From bc2debdea0f33c83105142ad930b9f1aaafd512c Mon Sep 17 00:00:00 2001
From: Madison Grubb <madison@elastiflow.com>
Date: Thu, 10 Jul 2025 10:21:39 -0400
Subject: [PATCH] move everything top level so it can be used by the k3s
 built-in helm-controller. add woodpecker ci config.

---
 .gitea/workflows/deploy.yml                   |  22 -
 .gitea/workflows/dry-run.yml                  |  20 -
 .woodpecker/ci.yaml                           |   9 +
 ...authentik-chart.yml => authentik-chart.yml |  14 +-
 .../namespace.yml => authentik-namespace.yml  |   0
 authentik-oauth-client-secret.yml             |   8 +
 ...anager-chart.yml => cert-manager-chart.yml |   0
 .../issuer.yml => cert-manager-issuer.yml     |   0
 ...amespace.yml => cert-manager-namespace.yml |   0
 deploy.sh                                     |  15 -
 .../git/namespace.yml => git-namespace.yml    |   0
 .../git/gitea-chart.yml => gitea-chart.yml    |  14 +-
 ...nginx-chart.yml => ingress-nginx-chart.yml |   0
 ...mespace.yml => ingress-nginx-namespace.yml |   0
 jellyfin-chart.yml                            |  34 ++
 jellyfin-namespace.yml                        |   4 +
 jellyfin-nfs.yml                              |  33 ++
 ...art.yml => kube-prometheus-stack-chart.yml |  18 +-
 ...cret.yml => longhorn-basic-auth-secret.yml |   0
 .../longhorn-chart.yml => longhorn-chart.yml  |   0
 ...space.yml => longhorn-system-namespace.yml |   0
 .../metallb-chart.yml => metallb-chart.yml    |   0
 ...resspool.yml => metallb-l2-addresspool.yml |   0
 ...espace.yml => metallb-system-namespace.yml |   0
 .../namespace.yml => monitoring-namespace.yml |   0
 namespaces/kube-system/helm-controller.yaml   | 381 ------------------
 namespaces/kube-system/metrics-server.yml     | 205 ----------
 .../authentik-oauth-client-secret.yml         |   8 -
 namespaces/monitoring/grafana-config.yml      |  21 -
 ...nextcloud-chart.yml => nextcloud-chart.yml |   6 +-
 .../namespace.yml => nextcloud-namespace.yml  |   0
 openwebui-chart.yml                           |  35 ++
 openwebui-namespace.yml                       |   4 +
 .../freetak/freetak-chart.yml                 |   0
 {namespaces => unused}/freetak/namespace.yml  |   0
 .../ingress-nginx/kiwix.yml                   |   0
 .../ingress-nginx/media.yml                   |   0
 .../kube-system/nodelocaldns.yml              |   0
 .../mineclonia/mineclonia-conf-configmap.yml  |   0
 .../mineclonia/mineclonia-deployment.yml      |   0
 .../mineclonia/mineclonia-pvc.yml             |   0
 .../mineclonia/mineclonia-service.yml         |   0
 .../mineclonia/namespace.yml                  |   0
 {namespaces => unused}/minecraft/ingress.yml  |   0
 .../minecraft/minecraft-deployment.yml        |   0
 .../minecraft/minecraft-service.yml           |   0
 .../minecraft/minecraft-voice-service.yml     |   0
 .../minecraft/namespace.yml                   |   0
 {namespaces => unused}/minecraft/pvc.yml      |   0
 .../monitoring/loki-chart.yml                 |   0
 {namespaces => unused}/tes3mp/ingress.yml     |   0
 {namespaces => unused}/tes3mp/namespace.yml   |   0
 {namespaces => unused}/tes3mp/pvc.yml         |   0
 .../tes3mp/tes3mp-config-configmap.yml        |   0
 .../tes3mp/tes3mp-deployment.yml              |   0
 .../tes3mp/tes3mp-lua-config-configmap.yml    |   0
 .../tes3mp/tes3mp-service.yml                 |   0
 woodpecker-ci-chart.yml                       |  41 ++
 58 files changed, 188 insertions(+), 704 deletions(-)
 delete mode 100644 .gitea/workflows/deploy.yml
 delete mode 100644 .gitea/workflows/dry-run.yml
 create mode 100644 .woodpecker/ci.yaml
 rename namespaces/authentik/authentik-chart.yml => authentik-chart.yml (84%)
 rename namespaces/authentik/namespace.yml => authentik-namespace.yml (100%)
 create mode 100644 authentik-oauth-client-secret.yml
 rename namespaces/cert-manager/cert-manager-chart.yml => cert-manager-chart.yml (100%)
 rename namespaces/cert-manager/issuer.yml => cert-manager-issuer.yml (100%)
 rename namespaces/cert-manager/namespace.yml => cert-manager-namespace.yml (100%)
 delete mode 100644 deploy.sh
 rename namespaces/git/namespace.yml => git-namespace.yml (100%)
 rename namespaces/git/gitea-chart.yml => gitea-chart.yml (82%)
 rename namespaces/ingress-nginx/ingress-nginx-chart.yml => ingress-nginx-chart.yml (100%)
 rename namespaces/ingress-nginx/namespace.yml => ingress-nginx-namespace.yml (100%)
 create mode 100644 jellyfin-chart.yml
 create mode 100644 jellyfin-namespace.yml
 create mode 100644 jellyfin-nfs.yml
 rename namespaces/monitoring/kube-prometheus-stack-chart.yml => kube-prometheus-stack-chart.yml (92%)
 rename namespaces/longhorn-system/longhorn-basic-auth-secret.yml => longhorn-basic-auth-secret.yml (100%)
 rename namespaces/longhorn-system/longhorn-chart.yml => longhorn-chart.yml (100%)
 rename namespaces/longhorn-system/namespace.yml => longhorn-system-namespace.yml (100%)
 rename namespaces/metallb-system/metallb-chart.yml => metallb-chart.yml (100%)
 rename namespaces/metallb-system/metallb-l2-addresspool.yml => metallb-l2-addresspool.yml (100%)
 rename namespaces/metallb-system/namespace.yml => metallb-system-namespace.yml (100%)
 rename namespaces/monitoring/namespace.yml => monitoring-namespace.yml (100%)
 delete mode 100644 namespaces/kube-system/helm-controller.yaml
 delete mode 100644 namespaces/kube-system/metrics-server.yml
 delete mode 100644 namespaces/monitoring/authentik-oauth-client-secret.yml
 delete mode 100644 namespaces/monitoring/grafana-config.yml
 rename namespaces/nextcloud/nextcloud-chart.yml => nextcloud-chart.yml (97%)
 rename namespaces/nextcloud/namespace.yml => nextcloud-namespace.yml (100%)
 create mode 100644 openwebui-chart.yml
 create mode 100644 openwebui-namespace.yml
 rename {namespaces => unused}/freetak/freetak-chart.yml (100%)
 rename {namespaces => unused}/freetak/namespace.yml (100%)
 rename {namespaces => unused}/ingress-nginx/kiwix.yml (100%)
 rename {namespaces => unused}/ingress-nginx/media.yml (100%)
 rename {namespaces => unused}/kube-system/nodelocaldns.yml (100%)
 rename {namespaces => unused}/mineclonia/mineclonia-conf-configmap.yml (100%)
 rename {namespaces => unused}/mineclonia/mineclonia-deployment.yml (100%)
 rename {namespaces => unused}/mineclonia/mineclonia-pvc.yml (100%)
 rename {namespaces => unused}/mineclonia/mineclonia-service.yml (100%)
 rename {namespaces => unused}/mineclonia/namespace.yml (100%)
 rename {namespaces => unused}/minecraft/ingress.yml (100%)
 rename {namespaces => unused}/minecraft/minecraft-deployment.yml (100%)
 rename {namespaces => unused}/minecraft/minecraft-service.yml (100%)
 rename {namespaces => unused}/minecraft/minecraft-voice-service.yml (100%)
 rename {namespaces => unused}/minecraft/namespace.yml (100%)
 rename {namespaces => unused}/minecraft/pvc.yml (100%)
 rename {namespaces => unused}/monitoring/loki-chart.yml (100%)
 rename {namespaces => unused}/tes3mp/ingress.yml (100%)
 rename {namespaces => unused}/tes3mp/namespace.yml (100%)
 rename {namespaces => unused}/tes3mp/pvc.yml (100%)
 rename {namespaces => unused}/tes3mp/tes3mp-config-configmap.yml (100%)
 rename {namespaces => unused}/tes3mp/tes3mp-deployment.yml (100%)
 rename {namespaces => unused}/tes3mp/tes3mp-lua-config-configmap.yml (100%)
 rename {namespaces => unused}/tes3mp/tes3mp-service.yml (100%)
 create mode 100644 woodpecker-ci-chart.yml

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
deleted file mode 100644
index 4e0ae9a..0000000
--- a/.gitea/workflows/deploy.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-name: Deploy
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    container: bitnami/kubectl
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up kubeconfig
-        run: echo "$KUBE_CONFIG" > ~/.kube/config
-        env:
-          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
-
-      - name: Deploy
-        run: ./deploy.sh
diff --git a/.gitea/workflows/dry-run.yml b/.gitea/workflows/dry-run.yml
deleted file mode 100644
index 6d2c3f2..0000000
--- a/.gitea/workflows/dry-run.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Dry Run
-
-on:
-  pull_request:
-
-jobs:
-  dry-run:
-    runs-on: ubuntu-latest
-    container: bitnami/kubectl
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Set up kubeconfig
-        run: echo "$KUBE_CONFIG" > ~/.kube/config
-        env:
-          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
-
-      - name: Dry-run deployment
-        run: DRU_RUN=true ./deploy.sh
diff --git a/.woodpecker/ci.yaml b/.woodpecker/ci.yaml
new file mode 100644
index 0000000..5f65a2f
--- /dev/null
+++ b/.woodpecker/ci.yaml
@@ -0,0 +1,9 @@
+when:
+  - event: push
+    branch: main
+
+steps:
+  - name: test
+    image: debian
+    commands:
+      - echo "This is the test step"
diff --git a/namespaces/authentik/authentik-chart.yml b/authentik-chart.yml
similarity index 84%
rename from namespaces/authentik/authentik-chart.yml
rename to authentik-chart.yml
index 23730de..cb4e5bd 100644
--- a/namespaces/authentik/authentik-chart.yml
+++ b/authentik-chart.yml
@@ -8,7 +8,7 @@ spec:
   targetNamespace: authentik
   repo: https://charts.goauthentik.io
   # https://artifacthub.io/packages/helm/goauthentik/authentik
-  version: 2025.4.0
+  version: 2025.6.3
   valuesContent: |-
     authentik:
       secret_key: "0hETw0LhioALQ6vhNTiN5MuW1349KjPlol3Q3D6sC8BV+IlzyhIfZYth/7WapdmOM8ib3qyyGLC5/8Xk"
@@ -26,12 +26,12 @@ spec:
           - secretName: authentik-tls
             hosts:
               - login.keligrubb.com
-      metrics:
-        enabled: true
-        serviceMonitor:
-          enabled: true
-          labels:
-            release: prometheus
+      # metrics:
+      #   enabled: true
+      #   serviceMonitor:
+      #     enabled: true
+      #     labels:
+      #       release: prometheus
     postgresql:
       enabled: true
       auth:
diff --git a/namespaces/authentik/namespace.yml b/authentik-namespace.yml
similarity index 100%
rename from namespaces/authentik/namespace.yml
rename to authentik-namespace.yml
diff --git a/authentik-oauth-client-secret.yml b/authentik-oauth-client-secret.yml
new file mode 100644
index 0000000..52d99b4
--- /dev/null
+++ b/authentik-oauth-client-secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authentik-oauth-client-secret
+  namespace: monitoring
+type: Opaque
+stringData:
+  client-secret: "xfUwLZZuKmAwILcYqMhNOi6LsF5IaflS7zMU9hj7pTauOC5uXbzY2vzGuHuHsFMMdlhRUtzE7UPus85Gk1ABqcjj5fJv1fiOJ1Nkhe8H9Wot4hCsrr2CqDC5huZkWRQI"
diff --git a/namespaces/cert-manager/cert-manager-chart.yml b/cert-manager-chart.yml
similarity index 100%
rename from namespaces/cert-manager/cert-manager-chart.yml
rename to cert-manager-chart.yml
diff --git a/namespaces/cert-manager/issuer.yml b/cert-manager-issuer.yml
similarity index 100%
rename from namespaces/cert-manager/issuer.yml
rename to cert-manager-issuer.yml
diff --git a/namespaces/cert-manager/namespace.yml b/cert-manager-namespace.yml
similarity index 100%
rename from namespaces/cert-manager/namespace.yml
rename to cert-manager-namespace.yml
diff --git a/deploy.sh b/deploy.sh
deleted file mode 100644
index 39deebf..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-for namespace in namespaces/*; do
-  if [ "$DRY_RUN" = true ]; then
-    printf "\033[1;33m*******************************************************\n"
-    printf "Dry running changes to %s\n" "$(basename "$namespace")"
-    printf "*******************************************************\033[0m\n"
-    kubectl apply -f "$namespace" --dry-run=server
-  else
-    printf "\033[1;33m*******************************************************\n"
-    printf "Deploying changes to %s\n" "$(basename "$namespace")"
-    printf "*******************************************************\033[0m\n"
-    kubectl apply -f "$namespace"
-  fi
-done
\ No newline at end of file
diff --git a/namespaces/git/namespace.yml b/git-namespace.yml
similarity index 100%
rename from namespaces/git/namespace.yml
rename to git-namespace.yml
diff --git a/namespaces/git/gitea-chart.yml b/gitea-chart.yml
similarity index 82%
rename from namespaces/git/gitea-chart.yml
rename to gitea-chart.yml
index 83c41f1..a16a68d 100644
--- a/namespaces/git/gitea-chart.yml
+++ b/gitea-chart.yml
@@ -10,7 +10,7 @@ spec:
   targetNamespace: git
   repo: https://dl.gitea.io/charts/
   # https://gitea.com/gitea/helm-chart/releases
-  version: 11.0.1
+  version: 12.1.1
   valuesContent: |-
     resources:
       limits:
@@ -33,21 +33,9 @@ spec:
       config:
         ui:
           DEFAULT_THEME: gitea-dark
-        picture:
-          ENABLE_FEDERATED_AVATAR: false
-          DISABLE_GRAVATAR: true
         database:
           DB_TYPE: sqlite3
           NAME: /data/gitea/gitea.db
-        actions:
-          ENABLED: true
-    actions:
-      enabled: true
-      provisioning:
-        enabled: true
-    service:
-      ssh:
-        port: 22
     ingress:
       enabled: true
       className: nginx
diff --git a/namespaces/ingress-nginx/ingress-nginx-chart.yml b/ingress-nginx-chart.yml
similarity index 100%
rename from namespaces/ingress-nginx/ingress-nginx-chart.yml
rename to ingress-nginx-chart.yml
diff --git a/namespaces/ingress-nginx/namespace.yml b/ingress-nginx-namespace.yml
similarity index 100%
rename from namespaces/ingress-nginx/namespace.yml
rename to ingress-nginx-namespace.yml
diff --git a/jellyfin-chart.yml b/jellyfin-chart.yml
new file mode 100644
index 0000000..0bfd026
--- /dev/null
+++ b/jellyfin-chart.yml
@@ -0,0 +1,34 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: jellyfin
+  namespace: jellyfin
+spec:
+  repo: https://jellyfin.github.io/jellyfin-helm
+  chart: jellyfin
+  targetNamespace: jellyfin
+  # https://github.com/jellyfin/jellyfin-helm/releases
+  version: 2.3.0
+  valuesContent: |-
+    timezone: "America/New_York"
+    ingress:
+      enabled: true
+      className: "nginx"
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
+      hosts:
+        - host: media.keligrubb.com
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+       - secretName: jellyfin-tls
+         hosts:
+           - media.keligrubb.com
+    persistence:
+      config:
+        enabled: true
+        size: 5Gi
+      media:
+        enabled: true
+        existingClaim: "jellyfin-nfs-media-pvc"
diff --git a/jellyfin-namespace.yml b/jellyfin-namespace.yml
new file mode 100644
index 0000000..73e3ea6
--- /dev/null
+++ b/jellyfin-namespace.yml
@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: jellyfin
diff --git a/jellyfin-nfs.yml b/jellyfin-nfs.yml
new file mode 100644
index 0000000..176c42f
--- /dev/null
+++ b/jellyfin-nfs.yml
@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: jellyfin-nfs-media-pv
+spec:
+  capacity:
+    storage: 5Ti
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.1.153
+    path: "/mnt/homestead/jellyfin"
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jellyfin-nfs-media-pvc
+  namespace: jellyfin
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 5Ti
+  volumeName: jellyfin-nfs-media-pv
diff --git a/namespaces/monitoring/kube-prometheus-stack-chart.yml b/kube-prometheus-stack-chart.yml
similarity index 92%
rename from namespaces/monitoring/kube-prometheus-stack-chart.yml
rename to kube-prometheus-stack-chart.yml
index 8f99f70..d1358d1 100644
--- a/namespaces/monitoring/kube-prometheus-stack-chart.yml
+++ b/kube-prometheus-stack-chart.yml
@@ -8,7 +8,7 @@ spec:
   targetNamespace: monitoring
   repo: https://prometheus-community.github.io/helm-charts
   # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
-  version: 70.7.0
+  version: 75.9.0
   valuesContent: |-
     grafana:
       envValueFrom:
@@ -40,18 +40,18 @@ spec:
         auth.generic_oauth:
             name: authentik
             enabled: true
-            client_id: "exAcNQX8GILZdQHGUQfa9Dpj0XGSjTVBpfagQ8VL"
+            client_id: "8hpxfQs7B1BNwlHx6PrAOYc2K5PMzU9Xig1ImXU9"
             scopes: "openid profile email"
             auth_url: "https://login.keligrubb.com/application/o/authorize/"
             token_url: "https://login.keligrubb.com/application/o/token/"
             api_url: "https://login.keligrubb.com/application/o/userinfo/"
             role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
-      additionalDataSources:
-        - name: Loki
-          type: loki
-          access: proxy
-          basicAuth: false
-          url: http://loki-gateway.monitoring.svc.cluster.local
+      # additionalDataSources:
+      #   - name: Loki
+      #     type: loki
+      #     access: proxy
+      #     basicAuth: false
+      #     url: http://loki-gateway.monitoring.svc.cluster.local
       config:
         auth:
           signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
@@ -116,4 +116,4 @@ spec:
                 - ReadWriteOnce
               resources:
                 requests:
-                  storage: 64Gi
+                  storage: 16Gi
diff --git a/namespaces/longhorn-system/longhorn-basic-auth-secret.yml b/longhorn-basic-auth-secret.yml
similarity index 100%
rename from namespaces/longhorn-system/longhorn-basic-auth-secret.yml
rename to longhorn-basic-auth-secret.yml
diff --git a/namespaces/longhorn-system/longhorn-chart.yml b/longhorn-chart.yml
similarity index 100%
rename from namespaces/longhorn-system/longhorn-chart.yml
rename to longhorn-chart.yml
diff --git a/namespaces/longhorn-system/namespace.yml b/longhorn-system-namespace.yml
similarity index 100%
rename from namespaces/longhorn-system/namespace.yml
rename to longhorn-system-namespace.yml
diff --git a/namespaces/metallb-system/metallb-chart.yml b/metallb-chart.yml
similarity index 100%
rename from namespaces/metallb-system/metallb-chart.yml
rename to metallb-chart.yml
diff --git a/namespaces/metallb-system/metallb-l2-addresspool.yml b/metallb-l2-addresspool.yml
similarity index 100%
rename from namespaces/metallb-system/metallb-l2-addresspool.yml
rename to metallb-l2-addresspool.yml
diff --git a/namespaces/metallb-system/namespace.yml b/metallb-system-namespace.yml
similarity index 100%
rename from namespaces/metallb-system/namespace.yml
rename to metallb-system-namespace.yml
diff --git a/namespaces/monitoring/namespace.yml b/monitoring-namespace.yml
similarity index 100%
rename from namespaces/monitoring/namespace.yml
rename to monitoring-namespace.yml
diff --git a/namespaces/kube-system/helm-controller.yaml b/namespaces/kube-system/helm-controller.yaml
deleted file mode 100644
index 08d33de..0000000
--- a/namespaces/kube-system/helm-controller.yaml
+++ /dev/null
@@ -1,381 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: helmcharts.helm.cattle.io
-spec:
-  group: helm.cattle.io
-  names:
-    kind: HelmChart
-    plural: helmcharts
-    singular: helmchart
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - jsonPath: .status.jobName
-      name: Job
-      type: string
-    - jsonPath: .spec.chart
-      name: Chart
-      type: string
-    - jsonPath: .spec.targetNamespace
-      name: TargetNamespace
-      type: string
-    - jsonPath: .spec.version
-      name: Version
-      type: string
-    - jsonPath: .spec.repo
-      name: Repo
-      type: string
-    - jsonPath: .spec.helmVersion
-      name: HelmVersion
-      type: string
-    - jsonPath: .spec.bootstrap
-      name: Bootstrap
-      type: string
-    name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              authPassCredentials:
-                type: boolean
-              authSecret:
-                nullable: true
-                properties:
-                  name:
-                    nullable: true
-                    type: string
-                type: object
-              backOffLimit:
-                nullable: true
-                type: integer
-              bootstrap:
-                type: boolean
-              chart:
-                nullable: true
-                type: string
-              chartContent:
-                nullable: true
-                type: string
-              createNamespace:
-                type: boolean
-              dockerRegistrySecret:
-                nullable: true
-                properties:
-                  name:
-                    nullable: true
-                    type: string
-                type: object
-              failurePolicy:
-                nullable: true
-                type: string
-              helmVersion:
-                nullable: true
-                type: string
-              insecureSkipTLSVerify:
-                type: boolean
-              jobImage:
-                nullable: true
-                type: string
-              plainHTTP:
-                type: boolean
-              podSecurityContext:
-                nullable: true
-                properties:
-                  appArmorProfile:
-                    nullable: true
-                    properties:
-                      localhostProfile:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                    type: object
-                  fsGroup:
-                    nullable: true
-                    type: integer
-                  fsGroupChangePolicy:
-                    nullable: true
-                    type: string
-                  runAsGroup:
-                    nullable: true
-                    type: integer
-                  runAsNonRoot:
-                    nullable: true
-                    type: boolean
-                  runAsUser:
-                    nullable: true
-                    type: integer
-                  seLinuxOptions:
-                    nullable: true
-                    properties:
-                      level:
-                        nullable: true
-                        type: string
-                      role:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                      user:
-                        nullable: true
-                        type: string
-                    type: object
-                  seccompProfile:
-                    nullable: true
-                    properties:
-                      localhostProfile:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                    type: object
-                  supplementalGroups:
-                    items:
-                      type: integer
-                    nullable: true
-                    type: array
-                  supplementalGroupsPolicy:
-                    nullable: true
-                    type: string
-                  sysctls:
-                    items:
-                      properties:
-                        name:
-                          nullable: true
-                          type: string
-                        value:
-                          nullable: true
-                          type: string
-                      type: object
-                    nullable: true
-                    type: array
-                  windowsOptions:
-                    nullable: true
-                    properties:
-                      gmsaCredentialSpec:
-                        nullable: true
-                        type: string
-                      gmsaCredentialSpecName:
-                        nullable: true
-                        type: string
-                      hostProcess:
-                        nullable: true
-                        type: boolean
-                      runAsUserName:
-                        nullable: true
-                        type: string
-                    type: object
-                type: object
-              repo:
-                nullable: true
-                type: string
-              repoCA:
-                nullable: true
-                type: string
-              repoCAConfigMap:
-                nullable: true
-                properties:
-                  name:
-                    nullable: true
-                    type: string
-                type: object
-              securityContext:
-                nullable: true
-                properties:
-                  allowPrivilegeEscalation:
-                    nullable: true
-                    type: boolean
-                  appArmorProfile:
-                    nullable: true
-                    properties:
-                      localhostProfile:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                    type: object
-                  capabilities:
-                    nullable: true
-                    properties:
-                      add:
-                        items:
-                          nullable: true
-                          type: string
-                        nullable: true
-                        type: array
-                      drop:
-                        items:
-                          nullable: true
-                          type: string
-                        nullable: true
-                        type: array
-                    type: object
-                  privileged:
-                    nullable: true
-                    type: boolean
-                  procMount:
-                    nullable: true
-                    type: string
-                  readOnlyRootFilesystem:
-                    nullable: true
-                    type: boolean
-                  runAsGroup:
-                    nullable: true
-                    type: integer
-                  runAsNonRoot:
-                    nullable: true
-                    type: boolean
-                  runAsUser:
-                    nullable: true
-                    type: integer
-                  seLinuxOptions:
-                    nullable: true
-                    properties:
-                      level:
-                        nullable: true
-                        type: string
-                      role:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                      user:
-                        nullable: true
-                        type: string
-                    type: object
-                  seccompProfile:
-                    nullable: true
-                    properties:
-                      localhostProfile:
-                        nullable: true
-                        type: string
-                      type:
-                        nullable: true
-                        type: string
-                    type: object
-                  windowsOptions:
-                    nullable: true
-                    properties:
-                      gmsaCredentialSpec:
-                        nullable: true
-                        type: string
-                      gmsaCredentialSpecName:
-                        nullable: true
-                        type: string
-                      hostProcess:
-                        nullable: true
-                        type: boolean
-                      runAsUserName:
-                        nullable: true
-                        type: string
-                    type: object
-                type: object
-              set:
-                additionalProperties:
-                  x-kubernetes-int-or-string: true
-                nullable: true
-                type: object
-              targetNamespace:
-                nullable: true
-                type: string
-              timeout:
-                nullable: true
-                type: string
-              valuesContent:
-                nullable: true
-                type: string
-              version:
-                nullable: true
-                type: string
-            type: object
-          status:
-            properties:
-              conditions:
-                items:
-                  properties:
-                    message:
-                      nullable: true
-                      type: string
-                    reason:
-                      nullable: true
-                      type: string
-                    status:
-                      nullable: true
-                      type: string
-                    type:
-                      nullable: true
-                      type: string
-                  type: object
-                nullable: true
-                type: array
-              jobName:
-                nullable: true
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: helmchartconfigs.helm.cattle.io
-spec:
-  group: helm.cattle.io
-  names:
-    kind: HelmChartConfig
-    plural: helmchartconfigs
-    singular: helmchartconfig
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-  - name: v1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              failurePolicy:
-                nullable: true
-                type: string
-              valuesContent:
-                nullable: true
-                type: string
-            type: object
-        type: object
-    served: true
-    storage: true
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: helm-controller
-  name: helm-controller
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: helm-controller
-  template:
-    metadata:
-      labels:
-        app: helm-controller
-    spec:
-      containers:
-      - command:
-        - helm-controller
-        image: rancher/helm-controller:v0.16.6
-        name: helm-controller
----
diff --git a/namespaces/kube-system/metrics-server.yml b/namespaces/kube-system/metrics-server.yml
deleted file mode 100644
index 5857c32..0000000
--- a/namespaces/kube-system/metrics-server.yml
+++ /dev/null
@@ -1,205 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-  name: system:aggregated-metrics-reader
-rules:
-- apiGroups:
-  - metrics.k8s.io
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes/metrics
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server-auth-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server:system:auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: system:metrics-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:metrics-server
-subjects:
-- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  ports:
-  - name: https
-    port: 443
-    protocol: TCP
-    targetPort: https
-  selector:
-    k8s-app: metrics-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: metrics-server
-  namespace: kube-system
-spec:
-  selector:
-    matchLabels:
-      k8s-app: metrics-server
-  strategy:
-    rollingUpdate:
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        k8s-app: metrics-server
-    spec:
-      containers:
-      - args:
-        - --cert-dir=/tmp
-        - --secure-port=4443
-        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
-        - --kubelet-use-node-status-port
-        - --kubelet-insecure-tls
-        - --metric-resolution=15s
-        image: registry.k8s.io/metrics-server/metrics-server:v0.7.2
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /livez
-            port: https
-            scheme: HTTPS
-          periodSeconds: 10
-        name: metrics-server
-        ports:
-        - containerPort: 4443
-          name: https
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /readyz
-            port: https
-            scheme: HTTPS
-          initialDelaySeconds: 20
-          periodSeconds: 10
-        resources:
-          requests:
-            cpu: 100m
-            memory: 200Mi
-          limits:
-            cpu: 200m
-            memory: 400Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault
-        volumeMounts:
-        - mountPath: /tmp
-          name: tmp-dir
-      nodeSelector:
-        kubernetes.io/os: linux
-      priorityClassName: system-cluster-critical
-      serviceAccountName: metrics-server
-      volumes:
-      - emptyDir: {}
-        name: tmp-dir
----
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  labels:
-    k8s-app: metrics-server
-  name: v1beta1.metrics.k8s.io
-spec:
-  group: metrics.k8s.io
-  groupPriorityMinimum: 100
-  insecureSkipTLSVerify: true
-  service:
-    name: metrics-server
-    namespace: kube-system
-  version: v1beta1
-  versionPriority: 100
diff --git a/namespaces/monitoring/authentik-oauth-client-secret.yml b/namespaces/monitoring/authentik-oauth-client-secret.yml
deleted file mode 100644
index 27ff0e0..0000000
--- a/namespaces/monitoring/authentik-oauth-client-secret.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: authentik-oauth-client-secret
-  namespace: monitoring
-type: Opaque
-stringData:
-  client-secret: "P6VVD9VSOpewht6kYMqRpsPNp3BUcwcJ4DUzIYIwnQ6XWtfZU3sGF3y229dqpA52e9aQVS3Bcn7SZso7ANyb6z3kcsCS7V173nH7tZtrpmHE5e7mNnLfD4LdxPWn1iWO"
diff --git a/namespaces/monitoring/grafana-config.yml b/namespaces/monitoring/grafana-config.yml
deleted file mode 100644
index edb7687..0000000
--- a/namespaces/monitoring/grafana-config.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-config
-  namespace: monitoring  # Change if using a different namespace
-data:
-  grafana.ini: |
-    [auth]
-    signout_redirect_url = https://authentik.company/application/o/<Slug of the application>/end-session/
-    oauth_auto_login = true
-
-    [auth.generic_oauth]
-    name = authentik
-    enabled = true
-    client_id = "<Client ID from above>"
-    client_secret = "<Client Secret from above>"
-    scopes = openid profile email
-    auth_url = https://authentik.company/application/o/authorize/
-    token_url = https://authentik.company/application/o/token/
-    api_url = https://authentik.company/application/o/userinfo/
-    role_attribute_path = contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
diff --git a/namespaces/nextcloud/nextcloud-chart.yml b/nextcloud-chart.yml
similarity index 97%
rename from namespaces/nextcloud/nextcloud-chart.yml
rename to nextcloud-chart.yml
index cfd1ecd..35d5d2b 100644
--- a/namespaces/nextcloud/nextcloud-chart.yml
+++ b/nextcloud-chart.yml
@@ -18,7 +18,7 @@ spec:
     #     cpu: 200m
     #     memory: 200Mi
     lifecycle:
-      postStartCommand: ["/bin/bash", "-c", "apt update -y && apt install ffmpeg -y"]
+      postStartCommand: ["/bin/bash", "-c", "apt update -y && apt install ffmpeg fuse libfuse2 libc6 iproute2 -y"]
     metrics:
       enabled: true
       serviceMonitor:
@@ -101,7 +101,7 @@ spec:
     persistence:
       enabled: true
       storageClass: longhorn
-      size: 512Gi
-      nextcloudData.size: 512Gi
+      size: 256Gi
+      nextcloudData.size: 256Gi
     cronjob:
       enabled: true
diff --git a/namespaces/nextcloud/namespace.yml b/nextcloud-namespace.yml
similarity index 100%
rename from namespaces/nextcloud/namespace.yml
rename to nextcloud-namespace.yml
diff --git a/openwebui-chart.yml b/openwebui-chart.yml
new file mode 100644
index 0000000..a1e91c1
--- /dev/null
+++ b/openwebui-chart.yml
@@ -0,0 +1,35 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: open-webui
+  namespace: open-webui
+spec:
+  repo: https://helm.openwebui.com/
+  chart: open-webui
+  targetNamespace: open-webui
+  valuesContent: |-
+    logging:
+      level: "debug"
+    ingress:
+      enabled: true
+      class: "nginx"
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
+      host: "ai.keligrubb.com"
+      tls: true
+      existingSecret: "open-webui-tls"
+    persistence:
+      enabled: true
+      size: 64Gi
+    sso:
+      enabled: true
+      enableRoleManagement: true
+      roleManagement:
+        rolesClaim: "groups"
+        adminRoles: "authentik Admins"
+      oidc:
+        enabled: true
+        providerName: "authentik"
+        clientId: "xCwvgZsb5376ZWjvGpjNfagYKseLcnGjBYaqnJwl"
+        clientSecret: "WN0CyvBG6tXkUmiXIm3UH7EtOml0UkcHV35jYbuuQ4nDN52jLDwSDg9XEAuEz4hs69FcbNPn8hYl21z2091P6AWOb186kcMr4an2dNIa3D82O092pPadQewQFZXijuNh"
+        providerUrl: "https://login.keligrubb.com/application/o/luma/.well-known/openid-configuration"
diff --git a/openwebui-namespace.yml b/openwebui-namespace.yml
new file mode 100644
index 0000000..b84d4e8
--- /dev/null
+++ b/openwebui-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: open-webui
diff --git a/namespaces/freetak/freetak-chart.yml b/unused/freetak/freetak-chart.yml
similarity index 100%
rename from namespaces/freetak/freetak-chart.yml
rename to unused/freetak/freetak-chart.yml
diff --git a/namespaces/freetak/namespace.yml b/unused/freetak/namespace.yml
similarity index 100%
rename from namespaces/freetak/namespace.yml
rename to unused/freetak/namespace.yml
diff --git a/namespaces/ingress-nginx/kiwix.yml b/unused/ingress-nginx/kiwix.yml
similarity index 100%
rename from namespaces/ingress-nginx/kiwix.yml
rename to unused/ingress-nginx/kiwix.yml
diff --git a/namespaces/ingress-nginx/media.yml b/unused/ingress-nginx/media.yml
similarity index 100%
rename from namespaces/ingress-nginx/media.yml
rename to unused/ingress-nginx/media.yml
diff --git a/namespaces/kube-system/nodelocaldns.yml b/unused/kube-system/nodelocaldns.yml
similarity index 100%
rename from namespaces/kube-system/nodelocaldns.yml
rename to unused/kube-system/nodelocaldns.yml
diff --git a/namespaces/mineclonia/mineclonia-conf-configmap.yml b/unused/mineclonia/mineclonia-conf-configmap.yml
similarity index 100%
rename from namespaces/mineclonia/mineclonia-conf-configmap.yml
rename to unused/mineclonia/mineclonia-conf-configmap.yml
diff --git a/namespaces/mineclonia/mineclonia-deployment.yml b/unused/mineclonia/mineclonia-deployment.yml
similarity index 100%
rename from namespaces/mineclonia/mineclonia-deployment.yml
rename to unused/mineclonia/mineclonia-deployment.yml
diff --git a/namespaces/mineclonia/mineclonia-pvc.yml b/unused/mineclonia/mineclonia-pvc.yml
similarity index 100%
rename from namespaces/mineclonia/mineclonia-pvc.yml
rename to unused/mineclonia/mineclonia-pvc.yml
diff --git a/namespaces/mineclonia/mineclonia-service.yml b/unused/mineclonia/mineclonia-service.yml
similarity index 100%
rename from namespaces/mineclonia/mineclonia-service.yml
rename to unused/mineclonia/mineclonia-service.yml
diff --git a/namespaces/mineclonia/namespace.yml b/unused/mineclonia/namespace.yml
similarity index 100%
rename from namespaces/mineclonia/namespace.yml
rename to unused/mineclonia/namespace.yml
diff --git a/namespaces/minecraft/ingress.yml b/unused/minecraft/ingress.yml
similarity index 100%
rename from namespaces/minecraft/ingress.yml
rename to unused/minecraft/ingress.yml
diff --git a/namespaces/minecraft/minecraft-deployment.yml b/unused/minecraft/minecraft-deployment.yml
similarity index 100%
rename from namespaces/minecraft/minecraft-deployment.yml
rename to unused/minecraft/minecraft-deployment.yml
diff --git a/namespaces/minecraft/minecraft-service.yml b/unused/minecraft/minecraft-service.yml
similarity index 100%
rename from namespaces/minecraft/minecraft-service.yml
rename to unused/minecraft/minecraft-service.yml
diff --git a/namespaces/minecraft/minecraft-voice-service.yml b/unused/minecraft/minecraft-voice-service.yml
similarity index 100%
rename from namespaces/minecraft/minecraft-voice-service.yml
rename to unused/minecraft/minecraft-voice-service.yml
diff --git a/namespaces/minecraft/namespace.yml b/unused/minecraft/namespace.yml
similarity index 100%
rename from namespaces/minecraft/namespace.yml
rename to unused/minecraft/namespace.yml
diff --git a/namespaces/minecraft/pvc.yml b/unused/minecraft/pvc.yml
similarity index 100%
rename from namespaces/minecraft/pvc.yml
rename to unused/minecraft/pvc.yml
diff --git a/namespaces/monitoring/loki-chart.yml b/unused/monitoring/loki-chart.yml
similarity index 100%
rename from namespaces/monitoring/loki-chart.yml
rename to unused/monitoring/loki-chart.yml
diff --git a/namespaces/tes3mp/ingress.yml b/unused/tes3mp/ingress.yml
similarity index 100%
rename from namespaces/tes3mp/ingress.yml
rename to unused/tes3mp/ingress.yml
diff --git a/namespaces/tes3mp/namespace.yml b/unused/tes3mp/namespace.yml
similarity index 100%
rename from namespaces/tes3mp/namespace.yml
rename to unused/tes3mp/namespace.yml
diff --git a/namespaces/tes3mp/pvc.yml b/unused/tes3mp/pvc.yml
similarity index 100%
rename from namespaces/tes3mp/pvc.yml
rename to unused/tes3mp/pvc.yml
diff --git a/namespaces/tes3mp/tes3mp-config-configmap.yml b/unused/tes3mp/tes3mp-config-configmap.yml
similarity index 100%
rename from namespaces/tes3mp/tes3mp-config-configmap.yml
rename to unused/tes3mp/tes3mp-config-configmap.yml
diff --git a/namespaces/tes3mp/tes3mp-deployment.yml b/unused/tes3mp/tes3mp-deployment.yml
similarity index 100%
rename from namespaces/tes3mp/tes3mp-deployment.yml
rename to unused/tes3mp/tes3mp-deployment.yml
diff --git a/namespaces/tes3mp/tes3mp-lua-config-configmap.yml b/unused/tes3mp/tes3mp-lua-config-configmap.yml
similarity index 100%
rename from namespaces/tes3mp/tes3mp-lua-config-configmap.yml
rename to unused/tes3mp/tes3mp-lua-config-configmap.yml
diff --git a/namespaces/tes3mp/tes3mp-service.yml b/unused/tes3mp/tes3mp-service.yml
similarity index 100%
rename from namespaces/tes3mp/tes3mp-service.yml
rename to unused/tes3mp/tes3mp-service.yml
diff --git a/woodpecker-ci-chart.yml b/woodpecker-ci-chart.yml
new file mode 100644
index 0000000..1b5d3e6
--- /dev/null
+++ b/woodpecker-ci-chart.yml
@@ -0,0 +1,41 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: woodpecker-ci
+  namespace: git
+spec:
+  chart: oci://ghcr.io/woodpecker-ci/helm/woodpecker
+  targetNamespace: git
+  valuesContent: |-
+    server:
+      host: "ci.keligrubb.com"
+      agent:
+        enabled: true
+      env:
+        WOODPECKER_HOST: "https://ci.keligrubb.com"
+        WOODPECKER_OPEN: "true"
+        WOODPECKER_GITEA: "true"
+        WOODPECKER_GITEA_URL: "https://git.keligrubb.com"
+        WOODPECKER_GITEA_CLIENT: "15006ffa-071e-4edb-80f3-8dae4ebf450c"
+        WOODPECKER_GITEA_SECRET: "gto_qo4svebb6jmjmty3scezsswxqygquf45osrmd5dfigktvemqlh7a"
+      ingress:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
+          nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+        hosts:
+          - host: "ci.keligrubb.com"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - secretName: woodpecker-ci-tls
+            hosts:
+              - "ci.keligrubb.com"
+    agent:
+      replicas: 1
+      env:
+        WOODPECKER_BACKEND_K8S_NAMESPACE: git
+        WOODPECKER_MAX_WORKFLOWS: "2"
+        WOODPECKER_SERVER: "woodpecker-ci-server.git.svc.cluster.local:9000"