From aca076e8641ae37e7cbde1be5d15f9496c99ed05 Mon Sep 17 00:00:00 2001
From: Ava Affine <ava@sunnypup.io>
Date: Fri, 18 Jul 2025 11:27:07 -0700
Subject: [PATCH] initial commit

Signed-off-by: Ava Affine <ava@sunnypup.io>
---
 .gitignore                           |   3 +
 .helmignore                          |  23 ++
 Chart.lock                           |   6 +
 Chart.yaml                           |   6 +
 README.md                            |  14 ++
 templates/NOTES.txt                  |   8 +
 templates/_helpers.tpl               |  62 ++++++
 templates/echo.yaml                  |  39 ++++
 templates/forge.yaml                 | 314 +++++++++++++++++++++++++++
 templates/frigate.yaml               | 176 +++++++++++++++
 templates/homeassistant.yaml         |  78 +++++++
 templates/hpa.yaml                   |  28 +++
 templates/monitoring.yaml            |   0
 templates/mqtt.yaml                  |  96 ++++++++
 templates/nextcloud.yaml             | 101 +++++++++
 templates/postgres.yaml              |  87 ++++++++
 templates/redis.yaml                 |  36 +++
 templates/routing.yaml               | 224 +++++++++++++++++++
 templates/tests/test-connection.yaml |  15 ++
 templates/wordpress.yaml             | 172 +++++++++++++++
 values.yaml                          |  70 ++++++
 21 files changed, 1558 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .helmignore
 create mode 100644 Chart.lock
 create mode 100644 Chart.yaml
 create mode 100644 README.md
 create mode 100644 templates/NOTES.txt
 create mode 100644 templates/_helpers.tpl
 create mode 100644 templates/echo.yaml
 create mode 100644 templates/forge.yaml
 create mode 100644 templates/frigate.yaml
 create mode 100644 templates/homeassistant.yaml
 create mode 100644 templates/hpa.yaml
 create mode 100644 templates/monitoring.yaml
 create mode 100644 templates/mqtt.yaml
 create mode 100644 templates/nextcloud.yaml
 create mode 100644 templates/postgres.yaml
 create mode 100644 templates/redis.yaml
 create mode 100644 templates/routing.yaml
 create mode 100644 templates/tests/test-connection.yaml
 create mode 100644 templates/wordpress.yaml
 create mode 100644 values.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..12ff8cb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+build.sh
+collabora-customizations.yaml
+configs/*
diff --git a/.helmignore b/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/Chart.lock b/Chart.lock
new file mode 100644
index 0000000..7aaf140
--- /dev/null
+++ b/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.1.0
+digest: sha256:8b7073d6a936bbabe553db735ea45d0f50517dcbaafd96f1cbb6b97f1e93023d
+generated: "2022-04-27T13:06:29.739620475-07:00"
diff --git a/Chart.yaml b/Chart.yaml
new file mode 100644
index 0000000..4a4b0ef
--- /dev/null
+++ b/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: "666"
+description: sunnypup.io kubernetes configuration
+name: sunnypup.io
+type: application
+version: 1.0.12
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7935087
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+# Sunnypup.io Services Helm Chart
+This remains publicly accessible as there are many small and efficient manifests / templates here
+that other self hosters can make good use of. Feel free to peruse.
+
+
+## Dependencies
+The following additional helm charts are installed separately.
+- NGINX Ingress Controller (the one by the actual NGINX team not nginx-ingress)
+- Cert Manager
+- Collabora Office
+
+## Configs
+Expected in the configs dir are configuration files for Frigate and for Apache Mosquitto.
+Both are omitted in this repository.
diff --git a/templates/NOTES.txt b/templates/NOTES.txt
new file mode 100644
index 0000000..44ae68a
--- /dev/null
+++ b/templates/NOTES.txt
@@ -0,0 +1,8 @@
+1. Now you must set up /var/lib/sunnypup/
+   - /var/lib/sunnypup/synapse
+   - /var/lib/sunnypup/nextcloud
+   - /var/lib/sunnypup/matrix-discord
+   - /var/lib/sunnypup/matrix-telegram
+   - /var/lib/sunnypup/pg
+2. Port forward
+3. Pray
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
new file mode 100644
index 0000000..3eebe1e
--- /dev/null
+++ b/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sunnypupio.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sunnypupio.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sunnypupio.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sunnypupio.labels" -}}
+helm.sh/chart: {{ include "sunnypupio.chart" . }}
+{{ include "sunnypupio.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sunnypupio.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sunnypupio.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sunnypupio.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "sunnypupio.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/templates/echo.yaml b/templates/echo.yaml
new file mode 100644
index 0000000..cc1f9c0
--- /dev/null
+++ b/templates/echo.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echo
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: echo
+  template:
+    metadata:
+      labels:
+        app: echo
+    spec:
+      containers:
+        - name: echo-server
+          image: jmalloc/echo-server
+          ports:
+            - name: http-port
+              containerPort: 8080
+          env:
+          - name: LOG_HTTP_BODY
+            value: "true" 
+          - name: LOG_HTTP_HEADERS
+            value: "true"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: echo
+spec:
+  clusterIP: None
+  ports:
+    - name: http-port
+      port: 8080
+      targetPort: http-port
+      protocol: TCP
+  selector:
+    app: echo
diff --git a/templates/forge.yaml b/templates/forge.yaml
new file mode 100644
index 0000000..be9ff89
--- /dev/null
+++ b/templates/forge.yaml
@@ -0,0 +1,314 @@
+apiVersion: v1
+stringData:
+  token: {{ .Values.forge.secret }}
+kind: Secret
+metadata:
+  name: runner-secret
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forge
+  labels:
+    app: forge
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forge
+  template:
+    metadata:
+      labels:
+        app: forge
+    spec:
+      containers:
+        - name: forgejo
+          image: codeberg.org/forgejo/forgejo:11
+          ports:
+            - name: http-port
+              containerPort: 3000
+            - name: ssh-port
+              containerPort: 22222
+          volumeMounts:
+            - name: local-tz
+              mountPath: /etc/timezone
+              readOnly: true
+            - name: local-lt
+              mountPath: /etc/localtime
+              readOnly: true
+            - name: persistence
+              mountPath: /data
+          env:
+            - name: USER_UID
+              value: "1000"
+            - name: USER_GID
+              value: "1000"
+            - name: FORGEJO__database__DB_TYPE
+              value: "postgres"
+            - name: FORGEJO__database__HOST
+              value: "postgres:5432"
+            - name: FORGEJO__database__NAME
+              value: "forgejo"
+            - name: FORGEJO__database__USER
+              value: {{ .Values.pg.user }}
+            - name: FORGEJO__database__PASSWD
+              value: {{ .Values.pg.pass }}
+      volumes:
+        - name: local-tz
+          persistentVolumeClaim:
+            claimName: forge-tz-pvc
+        - name: local-lt
+          persistentVolumeClaim:
+            claimName: forge-lt-pvc
+        - name: persistence
+          persistentVolumeClaim:
+            claimName: forge-persistence-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: forge
+  labels:
+    app: forge
+spec:
+  clusterIP: None
+  ports:
+    - name: http-port
+      port: 3000
+      targetPort: http-port
+      protocol: TCP
+    - name: ssh-port
+      port: 22222
+      targetPort: 22222
+  selector:
+    app: forge
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: forge-tz
+   labels:
+     pvc_type: forge-tz
+spec:
+  capacity:
+    storage: 10Mi
+  accessModes:
+   - ReadOnlyMany
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: /etc/timezone
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: forge-lt
+   labels:
+     pvc_type: forge-lt
+spec:
+  capacity:
+    storage: 10Mi
+  accessModes:
+   - ReadOnlyMany
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: /etc/localtime
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forge-tz-pvc
+spec:
+  accessModes:
+    - ReadOnlyMany
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: forge-tz
+  resources:
+    requests:
+      storage: 10Mi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forge-lt-pvc
+spec:
+  accessModes:
+    - ReadOnlyMany
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: forge-lt
+  resources:
+    requests:
+      storage: 10Mi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: forge-persistence-pv
+   labels:
+     pvc_type: forge-persistence-pv
+spec:
+  capacity:
+    storage: 1000Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.forge.path }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forge-persistence-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: forge-persistence-pv
+  resources:
+    requests:
+      storage: 1000Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: forgejo-runner
+  labels:
+    app: forgejo-runner
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: forgejo-runner
+  template:
+    metadata:
+      name: forgejo-runner
+      labels:
+        app: forgejo-runner
+    spec:
+      automountServiceAccountToken: false
+      restartPolicy: Always
+      initContainers:
+        - name: runner-register
+          image: code.forgejo.org/forgejo/runner:6.4.0
+          command:
+            - /bin/bash
+            - -c
+          args:
+            - |
+              while : ; do
+                forgejo-runner register --no-interactive --token $(RUNNER_SECRET) --name $(RUNNER_NAME) --instance $(FORGEJO_INSTANCE_URL) && break ;
+                sleep 1 ;
+              done ;
+              forgejo-runner generate-config > /data/config.yml ;
+              sed -i -e "s|network: .*|network: host|" config.yml ;
+              sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://localhost:2376\n    DOCKER_TLS_VERIFY: 1\n    DOCKER_CERT_PATH: /certs/client|" config.yml ;
+              sed -i -e "s|^  options:|  options: -v /certs/client:/certs/client|" config.yml ;
+              sed -i -e "s|  valid_volumes: \[\]$$|  valid_volumes:\n    - /certs/client|" config.yml
+          env:
+            - name: RUNNER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: RUNNER_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: runner-secret
+                  key: token
+            - name: FORGEJO_INSTANCE_URL
+              value: http://forge:3000
+          resources:
+            limits:
+              cpu: '0.5'
+              ephemeral-storage: 100Mi
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: '0'
+              memory: 64Mi
+          volumeMounts:
+            - name: runner-data
+              mountPath: /data
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+      containers:
+        - name: runner
+          image: code.forgejo.org/forgejo/runner:6.4.0
+          command:
+            - /bin/bash
+            - -c
+          args:
+            - |
+              while ! nc -z localhost 2376 </dev/null ; do
+                echo 'waiting for docker daemon...' ;
+                sleep 5 ;
+                done ;
+              forgejo-runner --config config.yml daemon
+          env:
+            - name: DOCKER_HOST
+              value: tcp://localhost:2376
+            - name: DOCKER_CERT_PATH
+              value: /certs/client
+            - name: DOCKER_TLS_VERIFY
+              value: '1'
+          resources:
+            limits:
+              cpu: '4'
+              ephemeral-storage: 5Gi
+              memory: 8Gi
+            requests:
+              cpu: 100m
+              ephemeral-storage: '0'
+              memory: 64Mi
+          volumeMounts:
+            - name: docker-certs
+              mountPath: /certs
+            - name: runner-data
+              mountPath: /data
+            - name: tmp
+              mountPath: /tmp
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+        - name: daemon
+          image: docker.io/docker:28.3.0-dind
+          env:
+            - name: DOCKER_TLS_CERTDIR
+              value: /certs
+          resources:
+            limits:
+              cpu: '1'
+              ephemeral-storage: 3Gi
+              memory: 4Gi
+            requests:
+              cpu: 100m
+              ephemeral-storage: '0'
+              memory: 64Mi
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: docker-certs
+              mountPath: /certs
+      volumes:
+        - name: docker-certs
+          emptyDir: {}
+        - name: runner-data
+          emptyDir: {}
+        - name: tmp
+          emptyDir: {}
diff --git a/templates/frigate.yaml b/templates/frigate.yaml
new file mode 100644
index 0000000..2b06466
--- /dev/null
+++ b/templates/frigate.yaml
@@ -0,0 +1,176 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frigate
+  labels:
+    app: frigate
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: frigate
+  template:
+    metadata:
+      labels:
+        app: frigate
+    spec:
+      containers:
+        - name: frigate
+          image: ghcr.io/blakeblackshear/frigate:0.15.0-rocm
+          securityContext:
+            privileged: true
+          ports:
+            - name: http
+              containerPort: 5000
+              protocol: TCP
+            - name: rtmp
+              containerPort: 1935
+              protocol: TCP
+            - name: rtsp
+              containerPort: 8554
+              protocol: TCP
+            - name: webrtc
+              containerPort: 8555
+              protocol: TCP
+          volumeMounts:
+             - name: frigate-media-storage
+               mountPath: /media
+             - name: frigate-conf-storage
+               mountPath: /config
+             - name: frigate-configmap
+               mountPath: /config/config.yml
+               subPath: config.yml
+             - name: dshm
+               mountPath: /dev/shm
+             - name: cache
+               mountPath: /tmp/cache
+             - name: coral
+               mountPath: /dev/bus/usb
+             - name: dev-dri
+               mountPath: /dev/dri
+             - name: dev-kfd
+               mountPath: /dev/kfd
+      volumes: 
+        - name: frigate-media-storage
+          persistentVolumeClaim: 
+            claimName: frigate-media-pvc
+        - name: frigate-conf-storage
+          persistentVolumeClaim: 
+            claimName: frigate-conf-pvc
+        - name: dshm
+          emptyDir:
+            medium: Memory
+            sizeLimit: 5G
+        - name: frigate-configmap
+          configMap:
+            name: frigate-configmap
+        # pass through GPU for inference
+        - name: dev-dri
+          hostPath:
+            path: /dev/dri
+        - name: dev-kfd
+          hostPath:
+            path: /dev/kfd
+        # 1G of memory
+        - name: cache
+          emptyDir:
+            medium: "Memory"
+            sizeLimit: 1000Mi
+        # usb coral
+        - name: coral
+          hostPath:
+            path: /dev/bus/usb
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: frigate-media-pv
+   labels:
+     pvc_type: frigate-media-pv
+spec:
+  capacity:
+    storage: 1000Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.frigate.mediapath }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: frigate-media-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: frigate-media-pv
+  resources:
+    requests:
+      storage: 1000Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: frigate-conf-pv
+   labels:
+     pvc_type: frigate-conf-pv
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.frigate.confpath }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: frigate-conf-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: frigate-conf-pv
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frigate
+  labels:
+    app: frigate
+spec:
+  type: NodePort
+  ports:
+  - name: rtmp
+    port: 1935
+    protocol: TCP
+    targetPort: rtmp
+    nodePort: 30002
+  - name: rtsp
+    port: 8554
+    protocol: TCP
+    targetPort: rtsp
+    nodePort: 30003
+  - name: http
+    port: 5000
+    protocol: TCP
+    targetPort: http
+    nodePort: 30004
+  selector:
+    app: frigate
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: frigate-configmap
+data:
+  config.yml: |-
+    {{ (tpl (.Files.Get "configs/frigate.yaml") . ) | nindent 4 }}
+
diff --git a/templates/homeassistant.yaml b/templates/homeassistant.yaml
new file mode 100644
index 0000000..26bd206
--- /dev/null
+++ b/templates/homeassistant.yaml
@@ -0,0 +1,78 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: homeassistant
+  labels:
+    app: homeassistant
+spec:
+  selector:
+    app: homeassistant
+  type: ClusterIP
+  clusterIP: None
+  ports:
+  - name: http-port
+    port: 8123
+    targetPort: 8123
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homeassistant
+  template:
+    metadata:
+      labels:
+        app: homeassistant
+    spec:
+      containers:
+        - name: nginx
+          image: nginx
+          ports:
+            - name: http-port
+              containerPort: 8123
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+      volumes:
+        - name: config-volume
+          configMap:
+            name: homeassistant-proxy-nginx-conf
+            items:
+              - key: nginx.conf
+                path: nginx.conf
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: homeassistant-proxy-nginx-conf
+  namespace: default
+data:
+  nginx.conf: |
+   worker_processes  auto;
+   events {
+       worker_connections  2048;
+   }
+   http {
+     map $http_upgrade $connection_upgrade {
+       default upgrade;
+       ''      close;
+     }
+     server {
+       error_log  stdout;
+       access_log stdout;
+
+       listen 8123;
+       listen [::]:8123;
+       proxy_buffering off;
+       location / {
+         proxy_pass http://172.30.32.1:8123;
+         proxy_set_header Upgrade $http_upgrade;
+         proxy_set_header Connection $connection_upgrade;
+       }
+     }
+   }
diff --git a/templates/hpa.yaml b/templates/hpa.yaml
new file mode 100644
index 0000000..c6e0f29
--- /dev/null
+++ b/templates/hpa.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "sunnypupio.fullname" . }}
+  labels:
+    {{- include "sunnypupio.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "sunnypupio.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/templates/monitoring.yaml b/templates/monitoring.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/templates/mqtt.yaml b/templates/mqtt.yaml
new file mode 100644
index 0000000..6f6700b
--- /dev/null
+++ b/templates/mqtt.yaml
@@ -0,0 +1,96 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mqtt
+  labels:
+    app: frigate
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mqtt
+  template:
+    metadata:
+      labels:
+        app: mqtt
+    spec:
+      containers:
+        - name: mqtt
+          image: eclipse-mosquitto
+          ports:
+            - name: mqtt
+              containerPort: 1883
+            - name: webui
+              containerPort: 9001
+          volumeMounts:
+            - name: mqtt-configmap
+              mountPath: /mosquitto/config/mosquitto.conf
+              subPath: mosquitto.conf
+            - name: mqtt-persistence
+              mountPath: /mosquitto/data
+      volumes:
+        - name: mqtt-configmap
+          configMap:
+            name: mqtt-configmap
+        - name: mqtt-persistence
+          persistentVolumeClaim:
+            claimName: mqtt-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mqtt
+  labels:
+    app: frigate
+spec:
+  type: NodePort
+  ports:
+    - name: mqtt
+      port: 1883
+      targetPort: mqtt 
+      protocol: TCP
+      nodePort: 30000
+    - name: webui
+      port: 9001
+      targetPort: webui
+      protocol: TCP
+      nodePort: 30001
+  selector:
+    app: mqtt
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: mqtt-pv
+   labels:
+     pvc_type: mqtt-pv
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.mqtt.path }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mqtt-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: mqtt-pv
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mqtt-configmap
+data:
+  mosquitto.conf: |-
+    {{ (tpl (.Files.Get "configs/mqtt.yaml") . ) | nindent 4 }}
diff --git a/templates/nextcloud.yaml b/templates/nextcloud.yaml
new file mode 100644
index 0000000..701e5dc
--- /dev/null
+++ b/templates/nextcloud.yaml
@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud 
+  labels:
+    app: nextcloud 
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud 
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+    spec:
+      volumes:
+      - name: nextcloud-storage
+        persistentVolumeClaim: 
+          claimName: nextcloud-pvc
+      containers:
+        - image: nextcloud:apache
+          name: cron
+          command:
+            - /cron.sh
+          volumeMounts:
+            - name: nextcloud-storage
+              mountPath: /var/www/html
+        - image: nextcloud:apache
+          name: nextcloud 
+          ports:
+            - containerPort: 80
+          env:
+            - name: REDIS_HOST
+              value: redis
+            - name: MYSQL_HOST
+              value: postgres
+            - name: MYSQL_PORT
+              value: "5432"
+            - name: MYSQL_DATABASE
+              value: {{ .Values.pg.db }}
+            - name: MYSQL_PASSWORD
+              value: {{ .Values.pg.pass }}
+            - name: MYSQL_USER
+              value: {{ .Values.pg.user }}
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              value: {{ .Values.nextcloud.pass }}
+            - name: NEXTCLOUD_ADMIN_USER
+              value: "admin"
+            - name: NEXTCLOUD_TRUSTED_DOMAINS 
+              value: {{ .Values.nextcloud.url }}
+            - name: PHP_MEMORY_LIMIT
+              value: '2048G'
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: nextcloud-storage
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: nextcloud-pv
+   labels:
+     pvc_type: nextcloud-pv
+spec:
+  capacity:
+    storage: 2500Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.nextcloud.path }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: nextcloud-pv
+  resources:
+    requests:
+      storage: 2500Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+spec:
+  clusterIP: None
+  ports:
+  - port: 80
+    name: nextcloud
+    protocol: TCP
+  type: ClusterIP
+  selector:
+    app: nextcloud
diff --git a/templates/postgres.yaml b/templates/postgres.yaml
new file mode 100644
index 0000000..b113d14
--- /dev/null
+++ b/templates/postgres.yaml
@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-configuration
+  labels:
+    app: postgres
+data:
+  POSTGRES_DB: {{ .Values.pg.db }}
+  POSTGRES_USER: {{ .Values.pg.user }}
+  POSTGRES_PASSWORD: {{ .Values.pg.pass }}
+  POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF-8"
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+   name: postgres-pv
+   labels:
+     pvc_type: postgres-pv
+spec:
+  capacity:
+    storage: 80Gi
+  accessModes:
+   - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+   path: {{ .Values.pg.path }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: postgres-pv
+  resources:
+    requests:
+      storage: 80Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:14.6
+        envFrom:
+        - configMapRef:
+            name: postgres-configuration
+        ports:
+        - containerPort: 5432
+          name: postgres-tcp
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: postgres-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  clusterIP: None
+  ports:
+  - port: 5432
+    name: postgres-tcp
+  type: ClusterIP
+  selector:
+    app: postgres
diff --git a/templates/redis.yaml b/templates/redis.yaml
new file mode 100644
index 0000000..f49c76f
--- /dev/null
+++ b/templates/redis.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - name: master
+          image: redis
+          env:
+            - name: MASTER
+              value: "true"
+          ports:
+            - containerPort: 6379
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  clusterIP: None
+  ports:
+    - name: redis-port
+      port: 6379
+      targetPort: 6379
+      protocol: TCP
+  selector:
+    app: redis
diff --git a/templates/routing.yaml b/templates/routing.yaml
new file mode 100644
index 0000000..762ab5c
--- /dev/null
+++ b/templates/routing.yaml
@@ -0,0 +1,224 @@
+#dop_v1_8b514aa82e4930e58f8098a54088a36c01af2fb6020b792f7a7fe4be694ddc52
+# BIG NOTE
+# CAMS AND FRIGATE REMAIN UNEXPOSED TO WEB
+apiVersion: v1
+kind: Secret
+metadata:
+  name: digitalocean-dns
+  namespace: cert-manager
+data:
+  access-token: {{ .Values.digitalocean.access }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: ava@sunnypup.io
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cert-issuer-account-key
+    solvers:
+    - dns01:
+        digitalocean:
+          tokenSecretRef:
+            name: digitalocean-dns
+            key: access-token
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: sunnypup-certs
+spec:
+  secretName: sunnypup-certs
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+  - cloud.sunnypup.io
+  - office.sunnypup.io
+  - echo.sunnypup.io
+  - home.sunnypup.io
+  - hephaestus.sunnypup.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: smsm-certs
+spec:
+  secretName: smsm-certs
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+  - stmatthew-sanmateo.org
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: forge
+  labels:
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: hephaestus.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+    - name: forge
+      service: forge
+      port: 3000
+      client-max-body-size: 10M
+      read-timeout: 120s
+  routes:
+    - path: /
+      action:
+        pass: forge
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: collabora
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: office.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: collabora
+    service: collabora-collabora-online
+    port: 9980
+    client-max-body-size: 1G
+  routes:
+  - path: /browser
+    action:
+      pass: collabora
+  - path: /hosting/discovery
+    action:
+      pass: collabora
+  - path: /hosting/capabilities
+    action:
+      pass: collabora
+  - path: /cool/adminws
+    action:
+      proxy:
+        upstream: collabora
+        requestHeaders:
+          pass: true
+          set:
+            - name: Connection 
+              value: "Upgrade"
+            - name: Upgrade
+              value: "${http_upgrade}"
+  - path: ~ ^/cool/(.*)/ws$
+    action:
+      proxy:
+        upstream: collabora
+        requestHeaders:
+          pass: true
+          set:
+            - name: Connection 
+              value: "Upgrade"
+            - name: Upgrade
+              value: "${http_upgrade}"
+  - path: /cool
+    action:
+      pass: collabora
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: homeassistant
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: home.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: homeassistant
+    service: homeassistant
+    port: 8123
+  routes:
+  - path: /
+    location-snippets: |
+      proxy_buffering off;
+      proxy_redirect http:// https://;
+    action:
+      proxy:
+        upstream: homeassistant
+        requestHeaders:
+          pass: true
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: echo
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: echo.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+  upstreams:
+  - name: echo
+    service: echo
+    port: 8080
+  routes:
+  - path: /
+    action:
+      pass: echo
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: nextcloud
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: cloud.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: nextcloud
+    service: nextcloud
+    port: 80
+    client-max-body-size: 4g
+  routes:
+  - path: /
+    action:
+      pass: nextcloud
+---
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: forge-ssh-passthrough
+spec:
+  listener:
+    name: forge-ssh
+    protocol: TCP
+  upstreams:
+    - name: forge
+      service: forge
+      port: 22222
+  action:
+    pass: forge
diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml
new file mode 100644
index 0000000..f4e5f01
--- /dev/null
+++ b/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "sunnypupio.fullname" . }}-test-connection"
+  labels:
+    {{- include "sunnypupio.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "sunnypupio.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/templates/wordpress.yaml b/templates/wordpress.yaml
new file mode 100644
index 0000000..1a2a947
--- /dev/null
+++ b/templates/wordpress.yaml
@@ -0,0 +1,172 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv
+  labels:
+    pvc_type: mysql-pv
+spec: 
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: {{ .Values.wordpress.db.path }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 3306
+  selector:
+    app: wordpress
+    tier: mysql
+  clusterIP: None
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: mysql-pv
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wordpress-mysql
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: mysql
+    spec:
+      containers:
+      - image: mysql:8.0
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: {{ .Values.wordpress.db.rootpassword }}
+        - name: MYSQL_DATABASE
+          value: wordpress
+        - name: MYSQL_USER
+          value: wordpress
+        - name: MYSQL_PASSWORD
+          value: {{ .Values.wordpress.db.password }}
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: wordpress-pv
+  labels:
+    pvc_type: wordpress-pv
+spec: 
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: {{ .Values.wordpress.path }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  ports:
+    - port: 80
+  selector:
+    app: wordpress
+    tier: frontend
+  type: LoadBalancer
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  storageClassName: ""
+  volumeName: wordpress-pv
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wordpress
+  labels:
+    app: wordpress
+spec:
+  selector:
+    matchLabels:
+      app: wordpress
+      tier: frontend
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: wordpress
+        tier: frontend
+    spec:
+      containers:
+      - image: wordpress:6.2.1-apache
+        name: wordpress
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: wordpress-mysql
+        - name: WORDPRESS_DB_PASSWORD
+          value: {{ .Values.wordpress.db.password }}
+        - name: WORDPRESS_DB_USER
+          value: wordpress
+        ports:
+        - containerPort: 80
+          name: wordpress
+        volumeMounts:
+        - name: wordpress-persistent-storage
+          mountPath: /var/www/html
+      volumes:
+      - name: wordpress-persistent-storage
+        persistentVolumeClaim:
+          claimName: wp-pv-claim
diff --git a/values.yaml b/values.yaml
new file mode 100644
index 0000000..149c448
--- /dev/null
+++ b/values.yaml
@@ -0,0 +1,70 @@
+# Default values for sunnypup.io.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+service:
+  type: ClusterIP
+  port: 80
+
+autoscaling:
+  enabled: false
+
+pg:
+  pass: ""
+  user: sunnypup
+  db: sunnypup
+  path: "/srv/sunnypup/pg/"
+
+nextcloud:
+  url: cloud.sunnypup.io
+  path: "/srv/sunnypup/nextcloud"
+  pass: ""
+
+frigate:
+  mediapath: "/cam/media"
+  confpath: "/cam/config"
+
+mqtt:
+  path: "/srv/sunnypup/mqtt"
+
+wordpress:
+  path: "/srv/sunnypup/wordpress/site"
+  db:
+    path: "/srv/sunnypup/wordpress/db"
+    password: ""
+    rootpassword: ""
+
+digitalocean:
+  access: ""
+
+mqtt:
+  path: "/srv/sunnypup/mqtt"
+  host: ""
+  port: 30000
+  user: ""
+  password: ""
+
+forge:
+  path: "/srv/sunnypup/forge"
+  secret: ""