re-organize

Makefile

@@ -7,7 +7,7 @@ deploy: dns sudo ssh package firewall k8s email nextcloud webhook backup wiregua
 
 release:
 ifdef ARGS
-	$(eval SECRET := $(shell sops exec-env secrets/webhook.yml 'echo $${DEPLOYER_SECRET}'))
+	$(eval SECRET := $(shell sops exec-env services/secrets/webhook.yml 'echo $${DEPLOYER_SECRET}'))
 	curl -i -X POST  \
 		-H 'Content-Type: application/json' \
 		-H 'X-Webhook-Token: '${SECRET} \
@@ -23,38 +23,12 @@ install:
 	mkdir ~/.kube || exit 0
 	sops -d --output ~/.kube/config secrets/kubernetes-config.yml
 
-
 dns:
 	sops -d --output secrets_decrypted/gandi.yml secrets/gandi.yml
 	GANDI_CONFIG='secrets_decrypted/gandi.yml' gandi dns update erebe.eu -f dns/erebe.eu.zones
 	GANDI_CONFIG='secrets_decrypted/gandi.yml' gandi dns update erebe.dev -f dns/erebe.dev.zones
 
-ssh:
-	ssh ${HOST} "cat /etc/ssh/sshd_config" | diff  - config/sshd_config \
-		|| (scp config/sshd_config ${HOST}:/etc/ssh/sshd_config && ssh ${HOST} systemctl restart sshd)
-
-sudo:
-	scp config/sudoers ${HOST}:/etc/sudoers.d/erebe
-
-package:
-	sudo timedatectl set-timezone UTC
-	scp wireguard/wireguard-backport.list ${HOST}:/etc/apt/sources.list.d/
-	ssh ${HOST} 'apt-get update && apt-get install -y curl htop mtr tcpdump ncdu vim dnsutils strace linux-perf iftop wireguard nftables'
-	# Enable automatic security Updates
-	ssh ${HOST} 'echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections && apt-get install unattended-upgrades -y'
-	# IPv6
-	sops -d --output secrets_decrypted/dhclient6.conf secrets/dhclient6.conf
-	scp secrets_decrypted/dhclient6.conf ${HOST}:/etc/dhcp/dhclient6.conf
-	scp config/dhclient6.service ${HOST}:/etc/systemd/system/
-	ssh ${HOST} 'systemctl daemon-reload && systemctl enable dhclient6.service && systemctl restart dhclient6.service'
 
-firewall:	
-	scp config/if-pre-up ${HOST}:/etc/network/if-pre-up.d/allow-router-advertise
-	ssh ${HOST} 'chmod +x /etc/network/if-pre-up.d/allow-router-advertise && sh /etc/network/if-pre-up.d/allow-router-advertise'
-	scp config/nftables.rules ${HOST}:/etc/nftables.conf
-	ssh ${HOST} 'chmod +x /etc/nftables.conf && /etc/nftables.conf'
-	ssh ${HOST} 'systemctl daemon-reload && systemctl enable nftables.service'
-
 k8s:
 	#helm3 repo add stable https://kubernetes-charts.storage.googleapis.com/
 	#helm3 repo update
@@ -70,44 +44,7 @@ k8s:
            --namespace cert-manager \
 					 -f k8s/cert-manager-webhook-gandi.yaml
 
-email:
-	sops -d --output secrets_decrypted/dovecot.yml secrets/dovecot.yml
-	sops -d --output secrets_decrypted/fetchmail.yml secrets/fetchmail.yml
-	kubectl apply -f secrets_decrypted/dovecot.yml
-	kubectl apply -f secrets_decrypted/fetchmail.yml
-	kubectl apply -f email/deployment.yml
-
-nextcloud:
-	kubectl apply -f nextcloud/config.nginx.site-confs.default.yml
-	kubectl apply -f nextcloud/nextcloud.yml
-
-nextcloud_resync_file:
-	kubectl exec -t $(shell kubectl get pods -n default -l app=nextcloud -o json | jq .items[].metadata.name) -- /usr/bin/occ files:scan --all
-
-backup:
-	sops -d --output secrets_decrypted/backup_credentials.yml secrets/backup_credentials.yml
-	kubectl apply -f secrets_decrypted/backup_credentials.yml
-	kubectl apply -f backup/backup-cron.yml
-	kubectl apply -f backup/backup-minio.yml
-
-webhook:
-	sops exec-env secrets/webhook.yml 'cp webhook/webhook.yml secrets_decrypted/; for i in $$(env | grep _SECRET | cut -d = -f1); do sed -i "s#__$${i}__#$${!i}#g" secrets_decrypted/webhook.yml ; done'
-	kubectl apply -f secrets_decrypted/webhook.yml
-
-app:
-	kubectl apply -f app/couber.yml
-	kubectl apply -f app/wstunnel.yml
-
-waprgate:
-	kubectl apply -f app/warpgate.yml
-
-blog:
-	kubectl apply -f blog/blog.yml
 
-dashy:
-	kubectl apply -f dashy/configmap.yml
-	kubectl apply -f dashy/dashy.yml
-	kubectl delete pod -l app=dashy
 
 wireguard:
 	sops exec-env secrets/wireguard.yml 'cp wireguard/wg0.conf secrets_decrypted/; for i in $$(env | grep _KEY | cut -d = -f1); do sed -i "s#__$${i}__#$${!i}#g" secrets_decrypted/wg0.conf ; done'
@@ -116,13 +53,5 @@ wireguard:
 	ssh ${HOST} 'systemctl enable wg-quick@wg0'
 
 
-pihole:
-	kubectl apply -f pihole/pihole.yml
 
-minio:
-	sops -d --output secrets_decrypted/minio.yml secrets/minio.yml
-	kubectl apply -f secrets_decrypted/minio.yml
-	kubectl apply -f minio/minio.yml
 
-vaultwarden:
-	kubectl apply -f vaultwarden/vaultwarden.yml

nodes/server/justfile

@@ -4,6 +4,7 @@ _default:
     @just --list
 
 HOST := "erebe@erebe.eu"
+ROOT_HOST := "root@erebe.eu"
 
 wireguard:
   sops exec-env ../../secrets/wireguard.yml 'cp wireguard/wg0.conf secrets_decrypted/; for i in $(env | grep _KEY | cut -d = -f1); do sed -i "s#__${i}__#${!i}#g" secrets_decrypted/wg0.conf ; done'
@@ -16,3 +17,31 @@ k3s:
   ssh {{HOST}} "sudo mkdir -p /etc/rancher/k3s"
   rsync --rsync-path="sudo rsync" k3s/config.yaml {{HOST}}:/etc/rancher/k3s/config.yaml
   ssh {{HOST}} "curl -sfL https://get.k3s.io | K3S_VERSION="v1.27.4+k3s1" K3S_URL=https://[fd00:cafe::3]:6443 K3S_TOKEN=12345 sh -s -"
+
+
+firewall:	
+	rsync --rsync-path="sudo rsync" config/allow-router-advertise {{HOST}}:/etc/network/if-pre-up.d/allow-router-advertise
+	ssh {{HOST}} 'sudo chmod +x /etc/network/if-pre-up.d/allow-router-advertise && sudo sh /etc/network/if-pre-up.d/allow-router-advertise'
+	rsync --rsync-path="sudo rsync" config/nftables.rules {{HOST}}:/etc/nftables.conf
+	ssh {{HOST}} 'sudo chmod +x /etc/nftables.conf && sudo /etc/nftables.conf'
+	ssh {{HOST}} 'sudo systemctl daemon-reload && sudo systemctl enable nftables.service'
+
+
+ssh:
+  ssh {{HOST}} "sudo cat /etc/ssh/sshd_config" | diff  - config/sshd_config
+  rsync --rsync-path="sudo rsync" config/sshd_config {{HOST}}:/etc/ssh/sshd_config
+  ssh {{HOST}} "sudo systemctl restart sshd"
+
+sudo:
+	scp config/sudoers {{ROOT_HOST}}:/etc/sudoers.d/erebe
+
+package:
+	sudo timedatectl set-timezone UTC
+	ssh {{HOST}} 'sudo apt-get update && sudo apt-get install -y curl htop mtr tcpdump ncdu vim dnsutils strace linux-perf iftop wireguard nftables rsync'
+	# Enable automatic security Updates
+	ssh {{HOST}} 'echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | sudo tee debconf-set-selections && sudo apt-get install unattended-upgrades -y'
+	# IPv6
+	sops -d --output secrets_decrypted/dhclient6.conf secrets/dhclient6.conf
+	rsync --rsync-path="sudo rsync" secrets_decrypted/dhclient6.conf {{HOST}}:/etc/dhcp/dhclient6.conf
+	rsync --rsync-path="sudo rsync" config/dhclient6.service {{HOST}}:/etc/systemd/system/
+	ssh {{HOST}} 'sudo systemctl daemon-reload && sudo systemctl enable dhclient6.service && sudo systemctl restart dhclient6.service'

secrets/ssh.yml

@@ -1,15 +1,16 @@
-public_key: ENC[AES256_GCM,data:zwLAgGYvE4QlXnj//xWf0v3pmC/JLvtssW98cKL0Gnq5GacF5U97lUwoqTL/u2oDl/MpF5x1Amiir5FOcn1K6B9+LZH+pIyvTvjZNnY56ofu35+ZF0A+4hQ6Qfqf5rDjdZIxrscj7y4Xp+PaQ3FEJqTHhB8tm/Nx/EqzRlvfs0J8R1B2Egz5mFNDcFxNh1E1CMRAaBRZve1y9i0Y9NZECiSulL4aBlKpmQRWBiUGvZZrnrfd4Cy3k3sfMW6KtOcNWjRF+KpSTrJiiTy2dPLCNe9+afVHkNLHkZsf+Iisb4mlpq5EyZxQiJXlHjCd6lD3XpzvZiyopKXdKJ2E+XgBLihzUh+lbDSDJ+JGxxqWiaAeWA7jlBV/zZQeY6CxS8sD7XH3UkGe2gUtka45r1MVoorIij/TpchzICfjGbCA4ZK972mCrfEqOQ0W8+uczwEIv6RQBfXbedMLB2sAP4ZwMlfH9r/+aFXG6XZdSs2QGRYZSOEsHUAVZsAYYN42AYhSEmac8K3SJbXDTkYzor6oSSgah0p4HUukXNTiseL1yETsuYJG0PWYdY0bPDcN2TGKJDy26BZG0SW8pU4+fEu8bpPf0J5JTMpG37LyI0x6rBY3BRj5KdPjukGIT3kPweyOY2oZ5KphH4YKxfakJSfC/lwOolH88Mn44mON/O1L3dmFnpU/WALYyzPgP5AOY8+1HB5k0kWhuuLdhWiRpxgYLZozOO1ITS3P9ctBtidoDvzAoVQC7MeYrQ==,iv:Qwrp18WGdN/83Xn0l9Q3w5PItBVmuuc1xnSayg8fBI4=,tag:ZCMZsHxFvAGRNRo1AsGHGQ==,type:str]
+public_key: ENC[AES256_GCM,data:xSUAQVpIehvNewgi9eRi+YLpc1FYp9PbUU7CBkXWufKpMymQCatrmgUYaKWmllu+R3d+kbvCQrCmZbdFCFytlcyIfNDQ4CHCiD90KFatPuIILhJC6W7Wo06XYUDQGDYa3qxa82mDjVr6lr6hKJMg7xN/Dsd8x1PzueMEADYxHZGq631tV2W/wqojthasyiqPmi57oSS1k94FqhwUnDKFhy0HsHTZE0Odgz/EVomNpbL3YJrFRTR/S5uze/XoYZJkLPppGYF7lvk/LumrwkAouG6NbldXKDuZmWsCnhA9TMY2BNITPCmu+t0NXh53N4hTdW4XCy9C/pELf/7EaI1h85I+MU/o+Gzfq5E/5BfXDFkRpGnuXf37AikKi/tLVfpQJ+Pkm39ffnKLXquBXNKByXij0Hra6XlztU3iehL4xJ0oOhzNpaAve622cjeJYiN1lGgh//6esTQld+YeiJyqs1r+tvJ6cpKB+cLvDwfcEAzh+HZfSbUeMjTPCALlYh2UZeJGy2mSU28PcNHfabyLJOP/AeHV+80ljw1UTR9HvlEGclcAbpMZFjvfYwsUrBaLjiuD8KuyAUip5YOgn6ZnbBvKvznRjndFaoDz+s6Nc1dEjqO47YpGzovQV57c8rNY2viYgNZIr0LJbOgZvE/5WcHpectJuuDsCYyREjBqZZGtgOhTGt1H5j2F5aNTwmnHy2LtujsIk+AAqeOKdKJGQy5PFF+b2HMVTSY2y6rVMmRkDfqQ9rNynvkDFyLTjBW1lOfiPLbCgHmWC4gv65iZP5LN8UpmOWW4doFfPOYt19arRRlFWLoyCAQJZGBNa2B/fEs9U7HkUmgwitvBayMbwMw4bWPPtgTJtZnskJJFua5DB5C8bSL5ZsI5EPFrFVWDCCV5dhy7/KxB7CRHWUKKVqvKnpvkr00WM9zGRYzv53DwfAlkQ27RCRnLtNwIhCzdJJNGD+jVyXCgx7v3RQu3JTYuqTPIbvXX,iv:A557dd+QrGiEkE5Z/B2CE+PuMy7nK+kC89e2WgL3Kek=,tag:w59xd1eijZMKodqmMt6V/Q==,type:str]
 private_key: ENC[AES256_GCM,data:XlkdNY8lpELTDfP2IWby0UeDV/48+z35lsJ39qggEPaXLwS6wiOnw8bYYVl/U44ZFo7AKYXkzEFdTcD1sjpi9wnKh7tMVMCEqjTxmMTa2IHg4qzhG/qUx7fHQQkmMG2ZVD6RwVznEKpx5EwqiDWzlhtkPc+Vq+HEo1aCvb1n+1SziMP+p1SopHk+0WCRF91scv+nJa4SZ0TS4jcGtw5a5PVPFm+dBNMZTz4K8TE0n42ZGwBzh8iDd5+sn5DpobpxPVkJWcuaPepkcEPC21inJlYHIGWHF6G/qusQDv3WfV/eRKpE3eU6JMnWu/YU0y1oeTMjI7a+kmM3VhgLAA9PhZE4t1Y47kdX7ngcW9+Z8m9zQF+KLBfhzlB7m8eieSA/UB1ymCj9jWCgUmVvFhxKqt/VOJBGWpm6lxBukLhXsEfB3wsioegUMxJwzyed4TOdlZ5+xGxMsNpD2mYYvJAANmi5OpPA7fM1zRA6W8XRAVEa1TiXpu0y/HDFua0X/cR8vSYLUhK1ET8n8de8fx1nATZ3UtRUhuvIO7Zlc3ePw8ST4zlnRrBeN6TQgtPUaY3fSD3+KkMAxEKf+yZgd/qYSnTObh/9kxyyYSoSFDRe2G86BdAB47uT34TJDcC7p8lPE4YGcb+FCEweeTLHf87V5ri/nEY6O+vdsyc6gQePDInhXvuiPvmQMR4ceuyhrnfMyYQewPPI+CxGZ5stHl4tyyFm6Okk+UtViXFwOENFgIYhu2bqOjWO02vqTGPiwIkuHjqVUAkFsC55uOijE3lWIs2ulkJj3K7cp9PCtRRc8bPJtSMd4Gt8C8XX3EiHAhL6D9BUjRcNIGp6KocrzVb/1iJ4EtOtXCF/0b1dau8p5E7pqrSrl5g86c9tZe2S3zgvuZunxnzrt6srj/GoqHKknrims3M0F3rvFUD/R65w1PD1vHtyP9v5nLMo/1ylSeMLbWwUPNx1EsjL/11i9416YIAtNnp7/j7TkIqUUvIJslNOLbhp7DHEp+zArPhrba6IAvEqnrJBdEyd6jdDi1PyKWyrJogKQvmX8Pm8MBX+Ct1ch/bxBgeRPIO8oywLiEO2n/xcC0yQvRVJDn16rqZKOjVCeHQsw9gWHcOyT0A2a6vkfnCivl361cZUZZtd0ElM8ZjFTXAni8v+vaNL/HAS+CJsUkbC/Z4C0SztZ6c8NPituVi295xAL5mhpNlSdL7N7r3g/LrVBDO+t0o7xv1Gbau3mYGTX1kz68y3TlrepXEv75fID6HRcjTPN8XdPdjzrQpN5P+sdZizu98RFeQvzWSvUcgxEWdmJYyRJPfmZc69eNliaUfOwVwtjz2e1A3PaW8UvhA3Dy7LuiSgaLUB9DrS7mS7eD5a4xPuGbklqmy+jwuJ/28RMK66mbUHSy6U6G2gDs1qp4fjyrE+WHcBLOL4KBL67hYsWQVd+evbxxM0hQf123oa5DF6ezOsabrLWauwb0vXu5hDWjET+ebonvO/PfKREpN0qBv7yWHGdf4e4psgCSfWVTzUmZ2g963ewjpImHrF4zxczmEVkgJbuz8qOP92Q22TM9g+aCmmcfQb15Mwq4YgXh9qmQRXRjsqL8oY+qjaL2AwExQcconbha9FPGL3YgvJSith85HrvIpUd3c8y2vuHzj/Ev0ciNG2aRQnXm7RqkZ3V/PYnADMnZhnWu6K/S/HPWKWIgVRoOByMK5Q0f7BX7Vw5Cuv95CGx9kkQ8Y5xgWgsc96k6Yk6FvwKiw3o4dWGEFr4JsxQzdIHLrmo5X/PqrFm7x2So+veVvpIwlzjzyIyc4WLlOfYMP1JC5Vyu9dykKLjQAWQhfqzN1pDiXZqZokYlBvcl00AguAW+JwtRPCkpFJDFQ4QCtizu23kVMv3YJDjLOb1c+t4pQhvwBAI8TXflk7gqNTnWzu6TfakKe4iUlfL1Ufk3H4QHFLAVtREpv6nopZ+OmpGtm5ud6TTisXDdldcYF6TQnocjA5p9DE/gOlwBfywSuR0v54rTW9U5K+mc8KSsPteunL8+3dtDl7C70HwWbkRHMrahqcT0FKjoM5fPA6j9bPSHfemo/Jy1JUZcUSWXDoGPzGlnEQz0GeuFCuZVDtxhtOH29KJiRLGrDB69OBIgA6we9pdzb58ET5mjgD37jwiea7mdRurV5/ox7si8pcaJWuSixQT0X+EjopKMRSE5F226BIEzGGohhyuT5EJdrNWcFeDVBB5Px+hL2MpcSDd9XOiRux8AYKDxR80rfwdBhNb6vIN+ebKd7aCsrrTaCnvKQW+2BxIcvMgqKKii02a4phsZqsxIv3d7j6efatsVXzK/2YoU79SdxeySUq47lIt6EpA0dwF8B2znPJBZPkt+rGyIWn1jsbf4uz2LYoR+ywaFxGUBWVc8LKk6Rqrkg5aKRU6Ol/IMlXWN+gy/V7WRRQdLLIvaSp5eIhEeX/0VkOB6Tsb5FuB6rTjJUIsInQz2KWw+axhsw2afij6xwN19bICp0JUP1rfrpPE7y9KjgGxxrduP+hpEjYR8+naWYhgIh6oiwYWgM9aJv486O3haUAfvpfr+zIj6YwrCGNpHN1+ii9hVt6Yx0rNKl0W1hHA38yuJJpypYJeGhrwYzKlImbyQOgDHw95qk3MwxJm+FZDbyGmRZNIbAaf2kVehnN91rU7yoOfQEo867wGNrolF7Z5Ujh9zPn2xXBEuQ7NedpqgNa3srVOGxhMFmJFoV/yXfkioq0jFNjvM4pVKh6lR6jUF68dhpYducoF300zHCi69SfF6VhY3FX9qEchTw6CBdMJdiviWQ0ftDFNLN2sUiWr2cTFIXONpxUzDDZM3WERe7Xxdaz7edxViCzso9eVlIdG8icY+bp2oZgXAHrIHu046GJRxprIzVnEHNSE74ChP80DN3sQXiQUcQtJOd5Hid3egjSNJnGZ85Gkywe2X+0ERv3S3ZO7y/0NL2+4MRWpPaxJgXN44i6IkIFpSYgKDbkUrbOGgu7BFridDcnZxgRuvxrrwz57L+IH1G3LFk715ZS788L74QgAS3KaOzOUp9tSVKayqvfSChyKA4w6dJYPl1GqLLk85MuFf7jNEW/+TcnvqHEJVVKjqnCDseAd0qYwV19tb+FNWbUMArucefSlsX1LkGzMvuk0SV1+eDOePDzd8tyMDAlcJGTy28eCeiyRZobzN9scX411AJDoBzGweEsptsSg+opxkrQ3jKOo8xs9YFIR9C6Vax22ZdcFzJ48Fm05rS/PEzXQvQTSAyqZGeNcHwEpdCewkXBbQ4Pu9LhcHP2efzkszSwCe2iknRfD7Z6QRDOl+SEKDoAs/DDCdztr7BjXmLmP5V6jjNlyahFy/FaZ0bpyDXP2yuduk+5TJtQkcrTtRuRkWSMFxkLlzfyuI7ZRM3KK/htLCxtxULeKiRRctSLyKaXZb0Qw9XzSMoJvAUI+N/atGq7Ck0+K7v7G2/xyGKr87H9GWlkTUVlRefG5GsylkX4f+js0fINi/5F1Z4IeHct07cqDAHTJ7axQSj0UrRHyj1Z,iv:qtIJPHLJJxOHhBJndGL+9s+k7pb0NKv61hPMKfL13ow=,tag:XNEW8ZUYUBo/NM+HvdnCvQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
-    lastmodified: '2020-12-18T14:25:58Z'
-    mac: ENC[AES256_GCM,data:GqpTUrHBl+WofjEB5BKfpfoFn2j4shnyYGE32h5Yh47zLpXAqPHtGA1nYrYRfucc32Iy9A9nVtAiI73kxtGAjeobGSpMjcQMrUxxDsg6CKGTu0+ohTy9QLQhOoacwnr5Atoa+IqYdtJg67LRGcnMhn+hj6y5XdaKA8bJ4Zj/12o=,iv:SQ0ThyhuhukuG+nznBSk3utOHeFQmor1JM2NLWbFe4I=,tag:K0dQcQmWwG5aIlqnjJuGwg==,type:str]
+    age: []
+    lastmodified: "2023-08-20T15:24:45Z"
+    mac: ENC[AES256_GCM,data:31Jyj3WYG1sADZ8ooxKoQpGe6yS1icwOVlq+IsZwM0tkjrE8e1bc8Zc/Yo+7DKMXXXdg3gqmyrwCHcyIsMWHJCj/xF8ZCVIATnKnqJfg47o86rlMero/PuykWoRXn6Eepfobfw+oczpCvYeiCPy3FbWtUgWgAq0y/OHr3yM3lWA=,iv:Mg8Pp4HnbT8qaMS6yt8P9KMSWe5tI3i1+UrByduPPCs=,tag:7Pr4t1kXSbnzKEp9TNF9lw==,type:str]
     pgp:
-    -   created_at: '2020-12-18T14:25:39Z'
-        enc: |-
+        - created_at: "2020-12-18T14:25:39Z"
+          enc: |-
             -----BEGIN PGP MESSAGE-----
 
             wcFMA9B6IoTj4kvKARAAD9Z69MYK/p8e48T4evqWAB0WRZ8yYt0uIqKvdZZzl3NS
@@ -28,6 +29,6 @@ sops:
             NQAA
             =/ZzV
             -----END PGP MESSAGE-----
-        fp: B3C25F146073BF8435E2A94A7A42B4B97E0332F4
+          fp: B3C25F146073BF8435E2A94A7A42B4B97E0332F4
     unencrypted_suffix: _unencrypted
-    version: 3.6.1
+    version: 3.7.3

services/justfile

@@ -0,0 +1,57 @@
+set dotenv-load := false
+
+_default:
+    @just --list
+
+email:
+	sops -d --output secrets_decrypted/dovecot.yml secrets/dovecot.yml
+	sops -d --output secrets_decrypted/fetchmail.yml secrets/fetchmail.yml
+	kubectl apply -f secrets_decrypted/dovecot.yml
+	kubectl apply -f secrets_decrypted/fetchmail.yml
+	kubectl apply -f email/deployment.yml
+
+
+nextcloud:
+	kubectl apply -f nextcloud/config.nginx.site-confs.default.yml
+	kubectl apply -f nextcloud/nextcloud.yml
+
+
+nextcloud_resync_file:
+	kubectl exec -t $(shell kubectl get pods -n default -l app=nextcloud -o json | jq .items[].metadata.name) -- /usr/bin/occ files:scan --all
+
+
+backup:
+	sops -d --output secrets_decrypted/backup_credentials.yml secrets/backup_credentials.yml
+	kubectl apply -f secrets_decrypted/backup_credentials.yml
+	kubectl apply -f backup/backup-cron.yml
+	kubectl apply -f backup/backup-minio.yml
+
+webhook:
+	sops exec-env secrets/webhook.yml 'cp webhook/webhook.yml secrets_decrypted/; for i in $(env | grep _SECRET | cut -d = -f1); do sed -i "s#__${i}__#${!i}#g" secrets_decrypted/webhook.yml ; done'
+	kubectl apply -f secrets_decrypted/webhook.yml
+
+app:
+	kubectl apply -f app/couber.yml
+	kubectl apply -f app/wstunnel.yml
+
+waprgate:
+	kubectl apply -f app/warpgate.yml
+
+blog:
+	kubectl apply -f blog/blog.yml
+
+dashy:
+	kubectl apply -f dashy/configmap.yml
+	kubectl apply -f dashy/dashy.yml
+	kubectl delete pod -l app=dashy
+
+pihole:
+	kubectl apply -f pihole/pihole.yml
+
+vaultwarden:
+	kubectl apply -f vaultwarden/vaultwarden.yml
+
+minio:
+	sops -d --output secrets_decrypted/minio.yml secrets/minio.yml
+	kubectl apply -f secrets_decrypted/minio.yml
+	kubectl apply -f minio/minio.yml