fix(seafile): switch to mariadb from mysql

kubernetes/main/apps/database/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
 - ./redis
 - ./minio
 - ./mysql
+- ./mariadb/ks.yaml

kubernetes/main/apps/database/mariadb/crds/helm-release.yaml

@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator-crds
+  namespace: database
+spec:
+  chart:
+    spec:
+      chart: mariadb-operator-crds
+      version: 0.37.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  interval: 30m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3

kubernetes/main/apps/database/mariadb/crds/helm-repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://helm.mariadb.com/mariadb-operator

kubernetes/main/apps/database/mariadb/crds/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- helm-repository.yaml
+- helm-release.yaml

kubernetes/main/apps/database/mariadb/database/db.yaml

@@ -0,0 +1,11 @@
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+  name: mariadb
+spec:
+  rootPasswordSecretKeyRef:
+    name: mariadb-secrets
+    key: MARIADB_ROOT_PASSWORD
+  storage:
+    size: 2Gi
+    storageClassName: openebs-zfs-mainpool

kubernetes/main/apps/database/mariadb/database/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- db.yaml
+- secret.sops.yaml

kubernetes/main/apps/database/mariadb/database/secret.sops.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mariadb-secrets
+    labels:
+        k8s.mariadb.com/watch: null
+stringData:
+    MARIADB_ROOT_PASSWORD: ENC[AES256_GCM,data:1yAkRvtIjsBY944raOrlncrd/iBHnaCqAVc3KJRZHlY=,iv:DIYkBfWsZERr9sqwxs7Thwb75cdo+7S2wB/XIWo+EcE=,tag:RYu/QqHg3x5k/JS6timQYQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-11T23:52:26Z"
+    mac: ENC[AES256_GCM,data:TaagPQ0+BQyZdFU9vyOg5LCjYfdBHz63TJ198xJjFOv1e0ftyvPsG+n0NgpZq7mtHcLqw+JG80rlSgjjOym2jdPwHWEhpRr2qXeydjs+/IsOxy1Vn4s9ZRjuR1vcl/F81vpaDXo4Xd7bdpy5igEnsioLLzp2spOJGiBjCdzqDUY=,iv:R0dg3FQUkp247tsOmL6hoWD5c1/eztQnQK5siK/lR3A=,tag:lZCLvz1qhhxnaqBgnPF61A==,type:str]
+    pgp:
+        - created_at: "2025-03-11T23:52:26Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovAQ//TK1bjaVbf/EVJUykKpK6DE8gGFYqPa8/IZd5qGl0OJQu
+            90JtavnZcpfA3v3tuwJ4NfG2RiMOxpAniDICHHoPDLE+lp5ZekdC2hUokMTrn5mb
+            NUfJsrKxk7Tasp7ALmAaifJWqcmsbFA5GT9Vt2jpBsl0xHhF2q1Z3VVcwTk3Pv9D
+            R3+FPvy40s3c+J1w2+4XmF1ut3ffovLcCI6jKzeyArGtwEYkeFanO60NAP/FKB/X
+            eBvSrNg47MJXT2FsjO82BcuYA1rOW/NDDa+IAj4QULIakBC70UdjDqnNzwbP9FSu
+            Le5Zy6Ax1jjJmLr7Gs4SHY1bZS0VRFBRia/DSZF6h80qQ7V4Cop5HDjJTfBy2Uch
+            Smx0eHgV4XBtJJewALrz8jeadAfrQqkALTb+vDPTpS/9Sv4AS5RzyDesHq3w6FT6
+            P0H3L8Ad+3gsofup0f0SDajaWEY8d4MqnzQ6nfePrTZF1zmmss5MMwhM0dh05Gj1
+            aCFOfOL9iNJXZBIcP8LrrG00fRfeDnUfvfR/a4W1KaK8wNOZGsk4VYMFQyr5vRjF
+            c8pPmVx33Q3mWvDvnCFvjJxBrr9+j8k7AtqdJBE6suMgQN806RyjzNePfXi/rnJ3
+            H6PERdcciGiGLvzyodSZ69qqoBP0esGTJ5VUldhAW1JiCo4et7alBmNgPQol9PKF
+            AgwDXjg0p2IN1X8BD/4xYqVReeEhYPz6TJAMJz1RZMYBgyjIchKUOYEuD/hkvzfw
+            CSwPrgNV+ocBSQErmjT5XILOaezwX97LrmG7Nve5X8h/8GTvQBGIqlCRQ213wmpc
+            K6SJs7sXcLlO9vhDUNnjCf9bbkL64820LDWSt14wM7eUlcnJ/O93isNxttpQqvkt
+            cgtU2m9YFtY+NsRC9GllCJSsKGyUmp0wLHnKWa4CACXZ03qNefNOjMy7n3fNbfkF
+            qCk2QvpDE/D02VlfKsN4PzqptPClv9S1OzJAHaWOJJDM4L1F4wnOby2H9QFVCBS7
+            0edK/94zHNOYWKW6mLburvt97WI+Pa2oSiG93JKFZWG7zbpovGGrtqVpzFcOg2Cr
+            ILuV17Ms559CICQBQNbp32nH8QNORrb7YLIJGH8pLodgl4Vrk2HnxOJyqQfx0MRU
+            AurFUwyqa5rbhqaDQq+dWAJkXnZHAW/lvoC3OLbNsWgwQAntblDH0pAaIZPy48aW
+            6CzmfDYtoMmXk+gUeeMDrqTMuOXNyGAiqlCnNLayb7nrXIwVEzYS+rEkhFqHQPVR
+            168+uwLZoO4ubQlqNMHH08IC2Z0PgrkyIh79STQn//a9rg8sLxi0eDO4rtcdZeJi
+            eRE0vBpJ2xWK6FbtCeBEh6L+gbLF2BoGUKOBvWPQ1NCOYr6Z7CR1CNlVfopsadRo
+            AQkCENBv+WuM8shr1beGaFeZc5veTb23PZ2ff9LnxK4BI5Xwz4yrqymPm3U3MUwY
+            DXu3aRMBBWlY8k1CB4bayXkXtunzTw14MJM0K6l8odxLb/rYOpS80DxUDSwSV+Cu
+            MFft5VyZzOs=
+            =xFKz
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2025-03-11T23:52:26Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ//dgyVsRBjBqGIfqbI39jPQqI2mSHge9TFMKePioAITVBF
+            xkzVXXg6vAB3xvMbB6f8mQbnBzk0Ju0gGMnZ7K0XQqYsPrYV6lmXIGm52eavF/uP
+            7B/j37pxO4PoYA1qi3t/Be9/58h2g5+sI9m0uRGcozgmnpVzttLUDzkmAyEXm3LL
+            SmfaiEZ2kCs89SNdowOqGId4J1jwe8xqH/SDpbdUQEdhhuZ4hkWlWuEIqCqx1V0J
+            yzGuOY1PZp06TGPGlYcUsBIHfVQrlXlPVz4zCSbLq4UeIg+4Nzwo/GZzcWkPrl2T
+            hBI/pIWtb0en/ealePcn+YsliT0lfG83Iva90HqorHjkX4i9ro0PRzCzCwK5OAQ+
+            VJanLTLG0szg4IG8Ti0FXuqEU4firgC9P5FGiAXmDF4BlG3fx77dcqE7rUCcAlvK
+            eYU82uRSqoXrQQd9+E7A1gcRZ6VWPt6KolhiH4Gi+6MYrzBDAOkhDqUFVitCDm7r
+            AZvFLIzwAHoV/Y1G8E3KvKg3LUFLEYO10j5muzuvPG3635q7WeL0ifuAKSK+Lgv+
+            V49pR47WLzAH/2hheIydiZdr5WLfvzyp8kZjXkxda15s4sSmyfSV0XU7yIxxxor9
+            TjKYIc3EASjM+U1ERS/QiyYKx4yFoHT1LGNICoM6panfLj3p8xiZ15/JY/WOhnLU
+            aAEJAhD1smYbnJY9levzdHOvLBt9i4mJvv0prcjKlTkp50rSd3dTxnShITV1PeCY
+            Y65TQIJ+uh6Se0Q8UBjimsjnJBOxIc7FPtwbKIw1lY/UzaRhKWr4HswhAmXGehB6
+            e4yoLMaTXB5e
+            =m+sg
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4

kubernetes/main/apps/database/mariadb/ks.yaml

@@ -0,0 +1,87 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-operator-crds
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/crds
+  prune: true
+  # cannot specify a namespace since the crds kustomization also creates a helm-repository
+  # in the flux-system namespace.
+  #targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-operator
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/operator
+  prune: true
+  targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: mariadb-operator-crds
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: mariadb-database
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/main/apps/database/mariadb/database
+  prune: true
+  targetNamespace: database
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: mariadb-operator
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets

kubernetes/main/apps/database/mariadb/operator/helm-release.yaml

@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: mariadb-operator
+spec:
+  chart:
+    spec:
+      chart: mariadb-operator
+      version: 0.37.1
+      sourceRef:
+        kind: HelmRepository
+        name: mariadb-operator
+        namespace: flux-system
+  interval: 30m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    # - name: minio
+    #   namespace: database
+    - name: openebs
+      namespace: openebs-system
+    - name: mariadb-operator-crds
+      namespace: database
+  values:
+    metrics:
+      enabled: true

kubernetes/main/apps/database/mariadb/operator/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- helm-release.yaml

kubernetes/main/apps/default/kustomization.yaml

@@ -10,3 +10,4 @@ resources:
 - ./dendrite/ks.yaml
 - ./ganymede/ks.yaml
 - ./piwigo/ks.yaml
+- ./seafile/ks.yaml

kubernetes/main/apps/default/seafile/app/env-secret.sops.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: seafile-env
+stringData:
+    DB_ROOT_PASSWD: ENC[AES256_GCM,data:c61w0LxJZWosVQJ00OHo3c/yAlOifsKSkCyymXNRaiM=,iv:rkJEodHcYaTzHDnpZEIYfeJvwnDvr91Oz2ILhvWQnIs=,tag:yP4N+gzQgAe8Uv11tf742g==,type:str]
+    SEAFILE_ADMIN_PASSWORD: ENC[AES256_GCM,data:n+EchmGEQVPdsWw=,iv:eX39MPzFgQ71WuMpdhfKB2p8qCoqsviihmeO+1Tk9C8=,tag:bv45s+Lk6MnMFOMswZEw4Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-03-10T22:15:21Z"
+    mac: ENC[AES256_GCM,data:GoD9bsMUc1UCaOKhS17Vzwb6kZcfGyHuwy6FM8uZuWx/ZJ0mUNOs9Q2y72jjaAL3DlWtiyP6/yUuQpHbSCVFfbcHs8QbckBwybkO8hhEOH+/1IUAdedFlkzIYifZa9p/GDkO5vGxBkCosPkVDowDjaT3xK+dH74dkZ0Y6OyRPx8=,iv:MQTp3sFod5rrq6Cy/oXdH8OjE6fhUSjB15LbFNIOL7Q=,tag:rEsBalAsYbK0P3WfbOE2fQ==,type:str]
+    pgp:
+        - created_at: "2025-03-10T22:15:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovAQ//doR7i38xedVqtt8UXIFyhkVNcTAky2AnM9mBJdsUnvZq
+            Roj3V10APfUPl1xchWecELl6YjBnxKaVWHIglkEVY/2+/8ORmY+H7n9cdeMMYZ+i
+            sa0rJujCodY9i15Teqj1bDGwX851qLiQ9yuONPlASgqrLV6bEFU4+Ufg4pp7Zrym
+            aXGmpgB7auqh2OVUkUIwy7bj4Gy+k8t1Q0hHTz05iUuLN/1FOw0RD7Tp7RS6qC/4
+            8d8NwdMB2ANvre8Ld0pGH8eAn7qxJBdYLIUel/SPZ9xwbeZ0JCOIuT1iYlTCmBP2
+            pfLnTVsu7980ZUIdxe1J2LKIsXOxhcHbqq4iSaTj06uWHvf2OAGpvk1oKqS6Tczu
+            Wzvnzm87mzQJCRa1LdF43ds93Bxgl1yNqBF/Wwa/M+8Y4DcijUfCI9+OBpgCy1JJ
+            uLbaSqGgKnVirkm1xZahL+jxHZ82wjpys0Ze5hJpnHoibPpAA4nVUHlpF66+2G6w
+            iSck+X25/dzyaDrhpO8B9bjFFgvr9u0dMqqbJJbDpWeeC046C9pg+7isFkwscmMA
+            8z7AFDShH13VXEUhdNWZN4IF3+2d5f4ShG0px0wdE9S8i6Rsp+iGmTR/FcUUBjTz
+            IR8R8sjMaY34+1QcIXwwTdTmMtAPCaGOBV6z0eEJygneKOdpvnQmcn+TFhldfcGF
+            AgwDXjg0p2IN1X8BEACeWqoLehxuLDfKR3qmvd9LkowYztAlCgCKwcNliT1v0Cwp
+            22sjqGYCpH04/y4mELoThkkofCIYYS9FSGLbQutKknpV4FpKOO1nOzowDt6/3g78
+            1UquSxe2nkRSFkmFNBWKR32DAIQ+QrsBITL+n0bbC7QpxeKWqarohhl/giW9eUuw
+            L5Uak2bDvTu4OcSbAnBjvNx2JRcLfQMgIqDcIH7b7MinyA16guNgECrmePS3ab+z
+            lpmf2T2A867snAiQ9bn0q0xZdELqGd0XcgJgBrF5ylBQ1FYT8qjRJPhaIZA0ZDES
+            C3ktNdOy/ZMf+oNFBGmY9TbkqnkRAjSCyuuhPFnrnj7mLQMOoq3SDcB20HdzHqWT
+            jdcdkslS8mkkGDQEWCS7utvru7Z39eTx6U54Q/kmDKKmiKXOgAwAqOlH3rMhBIMO
+            z+MIrT7DbNPps5B3d9r3ewDD1HpwrJg/LV1Y+aITijgeg7g2bFDsvkC7vkzsuAZ/
+            W5cv+BRle3zR3lOu194a6mBuvZaU+RfQxLr8+sK+fTroeWf743747hCh1aWzkRQT
+            VS6My3V4wBl19b5362HWAiWAha53qwoE6TKCqhhpkgBqCyR+o2U0G42m2yeAf0Ky
+            ZAyvitrFzWFDLgmyCFJEGpWkQrN/HqGK7h+t3dA3wuGJDyT1sXJ16jAkzS/N7dRo
+            AQkCEKWwvaO8FLzVTFBc2pQZmtwTiSVgMmd9d8EY355Xo+mEg8J/qrrMlPhh4Tbv
+            ytSYqGIn2kX8pd8caYNRjY9bHhOAwHjBOg/5raC0giluaA4+r0TJya/HKxSya/Ac
+            ns4DDNVHEJg=
+            =UCDj
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2025-03-10T22:15:21Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ/9F4nt9UrOGsNw5eY2cvhwfTX21+4cxmKKWaC/XErSzQFe
+            XjIfsiiCnpZLCMCazSid0WHKvw5gt033JMEBfvoq/91W0qso/9TAmaSM7sGoy1/o
+            jd0QDq+gF/wCLdQBi2N+FBPzLN10x03cYJEkGeEkCBL4k/X/SJ+aIY4umfwP/0wr
+            BjMU3QSFuiMrJbu/dA2RyHBHFchHUGFlpF2jbFK+sN3YFXcAUEzdL8SCJ3YNiVgo
+            /t/Y/lkKk/w3I4R6zg59QJPRcERML2hmeVFVLHJaSsRJzWrEEBEkUrvdLwRUqaAr
+            Z6/b3v4iu8/yQF94wY3biDg2YKtg4EnTGD11W4+dPWZ5AX2ukGI3CrfdvfNLuUm7
+            iWCis7YhO/KYQkx8vX/RVHAQXX1J+7mG89LNLsGKZyrJrCyHG2V4iD+WnllMljF0
+            du9zAckTEs3aRQ9VRP2e4Bs22qSOVqwMii4MD2cwwyhse/XpkMzfgiZC9h3lOIW0
+            x2dXwG7mr3GvRYfnxR/P7Ow9YEERX3W6tZ3BY0KPq8bMZB8gPXfXlrZ9PK4H9aLt
+            Sd1bFX0iFguOfvR+rIY/P1rX6Twja+Y/pyvREqzNQ2PR0ZflLfyHmmAlD72XFLU6
+            bdrMMTuzlIgEIrE9tiPnVNdvEearsQhr8xpQwoAzmNga/GKKqm6QsS/8fvVP/t/U
+            aAEJAhC6BySewomcVrQJ8c23u4ZiLRcUqhw9CGnx/ur+DEZyHRm4PoEM85x7u1sR
+            1a1ptn8c7MARURCSD6+MXb+8/lr/o+Ca0AWl0iKHaDJHAIrvC5GfK0nj9BwHFdaM
+            VcEPCk6zUzG+
+            =WzPE
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.4

kubernetes/main/apps/default/seafile/app/helm-release.yaml

@@ -0,0 +1,67 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: seafile
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.7.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+  values:
+    controllers:
+      main:
+#        pod:
+#          securityContext:
+#            runAsNonRoot: true
+#            runAsUser: 10000
+#            runAsGroup: 10000
+#            fsGroup: 10000
+#            fsGroupChangePolicy: OnRootMismatch
+        containers:
+          main:
+            image:
+              repository: seafileltd/seafile-mc
+              tag: 11.0-latest
+            env:
+              DB_HOST: mariadb.database.svc
+              TIMEZONE: ${SERVER_TIMEZONE}
+              SEAFILE_ADMIN_EMAIL: admin@${SECRET_NEW_DOMAIN}
+              SEAFILE_SERVER_LETSENCRYPT: false
+            envFrom:
+              - secretRef:
+                  name: seafile-env
+            resources:
+              limits:
+                memory: 1Gi
+    service:
+      app:
+        controller: main
+        ports:
+          http:
+            port: 8000
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+        - host: seafile.${SECRET_NEW_DOMAIN}
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+    persistence:
+      data:
+        type: persistentVolumeClaim
+        storageClass: openebs-zfs-mainpool
+        accessMode: ReadWriteOnce
+        size: 150G
+        globalMounts:
+        - path: /shared

kubernetes/main/apps/default/seafile/app/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./env-secret.sops.yaml
+- ./helm-release.yaml

kubernetes/main/apps/default/seafile/ks.yaml

@@ -0,0 +1,29 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: seafile
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  targetNamespace: default
+  path: ./kubernetes/main/apps/default/seafile/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
+  dependsOn:
+    - name: openebs
+    - name: openebs-sc
+    - name: mariadb-database

kubernetes/main/apps/download/prowlarr/helm-release.yaml

@@ -17,7 +17,7 @@ spec:
   values:
     image:
       repository: ghcr.io/onedr0p/prowlarr-develop
-      tag: "1.32.1.4983"
+      tag: "1.31.2.4975"
 
     # Metrics sidecar
     sidecars: