add short names

add publish conditions for services

use official gitea helm chart

inventory/ghp/sample/group_vars/all/all.yaml

@@ -85,9 +85,6 @@ bitwarden_publish: false
 gitea_enabled: true
 #gitea_size: "20Gi"
 #gitea_storage: "nfs-ssd"
-#gitea_lfs: true
-#gitea_lfs_size: "50Gi"
-#gitea_lfs_storage: "nfs-hdd"
 gitea_publish_web: false
 gitea_publish_ssh: false
 gitea_loadbalancer_ip: "192.168.250.5"

inventory/ghp/sample/group_vars/ddclient.yaml

@@ -23,15 +23,17 @@ ddclient_conf: |
   {% endfor %}
 
 ddclient_hosts:
-  - "{% if nextcloud_publish | default(false) %}nextcloud.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if nextcloud_publish | default(false) %}{{ nextcloud_short_name | default('nextcloud') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if drone_publish | default(false) %}drone.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if drone_publish | default(false) %}{{ drone_short_name | default('drone') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if gitea_publish | default(false) %}gitea.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if gitea_publish_web | default(false) %}{{ gitea_short_name | default('gitea') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if bitwarden_publish | default(false) %}bitwarden.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if bitwarden_publish | default(false) %}{{ bitwarden_short_name | default('bitwarden') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if wikijs_publish | default(false) %}wikijs.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if playmaker_publish | default(false) %}{{ playmaker_short_name | default('playmaker') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if chartmuseum_publish | default(false) %}charts.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if pipyserver_publish | default(false) %}{{ pipyserver_short_name | default('pip') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if registry_publish | default(false) %}registry.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if wikijs_publish | default(false) %}{{ wikijs_short_name | default('wikijs') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if peertube_publish | default(false) %}peertube.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if chartmuseum_publish | default(false) %}{{ chartsmuseum_short_name | default('charts') }}.{{ domain }}{% else %}omitme{% endif %}"
-  - "{% if roundcube_publish | default(false) %}webmail.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if registry_publish | default(false) %}{{ registry_short_name | default('registry') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if peertube_publish | default(false) %}{{ peertube_short_name | default('peertube') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if roundcube_publish | default(false) %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
   - "{{ registry_readonly_ingress | default('omitme') }}"
   - "{{ chartmuseum_readonly_ingress | default('omitme') }}"
   - "{{ wikijs_readonly_ingress | default('omitme') }}"

inventory/ghp/sample/group_vars/web_proxy.yaml

@@ -45,28 +45,34 @@ nginx:
         default gitea_ssh_{{ namespace }};
         {% endif %}
         {% if gitea_publish_web %}
-        gitea.{{ domain }} gitea_web_{{ namespace }};
+        {{ gitea_short_name | default('gitea') }}.{{ domain }} gitea_web_{{ namespace }};
+        {% endif %}
+        {% if playmaker_publish %}
+        {{ playmaker_short_name | default('playmaker') }}.{{ domain }} https_{{ namespace }};
+        {% endif %}
+        {% if pipyserver_publish %}
+        {{ pipyserver_short_name | default('pip') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if bitwarden_publish %}
-        bitwarden.{{ domain }} https_{{ namespace }};
+        {{ bitwarden_short_name | default('bitwarden') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if wikijs_publish %}
-        wikijs.{{ domain }} https_{{ namespace }};
+        {{ wikijs_short_name | default('wikijs') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if drone_publish %}
-        drone.{{ domain }} https_{{ namespace }};
+        {{ drone_short_name | default('drone') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if nextcloud_publish %}
-        nextcloud.{{ domain }} https_{{ namespace }};
+        {{ nextcloud_short_name | default('nextcloud') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if registry_publish %}
-        registry.{{ domain }} https_{{ namespace }};
+        {{ registry_short_name | default('registry') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if registry_readonly_ingress %}
         {{ registry_readonly_ingress }} https_{{ namespace }};
         {% endif %}
         {% if chartmuseum_publish %}
-        charts.{{ domain }} https_{{ namespace }};
+        {{ chartsmuseum_short_name | default('charts') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if chartmuseum_readonly_ingress %}
         {{ chartmuseum_readonly_ingress }} https_{{ namespace }};
@@ -75,10 +81,10 @@ nginx:
         {{ wikijs_readonly_ingress }} https_{{ namespace }};
         {% endif %}
         {% if peertube_publish %}
-        peertube.{{ domain }} https_{{ namespace }};
+        {{ peertube_short_name | default('peertube') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
         {% if roundcube_publish %}
-        webmail.{{ domain }} https_{{ namespace }};
+        {{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }};
         {% endif %}
     - name: "k8s-ghp-{{ namespace }}.conf"
       data: |-

roles/adguard-home/defaults/main.yaml

@@ -1,5 +1,6 @@
 adguard_enabled: false
 adguard_publish: false
+adguard_short_name: "adguard"
 adguard_default_values:
   # upgrade strategy type (e.g. Recreate or RollingUpdate)
   strategyType: RollingUpdate
@@ -179,11 +180,11 @@ adguard_default_values:
       kubernetes.io/tls-acme: "true"
     path: /
     hosts:
-      - adguard.{{ domain }}
+      - "{{ adguard_short_name }}.{{ domain }}"
     tls:
-      - secretName: adguard.{{ domain }}-tls
+      - secretName: "{{ adguard_short_name }}.{{ domain }}-tls"
         hosts:
-          - adguard.{{ domain }}
+          - "{{ adguard_short_name }}adguard.{{ domain }}"
   
   service:
     type: ClusterIP

roles/bitwarden/defaults/main.yaml

@@ -1,10 +1,11 @@
 bitwarden_enabled: true
 bitwarden_publish: false
 bitwarden_use_external_db: true
+bitwarden_short_name: "bitwarden"
 bitwarden_default_values:
   fullnameOverride: "bitwarden"
   bitwarden:
-    domain: "https://bitwarden.{{ domain }}"
+    domain: "https://{{ bitwarden_short_name }}.{{ domain }}"
     signupsAllowed: true
     invitationsAllowed: true
     gui:
@@ -85,9 +86,9 @@ bitwarden_default_values:
       cert-manager.io/acme-challenge-type: "dns01"
       kubernetes.io/tls-acme: "true"
     hosts:
-      - host: "bitwarden.{{ domain }}"
+      - host: "{{ bitwarden_short_name }}.{{ domain }}"
         paths: ["/"]
     tls:
-      - secretName: "bitwarden.{{ domain }}-tls"
+      - secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls"
         hosts:
-          - "bitwarden.{{ domain }}"
+          - "{{ bitwarden_short_name }}.{{ domain }}"

roles/chartmuseum/defaults/main.yaml

@@ -1,5 +1,6 @@
 chartmuseum_enabled: true
 chartmuseum_publish: false
+chartmuseum_short_name: "charts"
 chartmuseum_default_values:
   env:
     open:
@@ -47,10 +48,10 @@ chartmuseum_default_values:
       kubernetes.io/ingress.class: "{{ external_ingress_class if chartmuseum_publish else internal_ingress_class }}"
       kubernetes.io/tls-acme: "true"
     hosts:
-      - name: charts.{{ domain }}
+      - name: "{{ chartmuseum_short_name }}.{{ domain }}"
         path: /
         tls: true
-        tlsSecret: charts.{{ domain }}-tls
+        tlsSecret: "{{ chartmuseum_short_name }}.{{ domain }}-tls"
 
 chartmuseum_readonly_ingress_definition: |
   apiVersion: extensions/v1beta1

roles/dovecot/defaults/main.yaml

@@ -1,3 +1,4 @@
+dovecot_short_name: "dovecot"
 dovecot_default_values:
   replicaCount: 1
   persistence:
@@ -6,7 +7,7 @@ dovecot_default_values:
   
   tls:
     enabled: true
-    existingSecret: mail.{{ domain }}-secret
+    existingSecret: "{{ mail_short_name | default('mail') }}.{{ domain }}-secret"
   
   dovecot:
     image:
@@ -36,7 +37,7 @@ dovecot_default_values:
           # it's not found:
           !include_try local.conf
         ldap: |
-          uris = ldaps://openldap.{{ domain }}
+          uris = ldaps://{{ openldap_short_name | default('openldap') }}.{{ domain }}
           dn = uid=ldapbind,ou=services,{{ openldap_domain }}
           dnpass = {{ ldapbind_pass | default(ldapbind_password) }}
           auth_bind = yes

roles/drone/defaults/main.yaml

@@ -1,6 +1,7 @@
 drone_enabled: true
 drone_publish: false
 drone_use_external_db: true
+drone_short_name: "drone"
 drone_default_values:
   service:
     type: ClusterIP
@@ -13,13 +14,13 @@ drone_default_values:
       cert-manager.io/acme-dns01-provider: "rfc2136"
       cert-manager.io/acme-challenge-type: "dns01"
     hosts:
-      - host: "drone.{{ domain }}"
+      - host: "{{ drone_short_name }}.{{ domain }}"
         paths:
           - "/"
     tls:
-     - secretName: "drone.{{ domain }}-tls"
+     - secretName: "{{ drone_short_name }}.{{ domain }}-tls"
        hosts:
-         - "drone.{{ domain }}"
+         - "{{ drone_short_name }}.{{ domain }}"
   persistentVolume:
     enabled: true
     accessModes:
@@ -28,7 +29,7 @@ drone_default_values:
     size: "{{ drone_size | default('8Gi') }}"
     storageClass: "{{ drone_storage | default('nfs-ssd') }}"
   env:
-    DRONE_SERVER_HOST: "drone.{{ domain }}"
+    DRONE_SERVER_HOST: "{{ drone_short_name }}.{{ domain }}"
     DRONE_SERVER_PROTO: https
     DRONE_RPC_SECRET: "{{ drone_rpc_secret | default(omit) }}"
     DRONE_DATABASE_DRIVER: "postgres"
@@ -36,7 +37,7 @@ drone_default_values:
     DRONE_DATABASE_SECRET: "{{ drone_database_secret | default(omit) }}"
     DRONE_GITEA_CLIENT_ID: "{{ drone_gitea_client_id | default(omit) }}"
     DRONE_GITEA_CLIENT_SECRET: "{{ drone_gitea_client_secret | default(omit) }}"
-    DRONE_GITEA_SERVER: "https://gitea.{{ domain }}"
+    DRONE_GITEA_SERVER: "https://{{ gitea_short_name | default('gitea') }}.{{ domain }}"
 
 drone_runner_kube_default_values:
   rbac:
@@ -44,7 +45,7 @@ drone_runner_kube_default_values:
       - "{{ drone_namespace | default(namespace) }}"
   env:
     DRONE_RPC_SECRET: "{{ drone_rpc_secret }}"
-    DRONE_RPC_HOST: "drone.{{ domain }}"
+    DRONE_RPC_HOST: "{{ drone_short_name }}.{{ domain }}"
     DRONE_RPC_PROTO: https
     DRONE_NAMESPACE_DEFAULT: "{{ drone_namespace | default(namespace) }}"
 

roles/gitea/defaults/main.yaml

@@ -2,86 +2,85 @@ gitea_enabled: true
 gitea_publish_web: false
 gitea_publish_ssh: false
 gitea_use_external_db: true
+gitea_short_name: "gitea"
 gitea_ingress_class: "{{ gitea_namespace | default(namespace) }}-{{ 'public' if gitea_publish_web else 'private' }}-gitea-ingress-nginx"
 gitea_default_values:
-  config:
+  service:
-    disableInstaller: true
+    http:
-    admin_user: "{{ gitea_admin_user | default('gitea') }}"
+      clusterIP:
-    admin_pass: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
+    ssh:
-    mailer:
+      clusterIP:
-      domain: "{{ mail_domain | default(domain) }}"
-      enabled: true
-      host: "mail.{{ mail_domain | default(domain) }}:465"
-      skip_verify: false
-      is_tls_enabled: true
-      from: "gitea@{{ mail_domain | default(domain) }}"
-      user: "{{ gitea_ldap_user | default('gitea') }}"
-      passwd: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
   ingress:
-    ## Set to true to enable ingress record generation
     enabled: true
-    ## When the ingress is enabled, a host pointing to this will be created
-    hostname: "gitea.{{ domain }}"
     annotations:
       cert-manager.io/cluster-issuer: "letsencrypt-prod"
       cert-manager.io/acme-dns01-provider: "rfc2136"
       cert-manager.io/acme-challenge-type: "dns01"
-      kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
       nginx.ingress.kubernetes.io/proxy-body-size: "0"
       nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
       nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      kubernetes.io/ingress.class: "{{ gitea_ingress_class }}"
       kubernetes.io/tls-acme: "true"
-      #
+    hosts:
-    ## The list of additional hostnames to be covered with this ingress record.
+      - "{{ gitea_short_name }}.{{ domain }}"
-    ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
-    # hosts:
-    # - name: git.example.com
-    #   path: /
     tls:
-     - hosts:    
+      - secretName: "{{ gitea_short_name }}.{{ domain }}-tls"
-       - "gitea.{{ domain }}"
+        hosts:
-       secretName: "gitea.{{ domain }}-tls" 
+          - "{{ gitea_short_name }}.{{ domain }}"
-  service:
+  
-    type: ClusterIP
-    ## This can stay as ClusterIP as (by default) we use ingress
-    http:
-      port: 3000
-      ## Make the external port available
-      # externalPort: 8082
-      # externalHost: gitea.local
-    ## SSH is commonly on port 22
-    ssh:
-      port: 22
-      ## If serving on a different external port used for determining the ssh url in the gui
-      # externalPort: 22
-      # externalHost: gitea.local
-      # externalIPs: []
   persistence:
     enabled: true
-    # existingGiteaClaim: gitea-gitea
+    accessModes: 
-    accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
+      - "{{ gitea_storage_mode | default('ReadWriteMany') }}"
     size: "{{ gitea_size | default('20Gi') }}"
     storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
     ## addtional annotations for PVCs. Uncommenting will prevent the PVC from being deleted.
     annotations:
       "helm.sh/resource-policy": keep
-  lfs:
+  
-    enabled: "{{ gitea_lfs | default(true) }}"
+  gitea:
-    accessMode: "{{ gitea_lfs_storage_mode | default('ReadWriteMany') }}"
+    admin:
-    size: "{{ gitea_lfs_size | default('50Gi') }}"
+      username: "{{ gitea_admin_user | default('gitea') }}"
-    storageClass: "{{ gitea_lfs_storage | default('nfs-hdd') }}"
+      password: "{{ gitea_admin_pass | default(gitea_admin_password) }}"
-    annotations:
+      email: "gitea@{{ mail_domain | default(domain) }}"
-      "helm.sh/resource-policy": keep
+  
-  mariadb:
+    ldap:
-    enabled: false
+      enabled: true
-  externalDB:
+      name: OpenLDAP
-    enabled: true
+      securityProtocol: ldaps
-    dbType: "postgres"
+      host: "{{ openldap_short_name | default('openldap')}}.{{ domain }}"
-    dbHost: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
+      port: "636"
-    dbPort: "5432"
+      userSearchBase: "ou=users,{{ openldap_domain }}"
-    dbDatabase: "gitea"
+      userFilter: "(&(objectClass=posixAccount)(uid=%s))"
-    dbUser: "{{ gitea_db_username | default(omit)}}"
+      emailAttribute: mail
-    dbPassword: "{{ gitea_db_password | default(omit) }}"
+      bindDn: "uid=ldapbind,ou=services,{{ openldap_domain }}"
+      bindPassword: "{{ ldapbind_pass | default(ldapbind_password) }}"
+  
+    config: 
+    #  APP_NAME: "Gitea: Git with a cup of tea"
+      RUN_MODE: prod
+      service:
+        DISABLE_REGISTRATION: true
+      mailer:
+        ENABLED: "true"
+        HOST: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}:465"
+        IS_TLS_ENABLED: "true"
+        FROM: "gitea@{{ mail_domain | default(domain) }}"
+        USER: "{{ gitea_ldap_user | default('gitea') }}"
+        PASSWD: "{{ gitea_ldap_pass | default(gitea_ldap_password) }}"
+        MAILER_TYPE: "smtp"
+  
+      database:
+        DB_TYPE: postgres
+        HOST: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local:5432"
+        NAME: gitea
+        USER: "{{ gitea_db_username | default(omit) }}"
+        PASSWD: "{{ gitea_db_password | default(omit) }}"
+
+    database:
+      builtIn:
+        postgresql:
+          enabled: false
 
 gitea_publish_ingress_nginx_values:
   controller:
@@ -118,7 +117,7 @@ gitea_ingress_nginx_default_values:
         https: https
     ingressClass: "{{ gitea_ingress_class }}"
   tcp: 
-    22: "{{ gitea_namespace | default(namespace) }}/gitea-gitea-svc:22"
+    22: "{{ gitea_namespace | default(namespace) }}/{{ namespace }}-gitea-ssh:22"
 
 gitea_dns_default_values:
   fullnameOverride: "{{ gitea_dns_name | default(namespace + '-gitea-internal-dns') }}"

roles/gitea/tasks/main.yaml

@@ -21,7 +21,7 @@
   community.kubernetes.helm:
     create_namespace: true
     release_namespace: "{{ gitea_ingress_nginx_namespace | default(namespace) }}"
-    release_name: "{{ gitea_ingress_nginx_name | default(namespace + '-gitea-ingress-nginx') }}"
+    release_name: "{{ gitea_ingress_nginx_release_name | default(namespace + '-gitea-ingress-nginx') }}"
     chart_ref: "{{ gitea_ingress_nginx_chart | default('ingress-nginx/ingress-nginx') }}"
     chart_version: "{{ gitea_ingress_nginx_version | default(omit) }}"
     release_values: "{{ gitea_ingress_nginx_combined_values | from_yaml }}"
@@ -31,7 +31,7 @@
   community.kubernetes.helm:
     create_namespace: true
     release_namespace: "{{ gitea_dns_namespace | default(namespace) }}"
-    release_name: "{{ gitea_dns_name | default('gitea-internal-dns') }}"
+    release_name: "{{ gitea_dns_relase_name | default(namespace + '-gitea-internal-dns') }}"
     chart_ref: "{{ gitea_dns_chart | default('bitnami/external-dns') }}"
     chart_version: "{{ gitea_dns_version | default(omit) }}"
     release_values: "{{ gitea_dns_combined_values | from_yaml }}"
@@ -42,9 +42,9 @@
   community.kubernetes.helm:
     create_namespace: true
     release_namespace: "{{ gitea_namespace | default(namespace) }}"
-    release_name: "{{ gitea_name | default('gitea') }}"
+    release_name: "{{ gitea_release_name | default(namespace + '-gitea') }}"
-    chart_ref: "{{ gitea_chart | default('ghp/gitea') }}"
+    chart_ref: "{{ gitea_chart | default('gitea-charts/gitea') }}"
     chart_version: "{{ gitea_version | default(omit) }}"
     release_values: "{{ gitea_combined_values | from_yaml }}"
-    wait: true
+    #wait: true
 

roles/helm-repos/defaults/main.yaml

@@ -7,3 +7,4 @@ helm_repos:
   - { name: 'stable', url: 'https://charts.helm.sh/stable' }
   - { name: 'nextcloud', url: 'https://nextcloud.github.io/helm' }
   - { name: 'k8s-at-home', url: 'https://k8s-at-home.com/charts' }
+  - { name: 'gitea-charts', url: 'https://dl.gitea.io/charts' }

roles/mail/defaults/main.yaml

@@ -0,0 +1 @@
+mail_short_name: "mail"

roles/mail/tasks/main.yaml

@@ -6,12 +6,12 @@
       apiVersion: cert-manager.io/v1
       kind: Certificate
       metadata:
-        name: "mail.{{ domain }}-crt"
+        name: "{{ mail_short_name }}.{{ domain }}-crt"
         namespace: "{{ mail_namespace | default(namespace) }}"
       spec:
-        secretName: "mail.{{ domain }}-secret"
+        secretName: "{{ mail_short_name }}.{{ domain }}-secret"
         dnsNames:
-        - "mail.{{ domain }}"
+        - "{{ mail_short_name }}.{{ domain }}"
         issuerRef:
           name: letsencrypt-prod
           # We can reference ClusterIssuers by changing the kind here.

roles/nextcloud/defaults/main.yaml

@@ -1,10 +1,11 @@
 nextcloud_enabled: true
 nextcloud_publish: false
 nextcloud_use_external_db: true
+nextcloud_short_name: "nextcloud"
 nextcloud_default_values:
   image:
     repository: nextcloud
-    tag: 19.0-apache
+    tag: 20.0-apache
     pullPolicy: Always
   replicaCount: 1
   ingress:
@@ -43,11 +44,11 @@ nextcloud_default_values:
           deny all;
         }
     tls:
-      - secretName: "nextcloud.{{ domain }}-tls"
+      - secretName: "{{ nextcloud_short_name }}.{{ domain }}-tls"
         hosts:
-          - "nextcloud.{{ domain }}"
+          - "{{ nextcloud_short_name }}.{{ domain }}"
   nextcloud:
-    host: "nextcloud.{{ domain }}"
+    host: "{{ nextcloud_short_name }}.{{ domain }}"
     username: admin
     password: "{{ nextcloud_pass | default(nextcloud_password) }}"
     update: 0
@@ -58,7 +59,7 @@ nextcloud_default_values:
       fromAddress: nextcloud
       domain: "{{ mail_domain | default(domain) }}"
       smtp:
-        host: "mail.{{ mail_domain | default(domain) }}"
+        host: "{{ mail_short_name | default('mail') }}.{{ mail_domain | default(domain) }}"
         secure: ssl
         port: 465
         authtype: LOGIN
@@ -98,7 +99,7 @@ nextcloud_default_values:
         $CONFIG = array (
           'trusted_proxies' => ['{{ web_proxy_internal_ip }}'],
           'overwriteprotocol' => 'https',
-          'overwrite.cli.url' => 'https://nextcloud.{{ domain }}',
+          'overwrite.cli.url' => 'https://{{ nextcloud_short_name }}.{{ domain }}',
           'mail_smtpstreamoptions' =>
           array (
             'ssl' =>
@@ -143,7 +144,7 @@ nextcloud_default_values:
     # Nexcloud image is used as default but only curl is needed
     image:
       repository: nextcloud
-      tag: 19.0-apache
+      tag: 20.0-apache
     schedule: "*/5 * * * *"
     annotations: {}
     # Set curl's insecure option if you use e.g. self-signed certificates
@@ -154,12 +155,14 @@ nextcloud_default_values:
     type: ClusterIP
     port: 8080
     loadBalancerIP: nil
+
   persistence:
     # Nextcloud Data (/var/www/html)
     enabled: true
-    storageClass: "{{ gitea_storage | default('nfs-ssd') }}"
+    storageClass: "{{ nextcloud_storage | default('nfs-ssd') }}"
-    accessMode: "{{ gitea_storage_mode | default('ReadWriteMany') }}"
+    accessMode: "{{ nextcloud_storage_mode | default('ReadWriteMany') }}"
-    size: "{{ gitea_size | default('20Gi') }}"
+    size: "{{ nextcloud_size | default('100Gi') }}"
+
   livenessProbe:
     enabled: false
   readinessProbe:

roles/opendkim/defaults/main.yaml

@@ -1,3 +1,4 @@
+opendkim_short_name: "opendkim"
 opendkim_default_values:
   replicaCount: 1
   persistence:

roles/opendmarc/defaults/main.yaml

@@ -1,3 +1,4 @@
+opendmarc_short_name: "opendmarc"
 opendmarc_default_values:
   replicaCount: 1
   persistence:
@@ -11,7 +12,7 @@ opendmarc_default_values:
       pullPolicy: Always
     configmaps:
       opendmarc: |
-        AuthservID mail.{{ domain }}
+        AuthservID {{ mail_short_name | default('mail') }}.{{ domain }}
         Socket inet:8893
         SoftwareHeader true
         IgnoreAuthenticatedClients true

roles/openldap/defaults/main.yaml

@@ -1,3 +1,4 @@
+openldap_short_name: "openldap"
 openldap_default_values:
   replicaCount: 1
   
@@ -26,10 +27,10 @@ openldap_default_values:
   # settings for enabling TLS
   tls:
     enabled: true
-    secret: "openldap.{{ domain }}-secret"  # The name of a kubernetes.io/tls type secret to use for TLS
+    secret: "{{ openldap_short_name }}.{{ domain }}-secret"  # The name of a kubernetes.io/tls type secret to use for TLS
     CA:
       enabled: true
-      secret: "openldap.{{ domain }}-ca"  # The name of a generic secret to use for custom CA certificate (ca.crt)
+      secret: "{{ openldap_short_name }}.{{ domain }}-ca"  # The name of a generic secret to use for custom CA certificate (ca.crt)
   
   ## Add additional labels to all resources
   extraLabels: {}
@@ -37,7 +38,7 @@ openldap_default_values:
   podAnnotations: {}
   service:
     annotations:
-      external-dns.alpha.kubernetes.io/hostname: openldap.{{ domain }}
+      external-dns.alpha.kubernetes.io/hostname: {{ openldap_short_name }}.{{ domain }}
     clusterIP: ""
   
     ldapPort: 389

roles/peertube/defaults/main.yaml

@@ -1,6 +1,7 @@
 peertube_enabled: false
 peertube_publish: false
 peertube_use_external_db: true
+peertube_short_name: "peertube"
 peertube_default_values:
   replicaCount: 1
   imagePullSecrets: []
@@ -15,7 +16,7 @@ peertube_default_values:
       # Correspond to your reverse proxy server_name/listen configuration
       webserver:
         https: true
-        hostname: 'peertube.{{ domain }}'
+        hostname: '{{ peertube_short_name }}.{{ domain }}'
         port: 443
       rates_limit:
         api:
@@ -68,7 +69,7 @@ peertube_default_values:
         transport: smtp
         # Path to sendmail command. Required if you use sendmail transport
         sendmail: null
-        hostname: "mail.{{ domain }}"
+        hostname: "{{ mail_short_name | default('mail') }}.{{ domain }}"
         port: 465 # If you use StartTLS: 587
         username: peertube
         password: "{{ peertube_ldap_password }}"
@@ -429,12 +430,12 @@ peertube_default_values:
       nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
       nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     hosts:
-      - host: peertube.{{ domain }}
+      - host: "{{ peertube_short_name }}.{{ domain }}"
         paths: ["/"]
     tls:
-      - secretName: peertube.{{ domain }}-tls
+      - secretName: "{{ peertube_short_name }}.{{ domain }}-tls"
         hosts:
-          - peertube.{{ domain }}
+          - "{{ peertube_short_name }}.{{ domain }}"
   persistence:
     enabled: true
     accessMode: "{{ peertube_storage_mode | default('ReadWriteMany') }}"

roles/playmaker/defaults/main.yaml

@@ -1,5 +1,6 @@
 playmaker_enabled: true
 playmaker_publish: false
+playmeker_short_name: "playmaker"
 playmaker_default_values:
   replicaCount: 1
   image:
@@ -62,12 +63,12 @@ playmaker_default_values:
       cert-manager.io/acme-challenge-type: "dns01"
       kubernetes.io/tls-acme: "true"
     hosts:
-      - host: playmaker.{{ domain }}
+      - host: "{{ playmaker_short_name }}.{{ domain }}"
         paths: ["/"]
     tls:
-      - secretName: playmaker.{{ domain }}-tls
+      - secretName: "{{ playmaker_short_name }}.{{ domain }}-tls"
         hosts:
-          - playmaker.{{ domain }}
+          - "{{ playmaker_short_name }}.{{ domain }}"
   persistence:
     enabled: true
     storageClass: "{{ playmaker_storage | default('nfs-hdd') }}"

roles/postfix/defaults/main.yaml

@@ -1,3 +1,4 @@
+postfix_short_name: "postfix"
 postfix_default_values:
   replicaCount: 1
   persistence:
@@ -6,7 +7,7 @@ postfix_default_values:
   
   tls:
     enabled: true
-    existingSecret: mail.{{ domain }}-secret
+    existingSecret: {{ mail_short_name | default('mail') }}.{{ domain }}-secret
   
   postfix:
     image:
@@ -29,7 +30,7 @@ postfix_default_values:
         mail_owner = postfix
         
         # Postfix full server name for mail send/recieve 
-        myhostname = mail.{{ domain }}
+        myhostname = {{ mail_short_name | default('mail') }}.{{ domain }}
         
         # Set domain name
         mydomain = {{ domain }}
@@ -58,7 +59,7 @@ postfix_default_values:
         
         # Dovecot socket for mail delivery
         #virtual_transport = lmtp:unix:private/dovecot-lmtp
-        virtual_transport = lmtp:inet:dovecot.{{ namespace }}.svc.cluster.local:24
+        virtual_transport = lmtp:inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:24
         
         # Certs and TLS options
         smtpd_tls_cert_file = /tls/tls.crt 
@@ -89,12 +90,12 @@ postfix_default_values:
         smtpd_sasl_security_options = noanonymous
         broken_sasl_auth_clients = yes
         smtpd_sasl_type = dovecot
-        smtpd_sasl_path = inet:dovecot.{{ namespace }}.svc.cluster.local:12345
+        smtpd_sasl_path = inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
         smtpd_sasl_local_domain = $myorigin
         
         milter_protocol = 6
         milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
-        smtpd_milters = inet:rspamd.{{ namespace }}.svc.cluster.local:11332
+        smtpd_milters = inet:{{ rspamd_short_name | default('rspamd') }}.{{ namespace }}.svc.cluster.local:11332
         non_smtpd_milters = $smtpd_milters
         milter_default_action = accept
         
@@ -197,7 +198,7 @@ postfix_default_values:
           -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
           -o milter_macro_daemon_name=ORIGINATING
           -o smtpd_sasl_type=dovecot
-          -o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
+          -o smtpd_sasl_path=inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
           -o smtpd_upstream_proxy_protocol=haproxy
         10465     inet  n       -       n       -       -       smtpd
           -o syslog_name=postfix/10465
@@ -206,7 +207,7 @@ postfix_default_values:
           -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
           -o milter_macro_daemon_name=ORIGINATING
           -o smtpd_sasl_type=dovecot
-          -o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
+          -o smtpd_sasl_path=inet:{{ dovecot_short_name | default('dovecot') }}.{{ namespace }}.svc.cluster.local:12345
           -o smtpd_upstream_proxy_protocol=haproxy
         #
         # ====================================================================
@@ -281,7 +282,7 @@ postfix_default_values:
       ldap-local-recipients: |
         debuglevel = 0
         version = 3
-        server_host = ldaps://openldap.{{ domain }}
+        server_host = ldaps://{{ openldap_short_name | default('openldap') }}.{{ domain }}
         server_port = 636
         bind_dn = uid=ldapbind,ou=services,{{ openldap_domain }}
         bind_pw = {{ ldapbind_pass | default(ldapbind_password) }}

roles/postgres/defaults/main.yaml

@@ -1,3 +1,4 @@
+postgres_operator_ui_short_name: "postgres-operator-ui"
 postgres_operator_default_values:
   image:
     registry: "{{ docker_registry }}"
@@ -34,12 +35,12 @@ postgres_operator_ui_default_values:
       cert-manager.io/acme-challenge-type: "dns01"
       kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}"
     hosts:
-      - host: postgres-operator-ui.{{ domain }}
+      - host: "{{ postgres_operator_ui_short_name }}.{{ domain }}"
         paths: [""]
     tls: 
-      - secretName: postgres-operator-ui.{{ domain }}-tls
+      - secretName: "{{ postgres_operator_ui_short_name }}.{{ domain }}-tls"
         hosts:
-          - postgres-operator-ui.{{ domain }}
+          - "{{ postgres_operator_ui_short_name }}.{{ domain }}"
 
 
 postgres_db_definitions:

roles/pypiserver/defaults/main.yaml

@@ -1,5 +1,6 @@
 pypiserver_enabled: true
 pypiserver_publish: false
+pypiserver_short_name: "pip"
 pypiserver_default_values:
   ## If you want more than 1 replica you will have to use a ReadWriteMany volume
   replicaCount: 1
@@ -35,11 +36,11 @@ pypiserver_default_values:
       nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     path: "/"
     hosts: 
-      - pip.{{ domain }}
+      - "{{ pypiserver_short_name }}.{{ domain }}"
     tls: 
-     - secretName: pip.{{ domain }}-tls
+     - secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls"
        hosts:
-         - pip.{{ domain }}
+         - "{{ pypiserver_short_name }}.{{ domain }}"
   persistence:
     enabled: true
     storageClass: "{{ pypiserver_storage | default('nfs-hdd') }}"

roles/registry/defaults/main.yaml

@@ -1,5 +1,6 @@
 registry_enabled: true
 registry_publish: false
+registry_short_name: "registry"
 registry_default_values:
   service:
     type: ClusterIP
@@ -14,11 +15,11 @@ registry_default_values:
       nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
       nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     hosts:
-      - registry.{{ domain }}
+      - "{{ registry_short_name }}.{{ domain }}"
     tls:
-     - secretName: registry.{{ domain }}-tls
+     - secretName: "{{ registry_short_name }}.{{ domain }}-tls"
        hosts:
-         - registry.{{ domain }}
+         - "{{ registry_short_name }}.{{ domain }}"
   persistence:
     enabled: true
     storageClass: "{{ registry_storage | default('nfs-hdd') }}"

roles/roundcube/defaults/main.yaml

@@ -1,6 +1,7 @@
 roundcube_enabled: true
 roundcube_publish: false
 roundcube_use_external_db: true
+roundcube_short_name: "webmail"
 roundcube_default_values:
   env: 
     - name: ROUNDCUBEMAIL_DB_TYPE
@@ -14,11 +15,11 @@ roundcube_default_values:
     - name: ROUNDCUBEMAIL_DB_NAME
       value: roundcube
     - name: ROUNDCUBEMAIL_DEFAULT_HOST
-      value: "ssl://mail.{{ domain }}"
+      value: "ssl://{{ mail_short_name | default('mail') }}.{{ domain }}"
     - name: ROUNDCUBEMAIL_DEFAULT_PORT
       value: "993"
     - name: ROUNDCUBEMAIL_SMTP_SERVER
-      value: "ssl://mail.{{ domain }}"
+      value: "ssl://{{ mail_short_name | default('mail') }}.{{ domain }}"
     - name: ROUNDCUBEMAIL_SMTP_PORT
       value: "465"
     - name: ROUNDCUBEMAIL_SKIN
@@ -40,11 +41,11 @@ roundcube_default_values:
       nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     path: /
     hosts:
-      - webmail.{{ domain }}
+      - "{{ roundcube_short_name }}.{{ domain }}"
     tls: 
-      - secretName: webmail.{{ domain }}-tls
+      - secretName: "{{ roundcube_short_name }}.{{ domain }}-tls"
         hosts:
-          - webmail.{{ domain }}
+          - "{{ roundcube_short_name }}.{{ domain }}"
   persistence:
     enabled: true
     storageClass: "{{ roundcube_storage | default('nfs-hdd') }}"
@@ -56,7 +57,7 @@ roundcube_default_values:
         $config['mail_domain'] = '%d';
         $config['username_domain'] = '%d';
         $config['managesieve_port'] = '4190';
-        $config['managesieve_host'] = 'ssl://dovecot.{{ namespace }}.svc.cluster.local';
+        $config['managesieve_host'] = 'ssl://{{ dovecot_short_name | default("dovecot") }}.{{ namespace }}.svc.cluster.local';
         $config['managesieve_usetls'] = false;
         $config['managesieve_debug']  = true;
         $config['managesieve_conn_options'] = array(

roles/rspamd/defaults/main.yaml

@@ -1,4 +1,5 @@
 rspamd_enabled: true
+rspamd_short_name: "rspamd"
 rspamd_default_values:
   replicaCount: 1
   persistence:

roles/wikijs/defaults/main.yaml

@@ -1,6 +1,7 @@
 wikijs_enabled: true
 wikijs_publish: false
 wikijs_use_external_db: true
+wikijs_short_name: "wikijs"
 wikijs_default_values:
   fullnameOverride: "wikijs"
   ingress:
@@ -11,12 +12,12 @@ wikijs_default_values:
       cert-manager.io/acme-challenge-type: "dns01"
       kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
     hosts:
-      - host: wikijs.{{ domain }}
+      - host: "{{ wikijs_short_name }}.{{ domain }}"
         paths: ["/"]
     tls:
-      - secretName: wikijs.{{ domain }}-tls
+      - secretName: "{{ wikijs_short_name }}.{{ domain }}-tls"
         hosts:
-          - wikijs.{{ domain }}
+          - "{{ wikijs_short_name }}.{{ domain }}"
   postgresql:
     enabled: false
     ssl: false