kanidm: bump to 1.8.6, helm chart 0.2.8

bitwarden/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 1.35.1
+appVersion: 1.35.3
 description: Unofficial Bitwarden compatible server written in Rust
 home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs
 icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png
@@ -17,4 +17,4 @@ name: bitwarden
 sources:
 - https://github.com/dani-garcia/bitwarden_rs
 type: application
-version: 2.0.42
+version: 2.0.44

kanidm/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.7
+version: 0.2.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.8.5"
+appVersion: "1.8.6"

kanidm/values.yaml

@@ -11,7 +11,7 @@ image:
   repository: gitea.geekhome.org/ghp/kanidm
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "1.8.5-1"
+  tag: "1.8.6-1"
 
 imagePullSecrets: []
 nameOverride: ""

mastodon/.github/workflows/test-chart.yml

@@ -75,21 +75,21 @@ jobs:
           # available for use in the templates, currently we need v3.6.0 or
           # higher.
           #
-          - k3s-channel: v1.28
-            helm-version: v3.8.0
+          - k3s-channel: v1.33
+            helm-version: v3.19.0
 
     env:
       HELM_EXPERIMENTAL_OCI: "1"
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       # This action starts a k8s cluster with NetworkPolicy enforcement and
       # installs both kubectl and helm.
       #
       # ref: https://github.com/jupyterhub/action-k3s-helm#readme
       #
-      - uses: jupyterhub/action-k3s-helm@v3
+      - uses: jupyterhub/action-k3s-helm@v4
         with:
           k3s-channel: ${{ matrix.k3s-channel }}
           helm-version: ${{ matrix.helm-version }}

mastodon/CHANGELOG.md

@@ -1,3 +1,64 @@
+# 6.6.3
+
+- Update the mastodon version to v4.5.3
+
+# 6.6.2
+
+- Update the mastodon version to v4.5.2
+
+# 6.6.1
+
+- Update the mastodon version to v4.5.1
+
+# 6.6.0
+
+- Update the mastodon version to v4.5.0. Please refer to the [release notes](https://github.com/mastodon/mastodon/releases/tag/v4.5.0) for important changes.
+
+# 6.5.8
+
+- Update the mastodon version to v4.4.8
+
+# 6.5.7
+
+- Updated all dependent chart images to bitnami legacy repositories.
+- Updated chart test jobs.
+- Added additional configuration options:
+```yaml
+mastodon:
+  s3:
+    protocol: https
+...
+elasticsearch:
+  caSecret:
+  indexPrefix:
+...
+jobLabels:
+```
+
+# 6.5.6
+
+- Update the mastodon version to v4.4.7
+
+# 6.5.5
+
+- Update the mastodon version to v4.4.6
+
+# 6.5.4
+
+- Update the mastodon version to v4.4.5
+
+# 6.5.3
+
+- Update the mastodon version to v4.4.4
+
+# 6.5.2
+
+- Update the Mastodon version to v4.4.3
+
+# 6.5.1
+
+- Updated the Mastodon version to v4.4.2
+
 # 6.5.0
 
 Updated the Mastodon version to v4.4.1. Please read the [4.4.0 release notes](https://github.com/mastodon/mastodon/releases/tag/v4.4.0) before updating from a version < 4.4. In particular:

mastodon/Chart.lock

@@ -7,6 +7,6 @@ dependencies:
   version: 14.2.3
 - name: redis
   repository: oci://registry-1.docker.io/bitnamicharts
-  version: 18.16.1
-digest: sha256:684daaf2067d96e2aa6d93e9d29b7b13fc586f6ae929342e5e9c7c169b1c0748
-generated: "2024-02-23T15:14:47.536480528-08:00"
+  version: 22.0.7
+digest: sha256:003679b2c163c0b349b0d621475cdb85c0556f803f2f959a50cef350d3ce956e
+generated: "2025-10-08T05:16:23.08106463Z"

mastodon/Chart.yaml

@@ -15,12 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time
 # you make changes to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.5.4
+version: 6.6.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "v4.4.8"
+appVersion: "v4.5.6"
 
 dependencies:
   - name: elasticsearch
@@ -32,6 +32,6 @@ dependencies:
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
   - name: redis
-    version: 18.16.1
+    version: 22.0.7
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: redis.enabled

mastodon/templates/_db-migrate.tpl

@@ -33,6 +33,10 @@ spec:
   template:
     metadata:
       name: {{ include "mastodon.fullname" . }}-db-migrate
+      {{- with .Values.jobLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.jobAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}

mastodon/templates/configmap-env.yaml

@@ -5,6 +5,8 @@ metadata:
   labels:
     {{- include "mastodon.labels" . | nindent 4 }}
 data:
+  RAILS_LOG_LEVEL: {{ .Values.mastodon.logLevel.rails | default "info" }}
+  LOG_LEVEL: {{ .Values.mastodon.logLevel.streaming | default "info" }}
   DB_HOST: {{ template "mastodon.postgres.host" . }}
   DB_PORT: {{ template "mastodon.postgres.port" . }}
   DB_NAME: {{ .Values.postgresql.auth.database }}
@@ -38,10 +40,16 @@ data:
   ES_PRESET: {{ .Values.elasticsearch.preset | default "single_node_cluster" | quote }}
   ES_HOST: {{ include "mastodon.elasticsearch.fullHostname" .}}
   ES_PORT: {{ .Values.elasticsearch.port | default "9200" | quote }}
+  {{- if .Values.elasticsearch.caSecret }}
+  ES_CA_FILE: /opt/opensearch/config/ca.certs
+  {{- end }}
   {{- end }}
   {{- with .Values.elasticsearch.user }}
   ES_USER: {{ . }}
   {{- end }}
+  {{- if .Values.elasticsearch.indexPrefix }}
+  ES_PREFIX: {{ .Values.elasticsearch.indexPrefix | quote }}
+  {{- end }}
   LOCAL_DOMAIN: {{ .Values.mastodon.local_domain }}
   {{- with .Values.mastodon.web_domain }}
   WEB_DOMAIN: {{ . }}
@@ -93,7 +101,7 @@ data:
   S3_ENABLED: "true"
   S3_ENDPOINT: {{ .Values.mastodon.s3.endpoint }}
   S3_HOSTNAME: {{ .Values.mastodon.s3.hostname }}
-  S3_PROTOCOL: "https"
+  S3_PROTOCOL: {{ .Values.mastodon.s3.protocol }}
   {{- if .Values.mastodon.s3.permission }}
   S3_PERMISSION: {{ .Values.mastodon.s3.permission }}
   {{- end }}
@@ -195,7 +203,7 @@ data:
   OIDC_DISCOVERY: {{ .Values.externalAuth.oidc.discovery | quote }}
   OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
   OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
-  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
+  OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id | quote }}
   OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
   OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
   OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}

mastodon/templates/cronjob-media-remove.yaml

@@ -12,6 +12,10 @@ spec:
       template:
         metadata:
           name: {{ include "mastodon.fullname" . }}-media-remove
+          {{- with .Values.jobLabels }}
+          labels:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           {{- with .Values.jobAnnotations }}
           annotations:
             {{- toYaml . | nindent 12 }}

mastodon/templates/deployment-sidekiq.yaml

@@ -88,6 +88,11 @@ spec:
           persistentVolumeClaim:
             claimName: {{ template "mastodon.pvc.system" $context }}
       {{- end }}
+      {{- if $context.Values.elasticsearch.caSecret.name }}
+        - name: elasticsearch-ca
+          secret:
+            secretName: {{ $context.Values.elasticsearch.caSecret.name }}
+      {{- end }}
       {{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
       {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
         - name: config-database-yml
@@ -249,6 +254,12 @@ spec:
             - name: system
               mountPath: /opt/mastodon/public/system
           {{- end }}
+          {{- if $context.Values.elasticsearch.caSecret.name }}
+            - name: elasticsearch-ca
+              mountPath: /opt/opensearch/config/ca.certs
+              subPath: {{ $context.Values.elasticsearch.caSecret.key }}
+              readOnly: true
+          {{- end }}
           {{- if dig "customDatabaseConfigYml" "configMapRef" "name" false . }}
             - name: config-database-yml
               mountPath: /opt/mastodon/config/database.yml

mastodon/templates/deployment-web.yaml

@@ -69,6 +69,11 @@ spec:
           persistentVolumeClaim:
             claimName: {{ template "mastodon.pvc.system" . }}
       {{- end }}
+      {{- if .Values.elasticsearch.caSecret.name }}
+        - name: elasticsearch-ca
+          secret:
+            secretName: {{ .Values.elasticsearch.caSecret.name}}
+      {{- end }}
       {{- include "mastodon.statsdExporterVolume" $ | indent 8 }}
       {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
         - name: config-database-yml
@@ -220,6 +225,12 @@ spec:
             - name: system
               mountPath: /opt/mastodon/public/system
           {{- end }}
+          {{- if .Values.elasticsearch.caSecret.name }}
+            - name: elasticsearch-ca
+              mountPath: /opt/opensearch/config/ca.certs
+              subPath: {{ .Values.elasticsearch.caSecret.key }}
+              readOnly: true
+          {{- end }}
           {{- if .Values.mastodon.web.customDatabaseConfigYml.configMapRef.name }}
             - name: config-database-yml
               mountPath: /opt/mastodon/config/database.yml

mastodon/templates/job-assets-copy.yaml

@@ -13,6 +13,10 @@ spec:
   template:
     metadata:
       name: {{ include "mastodon.fullname" . }}-assets-upload
+      {{- with .Values.jobLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.jobAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}

mastodon/templates/job-create-admin.yaml

@@ -13,6 +13,10 @@ spec:
   template:
     metadata:
       name: {{ include "mastodon.fullname" . }}-create-admin
+      {{- with .Values.jobLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.jobAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}

mastodon/templates/job-deploy-search.yaml

@@ -14,6 +14,10 @@ spec:
   template:
     metadata:
       name: {{ include "mastodon.fullname" . }}-deploy-search
+      {{- with .Values.jobLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.jobAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}

mastodon/templates/job-set-admin-password.yaml

@@ -13,6 +13,10 @@ spec:
   template:
     metadata:
       name: {{ include "mastodon.fullname" . }}-create-admin
+      {{- with .Values.jobLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.jobAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}

mastodon/templates/pvc-assets.yaml

@@ -5,6 +5,10 @@ metadata:
   name: {{ template "mastodon.fullname" . }}-assets
   labels:
     {{- include "mastodon.labels" . | nindent 4 }}
+  {{- if .Values.mastodon.persistence.assets.keepAfterDelete }}
+  annotations:
+    helm.sh/hook-delete-policy: keep
+  {{- end }}
 spec:
   accessModes:
     - {{ .Values.mastodon.persistence.assets.accessMode }}

mastodon/templates/pvc-system.yaml

@@ -5,6 +5,10 @@ metadata:
   name: {{ template "mastodon.fullname" . }}-system
   labels:
     {{- include "mastodon.labels" . | nindent 4 }}
+  {{- if .Values.mastodon.persistence.system.keepAfterDelete }}
+  annotations:
+    helm.sh/hook-delete-policy: keep
+  {{- end }}
 spec:
   accessModes:
     - {{ .Values.mastodon.persistence.system.accessMode }}

mastodon/values.yaml

@@ -11,6 +11,12 @@ image:
   pullPolicy: IfNotPresent
 
 mastodon:
+  logLevel:
+    # Set log level for the web and Sidekiq processes.
+    rails: info
+    # Set log level for the streaming process.
+    streaming: info
+
   # Labels added to every Mastodon-related object
   labels: {}
   # Labes added to every deployed mastodon pod
@@ -141,6 +147,7 @@ mastodon:
       # scalability, since it requires the Rails and Sidekiq pods to run on the
       # same node.
       accessMode: ReadWriteOnce
+      keepAfterDelete: true
       resources:
         requests:
           storage: 10Gi
@@ -148,6 +155,7 @@ mastodon:
       existingClaim:
     system:
       accessMode: ReadWriteOnce
+      keepAfterDelete: true
       resources:
         requests:
           storage: 100Gi
@@ -162,6 +170,7 @@ mastodon:
     existingSecret: ""
     bucket: ""
     endpoint: ""
+    protocol: https
     hostname: ""
     region: ""
     permission: ""
@@ -625,8 +634,8 @@ elasticsearch:
   # RAILS_ENV=production bundle exec rake chewy:sync
   # (https://docs.joinmastodon.org/admin/optional/elasticsearch/)
   enabled: true
-  # @ignored
   image:
+    repository: bitnamilegacy/elasticsearch
     tag: 7
 
   # If you are using an external ES cluster, use `enabled: false` and set the hostname, port,
@@ -653,6 +662,15 @@ elasticsearch:
   metrics:
     nodeSelector: {}
 
+  caSecret: {}
+  #  # caSecret.name is the name of the secret containing the CA certificate.
+  #  name:
+  #  # caSecret.key is the key in the secret containing the CA certificate.
+  #  key: ca.crt
+
+  # elasticsearchIndexPrefix specifies the prefix for Elasticsearch indices used by this Mastodon server
+  # indexPrefix: ""
+
 # Configuration for PostgreSQL.
 # When enabled, the bitnami helm chart is used for PostgreSQL deployment, and
 # all values here correspond to their values file. Please see the bitnami chart
@@ -666,6 +684,8 @@ postgresql:
   # Please note that certain features do not work when enabling the included
   # database, namely automatic schema creation when the app is first installed.
   enabled: true
+  image:
+    repository: bitnamilegacy/postgresql
   # postgresqlHostname: preexisting-postgresql
   # postgresqlPort: 5432
 
@@ -727,6 +747,9 @@ redis:
   # disable if you want to use an existing redis instance; in which case the
   # values below must match those of that external redis instance
   enabled: true
+  image:
+    registry: docker.io
+    repository: bitnamilegacy/redis
   hostname: ""
   port: 6379
   auth:
@@ -913,6 +936,9 @@ podAnnotations: {}
 # cause all pods to be recreated every `helm upgrade` regardless of whether their config or spec changes.
 revisionPodAnnotation: true
 
+# The labels set with jobLabels will be added to all mastodon job pods
+jobLabels: {}
+
 # The annotations set with jobAnnotations will be added to all mastodon job pods
 jobAnnotations: {}
 

peertube/Chart.yaml

@@ -12,5 +12,5 @@ dependencies:
   repository: https://charts.bitnami.com/bitnami
   version: 24.0.0
 type: application
-version: 0.5.0
-appVersion: 7.2.3
+version: 0.5.2
+appVersion: 8.0.2

peertube/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: chocobozzz/peertube
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "v7.2.3-bookworm"
+  tag: "v8.0.2"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -28,7 +28,10 @@ configAsCode:
     # Secrets you need to generate the first time you run PeerTube
     secrets:
       # Generate one using `openssl rand -hex 32`
-      peertube: 'change-me-i-am-not-secure'
+      peertube: ''
+    # How long PeerTube should wait to receive the entire request
+    http_timeouts:
+      request: '5 minutes'
     rates_limit:
       api:
         # 50 attempts in 10 seconds
@@ -127,37 +130,6 @@ configAsCode:
       disable_starttls: true
       ca_file: null # Used for self signed certificates
       from_address: 'peertube@example.com'
-    email:
-      body:
-        signature: 'PeerTube'
-      subject:
-        prefix: '[PeerTube]'
-    # Update default PeerTube values
-    # Set by API when the field is not provided and put as default value in client
-    defaults:
-      # Change default values when publishing a video (upload/import/go Live)
-      publish:
-        download_enabled: true
-        # enabled = 1, disabled = 2, requires_approval = 3
-        comments_policy: 1
-        # public = 1, unlisted = 2, private = 3, internal = 4
-        privacy: 1
-        # CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
-        # You can also choose a custom licence value added by a plugin
-        # No licence by default
-        licence: null
-      p2p:
-        # Enable P2P by default in PeerTube client
-        # Can be enabled/disabled by anonymous users and logged in users
-        webapp:
-          enabled: true
-        # Enable P2P by default in PeerTube embed
-        # Can be enabled/disabled by URL option
-        embed:
-          enabled: true
-      player:
-        # By default, playback starts automatically when opening a video
-        auto_play: true
     # From the project root directory
     storage:
       tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before and during processing...
@@ -177,14 +149,15 @@ configAsCode:
       cache: '/var/www/peertube/storage/cache/'
       plugins: '/var/www/peertube/storage/plugins/'
       well_known: '/var/www/peertube/storage/well-known/'
+      # Various admin/user uploads that are not suitable for the folders above
+      uploads: '/var/www/peertube/storage/uploads/'
       # Overridable client files in client/dist/assets/images:
-      # - logo.svg
-      # - favicon.png
-      # - default-playlist.jpg
+      # - default-avatar-account-48x48.png
       # - default-avatar-account.png
+      # - default-avatar-video-channel-48x48.png
       # - default-avatar-video-channel.png
-      # - and icons/*.png (PWA)
-      # Could contain for example assets/images/favicon.png
+      # - default-playlist.jpg
+      # Could contain for example "assets/images/default-playlist.jpg"
       # If the file exists, peertube will serve it
       # If not, peertube will fallback to the default file
       client_overrides: '/var/www/peertube/storage/client-overrides/'
@@ -360,12 +333,19 @@ configAsCode:
     views:
       videos:
         # PeerTube creates a database entry every hour for each video to track views over a period of time
-        # This is used in particular by the Trending page
-        # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered)
+        # This is used in particular by the Trending/Hot algorithms
+        # PeerTube can remove views from remote videos if you want to reduce your database size (video view counter will not be altered)
         # -1 means no cleanup
         # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
         remote:
           max_age: '30 days'
+        # PeerTube can also remove views informations from local videos
+        # Local views are used by the Trending/Hot algorithms, as remote views, but they are also used to display view stats to video makers
+        # Video view counter will not be altered, but video makers won't be able to see views stats of their videos before "max_age"
+        # -1 means no cleanup
+        # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database)
+        local:
+          max_age: -1
         # PeerTube buffers local video views before updating and federating the video
         local_buffer_update_interval: '30 minutes'
         # How long does it take to count again a view from the same user
@@ -385,7 +365,6 @@ configAsCode:
           # Unlike anonymous viewers, this endpoint is also used to store the "last watched video timecode" for your users
           # Increasing this value reduces the accuracy of the video resume
           users: '5 seconds'
-
     # Used to get country location of views of local videos
     geo_ip:
       enabled: true
@@ -439,6 +418,8 @@ configAsCode:
       stalled_jobs:
         live: '30 seconds'
         vod: '2 minutes'
+        studio: '2 minutes'
+        transcription: '2 minutes'
     thumbnails:
       # When automatically generating a thumbnail from the video
       generation_from_video:
@@ -466,10 +447,13 @@ configAsCode:
       total_admins:
         enabled: true
     webrtc:
-      # 1 or 2 STUN servers are sufficient
+      # STUN servers used by web browser to discover its public IP address, used by the player to establish P2P connections
+      # You can add or replace these STUN server URLs, or install your own
       stun_servers:
-        - 'stun:stunserver2024.stunprotocol.org'
+        - 'stun:stunserver2025.stunprotocol.org'
         - 'stun:stun.framasoft.org'
+        - 'stun:stun.ekiga.net'
+        - 'stun:stun.freeswitch.org'
     nsfw_flags_settings:
       # Allow logged-in/anonymous users to have a more granular control over their NSFW policy
       # using NSFW flags (violent content, etc.) set by video authors
@@ -523,7 +507,7 @@ configAsCode:
     user:
       history:
         videos:
-          # Enable or disable video history by default for new users.
+          # Enable or disable video history by default for new users
           enabled: true
       # Default value of maximum video bytes the user can upload
       # Does not take into account transcoded files or account export archives (that can include user uploaded files)
@@ -532,8 +516,11 @@ configAsCode:
       video_quota: -1
       video_quota_daily: -1
       default_channel_name: 'Main $1 channel' # The placeholder $1 is used to represent the user's username
+      password_constraints:
+        min_length: 8
     video_channels:
-      max_per_user: 20 # Allows each user to create up to 20 video channels.
+      max_per_user: 20 # Allows each user to create up to 20 video channels
+      max_collaborators_per_channel: 20
     # If enabled, the video will be transcoded to mp4 (x264) with `faststart` flag
     # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions
     # Please, do not disable transcoding since many uploaded videos will not work
@@ -588,7 +575,6 @@ configAsCode:
         max: 60
       # Generate videos in a web compatible format
       # If you also enabled the hls format, it will multiply videos storage by 2
-      # If disabled, breaks federation with PeerTube instances < 2.1
       web_videos:
         enabled: false
       # /!\ Requires ffmpeg >= 4.1
@@ -698,6 +684,8 @@ configAsCode:
       #  * CTranslate2 Whisper model directory path for 'whisper-ctranslate2'
       # If not provided, PeerTube will automatically download the model
       model_path: null
+      # Increase this value if you plan to transcribe long videos and if your video doesn't have a GPU
+      timeout: '6 hours'
       # Enable remote runners to transcribe videos
       # If enabled, your instance won't transcribe the videos itself
       # At least 1 remote runner must be configured to transcribe your videos
@@ -714,6 +702,8 @@ configAsCode:
         concurrency: 1
         # Set a custom video import timeout to not block import queue
         timeout: '2 hours'
+        # Number of attempts a user or the channel sync process can do to import a video if an error occurs during the import process
+        max_attempts: 3
         # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
         http:
           # We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
@@ -761,6 +751,7 @@ configAsCode:
         videos_limit_per_synchronization: 10
         # Max number of videos to import when the user asks for full sync
         full_sync_videos_limit: 1000
+      # Add ability for your users to import a PeerTube archive file to automatically create videos, channels, captions, etc
       users:
         # Video quota is checked on import so the user doesn't upload a too big archive file
         # Video quota (daily quota is not taken into account) is also checked for each video when PeerTube is processing the import
@@ -800,6 +791,9 @@ configAsCode:
       # If you want to explain on what type of hardware your PeerTube instance runs
       # Example: '2 vCore, 2GB RAM...'
       hardware_information: '' # Supports Markdown
+      # Default language of your instance, used in emails for example
+      # The web interface still uses the web browser preferred language
+      default_language: 'en'
       # Describe the languages spoken on your instance, to interact with your users for example
       # Uncomment or add the languages you want
       # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages
@@ -854,6 +848,8 @@ configAsCode:
         mastodon_link: ''
         # Bluesky
         bluesky_link: ''
+        # X
+        x_link: ''
       customizations:
         javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime
         css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime
@@ -875,10 +871,15 @@ configAsCode:
         username: '@Chocobozzz'
     followers:
       instance:
-        # Allow or not other instances to follow yours
+        # Allow remote actors to follow your instance
+        # This setting is not retroactive: current followers of your instance will not be affected
         enabled: true
         # Whether or not an administrator must manually validate a new follower
         manual_approval: false
+      channels:
+        # Allow remote actors to follow channels/accounts of your instance
+        # This setting is not retroactive: current followers of local channels/accounts will not be affected
+        enabled: true
     followings:
       instance:
         # If you want to automatically follow back new instance followers
@@ -895,6 +896,20 @@ configAsCode:
           index_url: ''
     theme:
       default: 'default'
+      # Easily redefine the client UI when the user is using your default instance theme
+      # Use null to keep the default values
+      # If you need more advanced customizations, install or develop a dedicated theme: https://docs.joinpeertube.org/contribute/plugins
+      customization:
+        primary_color: null # Hex color. Example: '#FF8F37'
+        foreground_color: null # Hex color
+        background_color: null # Hex color
+        background_secondary_color: null # Hex color
+        menu_foreground_color: null # Hex color
+        menu_background_color: null # Hex color
+        menu_border_radius: null # Pixels. Example: '5px'
+        header_background_color: null # Hex color
+        header_foreground_color: null # Hex color
+        input_border_radius: null # Pixels
     broadcast_message:
       enabled: false
       message: '' # Support markdown
@@ -926,6 +941,12 @@ configAsCode:
         is_default_search: false
     # PeerTube client/interface configuration
     client:
+      # Display modals to inform users of new features after a PeerTube update
+      new_features_info: true
+      header:
+        # Hide the instance name in the header on desktop
+        # Useful if your logo already contains the instance name
+        hide_instance_name: false
       videos:
         miniature:
           # By default PeerTube client displays author username
@@ -934,6 +955,20 @@ configAsCode:
           # Max size of upload chunks, e.g. '90MB'
           # If null, it will be calculated based on network speed
           max_chunk_size: null
+      browse_videos:
+        # Default sort option
+        # Available options:
+        #  '-publishedAt'
+        #  '-originallyPublishedAt'
+        #  'name'
+        #  '-trending' (requires the 'most-viewed' trending videos algorithm to be enabled)
+        #  '-hot' (requires the 'hot' trending videos algorithm to be enabled)
+        #  '-likes' (requires the 'most-liked' trending videos algorithm to be enabled)
+        #  '-views'
+        default_sort: '-publishedAt'
+        # Default scope option
+        # Available options: 'local' or 'federated'
+        default_scope: 'federated'
       menu:
         login:
           # If you enable only one external auth plugin
@@ -963,6 +998,47 @@ configAsCode:
     storyboards:
       # Generate storyboards of local videos using ffmpeg so users can see the video preview in the player while scrubbing the video
       enabled: true
+      remote_runners:
+        # Use remote runners to generate storyboards instead of processing them locally
+        enabled: false
+    # Update default PeerTube values
+    # Set by API when the field is not provided and put as default value in client
+    defaults:
+      # Change default values when publishing a video (upload/import/go Live)
+      publish:
+        download_enabled: true
+        # enabled = 1, disabled = 2, requires_approval = 3
+        comments_policy: 1
+        # public = 1, unlisted = 2, private = 3, internal = 4
+        privacy: 1
+        # CC-BY = 1, CC-SA = 2, CC-ND = 3, CC-NC = 4, CC-NC-SA = 5, CC-NC-ND = 6, Public Domain = 7
+        # You can also choose a custom licence value added by a plugin
+        # No licence by default
+        licence: null
+      p2p:
+        # Enable P2P by default in PeerTube client
+        # Can be enabled/disabled by anonymous users and logged in users
+        webapp:
+          enabled: true
+        # Enable P2P by default in PeerTube embed
+        # Can be enabled/disabled by URL option
+        embed:
+          enabled: true
+      player:
+        theme: 'galaxy' # 'galaxy' | 'lucide'
+        # By default, playback starts automatically when opening a video
+        auto_play: true
+    email:
+      body:
+        # Support {{instanceName}} template variable
+        signature: ''
+      subject:
+        # Support {{instanceName}} template variable
+        prefix: '[{{instanceName}}] '
+    video_comments:
+      # Accept or not comments from remote instances
+      # This setting is not retroactive: current comments from remote platforms will not be deleted
+      accept_remote_comments: true
 
 # Set initial root password
 #env:

radicle-explorer/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

radicle-explorer/Chart.yaml

@@ -0,0 +1,35 @@
+apiVersion: v2
+name: radicle-explorer
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.5
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "29b952"
+
+home: https://radicle.xyz/
+
+keywords:
+- radicle
+- radicle-explorer
+
+maintainers:
+- email: ace@0xace.cc
+  name: Ace
+  url: https://geekhome.org

radicle-explorer/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "radicle-explorer.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "radicle-explorer.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "radicle-explorer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "radicle-explorer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

radicle-explorer/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "radicle-explorer.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "radicle-explorer.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "radicle-explorer.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "radicle-explorer.labels" -}}
+helm.sh/chart: {{ include "radicle-explorer.chart" . }}
+{{ include "radicle-explorer.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "radicle-explorer.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "radicle-explorer.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "radicle-explorer.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "radicle-explorer.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

radicle-explorer/templates/configmap.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.configAsCode.enabled }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "radicle-explorer.fullname" . }}-config
+  labels:
+    app.kubernetes.io/name: {{ include "radicle-explorer.name" . }}
+    helm.sh/chart: {{ include "radicle-explorer.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  default.json: |
+    {{- toYaml .Values.configAsCode.config | fromYaml | toPrettyJson | nindent 4 }}
+{{- end }}

radicle-explorer/templates/deployment.yaml

@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "radicle-explorer.fullname" . }}
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "radicle-explorer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "radicle-explorer.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "radicle-explorer.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          #command: ["/bin/sh", "-c"]
+          #args: ["npm run start"]
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          env:
+            - name: VITE_RUNTIME_CONFIG
+              value: "true"
+            - name: __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS
+              value: {{ .Values.radicleExplorerVite.allowedHosts }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "radicle-explorer.fullname" . }}-config
+              mountPath: /radicle-explorer/config/default.json
+              subPath: default.json
+          {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+      {{- with .Values.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.configAsCode.enabled }}
+      - name: {{ include "radicle-explorer.fullname" . }}-config
+        configMap:
+          name: {{ include "radicle-explorer.fullname" . }}-config
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

radicle-explorer/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "radicle-explorer.fullname" . }}
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "radicle-explorer.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

radicle-explorer/templates/ingress.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "radicle-explorer.fullname" . }}
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- with .pathType }}
+            pathType: {{ . }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "radicle-explorer.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

radicle-explorer/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "radicle-explorer.fullname" . }}
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "radicle-explorer.selectorLabels" . | nindent 4 }}

radicle-explorer/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "radicle-explorer.serviceAccountName" . }}
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}

radicle-explorer/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "radicle-explorer.fullname" . }}-test-connection"
+  labels:
+    {{- include "radicle-explorer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "radicle-explorer.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

radicle-explorer/values.yaml

@@ -0,0 +1,154 @@
+# Default values for radicle-explorer.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+replicaCount: 1
+
+# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
+image:
+  repository: gitea.geekhome.org/ghp/radicle-explorer
+  # This sets the pull policy for images.
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "29b952-1"
+
+# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# This is to override the chart name.
+nameOverride: ""
+fullnameOverride: ""
+
+radicleExplorerVite:
+  allowedHosts: "app.radicle.example.com"
+
+configAsCode:
+  enabled: true
+  config:
+    nodes:
+      fallbackPublicExplorer: https://app.radicle.example.com/nodes/$host/$rid$path
+      requiredApiVersion: "~0.18.0"
+      defaultHttpdPort: 443
+      defaultLocalHttpdPort: 8080
+      defaultHttpdScheme: https
+    source:
+      commitsPerPage: 30
+    supportWebsite: https://radicle.zulipchat.com
+    deploymentId: 
+    preferredSeeds:
+    - hostname: seed.radicle.example.com
+      port: 443
+      scheme: https
+    - hostname: rosa.radicle.xyz
+      port: 443
+      scheme: https
+    - hostname: seed.radicle.xyz
+      port: 443
+      scheme: https
+    - hostname: iris.radicle.xyz
+      port: 443
+      scheme: https
+
+# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# This is for setting Kubernetes Annotations to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+podAnnotations: {}
+# This is for setting Kubernetes Labels to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+podLabels: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+service:
+  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+  type: ClusterIP
+  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+  port: 3000
+
+# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: app.radicle.example.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: app.radicle.example.com-tls
+  #    hosts:
+  #      - app.radicle.example.com
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+livenessProbe:
+  httpGet:
+    path: /
+    port: http
+readinessProbe:
+  httpGet:
+    path: /
+    port: http
+
+# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+# Additional volumes on the output Deployment definition.
+volumes: []
+# - name: foo
+#   secret:
+#     secretName: mysecret
+#     optional: false
+
+# Additional volumeMounts on the output Deployment definition.
+volumeMounts: []
+# - name: foo
+#   mountPath: "/etc/foo"
+#   readOnly: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

radicle/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

radicle/Chart.yaml

@@ -0,0 +1,36 @@
+apiVersion: v2
+name: radicle
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.5
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.6.1"
+
+home: https://radicle.xyz/
+
+keywords:
+- radicle
+- radicle-node
+- radicle-httpd
+
+maintainers:
+- email: ace@0xace.cc
+  name: Ace
+  url: https://geekhome.org

radicle/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "radicle.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "radicle.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "radicle.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "radicle.labels" -}}
+helm.sh/chart: {{ include "radicle.chart" . }}
+{{ include "radicle.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "radicle.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "radicle.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "radicle.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "radicle.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

radicle/templates/configmap.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.configAsCode.enabled }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "radicle.fullname" . }}-config
+  labels:
+    app.kubernetes.io/name: {{ include "radicle.name" . }}
+    helm.sh/chart: {{ include "radicle.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  config.json: |
+    {{- toYaml .Values.configAsCode.config | fromYaml | toPrettyJson | nindent 4 }}
+{{- end }}

radicle/templates/deployment.yaml

@@ -0,0 +1,174 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "radicle.fullname" . }}
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  strategy:
+    type: {{ .Values.strategyType }}
+  selector:
+    matchLabels:
+      {{- include "radicle.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "radicle.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "radicle.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers:
+        - name: {{ .Chart.Name }}-init
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.radicleNode.repository }}:{{ .Values.image.radicleNode.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          tty: true
+          command: ["/bin/sh", "-c"]
+          args: ["rad auth --alias {{ .Values.configAsCode.config.node.alias }}"]
+          env:
+          {{- range $key, $value := .Values.env }}
+          - name: {{ tpl $key $ }}
+            value: {{ tpl $value $ | quote }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "radicle.fullname" . }}-data
+              mountPath: /root/.radicle
+          {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}-node
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.radicleNode.repository }}:{{ .Values.image.radicleNode.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: tcp
+              containerPort: {{ .Values.service.tcp }}
+              protocol: TCP
+          env:
+          {{- range $key, $value := .Values.env }}
+          - name: {{ tpl $key $ }}
+            value: {{ tpl $value $ | quote }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "radicle.fullname" . }}-data
+              mountPath: /root/.radicle
+            - name: {{ include "radicle.fullname" . }}-config
+              mountPath: /root/.radicle/config.json
+              subPath: config.json
+          {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        - name: {{ .Chart.Name }}-httpd
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.radicleHttpd.repository }}:{{ .Values.image.radicleHttpd.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.http }}
+              protocol: TCP
+          env:
+          {{- range $key, $value := .Values.env }}
+          - name: {{ tpl $key $ }}
+            value: {{ tpl $value $ | quote }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: {{ include "radicle.fullname" . }}-data
+              mountPath: /root/.radicle
+            - name: {{ include "radicle.fullname" . }}-config
+              mountPath: /root/.radicle/config.json
+              subPath: config.json
+          {{- with .Values.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+      {{- with .Values.volumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      - name: {{ include "radicle.fullname" . }}-data
+        {{- if .Values.persistence.enabled }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default (include "radicle.fullname" .) }}
+        {{- else }}
+        emptyDir: {}
+        {{- end }}
+      {{- if .Values.configAsCode.enabled }}
+      - name: {{ include "radicle.fullname" . }}-config
+        configMap:
+          name: {{ include "radicle.fullname" . }}-config
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

radicle/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "radicle.fullname" . }}
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "radicle.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

radicle/templates/ingress.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "radicle.fullname" . }}
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- with .pathType }}
+            pathType: {{ . }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "radicle.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.http }}
+          {{- end }}
+    {{- end }}
+{{- end }}

radicle/templates/persistentvolumeclaim.yaml

@@ -0,0 +1,28 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "radicle.fullname" . }}
+  labels:
+    app: {{ template "radicle.name" . }}
+    chart: {{ template "radicle.chart" . }}
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+  annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}

radicle/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "radicle.fullname" . }}
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.tcp }}
+      targetPort: tcp
+      protocol: TCP
+      name: tcp
+    - port: {{ .Values.service.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "radicle.selectorLabels" . | nindent 4 }}

radicle/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "radicle.serviceAccountName" . }}
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}

radicle/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "radicle.fullname" . }}-test-connection"
+  labels:
+    {{- include "radicle.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "radicle.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

radicle/values.yaml

@@ -0,0 +1,196 @@
+# Default values for radicle.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+replicaCount: 1
+strategyType: Recreate
+
+# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
+image:
+  radicleNode:
+    repository: gitea.geekhome.org/ghp/radicle-node
+    tag: "1.6.1-1"
+    pullPolicy: IfNotPresent
+  radicleHttpd:
+    repository: gitea.geekhome.org/ghp/radicle-httpd
+    tag: "0.23.0-1"
+    pullPolicy: IfNotPresent
+
+# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# This is to override the chart name.
+nameOverride: ""
+fullnameOverride: ""
+
+env:
+  RAD_PASSPHRASE: 'changeme!'
+
+configAsCode:
+  enabled: true
+  config:
+    publicExplorer: https://app.radicle.xyz/nodes/$host/$rid$path
+    preferredSeeds:
+    - z6MkrLMMsiPWUcNPHcRajuMi9mDfYckSoJyPwwnknocNYPm7@seed.radicle.garden:8776
+    - z6Mkmqogy2qEM2ummccUthFEaaHvyYmYBYh3dbe9W4ebScxo@ash.radicle.garden:8776
+    web:
+      pinned:
+        repositories: []
+    cli:
+      hints: true
+    node:
+      alias: 'seed.radicle.example.com'
+      listen: ['0.0.0.0:8776']
+      peers:
+        type: dynamic
+      connect: []
+      externalAddresses: ['seed.radicle.example.com:8776']
+      network: main
+      log: INFO
+      relay: auto
+      limits:
+        routingMaxSize: 1000
+        routingMaxAge: 604800
+        gossipMaxAge: 1209600
+        fetchConcurrency: 1
+        maxOpenFiles: 4096
+        rate:
+          inbound:
+            fillRate: 5
+            capacity: 1024
+          outbound:
+            fillRate: 10
+            capacity: 2048
+        connection:
+          inbound: 128
+          outbound: 16
+        fetchPackReceive: 500.0 MiB
+      workers: 8
+      seedingPolicy:
+        default: block
+
+# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# This is for setting Kubernetes Annotations to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+podAnnotations: {}
+# This is for setting Kubernetes Labels to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+podLabels: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+service:
+  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+  type: ClusterIP
+  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+  tcp: 8776
+  http: 8080
+
+# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: seed.radicle.example.com
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: seed.radicle.example.com-tls
+  #    hosts:
+  #      - seed.radicle.example.com
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+#livenessProbe:
+#  httpGet:
+#    path: /
+#    port: http
+#readinessProbe:
+#  httpGet:
+#    path: /
+#    port: http
+
+persistence:
+  # Radicle node Data (/root/.radicle)
+  enabled: false
+  annotations: {}
+  ## PeerTube data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+
+  accessMode: ReadWriteOnce
+  size: 100Gi
+
+# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+# Additional volumes on the output Deployment definition.
+volumes: []
+# - name: foo
+#   secret:
+#     secretName: mysecret
+#     optional: false
+
+# Additional volumeMounts on the output Deployment definition.
+volumeMounts: []
+# - name: foo
+#   mountPath: "/etc/foo"
+#   readOnly: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

roundcube/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: "1.6.12"
+appVersion: "1.6.13"
 description: A Helm chart for Kubernetes
 name: roundcube
-version: 0.4.7
+version: 0.4.8
 icon: https://github.com/roundcube/roundcubemail/blob/master/skins/classic/images/roundcube_logo.png

roundcube/values.yaml

@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   repository: roundcube/roundcubemail
-  tag: 1.6.12-apache
+  tag: 1.6.13-apache
   pullPolicy: IfNotPresent
 
 args: [ sh, -c, 'update-ca-certificates && /docker-entrypoint.sh apache2-foreground' ]

rspamd/Chart.yaml

@@ -7,5 +7,5 @@ dependencies:
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 24.0.0
 type: application
-version: 0.6.0
-appVersion: 3.14.2
+version: 0.6.1
+appVersion: 3.14.3

rspamd/values.yaml

@@ -10,7 +10,7 @@ persistence:
 rspamd:
   image:
     repository: gitea.geekhome.org/ghp/rspamd
-    tag: 3.14.2-1
+    tag: 3.14.3-1
     pullPolicy: Always
   local.d:
     redis.conf: |

wikijs/Chart.yaml

@@ -2,10 +2,10 @@ apiVersion: v2
 name: wikijs
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.4.1
+version: 2.4.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 2.5.309
+appVersion: 2.5.311
 description: The most powerful and extensible open source Wiki software.
 keywords:
   - wiki