
 | object
 | `{}`
 |
 | replicaCount
 | int
 | `1`
 |
 | resources
 | object
 | `{}`
 |
 | securityContext
 | object
 | `{}`
 |
 | service.port
 | int
 | `6167`
 |
 | service.type
 | string
 | `"ClusterIP"`
 |
 | serviceAccount.annotations
 | object
 | `{}`
 |
 | serviceAccount.create
 | bool
 | `true`
 |
 | serviceAccount.name
 | string
 | `""`
 |
 | tolerations
 | list
 | `[]`
 |
 | wellknown.affinity
 | object
 | `{}`
 |
 | wellknown.client."m.homeserver".base_url
 | string
 | `"https://your.server.name/"`
 |
 | wellknown.client."org.matrix.msc3575.proxy".url
 | string
 | `"https://your.server.name/"`
 |
 | wellknown.containerPort
 | int
 | `80`
 |
 | wellknown.enabled
 | bool
 | `true`
 |
 | wellknown.env
 | list
 | `[]`
 |
 | wellknown.image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | wellknown.image.repository
 | string
 | `"nginx"`
 |
 | wellknown.image.tag
 | string
 | `"1.25"`
 |
 | wellknown.nodeSelector
 | object
 | `{}`
 |
 | wellknown.podAnnotations
 | list
 | `[]`
 |
 | wellknown.podLabels
 | object
 | `{}`
 |
 | wellknown.podSecurityContext
 | object
 | `{}`
 |
 | wellknown.replicaCount
 | int
 | `1`
 |
 | wellknown.resources
 | object
 | `{}`
 |
 | wellknown.securityContext
 | object
 | `{}`
 |
 | wellknown.server."m.server"
 | string
 | `"your.server.name:443"`
 |
 | wellknown.service.annotations
 | object
 | `{}`
 |
 | wellknown.service.port
 | int
 | `8080`
 |
 | wellknown.service.type
 | string
 | `"ClusterIP"`
 |
 | wellknown.tolerations
 | list
 | `[]`
 |
 |===
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/conduit/README.md
+++ b/conduit/README.md
@ -1,131 +0,0 @@
 ---
 title: "conduit"
 description: "Conduit is a simple, fast and reliable chat server powered by Matrix."
 ---
 # conduit
 ![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
 Conduit is a simple, fast and reliable chat server powered by Matrix.
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/conduit
 ```
 You can install a chart release using the following command:
 ```bash
 helm install conduit-release oci://codeberg.org/wrenix/helm-charts/conduit --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall conduit-release
 ```
 ## Values
 ### well known
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | wellknown.affinity | object | `{}` | pod affinity |
 | wellknown.client | object | `{"m.homeserver":{"base_url":"https://your.server.name/"},"org.matrix.msc3575.proxy":{"url":"https://your.server.name/"}}` | client entry in well-known |
 | wellknown.containerPort | int | `80` | port webservice |
 | wellknown.enabled | bool | `false` | enable/deploy add extra webservice for well-known urls |
 | wellknown.env | list | `[]` | pod env |
 | wellknown.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | wellknown.image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
 | wellknown.image.repository | string | `"library/nginx"` | image repository |
 | wellknown.image.tag | string | `"1.27.4"` | image tag |
 | wellknown.nginxServerConf | string | `"server {\n    listen       {{ .containerPort }};\n    server_name  localhost;\n\n    location /.well-known/matrix/server {\n      return 200 {{ toJson .server | quote }};\n      types { } default_type \"application/json; charset=utf-8\";\n    }\n\n    location /.well-known/matrix/client {\n      return 200 {{ toJson .client | quote }};\n      types { } default_type \"application/json; charset=utf-8\";\n      add_header \"Access-Control-Allow-Origin\" *;\n    }\n\n    location / {\n      # return 200 'Welcome to the your.server.name conduit server!';\n      # types { } default_type \"text/plain; charset=utf-8\";\n      return 404;\n    }\n\n    location /nginx_health {\n      return 200 'OK';\n      types { } default_type \"text/plain; charset=utf-8\";\n    }\n}"` | nginx config |
 | wellknown.nodeSelector | object | `{}` | pod node selector |
 | wellknown.podAnnotations | list | `[]` | pod annotations |
 | wellknown.podLabels | object | `{}` | pod labels |
 | wellknown.podSecurityContext | object | `{}` | securityContext of Pod |
 | wellknown.replicaCount | int | `1` | replicas |
 | wellknown.resources | object | `{}` | pod resources |
 | wellknown.rewriteRoot | bool | `false` | if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server |
 | wellknown.securityContext | object | `{}` | securityContext of container |
 | wellknown.server | object | `{"m.server":"your.server.name:443"}` | server entry in well-known |
 | wellknown.service.annotations | object | `{}` | annotations of service |
 | wellknown.service.port | int | `8080` | port of service |
 | wellknown.service.type | string | `"ClusterIP"` | service type |
 | wellknown.tolerations | list | `[]` | pod tolerations |
 ### Other Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
 | autoscaling.enabled | bool | `false` |  |
 | autoscaling.maxReplicas | int | `100` |  |
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | conduit.allowEncryption | bool | `true` |  |
 | conduit.allowFederation | bool | `true` |  |
 | conduit.allowRegistration | bool | `false` |  |
 | conduit.allowRoomCreation | bool | `true` |  |
 | conduit.allowUnstableRoomVersions | bool | `true` |  |
 | conduit.log | string | `nil` |  |
 | conduit.maxConcurrentRequests | string | `nil` |  |
 | conduit.maxRequestSize | string | `"20000000"` | in bytes default 20 MB |
 | conduit.registrationToken | string | `nil` |  |
 | conduit.server_name | string | `"your.server.name"` |  |
 | conduit.trustedServers[0] | string | `"matrix.org"` |  |
 | conduit.wellKnown.client | string | `""` | client well-known configuration in conduit |
 | conduit.wellKnown.server | string | `"https://your.server.name"` | server well-known configuration in conduit |
 | fullnameOverride | string | `""` |  |
 | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
 | global.image.registry | string | `nil` | if set it will overwrite all registry entries |
 | image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | image.registry | string | `"docker.io"` | image registry (could be overwritten by global.image.registry) |
 | image.repository | string | `"matrixconduit/matrix-conduit"` | image repository |
 | image.tag | string | `""` | image tag - Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.hosts[0].host | string | `"chart-example.local"` |  |
 | ingress.hosts[0].paths[0].path | string | `"/"` |  |
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | persistence.accessMode | string | `"ReadWriteOnce"` |  |
 | persistence.annotations | object | `{}` |  |
 | persistence.enabled | bool | `true` |  |
 | persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
 | persistence.hostPath | string | `nil` | Do not create an PVC, direct use hostPath in Pod |
 | persistence.size | string | `"1Gi"` |  |
 | persistence.storageClass | string | `nil` | Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is   set, choosing the default provisioner.  (gp2 on AWS, standard on   GKE, AWS & OpenStack) |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
 | replicaCount | int | `1` | replicas |
 | resources | object | `{}` |  |
 | securityContext | object | `{}` |  |
 | service.port | int | `6167` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | tolerations | list | `[]` |  |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/conduit/ci/empty-values.yaml
+++ b/conduit/ci/empty-values.yaml
--- a/conduit/ci/well-known-values.yaml
+++ b/conduit/ci/well-known-values.yaml
@ -1,22 +0,0 @@
 conduit:
  server_name: test.wrenix.eu
  wellKnown:
    server: "overwritten-test:443"
    client: "https://overwritten-test"
 wellknown:
  enabled: true
 ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: test.wrenix.eu
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: test
      hosts:
        - test.wrenix.eu
--- a/conduit/templates/deployment.yaml
+++ b/conduit/templates/deployment.yaml
@ -38,10 +38,8 @@ spec:
        - name: {{ .Chart.Name }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
-          {{- with .Values.image }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
-          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
@ -97,14 +95,10 @@ spec:
            - name: "CONDUIT_REGISTRATION_TOKEN"
              value: {{ . | quote }}
            {{- end }}
-            {{- with .Values.conduit.wellKnown.client }}
+            {{- with .Values.conduit.wellKnownClient }}
            - name: "CONDUIT_WELL_KNOWN_CLIENT"
              value: {{ . | quote }}
            {{- end }}
            {{- with .Values.conduit.wellKnown.server }}
            - name: "CONDUIT_WELL_KNOWN_SERVER"
              value: {{ . | quote }}
            {{- end }}
          volumeMounts:
            - name: "data"
              mountPath: "/var/lib/matrix-conduit"
--- a/conduit/templates/ingress.yaml
+++ b/conduit/templates/ingress.yaml
@ -76,14 +76,5 @@ spec:
               name: {{ include "conduit.fullname" . }}-wellknown
               port:
                 name: http
         {{- if .Values.wellknown.rewriteRoot }}
         - path: /
           pathType: Exact
           backend:
             service:
               name: {{ include "conduit.fullname" . }}-wellknown
               port:
                 name: http
         {{- end }}
    {{- end }}
 {{- end }}
--- a/conduit/templates/wellknown/configmap.yaml
+++ b/conduit/templates/wellknown/configmap.yaml
@ -2,11 +2,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "conduit.fullname" . }}-nginx-wellknown
+  name: {{ include "conduit.fullname" . }}-wellknown
  labels:
    {{- include "conduit.labels" . | nindent 4 }}
 data:
-  {{- with .Values.wellknown}}
+  server: {{ toJson .Values.wellknown.server | quote }}
-  default.conf: {{ tpl .nginxServerConf . | toYaml | nindent 4 }}
+  client: {{ toJson .Values.wellknown.client | quote }}
-  {{- end }}
+{{- end }}
 {{- end }}
--- a/conduit/templates/wellknown/deployment.yaml
+++ b/conduit/templates/wellknown/deployment.yaml
@ -24,7 +24,6 @@ spec:
        {{- with .Values.wellknown.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
        type: wellknown
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
@ -37,29 +36,25 @@ spec:
        - name: wellknown
          securityContext:
            {{- toYaml .Values.wellknown.securityContext | nindent 12 }}
-          {{- with .Values.wellknown.image }}
+          image: "{{ .Values.wellknown.image.repository }}:{{ .Values.wellknown.image.tag }}"
-          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.wellknown.image.pullPolicy }}
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          ports:
            - name: http
              containerPort: {{ .Values.wellknown.containerPort }}
              protocol: TCP
          livenessProbe:
            httpGet:
-              path: /nginx_health
+              path: /
              port: http
          readinessProbe:
            httpGet:
-              path: /nginx_health
+              path: /
              port: http
          resources:
            {{- toYaml .Values.wellknown.resources | nindent 12 }}
          volumeMounts:
-            - name: "wellknown-nginx-conf"
+            - name: "data"
-              mountPath: "/etc/nginx/conf.d/default.conf"
+              mountPath: "/usr/share/nginx/html/.well-known/matrix/"
              subPath: default.conf
              readOnly: true
      {{- with .Values.wellknown.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -73,7 +68,7 @@ spec:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
-        - name: "wellknown-nginx-conf"
+        - name: "data"
          configMap:
-            name: {{ include "conduit.fullname" . }}-nginx-wellknown
+            name: {{ include "conduit.fullname" . }}-wellknown
 {{- end }}
--- a/conduit/values.yaml
+++ b/conduit/values.yaml
@ -1,22 +1,13 @@
-global:
+# Default values for conduit.
-  image:
+# This is a YAML-formatted file.
-    # -- if set it will overwrite all registry entries
+# Declare variables to be passed into your templates.
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:
 # -- replicas
 replicaCount: 1
 image:
-  # -- image registry (could be overwritten by global.image.registry)
+  repository: registry.gitlab.com/famedly/conduit/matrix-conduit
  registry: docker.io
  # -- image repository
  repository: matrixconduit/matrix-conduit
  # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
  pullPolicy: IfNotPresent
-  # -- image tag - Overrides the image tag whose default is the chart appVersion.
+  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
 imagePullSecrets: []
@ -48,121 +39,41 @@ conduit:
  # log: "warn,rocket=off,_=off,sled=off"
  log:
  registrationToken:
-  wellKnown:
+  wellKnownClient: "your.server.name"
    # -- client well-known configuration in conduit
    client: ""
    # -- server well-known configuration in conduit
    server: "https://your.server.name"
 wellknown:
-  # -- enable/deploy add extra webservice for well-known urls
+  enabled: true
  # @section -- well known
  enabled: false
  image:
-    # -- image registry (could be overwritten by global.image.registry)
+    repository: nginx
    # @section -- well known
    registry: docker.io
    # -- image repository
    # @section -- well known
    repository: library/nginx
    # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
    # @section -- well known
    pullPolicy: IfNotPresent
-    # -- image tag
+    tag: "1.25"
    # @section -- well known
    tag: "1.27.4"
  # -- replicas
  # @section -- well known
  replicaCount: 1
  # -- pod labels
  # @section -- well known
  podLabels: {}
  # -- pod annotations
  # @section -- well known
  podAnnotations: []
  # -- securityContext of Pod
  # @section -- well known
  podSecurityContext: {}
  # -- securityContext of container
  # @section -- well known
  securityContext: {}
  # -- port webservice
  # @section -- well known
  containerPort: 80
  # -- pod env
  # @section -- well known
  env: []
  # -- pod resources
  # @section -- well known
  resources: {}
  # -- pod node selector
  # @section -- well known
  nodeSelector: {}
  # -- pod tolerations
  # @section -- well known
  tolerations: []
  # -- pod affinity
  # @section -- well known
  affinity: {}
  service:
    # -- service type
    # @section -- well known
    type: ClusterIP
    # -- port of service
    # @section -- well known
    port: 8080
    # -- annotations of service
    # @section -- well known
    annotations: {}
-  # -- if ingress is enabled: specifies whether ingress should redirect the `/`-Location to the wellknown server
+  # TO EDIT:
  # @section -- well known
  rewriteRoot: false
  # -- server entry in well-known
  # @section -- well known
  server:
    "m.server": "your.server.name:443"
  # -- client entry in well-known
  # @section -- well known
  client:
    "m.homeserver":
      "base_url": "https://your.server.name/"
    "org.matrix.msc3575.proxy":
      "url": "https://your.server.name/"
  # -- nginx config
  # @section -- well known
  nginxServerConf: |-
      server {
          listen       {{ .containerPort }};
          server_name  localhost;
          location /.well-known/matrix/server {
            return 200 {{ toJson .server | quote }};
            types { } default_type "application/json; charset=utf-8";
          }
          location /.well-known/matrix/client {
            return 200 {{ toJson .client | quote }};
            types { } default_type "application/json; charset=utf-8";
            add_header "Access-Control-Allow-Origin" *;
          }
          location / {
            # return 200 'Welcome to the your.server.name conduit server!';
            # types { } default_type "text/plain; charset=utf-8";
            return 404;
          }
          location /nginx_health {
            return 200 'OK';
            types { } default_type "text/plain; charset=utf-8";
          }
      }
 podLabels: {}
 podAnnotations: {}
--- a/docs/antora.yml
+++ b/docs/antora.yml
@ -0,0 +1,8 @@
 name: wrenix-helm
 title: "WrenIX's Helm charts"
 version:
  main: latest
 nav:
  - modules/ROOT/nav.adoc
  - modules/charts/nav.adoc
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@ -0,0 +1 @@
 * xref:index.adoc[Home]
--- a/docs/modules/ROOT/pages/index.adoc
+++ b/docs/modules/ROOT/pages/index.adoc
@ -0,0 +1 @@
 ../../../../README.adoc
--- a/docs/modules/charts/generate.sh
+++ b/docs/modules/charts/generate.sh
@ -0,0 +1,16 @@
 #!/bin/sh
 ROOT_DIR="./docs/modules/charts/"
 rm "${ROOT_DIR}/pages/"*".adoc"
 echo "* charts" > "${ROOT_DIR}/nav.adoc"
 for name in * ; do
  if \
    [ ! -d $name ] || \
    [ ! -f $name/Chart.yaml ] \
    ; then
    continue;
  fi
  ln -sf "../../../../${name}/README.adoc" "${ROOT_DIR}/pages/${name}.adoc";
  echo "** xref:${name}.adoc[${name}]" >> "${ROOT_DIR}/nav.adoc"
 done
--- a/docs/modules/charts/nav.adoc
+++ b/docs/modules/charts/nav.adoc
@ -0,0 +1,21 @@
 * charts
 ** xref:alertmanager-matrix.adoc[alertmanager-matrix]
 ** xref:alertmanager-ntfy.adoc[alertmanager-ntfy]
 ** xref:authentik-application.adoc[authentik-application]
 ** xref:conduit.adoc[conduit]
 ** xref:forgejo-runner.adoc[forgejo-runner]
 ** xref:gotosocial.adoc[gotosocial]
 ** xref:grampsweb.adoc[grampsweb]
 ** xref:headscale.adoc[headscale]
 ** xref:headscale-ui.adoc[headscale-ui]
 ** xref:hydrogen-web.adoc[hydrogen-web]
 ** xref:jellyfin.adoc[jellyfin]
 ** xref:matrix-authentication-service.adoc[matrix-authentication-service]
 ** xref:matrix-sliding-sync.adoc[matrix-sliding-sync]
 ** xref:matrix-synapse.adoc[matrix-synapse]
 ** xref:mautrix-signal.adoc[mautrix-signal]
 ** xref:miniserve.adoc[miniserve]
 ** xref:monitoring.adoc[monitoring]
 ** xref:ntfy.adoc[ntfy]
 ** xref:postgresql.adoc[postgresql]
 ** xref:stalwart-mail.adoc[stalwart-mail]
--- a/docs/modules/charts/pages/alertmanager-matrix.adoc
+++ b/docs/modules/charts/pages/alertmanager-matrix.adoc
@ -0,0 +1 @@
 ../../../../alertmanager-matrix/README.adoc
--- a/docs/modules/charts/pages/alertmanager-ntfy.adoc
+++ b/docs/modules/charts/pages/alertmanager-ntfy.adoc
@ -0,0 +1 @@
 ../../../../alertmanager-ntfy/README.adoc
--- a/docs/modules/charts/pages/authentik-application.adoc
+++ b/docs/modules/charts/pages/authentik-application.adoc
@ -0,0 +1 @@
 ../../../../authentik-application/README.adoc
--- a/docs/modules/charts/pages/conduit.adoc
+++ b/docs/modules/charts/pages/conduit.adoc
@ -0,0 +1 @@
 ../../../../conduit/README.adoc
--- a/docs/modules/charts/pages/forgejo-runner.adoc
+++ b/docs/modules/charts/pages/forgejo-runner.adoc
@ -0,0 +1 @@
 ../../../../forgejo-runner/README.adoc
--- a/docs/modules/charts/pages/gotosocial.adoc
+++ b/docs/modules/charts/pages/gotosocial.adoc
@ -0,0 +1 @@
 ../../../../gotosocial/README.adoc
--- a/docs/modules/charts/pages/grampsweb.adoc
+++ b/docs/modules/charts/pages/grampsweb.adoc
@ -0,0 +1 @@
 ../../../../grampsweb/README.adoc
--- a/docs/modules/charts/pages/headscale-ui.adoc
+++ b/docs/modules/charts/pages/headscale-ui.adoc
@ -0,0 +1 @@
 ../../../../headscale-ui/README.adoc
--- a/docs/modules/charts/pages/headscale.adoc
+++ b/docs/modules/charts/pages/headscale.adoc
@ -0,0 +1 @@
 ../../../../headscale/README.adoc
--- a/docs/modules/charts/pages/hydrogen-web.adoc
+++ b/docs/modules/charts/pages/hydrogen-web.adoc
@ -0,0 +1 @@
 ../../../../hydrogen-web/README.adoc
--- a/docs/modules/charts/pages/jellyfin.adoc
+++ b/docs/modules/charts/pages/jellyfin.adoc
@ -0,0 +1 @@
 ../../../../jellyfin/README.adoc
--- a/docs/modules/charts/pages/matrix-authentication-service.adoc
+++ b/docs/modules/charts/pages/matrix-authentication-service.adoc
@ -0,0 +1 @@
 ../../../../matrix-authentication-service/README.adoc
--- a/docs/modules/charts/pages/matrix-sliding-sync.adoc
+++ b/docs/modules/charts/pages/matrix-sliding-sync.adoc
@ -0,0 +1 @@
 ../../../../matrix-sliding-sync/README.adoc
--- a/docs/modules/charts/pages/matrix-synapse.adoc
+++ b/docs/modules/charts/pages/matrix-synapse.adoc
@ -0,0 +1 @@
 ../../../../matrix-synapse/README.adoc
--- a/docs/modules/charts/pages/mautrix-signal.adoc
+++ b/docs/modules/charts/pages/mautrix-signal.adoc
@ -0,0 +1 @@
 ../../../../mautrix-signal/README.adoc
--- a/docs/modules/charts/pages/miniserve.adoc
+++ b/docs/modules/charts/pages/miniserve.adoc
@ -0,0 +1 @@
 ../../../../miniserve/README.adoc
--- a/docs/modules/charts/pages/monitoring.adoc
+++ b/docs/modules/charts/pages/monitoring.adoc
@ -0,0 +1 @@
 ../../../../monitoring/README.adoc
--- a/docs/modules/charts/pages/ntfy.adoc
+++ b/docs/modules/charts/pages/ntfy.adoc
@ -0,0 +1 @@
 ../../../../ntfy/README.adoc
--- a/docs/modules/charts/pages/postgresql.adoc
+++ b/docs/modules/charts/pages/postgresql.adoc
@ -0,0 +1 @@
 ../../../../postgresql/README.adoc
--- a/docs/modules/charts/pages/stalwart-mail.adoc
+++ b/docs/modules/charts/pages/stalwart-mail.adoc
@ -0,0 +1 @@
 ../../../../stalwart-mail/README.adoc
--- a/element-call/Chart.yaml
+++ b/element-call/Chart.yaml
@ -1,10 +0,0 @@
 apiVersion: v2
 name: element-call
 description: Run Element-Call and his dependencies
 type: application
 version: "0.1.8"
 # renovate: image=ghcr.io/element-hq/element-call
 appVersion: "0.7.1"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/element-call/README.md
+++ b/element-call/README.md
@ -1,125 +0,0 @@
 ---
 title: "element-call"
 description: "Run Element-Call and his dependencies"
 ---
 # element-call
 ![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.1](https://img.shields.io/badge/AppVersion-0.7.1-informational?style=flat-square)
 Run Element-Call and his dependencies
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | WrenIX |  | <https://wrenix.eu> |
 ## Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's [documentation](https://helm.sh/docs) to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 ```bash
 helm pull oci://codeberg.org/wrenix/helm-charts/element-call
 ```
 You can install a chart release using the following command:
 ```bash
 helm install element-call-release oci://codeberg.org/wrenix/helm-charts/element-call --values values.yaml
 ```
 To uninstall a chart release use `helm`'s delete command:
 ```bash
 helm uninstall element-call-release
 ```
 ## Values
 ### livekit JWT
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | service.lkJWT.config.key | string | `"devkey"` | key to livekit |
 | service.lkJWT.config.secret | string | `"secret"` | secret to livekit |
 | service.lkJWT.config.url | string | `""` | url to livekit |
 | service.lkJWT.enabled | bool | `true` | enable to deploy livekit jwt service for element-call |
 | service.lkJWT.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | service.lkJWT.image.registry | string | `"ghcr.io"` | image registry (could be overwritten by global.image.registry) |
 | service.lkJWT.image.repository | string | `"element-hq/lk-jwt-service"` | image repository |
 | service.lkJWT.image.tag | string | `"sha-4a29504"` | image tag |
 | service.lkJWT.networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy |
 | service.lkJWT.networkPolicy.egress.extra | list | `[]` | egress rules |
 | service.lkJWT.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
 | service.lkJWT.replicaCount | int | `1` | replicas |
 | service.lkJWT.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | service.lkJWT.serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
 | service.lkJWT.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | service.lkJWT.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 ### Other Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | autoscaling.enabled | bool | `false` |  |
 | autoscaling.maxReplicas | int | `100` |  |
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | fullnameOverride | string | `""` |  |
 | global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
 | global.image.registry | string | `nil` | if set it will overwrite all registry entries |
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
 | ingress.enabled | bool | `false` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | service.call.affinity | object | `{}` |  |
 | service.call.config | object | `{}` |  |
 | service.call.image.pullPolicy | string | `"IfNotPresent"` | This sets the pull policy for images. (could be overwritten by global.image.pullPolicy) |
 | service.call.image.registry | string | `"ghcr.io"` | image registry (could be overwritten by global.image.registry) |
 | service.call.image.repository | string | `"element-hq/element-call"` | image repository |
 | service.call.image.tag | string | `nil` | image tag - Overrides the image tag whose default is the chart appVersion |
 | service.call.ingress.host | string | `nil` |  |
 | service.call.livenessProbe.httpGet.path | string | `"/"` |  |
 | service.call.livenessProbe.httpGet.port | string | `"http"` |  |
 | service.call.networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
 | service.call.networkPolicy.egress.extra | list | `[]` | egress rules |
 | service.call.networkPolicy.enabled | bool | `false` |  |
 | service.call.networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
 | service.call.nodeSelector | object | `{}` |  |
 | service.call.podAnnotations | object | `{}` |  |
 | service.call.podLabels | object | `{}` |  |
 | service.call.podSecurityContext | object | `{}` |  |
 | service.call.readinessProbe.httpGet.path | string | `"/"` |  |
 | service.call.readinessProbe.httpGet.port | string | `"http"` |  |
 | service.call.replicaCount | int | `1` | replicas |
 | service.call.resources | object | `{}` |  |
 | service.call.securityContext | object | `{}` |  |
 | service.call.serviceAccount.annotations | object | `{}` |  |
 | service.call.serviceAccount.automount | bool | `true` |  |
 | service.call.serviceAccount.create | bool | `true` |  |
 | service.call.serviceAccount.name | string | `""` |  |
 | service.call.tolerations | list | `[]` |  |
 | service.lkJWT.affinity | object | `{}` |  |
 | service.lkJWT.ingress.host | string | `nil` |  |
 | service.lkJWT.livenessProbe.httpGet.path | string | `"/healthz"` |  |
 | service.lkJWT.livenessProbe.httpGet.port | string | `"http"` |  |
 | service.lkJWT.networkPolicy.enabled | bool | `false` |  |
 | service.lkJWT.nodeSelector | object | `{}` |  |
 | service.lkJWT.podAnnotations | object | `{}` |  |
 | service.lkJWT.podLabels | object | `{}` |  |
 | service.lkJWT.podSecurityContext | object | `{}` |  |
 | service.lkJWT.readinessProbe.httpGet.path | string | `"/healthz"` |  |
 | service.lkJWT.readinessProbe.httpGet.port | string | `"http"` |  |
 | service.lkJWT.resources | object | `{}` |  |
 | service.lkJWT.securityContext | object | `{}` |  |
 | service.lkJWT.tolerations | list | `[]` |  |
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
--- a/element-call/_docs.gotmpl
+++ b/element-call/_docs.gotmpl
@ -1 +0,0 @@
--- a/element-call/templates/_helpers.tpl
+++ b/element-call/templates/_helpers.tpl
@ -1,70 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "element-call.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "element-call.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "element-call.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "element-call.labels" -}}
 helm.sh/chart: {{ include "element-call.chart" . }}
 {{ include "element-call.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "element-call.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "element-call.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "element-call.serviceAccountName" -}}
 {{- $ := get . "root" }}
 {{- $suffix := get . "suffix" }}
 {{- with get . "ctx" }}
 {{- if .serviceAccount.create }}
 {{- if $suffix }}
 {{- default (printf "%s-%s" (include "element-call.fullname" $) $suffix) .serviceAccount.name }}
 {{- else }}
 {{- default (include "element-call.fullname" $) .serviceAccount.name }}
 {{- end }}
 {{- else }}
 {{- default "default" .serviceAccount.name }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/element-call/templates/configmap.yaml
+++ b/element-call/templates/configmap.yaml
@ -1,10 +0,0 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "element-call.fullname" . }}
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
 data:
  "config.json": |
    {{- toJson .Values.service.call.config | nindent 4 }} 
--- a/element-call/templates/deployment.yaml
+++ b/element-call/templates/deployment.yaml
@ -1,76 +0,0 @@
 {{- $fullName := include "element-call.fullname" . -}}
 {{- with .Values.service.call }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
    app.kubernetes.io/component: call
 spec:
  {{- if not $.Values.autoscaling.enabled }}
  replicas: {{ .replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "element-call.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: call
  template:
    metadata:
      {{- with .podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "element-call.labels" $ | nindent 8 }}
        app.kubernetes.io/component: call
        {{- with .podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with $.Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" .) }}
      securityContext:
        {{- toYaml .podSecurityContext | nindent 8 }}
      containers:
        - name: call
          securityContext:
            {{- toYaml .securityContext | nindent 12 }}
          {{- with .image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag | default (printf "v%s" $.Chart.AppVersion) }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            {{- toYaml .livenessProbe | nindent 12 }}
          readinessProbe:
            {{- toYaml .readinessProbe | nindent 12 }}
          resources:
            {{- toYaml .resources | nindent 12 }}
          volumeMounts:
            - mountPath: /app/config.json
              name: config
              subPath: config.json
      volumes:
        - name: config
          configMap:
            name: {{ $fullName }}
      {{- with .nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
 {{- end }}{{/* end-with .service.call */}}
--- a/element-call/templates/hpa.yaml
+++ b/element-call/templates/hpa.yaml
@ -1,32 +0,0 @@
 {{- if .Values.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "element-call.fullname" . }}
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "element-call.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
    {{- end }}
    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
    {{- end }}
 {{- end }}
--- a/element-call/templates/ingress.yaml
+++ b/element-call/templates/ingress.yaml
@ -1,46 +0,0 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "element-call.fullname" . -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- with .Values.ingress.tls }}
  tls:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    - host: {{ .Values.service.call.ingress.host | quote }}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: {{ $fullName }}
                port:
                  name: http
    {{- if .Values.service.lkJWT.enabled }}
    {{- if (eq .Values.service.lkJWT.ingress.host .Values.service.call.ingress.host)}}
    - host: {{ .Values.service.lkJWT.ingress.host | quote }}
      http:
        paths:
    {{- end }}
          - path: /sfu/get
            pathType: Exact
            backend:
              service:
                name: {{ $fullName }}-lk-jwt
                port:
                  name: http
    {{- end }}
 {{- end }}
--- a/element-call/templates/lk-jwt/deployment.yaml
+++ b/element-call/templates/lk-jwt/deployment.yaml
@ -1,79 +0,0 @@
 {{- $fullName := include "element-call.fullname" . -}}
 {{- with .Values.service.lkJWT }}
 {{- if .enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ $fullName }}-lk-jwt
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
    app.kubernetes.io/component: lk-jwt
 spec:
  {{- if not $.Values.autoscaling.enabled }}
  replicas: {{ .replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "element-call.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: lk-jwt
  template:
    metadata:
      annotations:
        secret-env-hash: {{ include (print $.Template.BasePath "/lk-jwt/secret.yaml") $ | sha256sum }}
        {{- with .podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- include "element-call.labels" $ | nindent 8 }}
        app.kubernetes.io/component: lk-jwt
        {{- with .podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with $.Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }}
      securityContext:
        {{- toYaml .podSecurityContext | nindent 8 }}
      containers:
        - name: lk-jwt
          securityContext:
            {{- toYaml .securityContext | nindent 12 }}
          {{- with .image }}
          image: "{{ coalesce $.Values.global.image.registry .registry }}/{{ .repository }}:{{ .tag }}"
          imagePullPolicy: {{ coalesce $.Values.global.image.pullPolicy .pullPolicy }}
          {{- end }}
          env:
            - name: "LK_JWT_PORT"
              value: "8080"
            - name: "LIVEKIT_URL"
              value: {{ .config.url }}
          envFrom:
            - secretRef:
                name: {{ $fullName }}-lk-jwt
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            {{- toYaml .livenessProbe | nindent 12 }}
          readinessProbe:
            {{- toYaml .readinessProbe | nindent 12 }}
          resources:
            {{- toYaml .resources | nindent 12 }}
      {{- with .nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
 {{- end }}{{/* end-if .enabled */}}
 {{- end }}{{/* end-with .Values.service.lkJWT */}}
--- a/element-call/templates/lk-jwt/networkpolicy.yaml
+++ b/element-call/templates/lk-jwt/networkpolicy.yaml
@ -1,31 +0,0 @@
 {{- with .Values.service.lkJWT.networkPolicy }}
 {{- if and $.Values.service.lkJWT.enabled .enabled }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ include "element-call.fullname" $ }}-lk-jwt
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
 spec:
  podSelector:
    matchLabels:
      {{- include "element-call.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: lk-jwt
  policyTypes:
    - Ingress
    {{- if .egress.enabled }}
    - Egress
    {{- end }}
  ingress:
    - ports:
        - port: 8080
          protocol: TCP
      from:
        {{- toYaml .ingress.http | nindent 8 }}
  {{- with .egress }}
  egress:
    {{- toYaml .extra | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/element-call/templates/lk-jwt/secret.yaml
+++ b/element-call/templates/lk-jwt/secret.yaml
@ -1,14 +0,0 @@
 {{- if .Values.service.lkJWT.enabled }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "element-call.fullname" . }}-lk-jwt
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
 data:
  {{- with .Values.service.lkJWT.config }}
  LIVEKIT_KEY: {{ .key | b64enc }}
  LIVEKIT_SECRET: {{ .secret | b64enc }}
  {{- end }}
 {{- end }}
--- a/element-call/templates/lk-jwt/service.yaml
+++ b/element-call/templates/lk-jwt/service.yaml
@ -1,19 +0,0 @@
 {{- if .Values.service.lkJWT.enabled }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "element-call.fullname" . }}-lk-jwt
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "element-call.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: lk-jwt
 {{- end }}
--- a/element-call/templates/lk-jwt/serviceaccount.yaml
+++ b/element-call/templates/lk-jwt/serviceaccount.yaml
@ -1,15 +0,0 @@
 {{- with .Values.service.lkJWT }}
 {{- if and .enabled .serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "lk-jwt") }}
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
  {{- with .serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .serviceAccount.automount }}
 {{- end }}
 {{- end }}
--- a/element-call/templates/networkpolicy.yaml
+++ b/element-call/templates/networkpolicy.yaml
@ -1,31 +0,0 @@
 {{- with .Values.service.call.networkPolicy }}
 {{- if .enabled }}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
  name: {{ include "element-call.fullname" $ }}
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
 spec:
  podSelector:
    matchLabels:
      {{- include "element-call.selectorLabels" $ | nindent 6 }}
      app.kubernetes.io/component: call
  policyTypes:
    - Ingress
    {{- if .egress.enabled }}
    - Egress
    {{- end }}
  ingress:
    - ports:
        - port: 8080
          protocol: TCP
      from:
        {{- toYaml .ingress.http | nindent 8 }}
  {{- with .egress }}
  egress:
    {{- toYaml .extra | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/element-call/templates/service.yaml
+++ b/element-call/templates/service.yaml
@ -1,16 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "element-call.fullname" . }}
  labels:
    {{- include "element-call.labels" . | nindent 4 }}
 spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "element-call.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: call
--- a/element-call/templates/serviceaccount.yaml
+++ b/element-call/templates/serviceaccount.yaml
@ -1,15 +0,0 @@
 {{- with .Values.service.call }}
 {{- if .serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "element-call.serviceAccountName" (dict "root" $ "ctx" . "suffix" "") }}
  labels:
    {{- include "element-call.labels" $ | nindent 4 }}
  {{- with .serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .serviceAccount.automount }}
 {{- end }}
 {{- end }}
--- a/element-call/values.yaml
+++ b/element-call/values.yaml
@ -1,175 +0,0 @@
 global:
  image:
    # -- if set it will overwrite all registry entries
    registry:
    # -- if set it will overwrite all pullPolicy
    pullPolicy:
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 ingress:
  enabled: false
  className: ""
  annotations: {}
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 service:
  call:
    # -- replicas
    replicaCount: 1
    image:
      # -- image registry (could be overwritten by global.image.registry)
      registry: ghcr.io
      # -- image repository
      repository: element-hq/element-call
      # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
      pullPolicy: IfNotPresent
      # -- image tag - Overrides the image tag whose default is the chart appVersion
      tag:
    config: {}
    ingress:
      host:
    networkPolicy:
      enabled: false
      ingress:
        # -- ingress for http port (e.g. ingress-controller)
        http: []
      egress:
        # -- activate egress no networkpolicy
        enabled: true
        # -- egress rules
        extra: []
    livenessProbe:
      httpGet:
        path: /
        port: http
    readinessProbe:
      httpGet:
        path: /
        port: http
    resources: {}
    serviceAccount:
      # Specifies whether a service account should be created
      create: true
      # Automatically mount a ServiceAccount's API credentials?
      automount: true
      # Annotations to add to the service account
      annotations: {}
      # The name of the service account to use.
      # If not set and create is true, a name is generated using the fullname template
      name: ""
    podAnnotations: {}
    podLabels: {}
    podSecurityContext: {}
      # fsGroup: 2000
    securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000
    nodeSelector: {}
    tolerations: []
    affinity: {}
  lkJWT:
    # -- enable to deploy livekit jwt service for element-call
    # @section -- livekit JWT
    enabled: true
    # -- replicas
    # @section -- livekit JWT
    replicaCount: 1
    image:
      # -- image registry (could be overwritten by global.image.registry)
      # @section -- livekit JWT
      registry: ghcr.io
      # -- image repository
      # @section -- livekit JWT
      repository: element-hq/lk-jwt-service
      # -- This sets the pull policy for images. (could be overwritten by global.image.pullPolicy)
      # @section -- livekit JWT
      pullPolicy: IfNotPresent
      # -- image tag
      # @section -- livekit JWT
      tag: sha-4a29504
    config:
      # -- url to livekit
      # @section -- livekit JWT
      url: ""
      # -- key to livekit
      # @section -- livekit JWT
      key: "devkey"
      # -- secret to livekit
      # @section -- livekit JWT
      secret: "secret"
    ingress:
      host:
    networkPolicy:
      enabled: false
      ingress:
        # -- ingress for http port (e.g. ingress-controller)
        # @section -- livekit JWT
        http: []
      egress:
        # -- activate egress no networkpolicy
        # @section -- livekit JWT
        enabled: false
        # -- egress rules
        # @section -- livekit JWT
        extra: []
    livenessProbe:
      httpGet:
        path: /healthz
        port: http
    readinessProbe:
      httpGet:
        path: /healthz
        port: http
    resources: {}
    serviceAccount:
      # -- Specifies whether a service account should be created
      # @section -- livekit JWT
      create: true
      # -- Automatically mount a ServiceAccount's API credentials?
      # @section -- livekit JWT
      automount: true
      # -- Annotations to add to the service account
      # @section -- livekit JWT
      annotations: {}
      # -- The name of the service account to use.
      # If not set and create is true, a name is generated using the fullname template
      # @section -- livekit JWT
      name: ""
    podAnnotations: {}
    podLabels: {}
    podSecurityContext: {}
      # fsGroup: 2000
    securityContext: {}
      # capabilities:
      #   drop:
      #   - ALL
      # readOnlyRootFilesystem: true
      # runAsNonRoot: true
      # runAsUser: 1000
    nodeSelector: {}
    tolerations: []
    affinity: {}
--- a/forgejo-runner/Chart.yaml
+++ b/forgejo-runner/Chart.yaml
@ -2,9 +2,9 @@ apiVersion: v2
 name: forgejo-runner
 description: Deploy runner for an forgejo instance (default codeberg.org)
 type: application
-version: "0.4.18"
+version: 0.1.9
 # renovate: image=code.forgejo.org/forgejo/runner
-appVersion: "6.2.2"
+appVersion: "3.3.0"
 maintainers:
  - name: WrenIX
    url: https://wrenix.eu
--- a/forgejo-runner/README.adoc
+++ b/forgejo-runner/README.adoc
@ -0,0 +1,246 @@
 = forgejo-runner
 image::https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square[Version: 0.1.9]
 image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
 image::https://img.shields.io/badge/AppVersion-3.3.0-informational?style=flat-square[AppVersion: 3.3.0]
 == Maintainers
 .Maintainers
 |===
 | Name | Email | Url
 | WrenIX
 |
 | <https://wrenix.eu>
 |===
 == Usage
 Helm must be installed and setup to your kubernetes cluster to use the charts.
 Refer to Helm's https://helm.sh/docs[documentation] to get started.
 Once Helm has been set up correctly, fetch the charts as follows:
 [source,bash]
 ----
 helm pull oci://codeberg.org/wrenix/helm-charts/forgejo-runner
 ----
 You can install a chart release using the following command:
 [source,bash]
 ----
 helm install forgejo-runner-release oci://codeberg.org/wrenix/helm-charts/forgejo-runner --values values.yaml
 ----
 To uninstall a chart release use `helm`'s delete command:
 [source,bash]
 ----
 helm uninstall forgejo-runner-release
 ----
 == Values
 .Values
 |===
 | Key | Type | Default | Description
 | affinity
 | object
 | `{}`
 |
 | autoscaling.enabled
 | bool
 | `false`
 |
 | autoscaling.maxReplicas
 | int
 | `100`
 |
 | autoscaling.minReplicas
 | int
 | `1`
 |
 | autoscaling.targetCPUUtilizationPercentage
 | int
 | `80`
 |
 | dind.image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | dind.image.registry
 | string
 | `"docker.io"`
 |
 | dind.image.repository
 | string
 | `"library/docker"`
 |
 | dind.image.tag
 | string
 | `"25.0.3-dind"`
 |
 | fullnameOverride
 | string
 | `""`
 |
 | image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | image.registry
 | string
 | `"code.forgejo.org"`
 |
 | image.repository
 | string
 | `"forgejo/runner"`
 |
 | image.tag
 | string
 | `""`
 |
 | imagePullSecrets
 | list
 | `[]`
 |
 | kubectl.image.pullPolicy
 | string
 | `"IfNotPresent"`
 |
 | kubectl.image.registry
 | string
 | `"docker.io"`
 |
 | kubectl.image.repository
 | string
 | `"bitnami/kubectl"`
 |
 | kubectl.image.tag
 | string
 | `"1.29.2"`
 |
 | nameOverride
 | string
 | `""`
 |
 | nodeSelector
 | object
 | `{}`
 |
 | podAnnotations
 | object
 | `{}`
 |
 | podLabels
 | object
 | `{}`
 |
 | podSecurityContext
 | object
 | `{}`
 |
 | replicaCount
 | int
 | `1`
 |
 | resources
 | object
 | `{}`
 |
 | runner.config.create
 | bool
 | `true`
 |
 | runner.config.existingSecret
 | string
 | `""`
 | use existingSecret instatt
 | runner.config.instance
 | string
 | `"https://codeberg.org"`
 |
 | runner.config.name
 | string
 | `nil`
 |
 | runner.config.token
 | string
 | `nil`
 |
 | securityContext.privileged
 | bool
 | `true`
 |
 | serviceAccount.annotations
 | object
 | `{}`
 |
 | serviceAccount.automount
 | bool
 | `true`
 |
 | serviceAccount.create
 | bool
 | `true`
 |
 | serviceAccount.name
 | string
 | `""`
 |
 | tolerations
 | list
 | `[]`
 |
 | volumeMounts
 | list
 | `[]`
 |
 | volumes
 | list
 | `[]`
 |
 |===
 Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/Show more
+++ b/Show more
		`@ -0,0 +1 @@`
							`../../../../authentik-application/README.adoc`
		`@ -0,0 +1 @@`
							`../../../../matrix-authentication-service/README.adoc`