tuxpeople
diff --git a/‎.github/workflows/meta-labeler.yaml
+1-1 b/‎.github/workflows/meta-labeler.yaml
+1-1
diff --git a/‎.github/workflows/release-drafter.yaml
+1-1 b/‎.github/workflows/release-drafter.yaml
+1-1
diff --git a/‎__before_move/cluster/apps/development/code-server/helm-release.yaml
+1-1 b/‎__before_move/cluster/apps/development/code-server/helm-release.yaml
+1-1
diff --git a/‎__before_move/cluster/apps/development/documentation/ingress.yaml
+4-4 b/‎__before_move/cluster/apps/development/documentation/ingress.yaml
+4-4
diff --git a/‎__before_move/cluster/apps/networking/cert-manager/letsencrypt-production.yaml
+2-2 b/‎__before_move/cluster/apps/networking/cert-manager/letsencrypt-production.yaml
+2-2
diff --git a/‎__before_move/cluster/apps/networking/cert-manager/letsencrypt-staging.yaml
+2-2 b/‎__before_move/cluster/apps/networking/cert-manager/letsencrypt-staging.yaml
+2-2
diff --git a/‎__before_move/cluster/apps/networking/external-dns/helm-release.yaml
+2-2 b/‎__before_move/cluster/apps/networking/external-dns/helm-release.yaml
+2-2
diff --git a/‎__before_move/cluster/apps/networking/traefik/dashboard/ingress.yaml
+4-4 b/‎__before_move/cluster/apps/networking/traefik/dashboard/ingress.yaml
+4-4
diff --git a/‎__before_move/cluster/apps/system-upgrade-controller/app/kustomization.yaml
+1-1 b/‎__before_move/cluster/apps/system-upgrade-controller/app/kustomization.yaml
+1-1
diff --git a/‎__before_move/cluster/apps/vcluster/loft/helmrelease.yaml
+7-7 b/‎__before_move/cluster/apps/vcluster/loft/helmrelease.yaml
+7-7
diff --git a/‎__before_move/old/_very_old/ansible-semaphore/semaphore-deployment.yaml
+5-5 b/‎__before_move/old/_very_old/ansible-semaphore/semaphore-deployment.yaml
+5-5
diff --git a/‎__before_move/old/_very_old/dokuwiki/ingress.yaml
+4-4 b/‎__before_move/old/_very_old/dokuwiki/ingress.yaml
+4-4
diff --git a/‎__before_move/old/_very_old/gitea/helm-release.yaml
+12-12 b/‎__before_move/old/_very_old/gitea/helm-release.yaml
+12-12
diff --git a/‎__before_move/old/_very_old/gollum/ingress.yaml
+4-4 b/‎__before_move/old/_very_old/gollum/ingress.yaml
+4-4
diff --git a/‎__before_move/old/_very_old/homer/helm-release.yaml
+4-4 b/‎__before_move/old/_very_old/homer/helm-release.yaml
+4-4
diff --git a/‎__before_move/old/_very_old/joplin/helm-release.yaml
+6-6 b/‎__before_move/old/_very_old/joplin/helm-release.yaml
+6-6
diff --git a/‎__before_move/old/_very_old/k10/helm-release.yaml
+6-6 b/‎__before_move/old/_very_old/k10/helm-release.yaml
+6-6
diff --git a/‎__before_move/old/_very_old/keycloak/helm-release.yaml
+4-4 b/‎__before_move/old/_very_old/keycloak/helm-release.yaml
+4-4
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Labeler
-        uses: actions/labeler@9fcb2c2f5584144ca754f8bfe8c6f81e77753375 # v4.1.0
+        uses: actions/labeler@0967ca812e7fdc8f5f71402a1b486d5bd061fe20 # v4.2.0
         with:
           configuration-path: .github/labeler.yaml
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -10,7 +10,7 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@569eb7ee3a85817ab916c8f8ff03a5bd96c9c83e # v5.23.0
+      - uses: release-drafter/release-drafter@65c5fb495d1e69aa8c08a3317bc44ff8aabe9772 # v5.24.0
         with:
           config-name: release-drafter.yaml
         env:
 
@@ -65,7 +65,7 @@ spec:
           kubernetes.io/ingress.class: nginx
           traefik.ingress.kubernetes.io/router.tls: "true"
           external-dns/is-public: "true"
-          external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+          external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
         hosts:
           - host: code.${SECRET_DOMAIN_ME}
             paths:
 
@@ -7,11 +7,11 @@ metadata:
   name: documentation
   annotations:
     kubernetes.io/ingress.class: nginx
-    traefik.ingress.kubernetes.io/router.tls: 'true'
-    external-dns/is-public: 'true'
-    external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns/is-public: "true"
+    external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
     traefik.ingress.kubernetes.io/router.middlewares: networking-forwardauth-authelia@kubernetescrd
-    hajimari.io/enable: 'true'
+    hajimari.io/enable: "true"
     hajimari.io/icon: file-document-edit
 spec:
   tls:
 
@@ -6,13 +6,13 @@ metadata:
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
-    email: ${SECRET_CLOUDFLARE_EMAIL}
+    email: ${SECRET_ACME_EMAIL}
     privateKeySecretRef:
       name: letsencrypt-production
     solvers:
       - dns01:
           cloudflare:
-            email: ${SECRET_CLOUDFLARE_EMAIL}
+            email: ${SECRET_ACME_EMAIL}
             apiTokenSecretRef:
               name: cloudflare-api-key
               key: api-key
 
@@ -6,13 +6,13 @@ metadata:
 spec:
   acme:
     server: https://acme-staging-v02.api.letsencrypt.org/directory
-    email: ${SECRET_CLOUDFLARE_EMAIL}
+    email: ${SECRET_ACME_EMAIL}
     privateKeySecretRef:
       name: letsencrypt-production
     solvers:
       - dns01:
           cloudflare:
-            email: ${SECRET_CLOUDFLARE_EMAIL}
+            email: ${SECRET_ACME_EMAIL}
             apiTokenSecretRef:
               name: cloudflare-api-key
               key: api-key
 
@@ -15,7 +15,7 @@ spec:
         name: external-dns-charts
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     remediation:
@@ -33,7 +33,7 @@ spec:
     provider: cloudflare
     env:
       - name: CF_API_EMAIL
-        value: ${SECRET_CLOUDFLARE_EMAIL}
+        value: ${SECRET_ACME_EMAIL}
       - name: CF_API_TOKEN
         valueFrom:
           secretKeyRef:
 
@@ -5,11 +5,11 @@ metadata:
   name: traefik-dashboard
   annotations:
     kubernetes.io/ingress.class: nginx
-    traefik.ingress.kubernetes.io/router.tls: 'true'
-    external-dns/is-public: 'true'
-    external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns/is-public: "true"
+    external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
     traefik.ingress.kubernetes.io/router.middlewares: networking-forwardauth-authelia@kubernetescrd
-    hajimari.io/enable: 'true'
+    hajimari.io/enable: "true"
     hajimari.io/icon: web
     hajimari.io/appName: traefik
 spec:
 
@@ -2,7 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - github.com/rancher/system-upgrade-controller?ref=v0.11.0
+  - github.com/rancher/system-upgrade-controller?ref=v0.12.0
   - plans
 images:
   - name: rancher/system-upgrade-controller
 
@@ -15,7 +15,7 @@ spec:
         name: loft-charts
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     crds: CreateReplace
@@ -31,26 +31,26 @@ spec:
     recreate: true
   values:
     admin:
-      create: 'true'
+      create: "true"
       username: admin
       password: ${CODESERVER_PASSWORD}
     ingress:
       enabled: true
       host: loft.${SECRET_DOMAIN_K8S}
       ingressClass: traefik
       annotations:
-        traefik.ingress.kubernetes.io/router.tls: 'true'
-        external-dns/is-public: 'true'
-        external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
-        hajimari.io/enable: 'true'
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        external-dns/is-public: "true"
+        external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
+        hajimari.io/enable: "true"
         hajimari.io/icon: mdi:chart-arc
       tls:
         enabled: true
         secret: ${SECRET_DOMAIN_K8S//./-}-tls
 
         # audit
     audit:
-      enableSideCar: 'true'
+      enableSideCar: "true"
     config:
       audit:
         enabled: true
 
@@ -33,7 +33,7 @@ spec:
             - name: SEMAPHORE_DB_HOST
               value: mariadb
             - name: SEMAPHORE_DB_PORT
-              value: '3306'
+              value: "3306"
             - name: SEMAPHORE_DB
               value: semaphore
             - name: SEMAPHORE_PLAYBOOK_PATH
@@ -46,7 +46,7 @@ spec:
             - name: SEMAPHORE_ADMIN_NAME
               value: admin
             - name: SEMAPHORE_ADMIN_EMAIL
-              value: ${SECRET_CLOUDFLARE_EMAIL}
+              value: ${SECRET_ACME_EMAIL}
             - name: SEMAPHORE_ADMIN
               value: admin
           name: semaphore
@@ -94,9 +94,9 @@ kind: Ingress
 metadata:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
-    external-dns/is-public: 'true'
-    traefik.ingress.kubernetes.io/router.tls: 'true'
+    external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
+    external-dns/is-public: "true"
+    traefik.ingress.kubernetes.io/router.tls: "true"
   labels:
     app: semaphore
   name: semaphore-ingress
 
@@ -8,11 +8,11 @@ metadata:
   name: dokuwiki
   annotations:
     kubernetes.io/ingress.class: nginx
-    traefik.ingress.kubernetes.io/router.tls: 'true'
-    external-dns/is-public: 'true'
-    external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns/is-public: "true"
+    external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
     traefik.ingress.kubernetes.io/router.middlewares: networking-forwardauth-authelia@kubernetescrd
-    hajimari.io/enable: 'true'
+    hajimari.io/enable: "true"
     hajimari.io/icon: file-document-edit
 spec:
   tls:
 
@@ -17,7 +17,7 @@ spec:
         name: gitea
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     remediation:
@@ -38,7 +38,7 @@ spec:
         repository:
           ROOT: ~/gitea-repositories
         repository.pull-request:
-          WORK_IN_PROGRESS_PREFIXES: 'WIP:,[WIP]:'
+          WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:"
         cache:
           builtIn:
             enabled: true
@@ -48,17 +48,17 @@ spec:
           ROOT_URL: https://git.${SECRET_DOMAIN_ME}
           DISABLE_SSH: true
         cron.sync_external_users:
-          ENABLED: 'true'
-          RUN_AT_START: 'true'
-          SCHEDULE: '@every 10m'
-          UPDATE_EXISTING: 'true'
-          NO_SUCCESS_NOTICE: 'true'
+          ENABLED: "true"
+          RUN_AT_START: "true"
+          SCHEDULE: "@every 10m"
+          UPDATE_EXISTING: "true"
+          NO_SUCCESS_NOTICE: "true"
       ldap:
         enabled: true
         name: k8s-ldap
         securityProtocol: unencrypted
         host: openldap.identity.svc.cluster.local
-        port: '1389'
+        port: "1389"
         userSearchBase: ou=users,dc=sky,dc=lab
         userFilter: (sn=%s)
         adminFilter: (&(objectClass=groupOfNames)(cn=admins)))
@@ -80,10 +80,10 @@ spec:
         - git.${SECRET_DOMAIN_ME}
       annotations:
         kubernetes.io/ingress.class: nginx
-        traefik.ingress.kubernetes.io/router.tls: 'true'
-        external-dns/is-public: 'true'
-        external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
-        hajimari.io/enable: 'true'
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        external-dns/is-public: "true"
+        external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
+        hajimari.io/enable: "true"
         hajimari.io/icon: git
       tls:
         - secretName: ${SECRET_DOMAIN_ME//./-}-tls
 
@@ -8,14 +8,14 @@ metadata:
   name: gollum
   annotations:
     kubernetes.io/ingress.class: nginx
-    traefik.ingress.kubernetes.io/router.tls: 'true'
+    traefik.ingress.kubernetes.io/router.tls: "true"
     ingress.kubernetes.io/auth-type: basic
     ingress.kubernetes.io/auth-realm: traefik
     ingress.kubernetes.io/auth-secret: gollum-basic-auth
-    external-dns/is-public: 'true'
-    external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+    external-dns/is-public: "true"
+    external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
     traefik.ingress.kubernetes.io/router.middlewares: networking-forwardauth-authelia@kubernetescrd
-    hajimari.io/enable: 'true'
+    hajimari.io/enable: "true"
     hajimari.io/icon: file-document-edit-outline
 spec:
   tls:
 
@@ -17,7 +17,7 @@ spec:
         name: k8s-at-home
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     remediation:
@@ -46,9 +46,9 @@ spec:
         enabled: true
         annotations:
           kubernetes.io/ingress.class: nginx
-          traefik.ingress.kubernetes.io/router.tls: 'true'
-          external-dns/is-public: 'true'
-          external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+          traefik.ingress.kubernetes.io/router.tls: "true"
+          external-dns/is-public: "true"
+          external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
           traefik.ingress.kubernetes.io/router.middlewares: networking-forwardauth-authelia@kubernetescrd
         hosts:
           - host: homer.${SECRET_DOMAIN_ME}
 
@@ -15,7 +15,7 @@ spec:
         name: k8s-at-home
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     remediation:
@@ -52,10 +52,10 @@ spec:
         enabled: true
         annotations:
           kubernetes.io/ingress.class: nginx
-          traefik.ingress.kubernetes.io/router.tls: 'true'
-          external-dns/is-public: 'true'
-          external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
-          hajimari.io/enable: 'true'
+          traefik.ingress.kubernetes.io/router.tls: "true"
+          external-dns/is-public: "true"
+          external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
+          hajimari.io/enable: "true"
           hajimari.io/icon: newspaper
         hosts:
           - host: joplin.${SECRET_DOMAIN_ME}
@@ -69,7 +69,7 @@ spec:
     service:
       main:
         annotations:
-          prometheus.io/probe: 'true'
+          prometheus.io/probe: "true"
           prometheus.io/protocol: tcp
     persistence:
       data:
 
@@ -16,7 +16,7 @@ spec:
         namespace: flux-system
   releaseName: k10
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     crds: CreateReplace
@@ -34,7 +34,7 @@ spec:
     eula:
       accept: true
       company: tuxpeople-k8s-homelab
-      email: ${SECRET_CLOUDFLARE_EMAIL}
+      email: ${SECRET_ACME_EMAIL}
     clusterName: k8s-homelab
     resources:
       requests:
@@ -61,10 +61,10 @@ spec:
     ingress:
       annotations:
         kubernetes.io/ingress.class: nginx
-        traefik.ingress.kubernetes.io/router.tls: 'true'
-        external-dns/is-public: 'true'
-        external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
-        hajimari.io/enable: 'true'
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        external-dns/is-public: "true"
+        external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
+        hajimari.io/enable: "true"
         hajimari.io/icon: file-cabinet
         hajimari.io/appName: Kasten K10
         hajimari.io/url: https://k10.eighty-three.me/k10/
 
@@ -17,7 +17,7 @@ spec:
         name: codecentric
         namespace: flux-system
   test:
-    enable: false  # Enable helm test
+    enable: false # Enable helm test
   install:
     createNamespace: true
     remediation:
@@ -34,9 +34,9 @@ spec:
       enabled: true
       annotations:
         kubernetes.io/ingress.class: nginx
-        traefik.ingress.kubernetes.io/router.tls: 'true'
-        external-dns/is-public: 'true'
-        external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN_K8S}
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        external-dns/is-public: "true"
+        external-dns.alpha.kubernetes.io/target: ${SECRET_DNS_TARGET}
       rules:
         - host: sso.${SECRET_DOMAIN_ME}
           paths: