chore: add and apply yamllint

2024-03-26 09:04:30 +01:00 · 2024-03-26 09:04:30 +01:00 · f65b92fe69
commit f65b92fe69
parent 8964946374
50 changed files with 722 additions and 701 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,22 +1,29 @@
 ---
 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
+    - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.2.0
+      rev: v3.2.0
-    hooks:
+      hooks:
-      - id: trailing-whitespace
+          - id: trailing-whitespace
-      - id: end-of-file-fixer
+          - id: end-of-file-fixer
-      - id: check-added-large-files
+          - id: check-added-large-files
-      - id: check-executables-have-shebangs
+          - id: check-executables-have-shebangs
-      - id: check-json
+          - id: check-json
-      - id: pretty-format-json
+          - id: pretty-format-json
-      - id: check-merge-conflict
+          - id: check-merge-conflict
-      - id: check-symlinks
+          - id: check-symlinks
-      - id: check-yaml
+          - id: check-yaml
-        args:
+            args:
-          - --allow-multiple-documents
+                - --allow-multiple-documents
-      - id: detect-private-key
+          - id: detect-private-key
-      - id: trailing-whitespace
+          - id: trailing-whitespace
-  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.86.0
+      rev: v1.86.0
-    hooks:
+      hooks:
-      - id: terraform_fmt
+          - id: terraform_fmt
    - repo: https://github.com/adrienverge/yamllint.git
      rev: v1.35.1
      hooks:
          - id: yamllint
            args: [--format, parsable, --strict]
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@ -0,0 +1,12 @@
 ---
 yaml-files:
  - '*.yaml'
  - '*.yml'
  - '.yamllint'
 extends: default
 rules:
  line-length:
    max: 120
--- a/3
+++ b/3
@ -13,7 +13,10 @@ lint--tflint:
 lint--scripts:
 	shellcheck scripts/**.sh
 lint:
 	make lint--pre-commit
 	make lint--kubeconform
 	make lint--tflint
 	make lint--scripts
--- a/ansible/gitea/gitea-playbook.yml
+++ b/ansible/gitea/gitea-playbook.yml
@ -1,6 +1,7 @@
 ---
 - name: Install gitea
  hosts:
-    - giteas
+      - giteas
  roles:
-    - role: roles/gitea
+      - role: roles/gitea
--- a/ansible/gitea/roles/gitea/tasks/main.yml
+++ b/ansible/gitea/roles/gitea/tasks/main.yml
@ -1,23 +1,23 @@
 ---
 - name: Download gitea {{ gitea_version }}
  get_url:
-    url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64"
+      url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
-    dest: "/usr/local/bin/gitea"
+      dest: /usr/local/bin/gitea
 - name: Copy gitea config file app.ini
  template:
-    src: app.ini.j2
+      src: app.ini.j2
-    dest: /etc/gitea/app.ini
+      dest: /etc/gitea/app.ini
-    mode: 0600
+      mode: 0600
 - name: Copy gitea systemd unitfile gitea.service
  copy:
-    src: gitea.service
+      src: gitea.service
-    dest: /etc/systemd/system/gitea.service
+      dest: /etc/systemd/system/gitea.service
-    mode: 0600
+      mode: 0600
 - name: Restart gitea systemd service
  ansible.builtin.systemd_service:
-    state: restarted
+      state: restarted
-    daemon_reload: true
+      daemon_reload: true
-    name: gitea
+      name: gitea
--- a/ansible/gitea/roles/gitea/vars/main.yml
+++ b/ansible/gitea/roles/gitea/vars/main.yml
@ -15,4 +15,4 @@ gitea_mailer_from: "{{ lookup('env', 'GITEA_MAILER_FROM', default='git@fukurokuj
 gitea_mailer_user: "{{ lookup('env', 'GITEA_MAILER_USER') }}"
 gitea_mailer_password: "{{ lookup('env', 'GITEA_MAILER_PASSWORD') }}"
 gitea_no_reply_address: "{{ lookup('env', 'GITEA_NO_REPLY_ADDRESS', default='git@fukurokuju.dev') }}"
-gitea_themes: gitea,arc-green,gitea-modern,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender
+gitea_themes: gitea,arc-green,gitea-modern,catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender  # yamllint disable rule:line-length
--- a/ansible/k3s/playbooks/base.yml
+++ b/ansible/k3s/playbooks/base.yml
@ -1,8 +1,9 @@
 ---
 - name: Apply base configuration
  hosts:
-    - k3s_agents
+      - k3s_agents
-    - k3s_masters
+      - k3s_masters
  roles:
-    - role: ../roles/base
+      - role: ../roles/base
-      become: yes
+        become: true
--- a/ansible/k3s/playbooks/k3s.yml
+++ b/ansible/k3s/playbooks/k3s.yml
@ -1,12 +1,13 @@
 ---
 - name: Install k3s nodes
  hosts:
-    - k3s_masters
+      - k3s_masters
-    - k3s_agents
+      - k3s_agents
  roles:
-    - role: ../roles/k3s
+      - role: ../roles/k3s
-      become: yes
+        become: true
-      vars:
+        vars:
-        first_master_hostname: "{{ groups['k3s_masters'][0] }}"
+            first_master_hostname: "{{ groups['k3s_masters'][0] }}"
-        is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}"
+            is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}"
-        short_hostname: "{{ inventory_hostname.split('.')[0] }}"
+            short_hostname: "{{ inventory_hostname.split('.')[0] }}"
--- a/ansible/k3s/roles/base/tasks/main.yml
+++ b/ansible/k3s/roles/base/tasks/main.yml
@ -1,36 +1,36 @@
 ---
 - name: Set same timezone on every Server
  community.general.timezone:
-    name: "{{ system_timezone }}"
+      name: '{{ system_timezone }}'
  when: (system_timezone is defined) and (system_timezone != "Europe/Madrid")
 - name: Enable IPv4 forwarding
  ansible.posix.sysctl:
-    name: net.ipv4.ip_forward
+      name: net.ipv4.ip_forward
-    value: "1"
+      value: '1'
-    state: present
+      state: present
-    reload: yes
+      reload: true
 - name: Enable IPv6 forwarding
  ansible.posix.sysctl:
-    name: net.ipv6.conf.all.forwarding
+      name: net.ipv6.conf.all.forwarding
-    value: "1"
+      value: '1'
-    state: present
+      state: present
-    reload: yes
+      reload: true
 - name: Enable IPv6 router advertisements
  ansible.posix.sysctl:
-    name: net.ipv6.conf.all.accept_ra
+      name: net.ipv6.conf.all.accept_ra
-    value: "2"
+      value: '2'
-    state: present
+      state: present
-    reload: yes
+      reload: true
 - import_tasks: packages.yml
  name: Install base packages
  tags:
-    - packages
+      - packages
 - import_tasks: mounts.yml
  name: Mount NFS shares
  tags:
-    - nfs
+      - nfs
--- a/ansible/k3s/roles/base/tasks/mounts.yml
+++ b/ansible/k3s/roles/base/tasks/mounts.yml
@ -1,19 +1,19 @@
 ---
 - name: Create mountpoint directory
  file:
-    path: /nfs/nas1
+      path: /nfs/nas1
-    state: directory
+      state: directory
-    owner: 10000
+      owner: 10000
-    group: 10000
+      group: 10000
 - name: Mount nas1 share
  mount:
-    fstype: nfs
+      fstype: nfs
-    src: zeruel.fuku:/mnt/pool1/nas1
+      src: zeruel.fuku:/mnt/pool1/nas1
-    path: /nfs/nas1
+      path: /nfs/nas1
-    state: mounted
+      state: mounted
-    fstab: /etc/fstab
+      fstab: /etc/fstab
-    opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport
+      opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport
-    backup: true
+      backup: true
-  become: yes
+  become: true
  become_user: root
--- a/ansible/k3s/roles/base/tasks/packages.yml
+++ b/ansible/k3s/roles/base/tasks/packages.yml
@ -1,17 +1,18 @@
 ---
 - name: Install base packages
  apt:
-    name: "{{ item }}"
+      name: '{{ item }}'
-    state: present
+      state: present
-    update_cache: yes
+      update_cache: true
  loop:
-    - qemu-guest-agent
+      - qemu-guest-agent
-    - git
+      - git
-    - tmux
+      - tmux
-    - vim
+      - vim
-    - curl
+      - curl
-    - nfs-common
+      - nfs-common
 - name: Update all packages
  apt:
-    upgrade: dist
+      upgrade: dist
-    update_cache: yes
+      update_cache: true
--- a/ansible/k3s/roles/k3s/tasks/agent.yml
+++ b/ansible/k3s/roles/k3s/tasks/agent.yml
@ -1,17 +1,17 @@
 ---
 - name: Create rancher folder
  file:
-    state: directory
+      state: directory
-    path: /etc/rancher/k3s
+      path: /etc/rancher/k3s
-    owner: root
+      owner: root
-    group: root
+      group: root
-    mode: 755
+      mode: 755
 - name: Copy k3s config file
  template:
-    src: agent.config.yaml.j2
+      src: agent.config.yaml.j2
-    dest: /etc/rancher/k3s/config.yaml
+      dest: /etc/rancher/k3s/config.yaml
-    mode: 600
+      mode: 600
 - name: Install k3s agent
-  shell: "bash /tmp/k3s.install.sh agent"
+  shell: bash /tmp/k3s.install.sh agent
--- a/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
+++ b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
@ -1,19 +1,19 @@
 ---
 - name: Create .kube directory
-  become: yes
+  become: true
  file:
-    path: /home/ci/.kube
+      path: /home/ci/.kube
-    state: directory
+      state: directory
-    mode: '0755'
+      mode: '0755'
-    owner: ci
+      owner: ci
-    group: ci
+      group: ci
 - name: Copy kubeconfig
  copy:
-    remote_src: true
+      remote_src: true
-    src: /etc/rancher/k3s/k3s.yaml
+      src: /etc/rancher/k3s/k3s.yaml
-    dest: /home/ci/.kube/config
+      dest: /home/ci/.kube/config
-    mode: 0644
+      mode: 0644
-    owner: ci
+      owner: ci
-    group: ci
+      group: ci
-  become: yes
+  become: true
--- a/ansible/k3s/roles/k3s/tasks/download.yml
+++ b/ansible/k3s/roles/k3s/tasks/download.yml
@ -1,6 +1,5 @@
 ---
 - name: Download k3s script
  get_url:
-    url: https://get.k3s.io
+      url: https://get.k3s.io
-    dest: /tmp/k3s.install.sh
+      dest: /tmp/k3s.install.sh
--- a/ansible/k3s/roles/k3s/tasks/main.yml
+++ b/ansible/k3s/roles/k3s/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - import_tasks: download.yml
  name: Download install script
--- a/ansible/k3s/roles/k3s/tasks/master.yml
+++ b/ansible/k3s/roles/k3s/tasks/master.yml
@ -1,19 +1,19 @@
 ---
 - name: Create rancher folder
  file:
-    state: directory
+      state: directory
-    path: /etc/rancher/k3s
+      path: /etc/rancher/k3s
-    owner: root
+      owner: root
-    group: root
+      group: root
-    mode: 755
+      mode: 755
 - name: Copy k3s config file
  template:
-    src: master.config.yaml.j2
+      src: master.config.yaml.j2
-    dest: /etc/rancher/k3s/config.yaml
+      dest: /etc/rancher/k3s/config.yaml
-    mode: 600
+      mode: 600
  vars:
-    etcd_snapshot_dir: "/nfs/nas1/backups/{{ short_hostname }}"
+      etcd_snapshot_dir: /nfs/nas1/backups/{{ short_hostname }}
 - name: Install k3s master
  command: bash /tmp/k3s.install.sh
--- a/ansible/k3s/roles/k3s/vars/main.yml
+++ b/ansible/k3s/roles/k3s/vars/main.yml
@ -1,4 +1,4 @@
 ---
-k3s_version: "v1.27.4+k3s1"
+k3s_version: v1.27.4+k3s1
 tls_san: "{{ lookup('env', 'ANSIBLE_TLS_SAN') | mandatory }}"
 cluster_token: "{{ lookup('env', 'ANSIBLE_CLUSTER_TOKEN') | mandatory }}"
--- a/ansible/nextcloud/role-promtail.yml
+++ b/ansible/nextcloud/role-promtail.yml
@ -1,26 +1,27 @@
 ---
 - name: Install promtail
  hosts:
-    - nextclouds
+      - nextclouds
  roles:
-    - role: patrickjahns.promtail
+      - role: patrickjahns.promtail
-      vars:
+        vars:
-        promtail_version: 2.9.4
+            promtail_version: 2.9.4
-        promtail_config_clients:
+            promtail_config_clients:
-          - url: https://loki.fuku/loki/api/v1/push
+                - url: https://loki.fuku/loki/api/v1/push
-            basic_auth:
+                  basic_auth:
-              username: cloud
+                      username: cloud
-              password: "{{ lookup('env', 'NEXTCLOUD_PROMTAIL_PASSWORD') | mandatory }}"
+                      password: "{{ lookup('env', 'NEXTCLOUD_PROMTAIL_PASSWORD') | mandatory }}"
-            tls_config:
+                  tls_config:
-              insecure_skip_verify: true
+                      insecure_skip_verify: true
-        promtail_config_scrape_configs:
+            promtail_config_scrape_configs:
-          - job_name: system
+                - job_name: system
-            static_configs:
+                  static_configs:
-              - targets:
+                      - targets:
-                  - localhost
+                            - localhost
-                labels:
+                        labels:
-                  nextcloud: cloud.fukurokuju.dev
+                            nextcloud: cloud.fukurokuju.dev
-                  __path__: /mnt/share/data/cloud/data/{nextcloud,audit}.log
+                            __path__: /mnt/share/data/cloud/data/{nextcloud,audit}.log
-        promtail_config_limits_config:
+            promtail_config_limits_config:
-          readline_rate_enabled: true
+                readline_rate_enabled: true
-          readline_rate_drop: true
+                readline_rate_drop: true
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,2 +1,3 @@
 ---
 - name: patrickjahns.promtail
  version: 1.26.0
--- a/k8s/argo-apps/argo-workflows.yaml
+++ b/k8s/argo-apps/argo-workflows.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@ -6,11 +7,11 @@ metadata:
 spec:
  destination:
    name: ''
-    namespace: 'argo-workflows'
+    namespace: argo-workflows
-    server: "https://kubernetes.default.svc"
+    server: https://kubernetes.default.svc
  project: management
  syncPolicy:
-    automated: { }
+    automated: {}
  sources:
    - chart: argo-workflows
      repoURL: https://argoproj.github.io/argo-helm
--- a/k8s/argo-apps/argo.yaml
+++ b/k8s/argo-apps/argo.yaml
@ -1,17 +1,18 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: argo
+    name: argo
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'argocd'
+        namespace: argocd
-    server: 'https://kubernetes.default.svc'
+        server: https://kubernetes.default.svc
-  sources:
+    sources:
-    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+        - repoURL: https://git.roboces.dev/catalin/fukuops.git
-      path: k8s/services/argo
+          path: k8s/services/argo
-      targetRevision: main
+          targetRevision: main
-  project: management
+    project: management
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@ -6,8 +7,8 @@ metadata:
 spec:
  destination:
    name: ''
-    namespace: 'apps-fuku'
+    namespace: apps-fuku
-    server: "https://kubernetes.default.svc"
+    server: https://kubernetes.default.svc
  sources:
    - chart: authentik
      repoURL: https://charts.goauthentik.io/
@ -15,27 +16,27 @@ spec:
      helm:
        valuesObject:
          authentik:
-              secret_key: file:///authentik-creds/secret_key
+            secret_key: file:///authentik-creds/secret_key
-              email:
+            email:
-                host: mail.fukurokuju.dev
+              host: mail.fukurokuju.dev
-                port: 465
+              port: 465
-                password: file:///authentik-creds/email_password
+              password: file:///authentik-creds/email_password
-                username: auth@fukurokuju.dev
+              username: auth@fukurokuju.dev
-                use_ssl: true
+              use_ssl: true
-                timeout: 30
+              timeout: 30
-                from: auth@fukurokuju.dev
+              from: auth@fukurokuju.dev
-              postgresql:
+            postgresql:
-                host: 192.168.1.3
+              host: 192.168.1.3
-                port: 55432
+              port: 55432
-                name: auth
+              name: auth
-                user: file:///authentik-creds/pg_username
+              user: file:///authentik-creds/pg_username
-                password: file:///authentik-creds/pg_password
+              password: file:///authentik-creds/pg_password
-              redis:
+            redis:
-                host: 192.168.1.3
+              host: 192.168.1.3
-                port: 30036
+              port: 30036
-                password: file:///authentik-creds/redis_password
+              password: file:///authentik-creds/redis_password
-              error_reporting:
+            error_reporting:
-                enabled: true
+              enabled: true
          global:
            volumeMounts:
              - name: authentik-creds
@ -63,7 +64,7 @@ spec:
              servicePortHttps: 9443
              annotations:
                traefik.ingress.kubernetes.io/service.serversscheme: https
-                traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd
+                traefik.ingress.kubernetes.io/service.serverstransport: apps-fuku-skipverify-authentik@kubernetescrd  # yamllint disable rule:line-length
            metrics:
              enabled: true
              service:
@ -91,4 +92,4 @@ spec:
      targetRevision: main
  project: fuku
  syncPolicy:
-    automated: { }
+    automated: {}
--- a/k8s/argo-apps/dcsi.yaml
+++ b/k8s/argo-apps/dcsi.yaml
@ -1,29 +1,30 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: democratic-csi
+    name: democratic-csi
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'democratic-csi'
+        namespace: democratic-csi
-    server: 'https://kubernetes.default.svc'
+        server: https://kubernetes.default.svc
-  sources:
+    sources:
-    - chart: democratic-csi
+        - chart: democratic-csi
-      repoURL: https://democratic-csi.github.io/charts/
+          repoURL: https://democratic-csi.github.io/charts/
-      targetRevision: 0.14.*
+          targetRevision: 0.14.*
-      helm:
+          helm:
-        releaseName: zfs-nfs
+              releaseName: zfs-nfs
-        valuesObject:
+              valuesObject:
-          csiDriver:
+                  csiDriver:
-            name: "org.dcsi.nfs"
+                      name: org.dcsi.nfs
-          driver:
+                  driver:
-            existingConfigSecret: secrets-dcsi
+                      existingConfigSecret: secrets-dcsi
-            config:
+                      config:
-              driver: freenas-api-nfs
+                          driver: freenas-api-nfs
-    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+        - repoURL: https://git.roboces.dev/catalin/fukuops.git
-      path: k8s/services/dcsi
+          path: k8s/services/dcsi
-      targetRevision: main
+          targetRevision: main
-  project: management
+    project: management
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
--- a/k8s/argo-apps/factorio.yaml
+++ b/k8s/argo-apps/factorio.yaml
@ -1,44 +1,45 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: factorio
+    name: factorio
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'apps-fuku'
+        namespace: apps-fuku
-    server: 'https://kubernetes.default.svc'
+        server: https://kubernetes.default.svc
-  sources:
+    sources:
-    - chart: factorio-server-charts
+        - chart: factorio-server-charts
-      repoURL: https://sqljames.github.io/factorio-server-charts/
+          repoURL: https://sqljames.github.io/factorio-server-charts/
-      targetRevision: 1.2.*
+          targetRevision: 1.2.*
-      helm:
+          helm:
-        valuesObject:
+              valuesObject:
-          rcon:
+                  rcon:
-            passwordSecret: secrets-factorio
+                      passwordSecret: secrets-factorio
-          nodeSelector:
+                  nodeSelector:
-            kubernetes.io/hostname: agent1
+                      kubernetes.io/hostname: agent1
-          image:
+                  image:
-            tag: 1.1.101
+                      tag: 1.1.101
-          factorioServer:
+                  factorioServer:
-            save_name: fukurokuju
+                      save_name: fukurokuju
-          admin_list:
+                  admin_list:
-            - Phireh
+                      - Phireh
-          account:
+                  account:
-            accountSecret: secrets-factorio
+                      accountSecret: secrets-factorio
-          server_settings:
+                  server_settings:
-            name: factorio-fukurokuju
+                      name: factorio-fukurokuju
-            visibility:
+                      visibility:
-              public: false
+                          public: false
-            require_user_verification: false
+                      require_user_verification: false
-          persistence:
+                  persistence:
-            storageClassName: truenas-nfs-csi
+                      storageClassName: truenas-nfs-csi
-          serverPassword:
+                  serverPassword:
-            passwordSecret: secrets-factorio
+                      passwordSecret: secrets-factorio
-    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+        - repoURL: https://git.roboces.dev/catalin/fukuops.git
-      path: k8s/services/factorio
+          path: k8s/services/factorio
-      targetRevision: main
+          targetRevision: main
-  project: fuku
+    project: fuku
-  syncPolicy:
+    syncPolicy:
-    automated: {}
+        automated: {}
--- a/k8s/argo-apps/fireflyiii.yaml
+++ b/k8s/argo-apps/fireflyiii.yaml
@ -1,27 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: firefly
  namespace: argocd
 spec:
  destination:
    name: ''
    namespace: 'apps-roboces'
    server: "https://kubernetes.default.svc"
  project: roboces
  sources:
    - chart: firefly-iii-stack
      repoURL: https://firefly-iii.github.io/kubernetes
      targetRevision: 0.7.2
      helm:
        valuesObject:
          firefly-db:
            enabled: false
          config:
            existingSecret: firefly
            env:
              TZ: Europe/Madrid
              APP_URL: https://moneis.roboces.dev
          service:
            type: LoadBalancer
            port: 8889
--- a/k8s/argo-apps/kured.yaml
+++ b/k8s/argo-apps/kured.yaml
@ -1,26 +1,27 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: kured
+    name: kured
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'apps-fuku'
+        namespace: apps-fuku
-    server: "https://kubernetes.default.svc"
+        server: https://kubernetes.default.svc
-  project: fuku
+    project: fuku
-  source:
+    source:
-    chart: kured
+        chart: kured
-    repoURL: https://kubereboot.github.io/charts
+        repoURL: https://kubereboot.github.io/charts
-    targetRevision: 5.3.*
+        targetRevision: 5.3.*
-    helm:
+        helm:
-      valuesObject:
+            valuesObject:
-        configuration.rebootDays:
+                configuration.rebootDays:
-          - mon
+                    - mon
-          - wed
+                    - wed
-          - fri
+                    - fri
-        configuration.startTime: 4am
+                configuration.startTime: 4am
-        configuration.endTime: 9am
+                configuration.endTime: 9am
-        configuration.timeZone: Europe/Madrid
+                configuration.timeZone: Europe/Madrid
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
--- a/k8s/argo-apps/loki.yaml
+++ b/k8s/argo-apps/loki.yaml
@ -1,116 +1,117 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: loki
+    name: loki
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'monitoring'
+        namespace: monitoring
-    server: "https://kubernetes.default.svc"
+        server: https://kubernetes.default.svc
-  project: management
+    project: management
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
-    syncOptions:
+        syncOptions:
-      - ServerSideApply=true
+            - ServerSideApply=true
-  sources:
+    sources:
-    - chart: loki-stack
+        - chart: loki-stack
-      repoURL: https://grafana.github.io/helm-charts
+          repoURL: https://grafana.github.io/helm-charts
-      targetRevision: 2.10.*
+          targetRevision: 2.10.*
-      helm:
+          helm:
-        valuesObject:
+              valuesObject:
-          grafana:
+                  grafana:
-            enabled: true
+                      enabled: true
-            persistence:
+                      persistence:
-              type: pvc
+                          type: pvc
-              enabled: true
+                          enabled: true
-              size: 10Gi
+                          size: 10Gi
-              accessModes:
+                          accessModes:
-                - ReadWriteMany
+                              - ReadWriteMany
-            ingress:
+                      ingress:
-              enabled: true
+                          enabled: true
-              hosts:
+                          hosts:
-                - grafana.fuku
+                              - grafana.fuku
-              ingressClassName: traefik
+                          ingressClassName: traefik
-            grafana.ini:
+                      grafana.ini:
-              smtp:
+                          smtp:
-                enabled: true
+                              enabled: true
-                host: mail.fukurokuju.dev:465
+                              host: mail.fukurokuju.dev:465
-                from_address: status@fukurokuju.dev
+                              from_address: status@fukurokuju.dev
-            smtp:
+                      smtp:
-              existingSecret: secret-grafana-smtp
+                          existingSecret: secret-grafana-smtp
-          resources:
+                  resources:
-            limits:
+                      limits:
-              cpu: 512m
+                          cpu: 512m
-              memory: 512Mi
+                          memory: 512Mi
-            requests:
+                      requests:
-              cpu: 256m
+                          cpu: 256m
-              memory: 256Mi
+                          memory: 256Mi
-          loki:
+                  loki:
-            storage:
+                      storage:
-              type: filesystem
+                          type: filesystem
-            ingress:
+                      ingress:
-              enabled: true
+                          enabled: true
-              ingressClassName: traefik
+                          ingressClassName: traefik
-              annotations:
+                          annotations:
-                traefik.ingress.kubernetes.io/router.middlewares: monitoring-loki-auth-middleware@kubernetescrd
+                              traefik.ingress.kubernetes.io/router.middlewares: monitoring-loki-auth-middleware@kubernetescrd  # yamllint disable rule:line-length
-              hosts:
+                          hosts:
-                - host: loki.fuku
+                              - host: loki.fuku
-                  paths:
+                                paths:
-                    - /
+                                    - /
-          prometheus:
+                  prometheus:
-            enabled: true
+                      enabled: true
-            isDefault: true
+                      isDefault: true
-            server:
+                      server:
-              persistentVolume:
+                          persistentVolume:
-                accessModes:
+                              accessModes:
-                  - ReadWriteMany
+                                  - ReadWriteMany
-                enabled: true
+                              enabled: true
-            extraScrapeConfigs: |
+                      extraScrapeConfigs: |
-              - job_name: 'argocd-metrics'
+                          - job_name: 'argocd-metrics'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-metrics.argocd:8082"]
+                              - targets: ["argocd-metrics.argocd:8082"]
-              - job_name: 'argocd-server-metrics'
+                          - job_name: 'argocd-server-metrics'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-server-metrics.argocd:8083"]
+                              - targets: ["argocd-server-metrics.argocd:8083"]
-              - job_name: 'argocd-repo-server-metrics'
+                          - job_name: 'argocd-repo-server-metrics'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-server.argocd:8084"]
+                              - targets: ["argocd-server.argocd:8084"]
-              - job_name: 'argocd-applicationset-controller-metrics'
+                          - job_name: 'argocd-applicationset-controller-metrics'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-applicationset-controller-metrics.argocd:8080"]
+                              - targets: ["argocd-applicationset-controller-metrics.argocd:8080"]
-              - job_name: 'argocd-dex-server'
+                          - job_name: 'argocd-dex-server'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-dex-server.argocd:5558"]
+                              - targets: ["argocd-dex-server.argocd:5558"]
-              - job_name: 'argocd-notifications-controller-metrics'
+                          - job_name: 'argocd-notifications-controller-metrics'
-                static_configs:
+                            static_configs:
-                  - targets: ["argocd-notifications-controller-metrics.argocd:9001"]
+                              - targets: ["argocd-notifications-controller-metrics.argocd:9001"]
-              - job_name: 'miniflux'
+                          - job_name: 'miniflux'
-                static_configs:
+                            static_configs:
-                  - targets: ["miniflux-service.apps-roboces:8888"]
+                              - targets: ["miniflux-service.apps-roboces:8888"]
-              - job_name: 'authentik'
+                          - job_name: 'authentik'
-                static_configs:
+                            static_configs:
-                  - targets: ["authentik-server-metrics.apps-fuku:9300"]
+                              - targets: ["authentik-server-metrics.apps-fuku:9300"]
-            alertmanager:
+                      alertmanager:
-              persistence:
+                          persistence:
-                enabled: true
+                              enabled: true
-                accessModes:
+                              accessModes:
-                  - ReadWriteMany
+                                  - ReadWriteMany
-          singleBinary:
+                  singleBinary:
-            replicas: 1
+                      replicas: 1
-            persistence:
+                      persistence:
-              enabled: true
+                          enabled: true
-              storageClass: default
+                          storageClass: default
-              size: 25Gi
+                          size: 25Gi
-              accessModes:
+                          accessModes:
-                - ReadWriteMany
+                              - ReadWriteMany
-    - repoURL: https://git.roboces.dev/catalin/fukuops.git
+        - repoURL: https://git.roboces.dev/catalin/fukuops.git
-      path: k8s/services/loki
+          path: k8s/services/loki
-      targetRevision: main
+          targetRevision: main
--- a/k8s/argo-apps/miniflux.yaml
+++ b/k8s/argo-apps/miniflux.yaml
@ -1,18 +1,19 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: miniflux
+    name: miniflux
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'apps-roboces'
+        namespace: apps-roboces
-    server: 'https://kubernetes.default.svc'
+        server: https://kubernetes.default.svc
-  source:
+    source:
-    path: k8s/services/miniflux
+        path: k8s/services/miniflux
-    repoURL: 'https://git.roboces.dev/catalin/fukuops.git'
+        repoURL: https://git.roboces.dev/catalin/fukuops.git
-    targetRevision: main
+        targetRevision: main
-  sources: []
+    sources: []
-  project: roboces
+    project: roboces
-  syncPolicy:
+    syncPolicy:
-    automated: {}
+        automated: {}
--- a/k8s/argo-apps/sealed-secrets.yaml
+++ b/k8s/argo-apps/sealed-secrets.yaml
@ -1,22 +1,23 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: sealed-secrets
+    name: sealed-secrets
-  namespace: argocd
+    namespace: argocd
 spec:
-  destination:
+    destination:
-    name: ''
+        name: ''
-    namespace: 'kube-system'
+        namespace: kube-system
-    server: "https://kubernetes.default.svc"
+        server: https://kubernetes.default.svc
-  source:
+    source:
-    chart: sealed-secrets
+        chart: sealed-secrets
-    repoURL: https://bitnami-labs.github.io/sealed-secrets
+        repoURL: https://bitnami-labs.github.io/sealed-secrets
-    targetRevision: 2.14.*
+        targetRevision: 2.14.*
-    helm:
+        helm:
-      releaseName: sealed-secrets
+            releaseName: sealed-secrets
-      valuesObject:
+            valuesObject:
-        fullnameOverride: sealed-secrets-controller
+                fullnameOverride: sealed-secrets-controller
-  project: management
+    project: management
-  sources: []
+    sources: []
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
--- a/k8s/services/argo-workflows/admin-service-account.yaml
+++ b/k8s/services/argo-workflows/admin-service-account.yaml
@ -2,30 +2,30 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: admin-user
+    name: admin-user
-  namespace: argo-workflows
+    namespace: argo-workflows
-  annotations:
+    annotations:
-    workflows.argoproj.io/rbac-rule: "true"
+        workflows.argoproj.io/rbac-rule: 'true'
-    workflows.argoproj.io/rbac-rule-precedence: "1"
+        workflows.argoproj.io/rbac-rule-precedence: '1'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: admin-user
 subjects:
  - kind: ServiceAccount
    name: admin-user
-    namespace: argo-workflows
+subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: argo-workflows
 roleRef:
-  name: argo-workflows-admin
+    name: argo-workflows-admin
-  kind: ClusterRole
+    kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
+    apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: admin-user.service-account-token
+    name: admin-user.service-account-token
-  namespace: argo-workflows
+    namespace: argo-workflows
-  annotations:
+    annotations:
-    kubernetes.io/service-account.name: admin-user
+        kubernetes.io/service-account.name: admin-user
 type: kubernetes.io/service-account-token
--- a/k8s/services/argo-workflows/sealedsecrets.yaml
+++ b/k8s/services/argo-workflows/sealedsecrets.yaml
@ -2,15 +2,15 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: secrets-argo-server-sso
+    name: secrets-argo-server-sso
-  namespace: argo-workflows
+    namespace: argo-workflows
 spec:
-  encryptedData:
+    encryptedData:
-    client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp
+        client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp  # yamllint disable rule:line-length
-    client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ==
+        client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ==  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: secrets-argo-server-sso
+            name: secrets-argo-server-sso
-      namespace: argo-workflows
+            namespace: argo-workflows
--- a/k8s/services/argo/appgen.yaml
+++ b/k8s/services/argo/appgen.yaml
@ -1,18 +1,19 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: fukuops-appgen
+    name: fukuops-appgen
-  namespace: argocd
+    namespace: argocd
-  finalizers:
+    finalizers:
-  - resources-finalizer.argocd.argoproj.io
+        - resources-finalizer.argocd.argoproj.io
 spec:
-  destination:
+    destination:
-    namespace: default
+        namespace: default
-    name: in-cluster
+        name: in-cluster
-  project: default
+    project: default
-  source:
+    source:
-    path: k8s/argo-apps
+        path: k8s/argo-apps
-    repoURL: https://git.roboces.dev/catalin/fukuops.git
+        repoURL: https://git.roboces.dev/catalin/fukuops.git
-    targetRevision: main
+        targetRevision: main
-  syncPolicy:
+    syncPolicy:
-    automated: { }
+        automated: {}
--- a/k8s/services/argo/argocd-cmd-params-cm.yaml
+++ b/k8s/services/argo/argocd-cmd-params-cm.yaml
@ -1,10 +1,11 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: argocd-cmd-params-cm
+    name: argocd-cmd-params-cm
-  namespace: argocd
+    namespace: argocd
-  labels:
+    labels:
-    app.kubernetes.io/name: argocd-cmd-params-cm
+        app.kubernetes.io/name: argocd-cmd-params-cm
-    app.kubernetes.io/part-of: argocd
+        app.kubernetes.io/part-of: argocd
 data:
-  server.insecure: "true"
+    server.insecure: 'true'
--- a/k8s/services/argo/ingress-route.yaml
+++ b/k8s/services/argo/ingress-route.yaml
@ -1,25 +1,26 @@
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
-  name: argocd-server
+    name: argocd-server
-  namespace: argocd
+    namespace: argocd
 spec:
-  entryPoints:
+    entryPoints:
-    - websecure
+        - websecure
-    - web
+        - web
-  routes:
+    routes:
-    - kind: Rule
+        - kind: Rule
-      match: Host(`argo.fuku`)
+          match: Host(`argo.fuku`)
-      priority: 10
+          priority: 10
-      services:
+          services:
-        - name: argocd-server
+              - name: argocd-server
-          port: 80
+                port: 80
-    - kind: Rule
+        - kind: Rule
-      match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`)
+          match: Host(`argo.fuku`) && Headers(`Content-Type`, `application/grpc`)
-      priority: 11
+          priority: 11
-      services:
+          services:
-        - name: argocd-server
+              - name: argocd-server
-          port: 80
+                port: 80
-          scheme: h2c
+                scheme: h2c
-  tls:
+    tls:
-    certResolver: default
+        certResolver: default
--- a/k8s/services/argo/project-fuku.yaml
+++ b/k8s/services/argo/project-fuku.yaml
@ -2,24 +2,24 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  namespace: argocd
+    namespace: argocd
-  name: fuku
+    name: fuku
 spec:
-  destinations:
+    destinations:
-    - namespace: apps-fuku
+        - namespace: apps-fuku
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: postgres
+        - namespace: postgres
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-  clusterResourceWhitelist:
+    clusterResourceWhitelist:
-    - group: rbac.authorization.k8s.io
+        - group: rbac.authorization.k8s.io
-      kind: ClusterRole
+          kind: ClusterRole
-    - group: rbac.authorization.k8s.io
+        - group: rbac.authorization.k8s.io
-      kind: ClusterRoleBinding
+          kind: ClusterRoleBinding
-  sourceRepos:
+    sourceRepos:
-    - https://git.roboces.dev/catalin/fukuops.git
+        - https://git.roboces.dev/catalin/fukuops.git
-    - https://charts.goauthentik.io/
+        - https://charts.goauthentik.io/
-    - https://kubereboot.github.io/charts
+        - https://kubereboot.github.io/charts
-    - https://sqljames.github.io/factorio-server-charts/
+        - https://sqljames.github.io/factorio-server-charts/
-    - https://portainer.github.io/k8s/
+        - https://portainer.github.io/k8s/
-    - https://charts.bitnami.com/bitnami
+        - https://charts.bitnami.com/bitnami
-    - https://charts.crystalnet.org
+        - https://charts.crystalnet.org
--- a/k8s/services/argo/project-management.yaml
+++ b/k8s/services/argo/project-management.yaml
@ -2,31 +2,31 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  namespace: argocd
+    namespace: argocd
-  name: management
+    name: management
 spec:
-  destinations:
+    destinations:
-    - namespace: argocd
+        - namespace: argocd
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: democratic-csi
+        - namespace: democratic-csi
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: kube-system
+        - namespace: kube-system
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: monitoring
+        - namespace: monitoring
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: system-upgrade
+        - namespace: system-upgrade
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-    - namespace: argo-workflows
+        - namespace: argo-workflows
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-  clusterResourceWhitelist:
+    clusterResourceWhitelist:
-    - group: "*"
+        - group: '*'
-      kind: "*"
+          kind: '*'
-  sourceRepos:
+    sourceRepos:
-    - https://git.roboces.dev/catalin/fukuops.git
+        - https://git.roboces.dev/catalin/fukuops.git
-    - https://democratic-csi.github.io/charts/
+        - https://democratic-csi.github.io/charts/
-    - https://bitnami-labs.github.io/sealed-secrets
+        - https://bitnami-labs.github.io/sealed-secrets
-    - https://grafana.github.io/helm-charts
+        - https://grafana.github.io/helm-charts
-    - https://kubernetes-sigs.github.io/descheduler/
+        - https://kubernetes-sigs.github.io/descheduler/
-    - https://github.com/rancher/system-upgrade-controller.git
+        - https://github.com/rancher/system-upgrade-controller.git
-    - https://charts.bitnami.com/bitnami
+        - https://charts.bitnami.com/bitnami
-    - https://argoproj.github.io/argo-helm
+        - https://argoproj.github.io/argo-helm
--- a/k8s/services/argo/project-roboces.yaml
+++ b/k8s/services/argo/project-roboces.yaml
@ -2,12 +2,12 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  namespace: argocd
+    namespace: argocd
-  name: roboces
+    name: roboces
 spec:
-  destinations:
+    destinations:
-    - namespace: apps-roboces
+        - namespace: apps-roboces
-      server: https://kubernetes.default.svc
+          server: https://kubernetes.default.svc
-  sourceRepos:
+    sourceRepos:
-    - https://git.roboces.dev/catalin/fukuops.git
+        - https://git.roboces.dev/catalin/fukuops.git
-    - https://firefly-iii.github.io/kubernetes
+        - https://firefly-iii.github.io/kubernetes
--- a/k8s/services/argo/repos.yaml
+++ b/k8s/services/argo/repos.yaml
@ -2,19 +2,19 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: fuku-services
+    name: fuku-services
-  namespace: argocd
+    namespace: argocd
-  labels:
+    labels:
-    argocd.argoproj.io/secret-type: repository
+        argocd.argoproj.io/secret-type: repository
 stringData:
-  url: https://gitlab.com/fukurokuju/k3s/services.git
+    url: https://gitlab.com/fukurokuju/k3s/services.git
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: fukuops-repo
+    name: fukuops-repo
-  namespace: argocd
+    namespace: argocd
-  labels:
+    labels:
-    argocd.argoproj.io/secret-type: repository
+        argocd.argoproj.io/secret-type: repository
 stringData:
-  url: https://git.roboces.dev/catalin/fukuops.git
+    url: https://git.roboces.dev/catalin/fukuops.git
--- a/k8s/services/authentik/pvc.yaml
+++ b/k8s/services/authentik/pvc.yaml
@ -1,12 +1,13 @@
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: pvc-authentik-media
+    name: pvc-authentik-media
-  namespace: apps-fuku
+    namespace: apps-fuku
 spec:
-  accessModes:
+    accessModes:
-    - ReadWriteMany
+        - ReadWriteMany
-  storageClassName: "truenas-nfs-csi"
+    storageClassName: truenas-nfs-csi
-  resources:
+    resources:
-    requests:
+        requests:
-      storage: 3Gi
+            storage: 3Gi
--- a/k8s/services/authentik/sealedsecrets.yaml
+++ b/k8s/services/authentik/sealedsecrets.yaml
@ -1,19 +1,20 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: secrets-authentik
+    name: secrets-authentik
-  namespace: apps-fuku
+    namespace: apps-fuku
 spec:
-  encryptedData:
+    encryptedData:
-    email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4
+        email_password: AgCzRWtmiBIj6ZD1muwvJROasd+8ls98/5CWdUcQLN18vgW//QNGJUn2kMweQ/p93NpmCay4mvfvCjZrQeB/9gw2VcrXxLoDO6X3AExtFQUw0zr6nqCfKeYKkhu7OqZJZIsu5pBTYxf1zcRFI/Fp7v/dNLUkNFhaOU33zck3dBbHaxWylnyaTdpGC8NQdN/yGRXc+PXi9GLI+XhhMQzTw443B62eSisTc0MA0vMeqHc/whapwjyQtVKOmA/U2IWrtIrze+xn5Wyfzi6w/XLQt67Kcq4m885jf4su5ymXIPswVEp5I1Aq0WK5hoYhQ+S1ipY31cng3Vsg6TOwizw1BDt7uY1DmshVIm0wk/7g8AVlDyr1aNvnWw+flqR68SLR7xSHv2UxAat1bgs3iUmaKHkWnhK5vuoj0hd+iKmeRGCV1v1DRaRKhOGrCbmSACXm01Iq/yNhBtxiFaz4QqnFpt5MmMQrtRYz18Y44LfOMX0jjJT3+RGH+L9f71V3fTK2uBkuWvF/ExzKJUoJ2XKpnR8xLuqCyBYmt1nPLue+/8lT6JRzWWbyT69PpYvvJ2tU21TQVROs1e+OiYrhEvvIkTx1tgomLInJRn3EZ2U0ycfqWRO49kycPhLKojJ2mL8Uu0K1Q6cxcViK3tv7CAidJ+FqcwfMPR0ivc0obu1u1m8QvPgMXayG2tQs6cEDEQtTu0ugKIpcUftuhNStDWFWi7xYnwvTvfN55l7jf9O4  # yamllint disable rule:line-length
-    pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek=
+        pg_password: AgAr5ZLncvqsmJY518N4lcLWWSOJt4AIlkPlR0B4tFCZvPL8OPET1mulJD7QWAudr6m0XsX/8DO/UM4bpiWZCU+2oizBJf/4Vj5zFzuaZLLcCzZtHxXLugPkyBqTh1NmKDnM0H/vqS3migkPCVKxMVr1PnLLyRJ2fa2v/6R/dXnpl5I5beGnxRIXS0vcBWf4WvbH/iXfNv91cVJBausN8kyKqNWmeBDL4Px3NwB4/wpxRMeW/IYB3kC5DHYNMs7zeJGiJpAwYAiK/Cmuz0MUAR/Zq+UWf6A+QYgLcKrNQ1jUiSTp9vqOpTpvZv+2aaNV3pcZBTM+UagDZFvHQRWUi5QpNMwZ0RC6KQoRK9ccn4gvR0Cvd7/osQAXLFJuC7P90xg9vPRpXL63PDoifBsNZjzsWiw+8YFLgHfks7riN89KfzzVwB6ygtlz7zipR24BM9W8x82sF8Ho4Ig0wrKCjd7oZYBrEtzOe9kpRgdQSq7fLP3xv7Wb29yi5MiEQ3sSYvDZr33X8u+ZQ3+EAsd4iwasntwRDoDo0E2Fn6V9TPYKdOnDzBsMzTNlPEMMldjW7IB6edTutQi0rCKOOq9/uQMz4uFz7pW5Y79ohF+WyA25Cbxbg93Dja/qd/CMn9UJ2XH4cLYoiBvfxG87lUV85dR7qymBbPrZZjnPhhhINEixxRq/uau5b7ceWp7Cy+Wg/rhvQzvaAI+YtHpYqQu0gjib1dkqqhrz+ptpW4q4hbLI/ek=  # yamllint disable rule:line-length
-    pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w
+        pg_username: AgB6a2UHhGQCYyYBgOWoZGWKCqaGMoOO8KGPRkB2LQeHFi9rok2EfaxGm5kfPuf9ItRaAYhyVqo1EV/5foUH2rSwUZpLkC+FiU1U7dNr4rLW4pMmqGJsJxx/JbclrEPP2gYlL2EI1Pq6nksPfxkxTd9wO2qaQAmurnvnsPV5VcBHvbI+6WNJNiK2hsJtuSd1kbA/r2jjeR0eo6PUBm17bgk2/lync4PqwWSjolwoYhZ3cpBFzxJ0sx8cH5DWMZSV8kefexfqmIf/t82gU2g3BQ96FRfZY9QWmB0WFUI+M4i1UcLq0uIPFz+wFeg+eTUdalqh57LA/mtZ8elMAHnjfpLIJm0PCLySl2i+f4QbWwDfvrpXa8bLOcaCFUXqp2xKtJvu/1amzJF9EmEYDcw2NhO484xHlZua18hSyxnTGjUapo5Z3EfKX01CU1JAxNtXKEflkN5OlUPs4ucAAdRVwsa+4Uh6Tp/bBPzr6mUEOkiZWO4V7lolQQzwO+wL+dx6Tl7K5nU8RjzAOvfLimHI1ZTJiurwTUC5LkgKt0mskWOKAEeXon+wKECkhJHO56YXwolFEyxNMuvSxR4+eosqAhx6u8Pr+vTZfnjbSx+80Fw1JBdljCh0F54RrNSSSkJSPeXmPS3Hge7yEbfDsQvbgcCGJRdP7U3OEDvOowFDJdIgs9iBEsrPjaVziYRgp+bllldUZn+w  # yamllint disable rule:line-length
-    redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ==
+        redis_password: AgBAr7eZ59BPbu1lNhp63q5MdyyRb+XYkdelg2yoHjHxCJHwK+2H5/C2MCA1JMOp2QHD6Cg0vgdNMPkFktlpFRZCayZGURKVg00ZLW86qeFHamJNUfej7AvBO9mbGuI1x16Rtavt9OhD9pguQr47IIiWyitIVuFwqgKEsPwlqzl4DA2c/VpKi/SI5bJPi60LL2x3GcNLhxeQrbjd7gKgwiMSEQI1SvoQ1oFSpNktlAtXtd8Kd98CGMRYBxqzIfFxZa7ZE1a2dlwD8hB8G7g7slsO42V2TQu4HzCot0jbfaW84lM5pg+DVMNMDv4kumdGYMZpWngGGJM68YwMOT/+TW/gx3Prt4S76RqQNaVMzhQ0+ZRTy2q96esvyLttg916IUfxVfmXNNWK02hUlzJai7QWAfu/oJRN9irTpG+s/c4WmENNgS8rS901bfEqFFi3gIly/KhFzqRL5/upj7vsdcqiutk9B75LFtkh4yAdGUcBMwIgfV71fxrgFBy6tneU4iZPPi72bKyzx1Cf/tsrcTSnpKiQlK+mpuYixjn0f5UrXPYnziZJCvdHd2SpNWjAWh7jPUR+6wdWxxYZ2oQ1JlPKwgWY6s1rIwxzn/XFb49D9SDTNqwUXpy85g4ENPptAy2jiu0kVaTqe474TjAOW2iyOqkM7lNu+94zJ9fCfWTIdupD/BkWEaiZEy0HaaBCLhL11sBBOpsZztQ1685H7KxXXPAMfQ==  # yamllint disable rule:line-length
-    secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig==
+        secret_key: AgB1Z4HtyF3JSFHYS1sT0rixvwQQYebZwMWwxYr8Dk0P6rkk9i+2mgVCJ4Rf+eT3o6mPkKGiPlrVsXyPJFHt0/RUblsuH2IelOBZa6SSA7+OpdWBIhP4nmv1ZdyEFQT7Iw5NcjOAlU7Ig+0tHyt+qcBfnOAKH6xjbZIYQeQkkp3T7JC3I4zyidtIzxRx1VGftnYruMI42vrpCBKcSydlcwImdxvlSgdMKI7VE2dgLC6t4dYOVX4R4A8fPO49acq0lx/DqehQrZrW/EaxBK0RnTRcM5S9PFMQUR19Y8swAtJ+Aa0x6Ot6+R6MAQrzCWBhY0NHKPlEDHNBLQ01MOBaKzXiMIjLODjZ5VZOMPl2WfhrCx+MF9GN/zz2WjlutZ7cJpKMVsH+ZjVfeDceNTJ37hpC9CJJ6AstYdYtyOle35Uk1e9V+bw1iwjFHXUv6srDgbqt1tF1cWZQ8+qj4enZjSKojCP3fjcNXwLeQBoGlZU3XHwq+VjZVS1zmcQNQ7f0HWmX59yOicJTXHuJ6PxMpjsvt/0P6X4gXcXwx3GdEJS7GjjmLdt+bdn2yDxVYtt2i5ebdypVR4T++P/gdU/n+MOOzF+RkuRL60snhoh6b+phflZXpdARMVSwZJDrFnxRPih9sj3MoRvPV5eFmuflc2tMIneJqUKSN2xkpSccSTMjJMMrYif7u5k5oaxP3ouL8ZTUnatHUH8BEBnxtXUW4DEz0z9jYLq1QROf0OikoHMff8sId3SqgEbNvYv0BGG6ER05Ig==  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: secrets-authentik
+            name: secrets-authentik
-      namespace: apps-fuku
+            namespace: apps-fuku
-    type: Opaque
+        type: Opaque
--- a/k8s/services/authentik/serverstransport.yaml
+++ b/k8s/services/authentik/serverstransport.yaml
@ -2,7 +2,7 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: ServersTransport
 metadata:
-  name: skipverify-authentik
+    name: skipverify-authentik
-  namespace: apps-fuku
+    namespace: apps-fuku
 spec:
-  insecureSkipVerify: true
+    insecureSkipVerify: true
--- a/k8s/services/dcsi/sealedsecrets.yaml
+++ b/k8s/services/dcsi/sealedsecrets.yaml
@ -1,15 +1,16 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: secrets-dcsi
+    name: secrets-dcsi
-  namespace: democratic-csi
+    namespace: democratic-csi
 spec:
-  encryptedData:
+    encryptedData:
-    driver-config-file.yaml: AgAV/PBRKpvUMziktxxW5aPv1ITToe3i2FVqWLL0IbWl94Px8gH9AJCMNVfrW8L45Z2VBFKIscmmmbRK5OvqwEjEzhodeWoc/tEeMq7XawZ4ccS6L+GxoaxYtQiYjO0J/g59+tGzgq4hXQoYfZBZ9ADrzhaHjv/yQt+DeFYYisNksPskYTYWgjZPhR9g6axGU4R+ldYbAv2YXG/Is18lC38Kk45Xtkw7GTEnGjFkVLlXd2zYNNDfYan6T5trMjRV4nHBeJsoefyNV5mUTRr9dMKEiDvRzxfkdRNkyIbGPAIuvzZ7vlrby5DCBII8KbF6txpoAjJpl0YOPOdVzv/jQETIry48wepkQY/+ZWXXRgRMVk9uE0ks+wgUQMnqrTeTBfwSnoWr9z3fPKzmmetuYoWrbt2SY1eF9NpSD/1XgrhahT9Da9F5Yy4s1CamEmm6JU3fYbd6fb4hrZooP04kjtfrKA4aN0czMFm1d+PA1ukwKKCO8gsw5a6NX3yEB8g3uI5XHjsp2skeL6Qn2ow0f6nyK20lMe/GNJusjAs06zL4CMu5Ap/XRmpCek69e5WqZvrmtQqRJ7DsMgahKyPYDpoPlvoylD8cEdoTmQnThI+m2psl7ZEW+DUSFE1hAJbMVXHwCmi57Cr1UqQ6i2WKlXw9Pch2Y08QguxDeUR8No7I88PbzluU2Jx3+otJS+DbjOIUuu5t0ZFAkoqh/B3EMASxMkawK8ugW8sOPtrnACtRlHuqTyzBEeoO6tWBdPO4di8Mie8sZxPR5immCRmFRYJl1XCcG+rDPgnUyOrA0iAAmPbdjkoJuUCsMJ9s9fSQD5BlyDij40LgcWiqvHAgtirkUrWnuVNL9fIO/WIdsSZ80zcq4LWmdfDXJF0v+AYzABbLnBlXJv0yfxo0Zy5sGA8FDF4sGdTVjVbWq88aPhuKgKKVTqGoPTn6YdQ0pO8XY+r4WvGi71uc+/M/lnuEk5xrUt6G3n/xaUqi8ctj7XR5qObAHUYv42sOJAAh7yIloLR0A2FuMTwOu2pg6ScPTCikpNK3VDjesSUePdmdKL3DSabtDKZG4mvY3VhXH2iDyRZ07c8iObwb+/a0Q89rXBHa/ZQnOSR3nQI5tv7SUJqJt4M2NadlRtv0I6HxO2cOpw5D2O9Yak0q9brwoE1HvSAvMqwNdFNOXimbwIuf3Y7BVo4gXVWzR3TbWLn5nA4TXnf3+yuW8eI/8wy7foU+C6USEm4jb3hhWdWtnfJw//WdVM8A2JYr1vBDejfULlfCnXNMVBqhhYA/Mcjxcl+FtD3ho5HAgA5BWQoKlsi4d0JOLeKALxEHWJ5RX9Z4+CBJMOlxehggfa17ap+HOfIVO+tYhY0ZZoiW5oMpM0mwBcwr/CZZ9fm7qpCgojs8Tkrl00QXoGNiGgn3/ksPuAwNE1EU0EWe7+0VX9zJ5m3JsIAgCCwkorNwdZH2AK9FcpGWJZOTec2f7MW1Td5kkhQwTQQ0iFxJnGTt4qJv+lqH6LH5yR/v0GnIt4Y+Bs5pcsSU+uv7t4+k4ZDo+aN0imcQXTucxeRXpYlSspVCIOnxtb4e
+        driver-config-file.yaml: AgAV/PBRKpvUMziktxxW5aPv1ITToe3i2FVqWLL0IbWl94Px8gH9AJCMNVfrW8L45Z2VBFKIscmmmbRK5OvqwEjEzhodeWoc/tEeMq7XawZ4ccS6L+GxoaxYtQiYjO0J/g59+tGzgq4hXQoYfZBZ9ADrzhaHjv/yQt+DeFYYisNksPskYTYWgjZPhR9g6axGU4R+ldYbAv2YXG/Is18lC38Kk45Xtkw7GTEnGjFkVLlXd2zYNNDfYan6T5trMjRV4nHBeJsoefyNV5mUTRr9dMKEiDvRzxfkdRNkyIbGPAIuvzZ7vlrby5DCBII8KbF6txpoAjJpl0YOPOdVzv/jQETIry48wepkQY/+ZWXXRgRMVk9uE0ks+wgUQMnqrTeTBfwSnoWr9z3fPKzmmetuYoWrbt2SY1eF9NpSD/1XgrhahT9Da9F5Yy4s1CamEmm6JU3fYbd6fb4hrZooP04kjtfrKA4aN0czMFm1d+PA1ukwKKCO8gsw5a6NX3yEB8g3uI5XHjsp2skeL6Qn2ow0f6nyK20lMe/GNJusjAs06zL4CMu5Ap/XRmpCek69e5WqZvrmtQqRJ7DsMgahKyPYDpoPlvoylD8cEdoTmQnThI+m2psl7ZEW+DUSFE1hAJbMVXHwCmi57Cr1UqQ6i2WKlXw9Pch2Y08QguxDeUR8No7I88PbzluU2Jx3+otJS+DbjOIUuu5t0ZFAkoqh/B3EMASxMkawK8ugW8sOPtrnACtRlHuqTyzBEeoO6tWBdPO4di8Mie8sZxPR5immCRmFRYJl1XCcG+rDPgnUyOrA0iAAmPbdjkoJuUCsMJ9s9fSQD5BlyDij40LgcWiqvHAgtirkUrWnuVNL9fIO/WIdsSZ80zcq4LWmdfDXJF0v+AYzABbLnBlXJv0yfxo0Zy5sGA8FDF4sGdTVjVbWq88aPhuKgKKVTqGoPTn6YdQ0pO8XY+r4WvGi71uc+/M/lnuEk5xrUt6G3n/xaUqi8ctj7XR5qObAHUYv42sOJAAh7yIloLR0A2FuMTwOu2pg6ScPTCikpNK3VDjesSUePdmdKL3DSabtDKZG4mvY3VhXH2iDyRZ07c8iObwb+/a0Q89rXBHa/ZQnOSR3nQI5tv7SUJqJt4M2NadlRtv0I6HxO2cOpw5D2O9Yak0q9brwoE1HvSAvMqwNdFNOXimbwIuf3Y7BVo4gXVWzR3TbWLn5nA4TXnf3+yuW8eI/8wy7foU+C6USEm4jb3hhWdWtnfJw//WdVM8A2JYr1vBDejfULlfCnXNMVBqhhYA/Mcjxcl+FtD3ho5HAgA5BWQoKlsi4d0JOLeKALxEHWJ5RX9Z4+CBJMOlxehggfa17ap+HOfIVO+tYhY0ZZoiW5oMpM0mwBcwr/CZZ9fm7qpCgojs8Tkrl00QXoGNiGgn3/ksPuAwNE1EU0EWe7+0VX9zJ5m3JsIAgCCwkorNwdZH2AK9FcpGWJZOTec2f7MW1Td5kkhQwTQQ0iFxJnGTt4qJv+lqH6LH5yR/v0GnIt4Y+Bs5pcsSU+uv7t4+k4ZDo+aN0imcQXTucxeRXpYlSspVCIOnxtb4e  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: secrets-dcsi
+            name: secrets-dcsi
-      namespace: democratic-csi
+            namespace: democratic-csi
-    type: Opaque
+        type: Opaque
--- a/k8s/services/factorio/sealedsecrets.yaml
+++ b/k8s/services/factorio/sealedsecrets.yaml
@ -1,17 +1,18 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: secrets-factorio
+    name: secrets-factorio
-  namespace: apps-fuku
+    namespace: apps-fuku
 spec:
-  encryptedData:
+    encryptedData:
-    game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g
+        game_password: AgCmUZilQTlqof5so2DyvjbCh3J8OAkz4lSQv++z+9XUz4/+KjwgEjP5SI9nf2WVfIHt7WiJN8oaPlYnm2XIdbBUrvKlTEuMAy2XeI8DE2+wKHXdbmLg7t3oZR/8kw3py9W3o4dlXp5XY2G4S3cG8TX0fkN58ni61mYv+zSvc6stcT/iveJqO5E+hXPcDSexzxQ/8DybS4D5g8W3N2OMhRoU0wwhYfXAuxN90BzFKgD6X/9Xy1c7pPQQkEidpA6l1uP5qIG/vChmIpqsOmQWbibGQn53el5ulPvaybx1wRu33eJJcSPRS+XthZv9dtwduFlboMT6QPWcVL5gSQ0ceCBidQIHGLRLxcHYPZz83miCeVYFY1xFegrwPBsXYEdfar5mufxgSQGtSHGzwEV0Ry+tcmjz9JqWpQBQVg10Bs0GYwvy/XGHi1BLCouAXXL//eVbGp1s9cl4uyN9Ymzt5zNrf/SvUweFsaCYrC6xVFA2CCsLbsyu/YbmKkO+cd1IwAle4luGmJHnZgrXKMwQFYoMTGsgEGYt87Itz7eOSmHEm/ZJwZ3oL6n0LGgHpJu1gb4Op0ZA9p44DKeg2fy5Go9rWeMOP0RIw8/SApE6QmT0Bw8QccddnTHhwuCLet2PoiUodKhFffTfGN6PGPeIcyQJpiEDxUI7nquWSNGTcMJDsR3LbzU6A8MpDQrrg5Az6YzyZOo7NLEMbitKLrqt9lfH5g7g  # yamllint disable rule:line-length
-    password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S
+        password: AgCTY4hn/wTGipH9oX7SgS44PE6wEe34AB2Pz9IeB5KcISZVGgWAUMtcffexV31jcNwz5TrztNam22Ys7qYbsZZVNOWm27/KZP3U04Jrq1cIPhY+xE1xF3vMqCd54r+kaeMO4hlDhBlE7Hs6BHdURTpPz8ocqihT2bft+Q8p2Myf3vPHXcDwoUyQj/AFYJdJJhyVfD5NDdacFhOmPTB/tUE4AW1Rz9oND6sy0x7NaP44vswVbhREpMA9wkltJRugRKUwXdfC6kOrfKa1R88aNOwkqc22F1U1PhcqUSAMYQxOA+zz3xMjrP8o70V1/FBKxnTBYVIpdHuwl2RpvC/TewJYVEu1xzp3texfgkTn6XXMp9InxfA6y1wpSVpMPYK5zPRCnmuyPTdSd+DrD6C6y2rstrHvvHxnLPtqo5REVjkfTGkEilmQ1+SllPMPk/6hKivahdmORixoI2MtOz4k4d+7rdPrrsRscMHAheyJTNdKC3wGoKFqbm+0zFV3GFaxM65K0USlYhPwyKG3FlHGj0t8HmXOr+M2cQKd4vqIrq8betRp08YPGMOT0Ea1KIvoP3z4yiJg2Z64d8d0Brof/h4fFd4kKgfMYm/CvkNh5zjFzEYi+K/6G/G99RBxwl7kK3eMB6CiuOnLITCw/Ok/LiRcdnIcAe7yobHG6FWHas4KPL5t4dPTxo12catoWtuJG7L20AIl3171+gO3jS0e4zAvZ+7S  # yamllint disable rule:line-length
-    token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY=
+        token: AgByS4w6xSn0/FzWkgNazh7hyZjKTTmg9WtQ3oyKQUVF6FYg+qvPYYLuNu7rTwQOa4LGw3Cvf/yYT0+WU93BjfNCSVMfes1lE2dQzukK4+zEeDhZ4MSpBOBgYYwHJkrFyHpvVSAQkaPi40T0M8iJmFv+Oq1s8zRWmx84LMllaJuRGH/t9jMfmR3rF6JBcSmEmkmB7N8cD+ytPPtZKXGJXaWE0qvuNKNveqirLRt7E+B7z7yvhroaEHahHEseOQnJ6dKY83KzH1riHBTUNOVcI62hSkiYEbbZXAzxznxMKDs04w/BpOksTeg3OWD/RzwuRdX5M2zb3wrrqbF9r9yoLUbWBMS2bdUbUyLiqvfzKUWKAd8eZsS4+P8N5fbPrLgXmB+xRz5xiCQ+r/ZL4Nj9pfuSZMDKytIglldB6BT5gtnodiaCgAPrtLz2OMtBvvojpWOaaBbYWxbrnMhCG2YYU7Kd4UFXEttL/MVs7YkZow12AIngKqzz7vXo3K2iwRYoi2CjOwv3NeXSWk9LdTrTxs00iO8RT55wbAcg9HiNkYZFtrI+6sygvnHhDmNhYG0z7yHCpx13KIjoFEtVEcx2F9bbMftxBmZoOFaGtBhFSgH323CLGoFecdhv41cH9F5HHzpc13Pc5dShm6ZPgWrWG88w0Q4WIT6hiXlriSnd9xw0At4kl7wRBqusZgwDVTBCFbtKS6Gg9msBZnZzADI/aeljY3QXGg2YT/2Ra2c3quY=  # yamllint disable rule:line-length
-  template:
+    template:  # yamllint disable rule:line-length
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: secrets-factorio
+            name: secrets-factorio
-      namespace: apps-fuku
+            namespace: apps-fuku
-    type: Opaque
+        type: Opaque
--- a/k8s/services/loki/sealedsecrets.yaml
+++ b/k8s/services/loki/sealedsecrets.yaml
@ -2,30 +2,30 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: secret-grafana-smtp
+    name: secret-grafana-smtp
-  namespace: monitoring
+    namespace: monitoring
 spec:
-  encryptedData:
+    encryptedData:
-    password: AgCZjcF3chb/mg0OuCorxMv9AXmjpIuiRx4Zj7fLg9yKGXyYWUjrKIkuZVy0NyQu4IU8IGxdf7q11xxUc+mc4FWIAar8Lmt//6aAcLCPpbKh903W8g6TeUrJQCqBFqCRhLzjHeCG4WyrgAwjM8xelHl7pQRcG4yad8stnLIhN2rR5Z4Znprvw4xUktpcfc/8DvIN9YnDwFA/+DQpSb1BVpn9c6yODK8aCyktgjkXZsqb5ENfOknPu5GHlWOb8UTrRDPPycXpN/Ld17iySGlg18kbD7dCtpHgJOF3MULmebgQrP1fKfyHtnkQMhUDmmAJxOXXhphoIf3zXDiOSL61Z7bGsdaUjGn6l5IdNPRC2/WnRAnQY4/3iO6uwfQcdyscf33JoSZbEsvuzW7dGZRu60HmujkxACgaGSxU6NXjPlkrptZjcW8C/c6SDP0WYKlRj+vrkjPMudyVKthC6A8Gezl/JnH0uwofqz87SNEkLCpurD9LeJ1h5o30/DOvTm4lXGYU8YvmTgfT0bbvSdjv+i0VKN5QxVnwjymiJqyNdxoR+vOGRSa1xFZusS/lajd6LfMVF4L4XKgyIajzESF5xLy6KO1v29M5F0X/EdPfLjNCRMRgQcTFz7rn82pIrmdt/We9OxioyiNZsJ7k4AKwzlrWPUbbhEI/cP0w8tLm+gRXT1UCz3+nG9NM2f7um3vlotvU/1/QT3oCoKLYWxwDr251wgGNchQzTOYGE5bzvA==
+        password: AgCZjcF3chb/mg0OuCorxMv9AXmjpIuiRx4Zj7fLg9yKGXyYWUjrKIkuZVy0NyQu4IU8IGxdf7q11xxUc+mc4FWIAar8Lmt//6aAcLCPpbKh903W8g6TeUrJQCqBFqCRhLzjHeCG4WyrgAwjM8xelHl7pQRcG4yad8stnLIhN2rR5Z4Znprvw4xUktpcfc/8DvIN9YnDwFA/+DQpSb1BVpn9c6yODK8aCyktgjkXZsqb5ENfOknPu5GHlWOb8UTrRDPPycXpN/Ld17iySGlg18kbD7dCtpHgJOF3MULmebgQrP1fKfyHtnkQMhUDmmAJxOXXhphoIf3zXDiOSL61Z7bGsdaUjGn6l5IdNPRC2/WnRAnQY4/3iO6uwfQcdyscf33JoSZbEsvuzW7dGZRu60HmujkxACgaGSxU6NXjPlkrptZjcW8C/c6SDP0WYKlRj+vrkjPMudyVKthC6A8Gezl/JnH0uwofqz87SNEkLCpurD9LeJ1h5o30/DOvTm4lXGYU8YvmTgfT0bbvSdjv+i0VKN5QxVnwjymiJqyNdxoR+vOGRSa1xFZusS/lajd6LfMVF4L4XKgyIajzESF5xLy6KO1v29M5F0X/EdPfLjNCRMRgQcTFz7rn82pIrmdt/We9OxioyiNZsJ7k4AKwzlrWPUbbhEI/cP0w8tLm+gRXT1UCz3+nG9NM2f7um3vlotvU/1/QT3oCoKLYWxwDr251wgGNchQzTOYGE5bzvA==  # yamllint disable rule:line-length
-    user: AgCZBx77cHwdvxd1wHIR7ztq1PJtbpuH9B90KbiwHmTa2MB66+tBkAPNltCucmLikI9v5k9CtOV7V5tcmhcNGHEyU0Y8rfpcXUsojw2ljNH5nS/lqvxPq80R7rJJA4rbvJFDR/TE8dHhft5OiClb5HGzy99oLfzpXGRq0D90sraedCJea3O9nlZLbgaryQG8mfPONic1P5i4RHYOyB2F2dzdX8vuQNCzMS3n9bnfFDPiGwrYJHkkilXy62xfzEoWj1LTpcvs2tzQf5m8PeTaV+X5c5AKEpvTlHrZTonPsS3LZQ1qghuvgbROhMQspdqlVOajscnZxqbh14B8EiLChGuMsKK2MJoxZbIu+g2PwyGM7Ss4fVKIJJ8IkQCozUC036GssSk6tfNiTYDJkXJPr8e7ylj9dhbAV9nuFh0VW01f6TAbK68ll3QfqCHn60muNc1/fUQ3tQtCFfNHwAmV2GOLkrQXM9fvqyxXXu5CC5ddfNhjvbwtJfvssLdF7MiOWEz9+bXIf2bJhCnnjhzKnqq+hCAbjRTQ5ivFACYSOIoQE0KiN1GFPpYUrzcSLvces5o2oi+23v/iX5hW2Wuxuw2Tf6SxLemBtKUILkKrETkUcB52OIfYOk7Q/0Gpsy+0MIrVPb/eX7IAfhsrCyl8MgL1Db6bPr3YcnLXcKKxJD0sq2WlecOSO3J1bWzRIIIHYrSESoqS5IbQWW8vphCDSRDY/gza6sQ=
+        user: AgCZBx77cHwdvxd1wHIR7ztq1PJtbpuH9B90KbiwHmTa2MB66+tBkAPNltCucmLikI9v5k9CtOV7V5tcmhcNGHEyU0Y8rfpcXUsojw2ljNH5nS/lqvxPq80R7rJJA4rbvJFDR/TE8dHhft5OiClb5HGzy99oLfzpXGRq0D90sraedCJea3O9nlZLbgaryQG8mfPONic1P5i4RHYOyB2F2dzdX8vuQNCzMS3n9bnfFDPiGwrYJHkkilXy62xfzEoWj1LTpcvs2tzQf5m8PeTaV+X5c5AKEpvTlHrZTonPsS3LZQ1qghuvgbROhMQspdqlVOajscnZxqbh14B8EiLChGuMsKK2MJoxZbIu+g2PwyGM7Ss4fVKIJJ8IkQCozUC036GssSk6tfNiTYDJkXJPr8e7ylj9dhbAV9nuFh0VW01f6TAbK68ll3QfqCHn60muNc1/fUQ3tQtCFfNHwAmV2GOLkrQXM9fvqyxXXu5CC5ddfNhjvbwtJfvssLdF7MiOWEz9+bXIf2bJhCnnjhzKnqq+hCAbjRTQ5ivFACYSOIoQE0KiN1GFPpYUrzcSLvces5o2oi+23v/iX5hW2Wuxuw2Tf6SxLemBtKUILkKrETkUcB52OIfYOk7Q/0Gpsy+0MIrVPb/eX7IAfhsrCyl8MgL1Db6bPr3YcnLXcKKxJD0sq2WlecOSO3J1bWzRIIIHYrSESoqS5IbQWW8vphCDSRDY/gza6sQ=  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: secret-grafana-smtp
+            name: secret-grafana-smtp
-      namespace: monitoring
+            namespace: monitoring
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: loki-auth-secret
+    name: loki-auth-secret
-  namespace: monitoring
+    namespace: monitoring
 spec:
-  encryptedData:
+    encryptedData:
-    users: AgAoXKtSO3tVMNtgsMfVaaD9gWPDU5S5CvaELp84OqrjV5P4PHsv4En3/uAaXcB3jgZGYJIA3ST8xYQr6E5YCEY6JsgJMh+8Qd14xG9ig0zPuSI00O2H7S6mFfHNm5s78slM38Bj1eR7DvnHAnFy5G4WxUAFEaScAT+Eh3x9RpsjYvDLrSPFKzrDYeF1bmuKBOhh79AgOD/5sz2G7z0B+jBEjjj4KDE4gOWqt03I1xwFxeh7LZhHOtqqNGSKu8hKh2KF2ZmxAFcxdAKhLUfkE8GLDtmH/drtHiDijgRLuL8UekkgPFkMkN1ywPxHOKwoGgUerD123xYN4jOxx5Gl3HBobCpQz82HNFfiUIqlaFxOwg1tz1QpKG1puENtMCfTlQmyYOSSNJg9/DuooKSjWfIT1YunzSBWHMgOrcZtCvtNwecveBTlQszw41ypK5CfvunGoLdQe783uoFezjDWQ5Foxo0OCl54dQLme4MvgJGb9NZs0rfAoz06n4OZmt7sEgEJLj13NA6rDLLOWzoXoXUT9fdB14BfNxj4DqzeRRZgGN7xLzyqO+6DMsmQnV8NhUJKJV+7zxySZbdgIqXlK5cQbnMqtyi8E7ZLE65zg5yCjyL/fx7dNooBDdNS04Bg/H1XT2RPNdvtCgNVtBUP32O23mtdCX9li+HgxoDJqmUFKE95Hi3O/utadbnqXDpw7xihH8cLw3J7Lole9PJJ64caWsT29dr56rPo0LaXRTGHB7Cz9LfqC1ZTr2W1VNU=
+        users: AgAoXKtSO3tVMNtgsMfVaaD9gWPDU5S5CvaELp84OqrjV5P4PHsv4En3/uAaXcB3jgZGYJIA3ST8xYQr6E5YCEY6JsgJMh+8Qd14xG9ig0zPuSI00O2H7S6mFfHNm5s78slM38Bj1eR7DvnHAnFy5G4WxUAFEaScAT+Eh3x9RpsjYvDLrSPFKzrDYeF1bmuKBOhh79AgOD/5sz2G7z0B+jBEjjj4KDE4gOWqt03I1xwFxeh7LZhHOtqqNGSKu8hKh2KF2ZmxAFcxdAKhLUfkE8GLDtmH/drtHiDijgRLuL8UekkgPFkMkN1ywPxHOKwoGgUerD123xYN4jOxx5Gl3HBobCpQz82HNFfiUIqlaFxOwg1tz1QpKG1puENtMCfTlQmyYOSSNJg9/DuooKSjWfIT1YunzSBWHMgOrcZtCvtNwecveBTlQszw41ypK5CfvunGoLdQe783uoFezjDWQ5Foxo0OCl54dQLme4MvgJGb9NZs0rfAoz06n4OZmt7sEgEJLj13NA6rDLLOWzoXoXUT9fdB14BfNxj4DqzeRRZgGN7xLzyqO+6DMsmQnV8NhUJKJV+7zxySZbdgIqXlK5cQbnMqtyi8E7ZLE65zg5yCjyL/fx7dNooBDdNS04Bg/H1XT2RPNdvtCgNVtBUP32O23mtdCX9li+HgxoDJqmUFKE95Hi3O/utadbnqXDpw7xihH8cLw3J7Lole9PJJ64caWsT29dr56rPo0LaXRTGHB7Cz9LfqC1ZTr2W1VNU=  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: loki-auth-secret
+            name: loki-auth-secret
-      namespace: monitoring
+            namespace: monitoring
--- a/k8s/services/loki/traefik-auth-middleware.yaml
+++ b/k8s/services/loki/traefik-auth-middleware.yaml
@ -1,8 +1,9 @@
 ---
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: loki-auth-middleware
+    name: loki-auth-middleware
-  namespace: monitoring
+    namespace: monitoring
 spec:
-  basicAuth:
+    basicAuth:
-    secret: loki-auth-secret
+        secret: loki-auth-secret
--- a/k8s/services/miniflux/deployment.yaml
+++ b/k8s/services/miniflux/deployment.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -68,27 +69,27 @@ spec:
                name: miniflux
          env:
            - name: RUN_MIGRATIONS
-              value: "1"
+              value: '1'
            - name: CREATE_ADMIN
-              value: "1"
+              value: '1'
            - name: OAUTH2_PROVIDER
-              value: "oidc"
+              value: oidc
            - name: OAUTH2_REDIRECT_URL
-              value: "https://feeds.roboces.dev/oauth2/oidc/callback"
+              value: https://feeds.roboces.dev/oauth2/oidc/callback
            - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT
-              value: "https://auth.fukurokuju.dev/application/o/miniflux/"
+              value: https://auth.fukurokuju.dev/application/o/miniflux/
            - name: OAUTH2_USER_CREATION
-              value: "1"
+              value: '1'
            - name: FETCH_YOUTUBE_WATCH_TIME
-              value: "1"
+              value: '1'
            - name: WORKER_POOL_SIZE
-              value: "1"
+              value: '1'
            - name: POLLING_FREQUENCY
-              value: "120"
+              value: '120'
            - name: BATCH_SIZE
-              value: "25"
+              value: '25'
            - name: METRICS_COLLECTOR
-              value: "1"
+              value: '1'
            - name: METRICS_ALLOWED_NETWORKS
              value: 10.42.1.0/16
      restartPolicy: Always
--- a/k8s/services/miniflux/ingress.yaml
+++ b/k8s/services/miniflux/ingress.yaml
@ -2,20 +2,20 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: miniflux
+    name: miniflux
-  namespace: apps-roboces
+    namespace: apps-roboces
-  annotations:
+    annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
+        nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
-  ingressClassName: traefik
+    ingressClassName: traefik
-  rules:
+    rules:
-    - host: feeds.roboces.dev
+        - host: feeds.roboces.dev
-      http:
+          http:
-        paths:
+              paths:
-          - path: /
+                  - path: /
-            pathType: Prefix
+                    pathType: Prefix
-            backend:
+                    backend:
-              service:
+                        service:
-                name: miniflux-service
+                            name: miniflux-service
-                port:
+                            port:
-                  number: 8888
+                                number: 8888
--- a/k8s/services/miniflux/poddisruptionbudget.yaml
+++ b/k8s/services/miniflux/poddisruptionbudget.yaml
@ -1,10 +1,11 @@
 ---
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: miniflux-pdb
+    name: miniflux-pdb
-  namespace: apps-roboces
+    namespace: apps-roboces
 spec:
-  selector:
+    selector:
-    matchLabels:
+        matchLabels:
-      app.kubernetes.io/name: miniflux
+            app.kubernetes.io/name: miniflux
-  maxUnavailable: 1
+    maxUnavailable: 1
--- a/k8s/services/miniflux/sealedsecrets.yaml
+++ b/k8s/services/miniflux/sealedsecrets.yaml
@ -2,18 +2,18 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  creationTimestamp: null
+    creationTimestamp:
-  name: miniflux
+    name: miniflux
-  namespace: apps-roboces
+    namespace: apps-roboces
 spec:
-  encryptedData:
+    encryptedData:
-    ADMIN_PASSWORD: AgAEV8w3iDaOhxZJWo1XmUab9No/T5g6ci92Py75+4ijVfgRCTpHsXT7pRBGWrHzfprfvMKUCNn3rxJ7PbUZBRevLtSFXHXP35s1f2uNk++a3M0bddzeNM3a8Co92hAUczO7tSoe2eJXNZUMDedc20sKmjZnELUfitzaV0YVhWnyCBM68d4pLtBbrJud2SMAW1zQGaAenoM/OdNo4jswObLnqp13rF3JLy2HXJ/vFJ/t7z46re3Y8BY0cs1Ct/l+zCvv27lrylRvLeRyI+3XM5Vs7tOQPLchwP5nJZEMN9EBwZ6KuY1IntBsKSvS+RHdDuuZgx4L6Dv0d17MgkDw/dF1vkgpULQZDxWdj6VaS0paS9pFPTzfyuO4ifp6A0Y81NpbqP5X9II8jLnUk6bdha39VMbRy4nuI7kmMFWIXaFggkTC+UiMS3V1GOhefx8BEUwjDdiXaVGPxsjeMse91AfunJEWo/6HsvrgS5pZ8xO02hb8745UyLCJa3OMSAUBrfKYG7yhJ6OuDVKhw7q7TpavLXMkPdLsWgso3reEtkG5wc4LRKtfVwA32UjJadhv1D96q4bGZ+T8xfnmuECJiCINrlsS6bd79D9fyhhzAf/usuEl7f4B8q1hVxQRw5E/WvxSMXl31A2ugggwenkS6MKv5ZkQHC2VzfPdtIcAfabsDdthCbwlHPBMmU7coQ00TBDW90LL8eKpkiWp9YlQ1w==
+        ADMIN_PASSWORD: AgAEV8w3iDaOhxZJWo1XmUab9No/T5g6ci92Py75+4ijVfgRCTpHsXT7pRBGWrHzfprfvMKUCNn3rxJ7PbUZBRevLtSFXHXP35s1f2uNk++a3M0bddzeNM3a8Co92hAUczO7tSoe2eJXNZUMDedc20sKmjZnELUfitzaV0YVhWnyCBM68d4pLtBbrJud2SMAW1zQGaAenoM/OdNo4jswObLnqp13rF3JLy2HXJ/vFJ/t7z46re3Y8BY0cs1Ct/l+zCvv27lrylRvLeRyI+3XM5Vs7tOQPLchwP5nJZEMN9EBwZ6KuY1IntBsKSvS+RHdDuuZgx4L6Dv0d17MgkDw/dF1vkgpULQZDxWdj6VaS0paS9pFPTzfyuO4ifp6A0Y81NpbqP5X9II8jLnUk6bdha39VMbRy4nuI7kmMFWIXaFggkTC+UiMS3V1GOhefx8BEUwjDdiXaVGPxsjeMse91AfunJEWo/6HsvrgS5pZ8xO02hb8745UyLCJa3OMSAUBrfKYG7yhJ6OuDVKhw7q7TpavLXMkPdLsWgso3reEtkG5wc4LRKtfVwA32UjJadhv1D96q4bGZ+T8xfnmuECJiCINrlsS6bd79D9fyhhzAf/usuEl7f4B8q1hVxQRw5E/WvxSMXl31A2ugggwenkS6MKv5ZkQHC2VzfPdtIcAfabsDdthCbwlHPBMmU7coQ00TBDW90LL8eKpkiWp9YlQ1w==  # yamllint disable rule:line-length
-    ADMIN_USERNAME: AgCh0p8Mff/oP++z2Y0cCe7yKeL9+vyklylTLyRKxjluCAcpuIyzqwpCdmWmN1LvCd8hn68UbeKXRSGt8WC0W/AzQ2PzPNpQ0kQCUhFB4N2Mv/UOxT7meXSO+byYYyCR5AyJ3xL5DqVrHXlzbugxkNLcROI5YUwSnKgX4vWrBO4Emklp7YVYDIut3spueE9HiZ8aN/5iV+Cxsw4b3D229rHWqi8NWzWie7xeAU/IScm8B/tbyLYC/EstRKhcThMDiyd8pm5jM/5ubJgAm1P5n0Q1XGYrAtiOnRTDqzGGPGJ7skMDGlYii0z0U3Nb1US7/4Sen0uHXyHIgn8JptQTxAqACE8eFMw0A9Nm+8Ms1ZsxmhnCMQx3bljk0hB9IXBrTQ5rO35+fRVahsTS3aIW1WK1b+2EbHEk5djWheWEml8X6pC41dNH887dc0xB/1pRNlw5mD9z/SRjQRB+rAYPrCzW/GDI43xnGxrgWN6bEiPH+CorqVj8ahIRUffDcI7ZCve6EuXcyeTMGeo5rTg9s7my2KWQCzoXUAJFaNBTbzxhXtr3Rx+l1YtR4zRXcPJQxReu1hMcPhJhJY2rP3M8nUgUZoJY1SbK9tRNWJqurcV4nhyd/w5t67cv+M1uxOTtllsJv5Wg4OMiZAZrKzAgtxJIrM2G/lXTatk02YmFiAYbCEsm/r0IQ8pov4hsJI5ebZyoCWOOgA==
+        ADMIN_USERNAME: AgCh0p8Mff/oP++z2Y0cCe7yKeL9+vyklylTLyRKxjluCAcpuIyzqwpCdmWmN1LvCd8hn68UbeKXRSGt8WC0W/AzQ2PzPNpQ0kQCUhFB4N2Mv/UOxT7meXSO+byYYyCR5AyJ3xL5DqVrHXlzbugxkNLcROI5YUwSnKgX4vWrBO4Emklp7YVYDIut3spueE9HiZ8aN/5iV+Cxsw4b3D229rHWqi8NWzWie7xeAU/IScm8B/tbyLYC/EstRKhcThMDiyd8pm5jM/5ubJgAm1P5n0Q1XGYrAtiOnRTDqzGGPGJ7skMDGlYii0z0U3Nb1US7/4Sen0uHXyHIgn8JptQTxAqACE8eFMw0A9Nm+8Ms1ZsxmhnCMQx3bljk0hB9IXBrTQ5rO35+fRVahsTS3aIW1WK1b+2EbHEk5djWheWEml8X6pC41dNH887dc0xB/1pRNlw5mD9z/SRjQRB+rAYPrCzW/GDI43xnGxrgWN6bEiPH+CorqVj8ahIRUffDcI7ZCve6EuXcyeTMGeo5rTg9s7my2KWQCzoXUAJFaNBTbzxhXtr3Rx+l1YtR4zRXcPJQxReu1hMcPhJhJY2rP3M8nUgUZoJY1SbK9tRNWJqurcV4nhyd/w5t67cv+M1uxOTtllsJv5Wg4OMiZAZrKzAgtxJIrM2G/lXTatk02YmFiAYbCEsm/r0IQ8pov4hsJI5ebZyoCWOOgA==  # yamllint disable rule:line-length
-    DATABASE_URL: AgCbCyCwXzkW/6gd4XWo+/xyentimc1ERwBXyutbdwW6zT5Z9HqljwGC9u2I3wScAmE1X9IiBvQU2n6+ESqAHtlXpnIJBWEs9muppSR3BhIEhaLtfHCpX7DqxWYPKg0gdWtKK7wbizjRWffHmg1cO/xavjefseAMpvgWS6zaQu5GTXPC0jXgSpiD7kNrge5Fk5wHcJqilj8oTKgHqbAZfhkTMDzqhbxJ49VsI+ItfdGG/dPRXuDvJ9YAeD1/2vHjUBSffcSdAFf/Zgn/XI/YLOyw/zVrPRtm3Plyti0/9yPvHbh9K30uvAlf2H4+mwZkpiDKxrId1/VU1suHu3N7pB8CrmlgXsowJr95juzoF8lTvGSrg7kE4mQaIhE3hAQ5B3OiWnoaN9uHa0Htb4GhjTrsdWVwMxHfsRFVdSwWtITzm3miMuWbQfQ1SGZEI3TU0lexc8UYzbQBHCY5GgU92GTmEQAl84jLMeo+wyVYBIDdTL0sHmFZfv/omiW0lzScZChaKEkJGxRBsju3XG5f7MqLrohWg5uBm+riApEu46a4DGZUV3nNJZPdwnZbProvPTjb0VvAz7jfAFiznxVouS2+CKEH7/FMxkBKDnwagxfd7KAr0gE/RxmuFSq+G9nNoaBTWoEc2V3ViNUCrSlRW8yf19Ow0vP+MfHLWkZ09QjDRLKdxBZpOrda/mxrxFSeqYmK+XA6/uZAigdX3O0Rr8RHYNPLjDCfce37gquD04269Fk2goLS4xEzhiODpADMWFRxPFzw5KDLICXZL3BTEiHNhdYiEOEm53uz7aIG
+        DATABASE_URL: AgCbCyCwXzkW/6gd4XWo+/xyentimc1ERwBXyutbdwW6zT5Z9HqljwGC9u2I3wScAmE1X9IiBvQU2n6+ESqAHtlXpnIJBWEs9muppSR3BhIEhaLtfHCpX7DqxWYPKg0gdWtKK7wbizjRWffHmg1cO/xavjefseAMpvgWS6zaQu5GTXPC0jXgSpiD7kNrge5Fk5wHcJqilj8oTKgHqbAZfhkTMDzqhbxJ49VsI+ItfdGG/dPRXuDvJ9YAeD1/2vHjUBSffcSdAFf/Zgn/XI/YLOyw/zVrPRtm3Plyti0/9yPvHbh9K30uvAlf2H4+mwZkpiDKxrId1/VU1suHu3N7pB8CrmlgXsowJr95juzoF8lTvGSrg7kE4mQaIhE3hAQ5B3OiWnoaN9uHa0Htb4GhjTrsdWVwMxHfsRFVdSwWtITzm3miMuWbQfQ1SGZEI3TU0lexc8UYzbQBHCY5GgU92GTmEQAl84jLMeo+wyVYBIDdTL0sHmFZfv/omiW0lzScZChaKEkJGxRBsju3XG5f7MqLrohWg5uBm+riApEu46a4DGZUV3nNJZPdwnZbProvPTjb0VvAz7jfAFiznxVouS2+CKEH7/FMxkBKDnwagxfd7KAr0gE/RxmuFSq+G9nNoaBTWoEc2V3ViNUCrSlRW8yf19Ow0vP+MfHLWkZ09QjDRLKdxBZpOrda/mxrxFSeqYmK+XA6/uZAigdX3O0Rr8RHYNPLjDCfce37gquD04269Fk2goLS4xEzhiODpADMWFRxPFzw5KDLICXZL3BTEiHNhdYiEOEm53uz7aIG  # yamllint disable rule:line-length
-    OAUTH2_CLIENT_ID: AgDOU++RfwYBBQ5zgbO0jbw3TkAzpUGRQmnk4f4pvqdgK+uiHOrjAEmgFUU4PRQ8Q/A0lZcYMP1XY0VRNGnIuqUqLv+xDBQY8+hwRD6lPI/eyw3mLSbWVzHyDm7szv4C1kxmls2hK4Y+T8sIjmquiekDgt9tGVeOO+jo6uVyU8TE80zKoxSUrk++WrviMVXkErtb7VVzJpRDVgU0xns0Ou/xg2t9P5BqzsrubvIrfVhDA7enNSXhsn6ZtjsNweZePGI9CXwTDNlMgqXi67H1Mrz6MwoMXXSRZSv8oRXDn/w8dD7D3DpJ/ZpUQN9WJBShTsqqIk2p8HJJvYUunbPyVaHZ6yCsUI/Lt8Y3kbfJPMjqjIRX9xMu28DstEUqvcCKxdBDghosVyf1v216VO+LMWiwuvF/n6UcCk9arTtejoxdkPz9txyS1Yyv7rqYd6wNEkXgBKmcqflQUQbblglfFgSJc//tQQ7+24LK86RsnO/aElsWu7hOi6TosZao+i3kJ18MYYd+jewJ31gTtlQs4jp3CIgFi1N7RVrp8zOerfe4GO8PdMWJ+CERyyfFtAAD5TSmY0n7F+663RP+GXacHTbhDv7QCqX9LGltq4Z1IcMXbSwqRiW+C1ShQkaaNnWarZQuNmFuihgUE0vCYIm8WiEIJe320X7sdUlQtQ6d/vFFSupgcZqwJLqb5xOagHNRlYcDEg2A9y2TnAIgFzSg4+6UdgMzYxrTgUnuUOz6eLJdbxRuQRsbS3a8
+        OAUTH2_CLIENT_ID: AgDOU++RfwYBBQ5zgbO0jbw3TkAzpUGRQmnk4f4pvqdgK+uiHOrjAEmgFUU4PRQ8Q/A0lZcYMP1XY0VRNGnIuqUqLv+xDBQY8+hwRD6lPI/eyw3mLSbWVzHyDm7szv4C1kxmls2hK4Y+T8sIjmquiekDgt9tGVeOO+jo6uVyU8TE80zKoxSUrk++WrviMVXkErtb7VVzJpRDVgU0xns0Ou/xg2t9P5BqzsrubvIrfVhDA7enNSXhsn6ZtjsNweZePGI9CXwTDNlMgqXi67H1Mrz6MwoMXXSRZSv8oRXDn/w8dD7D3DpJ/ZpUQN9WJBShTsqqIk2p8HJJvYUunbPyVaHZ6yCsUI/Lt8Y3kbfJPMjqjIRX9xMu28DstEUqvcCKxdBDghosVyf1v216VO+LMWiwuvF/n6UcCk9arTtejoxdkPz9txyS1Yyv7rqYd6wNEkXgBKmcqflQUQbblglfFgSJc//tQQ7+24LK86RsnO/aElsWu7hOi6TosZao+i3kJ18MYYd+jewJ31gTtlQs4jp3CIgFi1N7RVrp8zOerfe4GO8PdMWJ+CERyyfFtAAD5TSmY0n7F+663RP+GXacHTbhDv7QCqX9LGltq4Z1IcMXbSwqRiW+C1ShQkaaNnWarZQuNmFuihgUE0vCYIm8WiEIJe320X7sdUlQtQ6d/vFFSupgcZqwJLqb5xOagHNRlYcDEg2A9y2TnAIgFzSg4+6UdgMzYxrTgUnuUOz6eLJdbxRuQRsbS3a8  # yamllint disable rule:line-length
-    OAUTH2_CLIENT_SECRET: AgDJ8ClfSTL0vIoD19KLN7sJsslEnZivGvnzNo2fuTmKGYz1Z5e0YZfLwK40reJM+d9ECCrzCeGqQQe/0mxzmzdaciH6p0bLd0/7pLLfnuvy/ObGCrPtIXRojKPu0aGGvJwMs2f5wm24qE5jW2IT08vnNF25NFSYyDxUcefg3zpsfu/Ff3MZtjn9oaDsCxPLTfzGz3NXbHIqVi1b3Er5B/wFLqib28AIwoXwTHepdmJ0+8YcbP1GKuwADNdHre1LDgEMFcgF0AuhlMUEVEKJtrKczdF59HOg2lwPQaHcZEVy1F1hgqBCbQSkI4pVfZ99pmpHRnn9PytNd+3tktdpu9So3TlR+GM8BON/2utlYdDagPBlctdJ+7mwG+PsptG/RSWw6cUqHvTIJp7wcMWT/vqyPsHeXoZy4x9TpLad6EQQHU969+fZN/Sz6d/vpjaqbbkqLACJ/e1PVBHBot/D3y/sCDovebSnJ8+SMsvhrc1kjOZhs5oFcipHxwObSyyJ8sah+Rbz+MgbWNBZ6uuPPEay5T/V12lrT4WfGoMnc1fWe9WDSMXt/GiFCvFhHBJfhcVjaKQ4OZT+TSo4E+guU7B1YvbY6+A7zwke2bdBoSluV10DTo87pp2tCY+x4AKsP1WVIubXa/ck91WsDM44WPYsaZ/F+FkD8P/gFk3eJmGQQx5qOmgzSNldwWtuj74H3TprXId+J22a/La4Qrz0JE/S6Arkfh88UiMCmF0ATb2zwuEYam4FKyKa3iiNMvo/WzEZwIlsCSE3tB2KvnC4Gf6rYO2Ef72fu7jNov8w1Ctu4rgcAk3IrUw3awoT7V3KANOnPMUu+Xp+tVNIXxJv1aAvY+HgR8XQ/h0uFMi556kkgQ==
+        OAUTH2_CLIENT_SECRET: AgDJ8ClfSTL0vIoD19KLN7sJsslEnZivGvnzNo2fuTmKGYz1Z5e0YZfLwK40reJM+d9ECCrzCeGqQQe/0mxzmzdaciH6p0bLd0/7pLLfnuvy/ObGCrPtIXRojKPu0aGGvJwMs2f5wm24qE5jW2IT08vnNF25NFSYyDxUcefg3zpsfu/Ff3MZtjn9oaDsCxPLTfzGz3NXbHIqVi1b3Er5B/wFLqib28AIwoXwTHepdmJ0+8YcbP1GKuwADNdHre1LDgEMFcgF0AuhlMUEVEKJtrKczdF59HOg2lwPQaHcZEVy1F1hgqBCbQSkI4pVfZ99pmpHRnn9PytNd+3tktdpu9So3TlR+GM8BON/2utlYdDagPBlctdJ+7mwG+PsptG/RSWw6cUqHvTIJp7wcMWT/vqyPsHeXoZy4x9TpLad6EQQHU969+fZN/Sz6d/vpjaqbbkqLACJ/e1PVBHBot/D3y/sCDovebSnJ8+SMsvhrc1kjOZhs5oFcipHxwObSyyJ8sah+Rbz+MgbWNBZ6uuPPEay5T/V12lrT4WfGoMnc1fWe9WDSMXt/GiFCvFhHBJfhcVjaKQ4OZT+TSo4E+guU7B1YvbY6+A7zwke2bdBoSluV10DTo87pp2tCY+x4AKsP1WVIubXa/ck91WsDM44WPYsaZ/F+FkD8P/gFk3eJmGQQx5qOmgzSNldwWtuj74H3TprXId+J22a/La4Qrz0JE/S6Arkfh88UiMCmF0ATb2zwuEYam4FKyKa3iiNMvo/WzEZwIlsCSE3tB2KvnC4Gf6rYO2Ef72fu7jNov8w1Ctu4rgcAk3IrUw3awoT7V3KANOnPMUu+Xp+tVNIXxJv1aAvY+HgR8XQ/h0uFMi556kkgQ==  # yamllint disable rule:line-length
-  template:
+    template:
-    metadata:
+        metadata:
-      creationTimestamp: null
+            creationTimestamp:
-      name: miniflux
+            name: miniflux
-      namespace: apps-roboces
+            namespace: apps-roboces
--- a/k8s/services/miniflux/service.yaml
+++ b/k8s/services/miniflux/service.yaml
@ -1,18 +1,19 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: miniflux-service
+    name: miniflux-service
-  namespace: apps-roboces
+    namespace: apps-roboces
-  labels:
+    labels:
-    app.kubernetes.io/name: miniflux
+        app.kubernetes.io/name: miniflux
-    app.kubernetes.io/managed-by: argo
+        app.kubernetes.io/managed-by: argo
-    app.kubernetes.io/version: 2.1.1
+        app.kubernetes.io/version: 2.1.1
 spec:
-  selector:
+    selector:
-    app.kubernetes.io/name: miniflux
+        app.kubernetes.io/name: miniflux
-  type: LoadBalancer
+    type: LoadBalancer
-  ports:
+    ports:
-    - name: miniflux-service
+        - name: miniflux-service
-      protocol: TCP
+          protocol: TCP
-      port: 8888
+          port: 8888
-      targetPort: 8080
+          targetPort: 8080