Rename oolah.tyil.net k3s cluster to tyilnet

This is an actual cluster now, after all, not a single node deployment
like the other k3s-master instances, which will most likely all be taken
out of order with time.

79 files changed, 2798 insertions, 0 deletions

diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
new file mode 100644
index 0000000..cb9c1ad
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: keycloak
+      app.kubernetes.io/part-of: auth-system
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: keycloak
+        app.kubernetes.io/part-of: auth-system
+    spec:
+      containers:
+      - name: keycloak
+        image: quay.io/keycloak/keycloak:21.0.2
+        args: ["start-dev"]
+        env:
+        - name: KEYCLOAK_ADMIN
+          valueFrom:
+            secretKeyRef:
+              name: keycloak-credentials
+              key: username
+        - name: KEYCLOAK_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: keycloak-credentials
+              key: password
+        - name: KC_PROXY
+          value: "edge"
+        ports:
+        - name: http
+          containerPort: 8080
+        readinessProbe:
+          httpGet:
+            path: /realms/master
+            port: 8080
+        resources:
+          requests:
+            memory: 368Mi
+          limits:
+            memory: 512Mi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
new file mode 100644
index 0000000..37bdee1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: "traefik"
+  tls:
+  - hosts:
+    - keycloak.tyil.nl
+    secretName: tls-nl.tyil.keycloak
+  rules:
+  - host: keycloak.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: keycloak
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
new file mode 100644
index 0000000..0ee669b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
new file mode 100644
index 0000000..9cee89f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lldap
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: lldap
+      app.kubernetes.io/part-of: auth-system
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: lldap
+        app.kubernetes.io/part-of: auth-system
+    spec:
+      containers:
+      - env:
+        - name: GID
+          value: "1001"
+        - name: TZ
+          value: Europe/Amsterdam
+        - name: UID
+          value: "1001"
+        image: nitnelave/lldap:stable
+        name: lldap
+        ports:
+        - containerPort: 3890
+        - containerPort: 6360
+        - containerPort: 17170
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        resources:
+          requests:
+            memory: 32Mi
+          limits:
+            memory: 128Mi
+      restartPolicy: Always
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: lldap
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
new file mode 100644
index 0000000..cc82eec
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lldap
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - ldap.tyil.nl
+    secretName: tls-nl.tyil.ldap
+  rules:
+  - host: ldap.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: lldap-http-service
+            port:
+              number: 17170
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
new file mode 100644
index 0000000..17a812b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lldap
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+spec:
+  storageClassName: nfs
+  volumeName: lldap
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml
new file mode 100644
index 0000000..4501e8f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: lldap
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+spec:
+  storageClassName: nfs
+  persistentVolumeReclaimPolicy: Recycle
+  volumeMode: Filesystem
+  capacity:
+    storage: 1Gi
+  accessModes:
+  - ReadWriteMany
+  nfs:
+    path: /lldap
+    server: 10.57.101.10
+  mountOptions:
+  - hard
+  - nfsvers=4.2
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
new file mode 100644
index 0000000..1520b3c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: lldap-http-service
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+  ports:
+  - name: http
+    port: 17170
+    targetPort: 17170
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+  # This port may _not_ be named "lldap_ldap", as the application itself wants
+  # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the
+  # application can't handle.
+  name: lldap-ldap-service
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lldap
+    app.kubernetes.io/part-of: auth-system
+  type: NodePort
+  ports:
+  - name: ldap
+    port: 3890
+    targetPort: 3890
+    nodePort: 3890
+  - name: ldaps
+    port: 6360
+    targetPort: 6360
+    nodePort: 6360
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart
new file mode 100644
index 0000000..4350177
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/helm-chart
@@ -0,0 +1,13 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: certmanager
+  namespace: kube-system
+spec:
+  repo: https://charts.jetstack.io
+  chart: cert-manager
+  targetNamespace: base-system
+  valuesContent: |
+    installCRDs: true
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml
new file mode 100644
index 0000000..dbff2c2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-production.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    email: root@tyil.net
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: clusterissuer-letsencrypt-production
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml
new file mode 100644
index 0000000..9b0a27d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/base-system/certmanager/letsencrypt-staging.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    email: root@tyil.net
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: clusterissuer-letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+      selector: {}
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
new file mode 100644
index 0000000..d8e4001
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: headers-keycloak
+  namespace: kube-system
+spec:
+  headers:
+    stsPreload: true
+    forceSTSHeader: true
+    contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
new file mode 100644
index 0000000..e3b4179
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: headers-nextcloud
+  namespace: kube-system
+spec:
+  headers:
+    stsPreload: true
+    forceSTSHeader: true
+    contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml
new file mode 100644
index 0000000..0bfb82c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-https.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+  namespace: kube-system
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml
new file mode 100644
index 0000000..20fc702
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/grafana/helm-chart.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: grafana
+  namespace: kube-system
+spec:
+  repo: https://grafana.github.io/helm-charts
+  chart: grafana
+  targetNamespace: monitoring
+  valuesContent: |-
+    ingress:
+      enabled: true
+      ingressClassName: "traefik"
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-production"
+      tls:
+      - hosts:
+        - grafana.tyil.nl
+        secretName: tls-nl.tyil.grafana
+      hosts:
+      - "grafana.tyil.nl"
+    envFromSecret: "grafana-env"
+    grafana.ini:
+      auth.ldap:
+        enabled: true
+        allow_sign_up: true
+      database:
+        type: "postgres"
+    ldap:
+      enabled: true
+      existingSecret: grafana-config
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml
new file mode 100644
index 0000000..3222a7e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus-exporter-postgresql/helm-chart.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: prometheus-exporter-postgresql
+  namespace: kube-system
+spec:
+  repo: https://prometheus-community.github.io/helm-charts
+  chart: prometheus-postgres-exporter
+  targetNamespace: monitoring
+  valuesContent: |-
+    config:
+      datasourceSecret:
+        name: prometheus-exporter-postgresql
+        key: connection-string
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml
new file mode 100644
index 0000000..b32dc36
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/helm-chart.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: prometheus
+  namespace: kube-system
+spec:
+  repo: "https://prometheus-community.github.io/helm-charts"
+  chart: "prometheus"
+  targetNamespace: "monitoring"
+  valuesContent: |-
+    server:
+      baseURL: "https://prometheus.tyil.nl"
+      global:
+        scrape_interval: "1m"
+        scrape_timeout: "10s"
+        evaluation_interval: "1m"
+      persistentVolume:
+        enabled: true
+        existingClaim: "prometheus"
+      prometheus.yml:
+        scrape_configs:
+        - job_name: exporter-postgresql
+          static_configs:
+          - targets:
+            - "prometheus-exporter-postgresql-prometheus-postgres-exporter:80"
+    alertmanager:
+      enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume-claim.yaml
new file mode 100644
index 0000000..9ecd180
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume-claim.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prometheus
+  namespace: monitoring
+spec:
+  storageClassName: nfs
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume.yaml b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume.yaml
new file mode 100644
index 0000000..85aaebf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/monitoring/prometheus/persistent-volume.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prometheus
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+  - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  storageClassName: nfs
+  mountOptions:
+  - hard
+  - nfsvers=4.2
+  nfs:
+    path: /var/lib/prometheus
+    server: 10.57.101.20
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml
new file mode 100644
index 0000000..42cc6a3
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/namespaces.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: auth-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: base-system
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: personal-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: public-services
+...
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: servarr
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml
new file mode 100644
index 0000000..bdbc8b2
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/configmap.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cgit
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: cgit
+    app.kubernetes.io/part-of: personal-services
+data:
+  cgitrc: |
+    root-desc=All public repos from tyil
+
+    source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh
+    about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+    readme=:INSTALL
+    readme=:INSTALL.htm
+    readme=:INSTALL.html
+    readme=:INSTALL.md
+    readme=:INSTALL.mkd
+    readme=:INSTALL.rst
+    readme=:INSTALL.txt
+    readme=:README
+    readme=:README.htm
+    readme=:README.html
+    readme=:README.md
+    readme=:README.mkd
+    readme=:README.pod6
+    readme=:README.rakudoc
+    readme=:README.rst
+    readme=:README.txt
+    readme=:install
+    readme=:install.htm
+    readme=:install.html
+    readme=:install.md
+    readme=:install.mkd
+    readme=:install.rst
+    readme=:install.txt
+    readme=:readme
+    readme=:readme.htm
+    readme=:readme.html
+    readme=:readme.md
+    readme=:readme.mkd
+    readme=:readme.rst
+    readme=:readme.txt
+
+    css=/cgit-css/cgit.css
+    logo=/cgit-css/cgit.png
+
+    #cache-root=/var/cache/cgit
+    #cache-size=1000
+
+    clone-prefix=https://git.tyil.nl
+    enable-git-config=1
+    enable-index-links=1
+    enable-index-owner=0
+    enable-log-filecount=1
+    enable-log-linecount=1
+    remove-suffix=1
+    robots=index, follow
+    scan-path=/srv/git/
+    section-from-path=1
+    snapshots=tar.gz tar.bz2
+    virtual-root=/
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml
new file mode 100644
index 0000000..715a3f6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/deployment.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cgit
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: cgit
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: cgit
+      app.kubernetes.io/part-of: personal-services
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: cgit
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: emarcs/nginx-cgit
+        name: cgit
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /srv/git
+          name: data
+        - mountPath: /etc/cgitrc
+          subPath: cgitrc
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: data
+        hostPath:
+          path: /mnt/pool/git
+          type: DirectoryOrCreate
+      - name: config
+        configMap:
+          name: cgit
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml
new file mode 100644
index 0000000..4dcf92e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cgit
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: cgit
+    app.kubernetes.io/part-of: personal-services
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - git.tyil.nl
+    secretName: tls-nl.tyil.git
+  rules:
+  - host: git.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: cgit
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml
new file mode 100644
index 0000000..ac2ab26
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/cgit/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cgit
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: cgit
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: cgit
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml
new file mode 100644
index 0000000..b78a822
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/configmap.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grocy
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy
+    app.kubernetes.io/part-of: personal-services
+data:
+  # A custom common.conf is required because the name of the backend service is
+  # not configurable through conventional means. Instead, I supply my own
+  # version with the correct backend name and overwrite the one supplied by the
+  # grocy docker container itself.
+  common.conf: |
+    charset utf-8;
+
+    location / {
+        try_files $uri /index.php$is_args$query_string;
+    }
+
+    location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
+        expires 365d;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass   grocy-backend:80;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        include        fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny  all;
+    }
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml
new file mode 100644
index 0000000..ef77883
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-backend.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grocy-backend
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-backend
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: grocy-backend
+      app.kubernetes.io/part-of: personal-services
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: grocy-backend
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: grocy/backend:v3.3.2
+        name: grocy
+        env:
+        - name: GROCY_CURRENCY
+          value: "EUR"
+        - name: GROCY_MODE
+          value: "production"
+        - name: GROCY_CULTURE
+          name: "en"
+        - name: MAX_UPLOAD
+          value: "50M"
+        - name: PHP_MAX_FILE_UPLOAD
+          value: "200"
+        - name: PHP_MAX_POST
+          value: "100M"
+        - name: PHP_MEMORY_LIMIT
+          value: "512M"
+        ports:
+        - containerPort: 9000
+        volumeMounts:
+        - mountPath: /var/www/data
+          name: data
+      restartPolicy: Always
+      volumes:
+      - name: data
+        hostPath:
+          path: /etc/grocy
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml
new file mode 100644
index 0000000..07fbb68
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/deployment-frontend.yaml
@@ -0,0 +1,59 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grocy-frontend
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-frontend
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: grocy-frontend
+      app.kubernetes.io/part-of: personal-services
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: grocy-frontend
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: grocy/frontend:v3.3.2
+        name: grocy
+        env:
+        - name: GROCY_CURRENCY
+          value: "EUR"
+        - name: GROCY_MODE
+          value: "production"
+        - name: GROCY_CULTURE
+          name: "en"
+        - name: MAX_UPLOAD
+          value: "50M"
+        - name: PHP_MAX_FILE_UPLOAD
+          value: "200"
+        - name: PHP_MAX_POST
+          value: "100M"
+        - name: PHP_MEMORY_LIMIT
+          value: "512M"
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - mountPath: /etc/nginx/common.conf
+          subPath: common.conf
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: config
+        configMap:
+          name: grocy
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml
new file mode 100644
index 0000000..80d1089
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grocy
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy
+    app.kubernetes.io/part-of: personal-services
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - erp.tyil.nl
+    secretName: tls-nl.tyil.erp
+  rules:
+  - host: erp.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: grocy-frontend
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml
new file mode 100644
index 0000000..e9a179d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-backend.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grocy-backend
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-backend
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-backend
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 9000
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml
new file mode 100644
index 0000000..d9d1e93
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/grocy/service-frontend.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: grocy-frontend
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-frontend
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: grocy-frontend
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml
new file mode 100644
index 0000000..6eb7fea
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-blockdiag.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kroki-blockdiag
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-blockdiag
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: kroki-blockdiag
+      app.kubernetes.io/part-of: personal-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: kroki-blockdiag
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: yuzutech/kroki-blockdiag
+        name: blockdiag
+        ports:
+        - containerPort: 8001
+      restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml
new file mode 100644
index 0000000..26acd15
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-bpmn.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kroki-bpmn
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-bpmn
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: kroki-bpmn
+      app.kubernetes.io/part-of: personal-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: kroki-bpmn
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: yuzutech/kroki-bpmn
+        name: bpmn
+        ports:
+        - containerPort: 8003
+      restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml
new file mode 100644
index 0000000..d1c6699
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-excalidraw.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kroki-excalidraw
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-excalidraw
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: kroki-excalidraw
+      app.kubernetes.io/part-of: personal-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: kroki-excalidraw
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: yuzutech/kroki-excalidraw
+        name: excalidraw
+        ports:
+        - containerPort: 8004
+      restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml
new file mode 100644
index 0000000..ee6edaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki-mermaid.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kroki-mermaid
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-mermaid
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: kroki-mermaid
+      app.kubernetes.io/part-of: personal-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: kroki-mermaid
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: yuzutech/kroki-mermaid
+        name: mermaid
+        ports:
+        - containerPort: 8002
+      restartPolicy: Always
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml
new file mode 100644
index 0000000..f192697
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/deployment-kroki.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kroki
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: kroki
+      app.kubernetes.io/part-of: personal-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: kroki
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      containers:
+      - image: yuzutech/kroki
+        name: kroki
+        env:
+        - name: KROKI_BLOCKDIAG_HOST
+          value: kroki-blockdiag
+        - name: KROKI_BLOCKDIAG_PORT
+          value: "80"
+        - name: KROKI_BPMN_HOST
+          value: kroki-bpmn
+        - name: KROKI_BPMN_PORT
+          value: "80"
+        - name: KROKI_EXCALIDRAW_HOST
+          value: kroki-excalidraw
+        - name: KROKI_EXCALIDRAW_PORT
+          value: "80"
+        - name: KROKI_MERMAID_HOST
+          value: kroki-mermaid
+        - name: KROKI_MERMAID_PORT
+          value: "80"
+        - name: KROKI_MAX_URI_LENGTH
+          value: "4096"
+        ports:
+        - containerPort: 8000
+      restartPolicy: Always
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml
new file mode 100644
index 0000000..c33644e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/ingress-kroki.yaml
@@ -0,0 +1,30 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kroki
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki
+    app.kubernetes.io/part-of: personal-services
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  tls:
+  - hosts:
+    - kroki.tyil.nl
+    secretName: tls-nl.tyil.kroki
+  rules:
+  - host: kroki.tyil.nl
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: kroki
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml
new file mode 100644
index 0000000..7ac6c4e
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-blockdiag.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kroki-blockdiag
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-blockdiag
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-blockdiag
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8001
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml
new file mode 100644
index 0000000..73e2c58
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-bpmn.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kroki-bpmn
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-bpmn
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-bpmn
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8003
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml
new file mode 100644
index 0000000..a011428
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-excalidraw.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kroki-excalidraw
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-excalidraw
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-excalidraw
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8004
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml
new file mode 100644
index 0000000..872433c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki-mermaid.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kroki-mermaid
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-mermaid
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki-mermaid
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8002
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml
new file mode 100644
index 0000000..0c98dc8
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/kroki/service-kroki.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kroki
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: kroki
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8000
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml
new file mode 100644
index 0000000..1f0b3a1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/cron.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: nextcloud
+  namespace: personal-services
+spec:
+  schedule: "*/5 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          securityContext:
+            runAsUser: 33
+            runAsGroup: 33
+          nodeName: "mieshu.tyil.net"
+          containers:
+          - name: nextcloud
+            image: nextcloud:27
+            command:
+            - php
+            args:
+            - -f
+            - /var/www/html/cron.php
+            volumeMounts:
+            - mountPath: /var/www/html
+              name: data
+          restartPolicy: OnFailure
+          volumes:
+          - name: data
+            hostPath:
+              path: /mnt/pool/nextcloud
+              type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml
new file mode 100644
index 0000000..250f670
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/deployment.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/part-of: personal-services
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: nextcloud
+      app.kubernetes.io/part-of: personal-services
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: nextcloud
+        app.kubernetes.io/part-of: personal-services
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: nextcloud:27
+        name: nextcloud
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /var/www/html
+          name: data
+      restartPolicy: Always
+      volumes:
+      - name: data
+        hostPath:
+          path: /mnt/pool/nextcloud
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml
new file mode 100644
index 0000000..ac616a0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/part-of: personal-services
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-nextcloud@kubernetescrd
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - cloud.tyil.nl
+    secretName: tls-nl.tyil.cloud
+  rules:
+  - host: cloud.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nextcloud
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml
new file mode 100644
index 0000000..fd9a7d6
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/personal-services/nextcloud/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud
+  namespace: personal-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/part-of: personal-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/part-of: personal-services
+  ports:
+  - name: http
+    port: 80
+    targetPort: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml
new file mode 100644
index 0000000..d910c47
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: invidious
+  namespace: public-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: invidious
+    app.kubernetes.io/part-of: public-services
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: invidious
+      app.kubernetes.io/part-of: public-services
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: invidious
+        app.kubernetes.io/part-of: public-services
+    spec:
+      containers:
+      - name: invidious
+        image: quay.io/invidious/invidious:latest
+        ports:
+        - containerPort: 8080
+        env:
+        - name: INVIDIOUS_CONFIG
+          valueFrom:
+            secretKeyRef:
+              name: invidious-config
+              key: config.yml
+        resources:
+          requests:
+            memory: 64Mi
+          limits:
+            memory: 128Mi
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app.kubernetes.io/name
+                operator: In
+                values:
+                - invidious
+            topologyKey: "kubernetes.io/hostname"
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml
new file mode 100644
index 0000000..cb675a9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: invidious
+  namespace: public-services
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: invidious
+    app.kubernetes.io/part-of: public-services
+spec:
+  ingressClassName: "traefik"
+  tls:
+  - hosts:
+    - youtube.alt.tyil.nl
+    secretName: tls-nl.tyil.alt.youtube
+  rules:
+  - host: youtube.alt.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: invidious-http
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml
new file mode 100644
index 0000000..e4f95be
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/public-services/invidious/service.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  # Funfact: if this name is set to "invidious", things will break!
+  # https://github.com/iv-org/invidious/issues/2970
+  name: invidious-http
+  namespace: public-services
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: invidious
+    app.kubernetes.io/part-of: public-services
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: invidious
+    app.kubernetes.io/part-of: public-services
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 3000
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml
new file mode 100644
index 0000000..e967412
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/deployment.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bazarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: bazarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: bazarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: bazarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: hotio/bazarr:testing
+        name: bazarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 6767
+        volumeMounts:
+        - mountPath: /mnt/pool/media/anime-series/exported
+          name: anime-series
+        - mountPath: /mnt/pool/media/anime-movies/exported
+          name: anime-movies
+        - mountPath: /mnt/pool/media/series/exported
+          name: series
+        - mountPath: /mnt/pool/media/movies/exported
+          name: movies
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: anime-series
+        hostPath:
+          path: /mnt/pool/media/anime-series/exported
+          type: Directory
+      - name: anime-movies
+        hostPath:
+          path: /mnt/pool/media/anime-movies/exported
+          type: Directory
+      - name: series
+        hostPath:
+          path: /mnt/pool/media/series/exported
+          type: Directory
+      - name: movies
+        hostPath:
+          path: /mnt/pool/media/movies/exported
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/bazarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml
new file mode 100644
index 0000000..9b3266c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bazarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: bazarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - bazarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.bazarr
+  rules:
+  - host: bazarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: bazarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml
new file mode 100644
index 0000000..1f3cc23
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/bazarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bazarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: bazarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: bazarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 6767
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml
new file mode 100644
index 0000000..e443551
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/deployment.yaml
@@ -0,0 +1,86 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dirlist
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: dirlist
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: dirlist
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: dirlist
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: docker.io/svenstaro/miniserve:latest
+        args:
+        - --enable-tar
+        - --enable-tar-gz
+        - --qrcode
+        - /var/www
+        name: miniserve
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - mountPath: /var/www/anime-movies
+          name: anime-movies
+          readOnly: true
+        - mountPath: /var/www/anime-series
+          name: anime-series
+          readOnly: true
+        - mountPath: /var/www/books
+          name: books
+          readOnly: true
+        - mountPath: /var/www/movies
+          name: movies
+          readOnly: true
+        - mountPath: /var/www/music
+          name: music
+          readOnly: true
+        - mountPath: /var/www/series
+          name: series
+          readOnly: true
+      restartPolicy: Always
+      volumes:
+      - name: anime-series
+        hostPath:
+          path: /mnt/pool/media/anime-series/exported
+          type: Directory
+      - name: anime-movies
+        hostPath:
+          path: /mnt/pool/media/anime-movies/exported
+          type: Directory
+      - name: books
+        hostPath:
+          path: /mnt/pool/media/books/exported
+          type: Directory
+      - name: movies
+        hostPath:
+          path: /mnt/pool/media/movies/exported
+          type: Directory
+      - name: music
+        hostPath:
+          path: /mnt/pool/media/music/exported
+          type: Directory
+      - name: series
+        hostPath:
+          path: /mnt/pool/media/series/exported
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/ingress.yaml
new file mode 100644
index 0000000..7eb008d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dirlist
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: dirlist
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - media.tyil.nl
+    secretName: tls-nl.tyil.media
+  rules:
+  - host: media.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: dirlist
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml
new file mode 100644
index 0000000..31f638f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/dirlist/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dirlist
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: dirlist
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: dirlist
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml
new file mode 100644
index 0000000..5b65b93
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/deployment.yaml
@@ -0,0 +1,93 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyfin
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: jellyfin
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: jellyfin
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: jellyfin/jellyfin
+        name: jellyfin
+        ports:
+        - containerPort: 8096
+        volumeMounts:
+        - mountPath: /var/media/anime-movies
+          name: anime-movies
+          readOnly: true
+        - mountPath: /var/media/anime-series
+          name: anime-series
+          readOnly: true
+        - mountPath: /var/media/books
+          name: books
+          readOnly: true
+        - mountPath: /var/media/movies
+          name: movies
+          readOnly: true
+        - mountPath: /var/media/music
+          name: music
+          readOnly: true
+        - mountPath: /var/media/series
+          name: series
+          readOnly: true
+        - mountPath: /config
+          name: config
+        - mountPath: /cache
+          name: cache
+      restartPolicy: Always
+      volumes:
+      - name: anime-movies
+        hostPath:
+          path: /mnt/pool/media/anime-movies/exported
+          type: Directory
+      - name: anime-series
+        hostPath:
+          path: /mnt/pool/media/anime-series/exported
+          type: Directory
+      - name: books
+        hostPath:
+          path: /mnt/pool/media/books/exported
+          type: Directory
+      - name: movies
+        hostPath:
+          path: /mnt/pool/media/movies/exported
+          type: Directory
+      - name: music
+        hostPath:
+          path: /mnt/pool/media/music/exported
+          type: Directory
+      - name: series
+        hostPath:
+          path: /mnt/pool/media/series/exported
+          type: Directory
+      - name: cache
+        hostPath:
+          path: /var/cache/jellyfin
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/jellyfin
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml
new file mode 100644
index 0000000..a537f2b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyfin
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - tv.tyil.nl
+    secretName: tls-nl.tyil.tv
+  rules:
+  - host: tv.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jellyfin
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml
new file mode 100644
index 0000000..cc0ae84
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyfin/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8096
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml
new file mode 100644
index 0000000..217f949
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: jellyseerr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyseerr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: jellyseerr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: jellyseerr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: fallenbagel/jellyseerr:latest
+        name: jellyseerr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 5055
+        volumeMounts:
+        - mountPath: /app/config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: config
+        hostPath:
+          path: /etc/servarr/jellyseerr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml
new file mode 100644
index 0000000..fd2dccc
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jellyseerr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyseerr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - jellyseerr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.jellyseerr
+  rules:
+  - host: jellyseerr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jellyseerr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml
new file mode 100644
index 0000000..a8f3b18
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/jellyseerr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyseerr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyseerr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: jellyseerr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 5055
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml
new file mode 100644
index 0000000..baea1d9
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lidarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lidarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: lidarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: lidarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: hotio/lidarr:release
+        name: lidarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 8686
+        volumeMounts:
+        - mountPath: /mnt/pool/media/music
+          name: music
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: music
+        hostPath:
+          path: /mnt/pool/media/music
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/lidarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml
new file mode 100644
index 0000000..9e6fdf0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lidarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lidarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - lidarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.lidarr
+  rules:
+  - host: lidarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: lidarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml
new file mode 100644
index 0000000..f154924
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/lidarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: lidarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lidarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: lidarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8686
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml
new file mode 100644
index 0000000..4dcaf31
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/deployment.yaml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prowlarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: prowlarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: prowlarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: prowlarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: cr.hotio.dev/hotio/prowlarr:nightly
+        name: prowlarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 9696
+        volumeMounts:
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: config
+        hostPath:
+          path: /etc/servarr/prowlarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml
new file mode 100644
index 0000000..2a716da
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prowlarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: prowlarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - prowlarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.prowlarr
+  rules:
+  - host: prowlarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: prowlarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml
new file mode 100644
index 0000000..ff16907
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/prowlarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: prowlarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: prowlarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: prowlarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 9696
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml
new file mode 100644
index 0000000..c49ccb0
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: radarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: radarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: radarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: radarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: hotio/radarr:release
+        name: radarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 8787
+        volumeMounts:
+        - mountPath: /mnt/pool/media/anime-movies
+          name: anime-movies
+        - mountPath: /mnt/pool/media/movies
+          name: movies
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: anime-movies
+        hostPath:
+          path: /mnt/pool/media/anime-movies
+          type: Directory
+      - name: movies
+        hostPath:
+          path: /mnt/pool/media/movies
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/radarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml
new file mode 100644
index 0000000..41d5265
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: radarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: radarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - radarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.radarr
+  rules:
+  - host: radarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: radarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml
new file mode 100644
index 0000000..28df782
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/radarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: radarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: radarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: radarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 7878
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml
new file mode 100644
index 0000000..a266b8d
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: readarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: readarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: readarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: readarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: hotio/readarr:testing
+        name: readarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 8787
+        volumeMounts:
+        - mountPath: /mnt/pool/media/books
+          name: books
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: books
+        hostPath:
+          path: /mnt/pool/media/books
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/readarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml
new file mode 100644
index 0000000..df4fcbd
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: readarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: readarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - readarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.readarr
+  rules:
+  - host: readarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: readarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml
new file mode 100644
index 0000000..3d6cdc7
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/readarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: readarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: readarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: readarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8787
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml
new file mode 100644
index 0000000..126acfe
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/deployment.yaml
@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sonarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: sonarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: sonarr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: sonarr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: hotio/sonarr:release
+        name: sonarr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 8787
+        volumeMounts:
+        - mountPath: /mnt/pool/media/anime-series
+          name: anime-series
+        - mountPath: /mnt/pool/media/series
+          name: series
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: anime-series
+        hostPath:
+          path: /mnt/pool/media/anime-series
+          type: Directory
+      - name: series
+        hostPath:
+          path: /mnt/pool/media/series
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/sonarr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml
new file mode 100644
index 0000000..5bd1f0f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sonarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: sonarr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - sonarr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.sonarr
+  rules:
+  - host: sonarr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: sonarr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml
new file mode 100644
index 0000000..5251050
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/sonarr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sonarr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: sonarr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: sonarr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8989
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml
new file mode 100644
index 0000000..d54c478
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/unpackerr/deployment.yaml
@@ -0,0 +1,88 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: unpackerr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: unpackerr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: unpackerr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: unpackerr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: golift/unpackerr:latest
+        name: unpackerr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        volumeMounts:
+        - mountPath: /mnt/pool/media/anime-movies
+          name: anime-movies
+        - mountPath: /mnt/pool/media/anime-series
+          name: anime-series
+        - mountPath: /mnt/pool/media/books
+          name: books
+        - mountPath: /mnt/pool/media/movies
+          name: movies
+        - mountPath: /mnt/pool/media/music
+          name: music
+        - mountPath: /mnt/pool/media/series
+          name: series
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: anime-series
+        hostPath:
+          path: /mnt/pool/media/anime-series
+          type: Directory
+      - name: anime-movies
+        hostPath:
+          path: /mnt/pool/media/anime-movies
+          type: Directory
+      - name: books
+        hostPath:
+          path: /mnt/pool/media/books
+          type: Directory
+      - name: movies
+        hostPath:
+          path: /mnt/pool/media/movies
+          type: Directory
+      - name: music
+        hostPath:
+          path: /mnt/pool/media/music
+          type: Directory
+      - name: series
+        hostPath:
+          path: /mnt/pool/media/series
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/unpackerr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml
new file mode 100644
index 0000000..f650a60
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: whisparr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: whisparr
+    app.kubernetes.io/part-of: servarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: whisparr
+      app.kubernetes.io/part-of: servarr
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: whisparr
+        app.kubernetes.io/part-of: servarr
+    spec:
+      nodeName: "mieshu.tyil.net"
+      containers:
+      - image: cr.hotio.dev/hotio/whisparr:nightly
+        name: whisparr
+        env:
+        - name: TZ
+          value: "Europe/Amsterdam"
+        - name: UMASK
+          value: "002"
+        - name: GUID
+          value: "169"
+        - name: PUID
+          value: "169"
+        ports:
+        - containerPort: 6969
+        volumeMounts:
+        - mountPath: /mnt/pool/media/porn
+          name: porn
+        - mountPath: /config
+          name: config
+      restartPolicy: Always
+      volumes:
+      - name: porn
+        hostPath:
+          path: /mnt/pool/media/porn
+          type: Directory
+      - name: config
+        hostPath:
+          path: /etc/servarr/whisparr
+          type: Directory
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml
new file mode 100644
index 0000000..d99d265
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: whisparr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: whisparr
+    app.kubernetes.io/part-of: servarr
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - whisparr.arr.tyil.nl
+    secretName: tls-nl.tyil.arr.whisparr
+  rules:
+  - host: whisparr.arr.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: whisparr
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml
new file mode 100644
index 0000000..abafcaf
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/servarr/whisparr/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: whisparr
+  namespace: servarr
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: whisparr
+    app.kubernetes.io/part-of: servarr
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: whisparr
+    app.kubernetes.io/part-of: servarr
+  ports:
+  - name: http
+    port: 80
+    targetPort: 6969
+...