fix

2023-09-21 12:44:34 +02:00
parent 287b4b8caa
commit cfed1eb857
23 changed files with 1009 additions and 780 deletions
--- a/apps/code-server/forward.tf
+++ b/apps/code-server/forward.tf
@@ -61,6 +61,7 @@ resource "authentik_provider_proxy" "prj_forward" {
 resource "authentik_application" "prj_application" {
  name              = local.app-name
  slug              = "${var.component}-${var.instance}"
+  group             = var.app-group
  protocol_provider = authentik_provider_proxy.prj_forward.id
  meta_launch_url   = local.external-url
  meta_icon         = format("%s/%s", local.external-url, local.app-icon)
--- a/apps/code-server/index.yaml
+++ b/apps/code-server/index.yaml
@@ -6,31 +6,21 @@ metadata:
  name: code-server
  description: null
 options:
-  sub-domain:
-    default: code
+  app-group:
+    default: dev
    examples:
-    - code
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
+    - dev
    type: string
  timezone:
    default: Europe/Paris
    examples:
    - Europe/Paris
    type: string
-  domain-name:
-    default: your_company.com
+  no-editor:
+    default: false
    examples:
-    - your_company.com
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
+    - false
+    type: boolean
  admin:
    default:
      cluster: false
@@ -46,11 +36,48 @@ options:
        default: false
        type: boolean
    type: object
-  no-editor:
-    default: false
+  domain-name:
+    default: your_company.com
    examples:
-    - false
-    type: boolean
+    - your_company.com
+    type: string
+  storage:
+    default:
+      accessMode: ReadWriteOnce
+      size: 20Gi
+      type: Filesystem
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 20Gi
+      type: Filesystem
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 20Gi
+        type: string
+      type:
+        default: Filesystem
+        enum:
+        - Filesystem
+        - Block
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  images:
    default:
      codeserver:
@@ -90,38 +117,16 @@ options:
            type: number
        type: object
    type: object
-  storage:
-    default:
-      accessMode: ReadWriteOnce
-      size: 20Gi
-      type: Filesystem
-    examples:
-    - accessMode: ReadWriteOnce
-      size: 20Gi
-      type: Filesystem
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 20Gi
-        type: string
-      type:
-        default: Filesystem
-        enum:
-        - Filesystem
-        - Block
-        type: string
-    type: object
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
+  sub-domain:
+    default: code
+    examples:
+    - code
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/dolibarr/application.tf
+++ b/apps/dolibarr/application.tf
@@ -1,4 +1,6 @@
 locals {
+  app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
+  main-group = format("app-%s", local.app-name)
  sorted-group-names = reverse(distinct(sort([
    for grp in var.user-groups: grp.name
  ])))
@@ -17,6 +19,7 @@ data "authentik_group" "vynil-admin" {
 resource "authentik_group" "groups" {
  count = length(local.sorted-groups)
  name  = local.sorted-groups[count.index].name
+  attributes   = jsonencode({"${local.app-name}" = true})
 }
 data "authentik_group" "readed_groups" {
  depends_on = [ authentik_group.groups ]
@@ -32,25 +35,25 @@ resource "authentik_application" "dolibarr_application_ldap" {
 }

 resource "authentik_policy_binding" "dolibarr_ldap_access_users" {
-  count = length(local.sorted-groups)
  target = authentik_application.dolibarr_application_ldap.uuid
-  group  = authentik_group.groups[count.index].id
-  order  = count.index
+  policy = authentik_policy_expression.policy.id
+  order  = 0
 }
 resource "authentik_policy_binding" "dolibarr_ldap_access_ldap" {
  target = authentik_application.dolibarr_application_ldap.uuid
  group  = authentik_group.dolibarr_ldapsearch.id
-  order  = length(local.sorted-groups)+1
+  order  = 1
 }
 resource "authentik_policy_binding" "dolibarr_ldap_access_vynil" {
  target = authentik_application.dolibarr_application_ldap.uuid
  group  = data.authentik_group.vynil-admin.id
-  order  = length(local.sorted-groups)+2
+  order  = 2
 }

 resource "authentik_application" "dolibarr_application_saml" {
  name              = "${var.instance}"
  slug              = "${var.component}-${var.instance}"
+  group             = var.app-group
  protocol_provider = authentik_provider_saml.dolibarr.id
  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "theme/dolibarr_256x256_color.png")
--- a/apps/dolibarr/index.yaml
+++ b/apps/dolibarr/index.yaml
@@ -6,33 +6,6 @@ metadata:
  name: dolibarr
  description: null
 options:
-  storage:
-    default:
-      accessMode: ReadWriteOnce
-      size: 10Gi
-      type: Filesystem
-    examples:
-    - accessMode: ReadWriteOnce
-      size: 10Gi
-      type: Filesystem
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 10Gi
-        type: string
-      type:
-        default: Filesystem
-        enum:
-        - Filesystem
-        - block
-        type: string
-    type: object
  parameters:
    default:
      MAIN_LANG_DEFAULT: auto
@@ -43,89 +16,10 @@ options:
        default: auto
        type: string
    type: object
-  domain-name:
-    default: your_company.com
+  app-group:
+    default: ''
    examples:
-    - your_company.com
-    type: string
-  user-groups:
-    default:
-    - admin: true
-      name: dolibarr-admin
-    examples:
-    - - admin: true
-        name: dolibarr-admin
-    items:
-      properties:
-        admin:
-          type: boolean
-        name:
-          type: string
-      type: object
-    type: array
-  modules:
-    default:
-    - societe
-    examples:
-    - - societe
-    items:
-      type: string
-    type: array
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  sub-domain:
-    default: erp
-    examples:
-    - erp
-    type: string
-  resources:
-    default:
-      limits:
-        cpu: 200m
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 100Mi
-    examples:
-    - limits:
-        cpu: 200m
-        memory: 256Mi
-      requests:
-        cpu: 50m
-        memory: 100Mi
-    properties:
-      limits:
-        default:
-          cpu: 200m
-          memory: 256Mi
-        properties:
-          cpu:
-            default: 200m
-            type: string
-          memory:
-            default: 256Mi
-            type: string
-        type: object
-      requests:
-        default:
-          cpu: 50m
-          memory: 100Mi
-        properties:
-          cpu:
-            default: 50m
-            type: string
-          memory:
-            default: 100Mi
-            type: string
-        type: object
-    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
+    - ''
    type: string
  backups:
    default:
@@ -233,6 +127,36 @@ options:
        default: false
        type: boolean
    type: object
+  sub-domain:
+    default: erp
+    examples:
+    - erp
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  hpa:
+    default:
+      avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
+    examples:
+    - avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
+    properties:
+      avg-cpu:
+        default: 50
+        type: integer
+      max-replicas:
+        default: 5
+        type: integer
+      min-replicas:
+        default: 1
+        type: integer
+    type: object
  log-level:
    default: 5
    examples:
@@ -271,25 +195,46 @@ options:
        default: 2Gi
        type: string
    type: object
-  hpa:
+  resources:
    default:
-      avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
+      limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
    examples:
-    - avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
+    - limits:
+        cpu: 200m
+        memory: 256Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
    properties:
-      avg-cpu:
-        default: 50
-        type: integer
-      max-replicas:
-        default: 5
-        type: integer
-      min-replicas:
-        default: 1
-        type: integer
+      limits:
+        default:
+          cpu: 200m
+          memory: 256Mi
+        properties:
+          cpu:
+            default: 200m
+            type: string
+          memory:
+            default: 256Mi
+            type: string
+        type: object
+      requests:
+        default:
+          cpu: 50m
+          memory: 100Mi
+        properties:
+          cpu:
+            default: 50m
+            type: string
+          memory:
+            default: 100Mi
+            type: string
+        type: object
    type: object
  postgres:
    default:
@@ -311,6 +256,46 @@ options:
        default: '14'
        type: string
    type: object
+  modules:
+    default:
+    - societe
+    examples:
+    - - societe
+    items:
+      type: string
+    type: array
+  storage:
+    default:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+      type: Filesystem
+    examples:
+    - accessMode: ReadWriteOnce
+      size: 10Gi
+      type: Filesystem
+    properties:
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
+      type:
+        default: Filesystem
+        enum:
+        - Filesystem
+        - block
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
  images:
    default:
      dolibarr:
@@ -376,11 +361,31 @@ options:
            type: string
        type: object
    type: object
-  domain:
-    default: your-company
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - your-company
+    - letsencrypt-prod
    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  user-groups:
+    default:
+    - admin: true
+      name: dolibarr-admin
+    examples:
+    - - admin: true
+        name: dolibarr-admin
+    items:
+      properties:
+        admin:
+          type: boolean
+        name:
+          type: string
+      type: object
+    type: array
 dependencies:
 - dist: null
  category: share
--- a/apps/gitea/index.yaml
+++ b/apps/gitea/index.yaml
@@ -9,21 +9,21 @@ metadata:
    A painless self-hosted Git service.
    Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
 options:
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
-  release:
-    default: 8.3.0
+  ingress-class:
+    default: traefik
    examples:
-    - 8.3.0
+    - traefik
    type: string
+  ssh-port:
+    default: 2222
+    examples:
+    - 2222
+    type: integer
  webhook:
    default:
      allowed-hosts: private
@@ -59,60 +59,25 @@ options:
        default: '14'
        type: string
    type: object
-  sub-domain:
-    default: git
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - git
+    - letsencrypt-prod
    type: string
-  replicas:
-    default: 1
-    examples:
-    - 1
-    type: integer
-  admin:
-    default:
-      email: git-admin@git.your_company.com
-      name: gitea_admin
-    examples:
-    - email: git-admin@git.your_company.com
-      name: gitea_admin
-    properties:
-      email:
-        default: git-admin@git.your_company.com
-        type: string
-      name:
-        default: gitea_admin
-        type: string
-    type: object
  timezone:
    default: Europe/Paris
    examples:
    - Europe/Paris
    type: string
-  ssh-port:
-    default: 2222
-    examples:
-    - 2222
-    type: integer
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  default-branch:
-    default: main
+  sub-domain:
+    default: git
    examples:
-    - main
-    type: string
-  theme:
-    default: gitea-modern
-    examples:
-    - gitea-modern
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
+    - git
    type: string
  push-create:
    default:
@@ -134,14 +99,19 @@ options:
        default: 'true'
        type: string
    type: object
-  volume:
+  admin:
    default:
-      size: 10Gi
+      email: git-admin@git.your_company.com
+      name: gitea_admin
    examples:
-    - size: 10Gi
+    - email: git-admin@git.your_company.com
+      name: gitea_admin
    properties:
-      size:
-        default: 10Gi
+      email:
+        default: git-admin@git.your_company.com
+        type: string
+      name:
+        default: gitea_admin
        type: string
    type: object
  images:
@@ -207,11 +177,31 @@ options:
            type: string
        type: object
    type: object
-  disable-registration:
-    default: true
+  app-group:
+    default: dev
    examples:
-    - true
-    type: boolean
+    - dev
+    type: string
+  theme:
+    default: gitea-modern
+    examples:
+    - gitea-modern
+    type: string
+  volume:
+    default:
+      size: 10Gi
+    examples:
+    - size: 10Gi
+    properties:
+      size:
+        default: 10Gi
+        type: string
+    type: object
+  release:
+    default: 8.3.0
+    examples:
+    - 8.3.0
+    type: string
  load-balancer:
    default:
      ip: ''
@@ -222,6 +212,16 @@ options:
        default: ''
        type: string
    type: object
+  disable-registration:
+    default: true
+    examples:
+    - true
+    type: boolean
+  default-branch:
+    default: main
+    examples:
+    - main
+    type: string
  backups:
    default:
      enable: false
@@ -328,6 +328,11 @@ options:
        default: false
        type: boolean
    type: object
+  replicas:
+    default: 1
+    examples:
+    - 1
+    type: integer
 dependencies:
 - dist: null
  category: share
--- a/apps/gitea/ldap.tf
+++ b/apps/gitea/ldap.tf
@@ -83,6 +83,7 @@ resource "authentik_provider_ldap" "gitea_provider_ldap" {
 resource "authentik_application" "gitea_application" {
  name              = "${var.instance}"
  slug              = "${var.component}-${var.instance}-ldap"
+  group             = var.app-group
  protocol_provider = authentik_provider_ldap.gitea_provider_ldap.id
  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "assets/img/logo.svg")
--- a/apps/nextcloud/application.tf
+++ b/apps/nextcloud/application.tf
@@ -13,6 +13,7 @@ resource "authentik_group" "groups" {
 resource "authentik_application" "prj_app" {
  name              = "${var.instance}"
  slug              = "${var.component}-${var.instance}"
+  group             = var.app-group
  protocol_provider = authentik_provider_oauth2.oauth2.id
  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "apps/theming/favicon")
--- a/apps/nextcloud/index.yaml
+++ b/apps/nextcloud/index.yaml
@@ -96,117 +96,21 @@ options:
        default: true
        type: boolean
    type: object
-  openid-name:
-    default: vynil
+  domain-name:
+    default: your_company.com
    examples:
-    - vynil
+    - your_company.com
    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      restic-key: bck-password
-      retention:
-        db: 30d
-        keepDaily: 14
-        keepMonthly: 12
-        keepWeekly: 6
-        keepYearly: 12
-      schedule:
-        backup: 30 3 * * *
-        check: 30 5 * * 1
-        db: 30 3 * * *
-        prune: 30 1 * * 0
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
+  domain:
+    default: your-company
    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      restic-key: bck-password
-      retention:
-        db: 30d
-        keepDaily: 14
-        keepMonthly: 12
-        keepWeekly: 6
-        keepYearly: 12
-      schedule:
-        backup: 30 3 * * *
-        check: 30 5 * * 1
-        db: 30 3 * * *
-        prune: 30 1 * * 0
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      restic-key:
-        default: bck-password
-        type: string
-      retention:
-        default:
-          db: 30d
-          keepDaily: 14
-          keepMonthly: 12
-          keepWeekly: 6
-          keepYearly: 12
-        properties:
-          db:
-            default: 30d
-            type: string
-          keepDaily:
-            default: 14
-            type: integer
-          keepMonthly:
-            default: 12
-            type: integer
-          keepWeekly:
-            default: 6
-            type: integer
-          keepYearly:
-            default: 12
-            type: integer
-        type: object
-      schedule:
-        default:
-          backup: 30 3 * * *
-          check: 30 5 * * 1
-          db: 30 3 * * *
-          prune: 30 1 * * 0
-        properties:
-          backup:
-            default: 30 3 * * *
-            type: string
-          check:
-            default: 30 5 * * 1
-            type: string
-          db:
-            default: 30 3 * * *
-            type: string
-          prune:
-            default: 30 1 * * 0
-            type: string
-        type: object
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-      use-barman:
-        default: false
-        type: boolean
-    type: object
+    - your-company
+    type: string
+  sub-domain:
+    default: files
+    examples:
+    - files
+    type: string
  images:
    default:
      collabora:
@@ -370,30 +274,140 @@ options:
            type: string
        type: object
    type: object
-  hpa:
+  storage:
    default:
-      avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
+      accessMode: ReadWriteOnce
+      size: 10Gi
    examples:
-    - avg-cpu: 50
-      max-replicas: 5
-      min-replicas: 1
+    - accessMode: ReadWriteOnce
+      size: 10Gi
    properties:
-      avg-cpu:
-        default: 50
-        type: integer
-      max-replicas:
-        default: 5
-        type: integer
-      min-replicas:
-        default: 1
-        type: integer
+      accessMode:
+        default: ReadWriteOnce
+        enum:
+        - ReadWriteOnce
+        - ReadOnlyMany
+        - ReadWriteMany
+        type: string
+      size:
+        default: 10Gi
+        type: string
    type: object
-  domain-name:
-    default: your_company.com
+  app-group:
+    default: ''
    examples:
-    - your_company.com
+    - ''
+    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      restic-key: bck-password
+      retention:
+        db: 30d
+        keepDaily: 14
+        keepMonthly: 12
+        keepWeekly: 6
+        keepYearly: 12
+      schedule:
+        backup: 30 3 * * *
+        check: 30 5 * * 1
+        db: 30 3 * * *
+        prune: 30 1 * * 0
+      secret-key: s3-secret
+      secret-name: backup-settings
+      use-barman: false
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      restic-key: bck-password
+      retention:
+        db: 30d
+        keepDaily: 14
+        keepMonthly: 12
+        keepWeekly: 6
+        keepYearly: 12
+      schedule:
+        backup: 30 3 * * *
+        check: 30 5 * * 1
+        db: 30 3 * * *
+        prune: 30 1 * * 0
+      secret-key: s3-secret
+      secret-name: backup-settings
+      use-barman: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      restic-key:
+        default: bck-password
+        type: string
+      retention:
+        default:
+          db: 30d
+          keepDaily: 14
+          keepMonthly: 12
+          keepWeekly: 6
+          keepYearly: 12
+        properties:
+          db:
+            default: 30d
+            type: string
+          keepDaily:
+            default: 14
+            type: integer
+          keepMonthly:
+            default: 12
+            type: integer
+          keepWeekly:
+            default: 6
+            type: integer
+          keepYearly:
+            default: 12
+            type: integer
+        type: object
+      schedule:
+        default:
+          backup: 30 3 * * *
+          check: 30 5 * * 1
+          db: 30 3 * * *
+          prune: 30 1 * * 0
+        properties:
+          backup:
+            default: 30 3 * * *
+            type: string
+          check:
+            default: 30 5 * * 1
+            type: string
+          db:
+            default: 30 3 * * *
+            type: string
+          prune:
+            default: 30 1 * * 0
+            type: string
+        type: object
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+      use-barman:
+        default: false
+        type: boolean
+    type: object
+  openid-name:
+    default: vynil
+    examples:
+    - vynil
    type: string
  redis:
    default:
@@ -433,21 +447,36 @@ options:
    examples:
    - traefik
    type: string
-  sub-domain:
-    default: files
+  hpa:
+    default:
+      avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
    examples:
-    - files
-    type: string
-  domain:
-    default: your-company
+    - avg-cpu: 50
+      max-replicas: 5
+      min-replicas: 1
+    properties:
+      avg-cpu:
+        default: 50
+        type: integer
+      max-replicas:
+        default: 5
+        type: integer
+      min-replicas:
+        default: 1
+        type: integer
+    type: object
+  admin:
+    default:
+      name: nextcloud_admin
    examples:
-    - your-company
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
+    - name: nextcloud_admin
+    properties:
+      name:
+        default: nextcloud_admin
+        type: string
+    type: object
  postgres:
    default:
      replicas: 1
@@ -468,35 +497,11 @@ options:
        default: '14'
        type: string
    type: object
-  storage:
-    default:
-      accessMode: ReadWriteOnce
-      size: 10Gi
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - accessMode: ReadWriteOnce
-      size: 10Gi
-    properties:
-      accessMode:
-        default: ReadWriteOnce
-        enum:
-        - ReadWriteOnce
-        - ReadOnlyMany
-        - ReadWriteMany
-        type: string
-      size:
-        default: 10Gi
-        type: string
-    type: object
-  admin:
-    default:
-      name: nextcloud_admin
-    examples:
-    - name: nextcloud_admin
-    properties:
-      name:
-        default: nextcloud_admin
-        type: string
-    type: object
+    - letsencrypt-prod
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/apps/traefik-ui/forward.tf
+++ b/apps/traefik-ui/forward.tf
@@ -60,6 +60,7 @@ resource "authentik_provider_proxy" "prj_forward" {
 resource "authentik_application" "prj_application" {
  name              = "${var.component}"
  slug              = "${var.component}-${var.instance}"
+  group             = var.app-group
  protocol_provider = authentik_provider_proxy.prj_forward.id
  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, local.app-icon)
--- a/apps/traefik-ui/index.yaml
+++ b/apps/traefik-ui/index.yaml
@@ -6,11 +6,6 @@ metadata:
  name: traefik-ui
  description: Access to the Traefik UI
 options:
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
  ingress-class:
    default: traefik
    examples:
@@ -31,6 +26,16 @@ options:
    examples:
    - your-company
    type: string
+  app-group:
+    default: infra
+    examples:
+    - infra
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
 dependencies:
 - dist: null
  category: share
--- a/meta/domain-apps/apps.tf
+++ b/meta/domain-apps/apps.tf
@@ -7,13 +7,19 @@ locals {
      "vynil.solidite.fr/ingress" = var.ingress-class
    }
    global = {
-        "domain" = var.namespace
-        "domain-name" = var.domain-name
-        "issuer" = var.issuer
+        "domain"        = var.namespace
+        "domain-name"   = var.domain-name
+        "issuer"        = var.issuer
        "ingress-class" = var.ingress-class
-        "backups"        = var.backups
+        "backups"       = var.backups
    }
-    nextcloud = { for k, v in var.nextcloud : k => v if k!="enable" }
+    nextcloud = { for k, v in var.nextcloud : k => v if contains(["enable","storage"],k) }
+    nextcloud-storage = merge({
+      "storage" = {
+        "size" = "10Gi"
+        "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce"
+      }
+    }, { for k, v in var.nextcloud : k => v if k=="storage" })
 }

 resource "kubernetes_namespace_v1" "files-ns" {
@@ -39,6 +45,6 @@ resource "kubectl_manifest" "nextcloud" {
      distrib: "${var.distributions.domain}"
      category: "apps"
      component: "nextcloud"
-      options: ${jsonencode(merge(local.global, local.nextcloud))}
+      options: ${jsonencode(merge(local.global, local.nextcloud-storage, local.nextcloud))}
  EOF
 }
--- a/meta/domain-apps/index.yaml
+++ b/meta/domain-apps/index.yaml
@@ -6,51 +6,11 @@ metadata:
  name: domain-apps
  description: null
 options:
-  nextcloud:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
  backups:
    default:
      enable: false
@@ -81,6 +41,71 @@ options:
        default: backup-settings
        type: string
    type: object
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  nextcloud:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain-auth/index.yaml
+++ b/meta/domain-auth/index.yaml
@@ -6,71 +6,6 @@ metadata:
  name: domain-auth
  description: null
 options:
-  authentik:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  authentik-ldap:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
  distributions:
    default:
      core: core
@@ -101,6 +36,96 @@ options:
    examples:
    - letsencrypt-prod
    type: string
+  authentik:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  authentik-ldap:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain-ci/apps.tf
+++ b/meta/domain-ci/apps.tf
@@ -13,8 +13,19 @@ locals {
        "ingress-class"  = var.ingress-class
        "backups"        = var.backups
    }
-    gitea = { for k, v in var.gitea : k => v if k!="enable" }
+    gitea = { for k, v in var.gitea : k => v if contains(["enable","storage-server","storage-agent"],k) }
    woodpecker = { for k, v in var.woodpecker : k => v if k!="enable" }
+    woodpecker-storage = merge({
+      "storage-server" = {
+        "size" = "10Gi"
+        "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce"
+      }
+      "storage-agent" = {
+        "size" = "10Gi"
+        "writeMany" = var.storage-classes.FilesystemReadWriteMany!=""?"true":"false"
+        "storageClass" = var.storage-classes.FilesystemReadWriteMany!=""?var.storage-classes.FilesystemReadWriteMany:var.storage-classes.FilesystemReadWriteOnce
+      }
+    }, { for k, v in var.dolibarr : k => v if contains(["storage-server","storage-agent"],k) })
 }

 resource "kubernetes_namespace_v1" "ci-ns" {
@@ -58,6 +69,6 @@ resource "kubectl_manifest" "woodpecker" {
      distrib: "${var.distributions.domain}"
      category: "apps"
      component: "woodpecker"
-      options: ${jsonencode(merge(local.global, local.woodpecker))}
+      options: ${jsonencode(merge(local.global, local.woodpecker-storage, local.woodpecker))}
  EOF
 }
--- a/meta/domain-ci/index.yaml
+++ b/meta/domain-ci/index.yaml
@@ -6,51 +6,6 @@ metadata:
  name: domain-ci
  description: null
 options:
-  gitea:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  woodpecker:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
  backups:
    default:
      enable: false
@@ -81,15 +36,85 @@ options:
        default: backup-settings
        type: string
    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
-  issuer:
-    default: letsencrypt-prod
+  woodpecker:
+    default:
+      enable: false
    examples:
-    - letsencrypt-prod
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
+  gitea:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
    type: string
 dependencies: []
 providers:
--- a/meta/domain-erp/apps.tf
+++ b/meta/domain-erp/apps.tf
@@ -13,7 +13,14 @@ locals {
        "ingress-class" = var.ingress-class
        "backups"       = var.backups
    }
-    dolibarr = { for k, v in var.dolibarr : k => v if k!="enable" }
+    dolibarr = { for k, v in var.dolibarr : k => v if contains(["enable","storage"],k) }
+    doli-storage = merge({
+      "storage" = {
+        "size" = "10Gi"
+        "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce"
+        "type" = "Filesystem"
+      }
+    }, { for k, v in var.dolibarr : k => v if k=="storage" })
 }

 resource "kubernetes_namespace_v1" "erp-ns" {
@@ -39,6 +46,6 @@ resource "kubectl_manifest" "dolibarr" {
      distrib: "${var.distributions.domain}"
      category: "apps"
      component: "dolibarr"
-      options: ${jsonencode(merge(local.global, local.dolibarr))}
+      options: ${jsonencode(merge(local.global, local.doli-storage, local.dolibarr))}
  EOF
 }
--- a/meta/domain-erp/index.yaml
+++ b/meta/domain-erp/index.yaml
@@ -11,21 +11,6 @@ options:
    examples:
    - your-company
    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  distributions:
    default:
      core: core
@@ -71,6 +56,36 @@ options:
        default: backup-settings
        type: string
    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
  dolibarr:
    default:
      enable: true
@@ -81,6 +96,16 @@ options:
        default: true
        type: boolean
    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain-infra/apps.tf
+++ b/meta/domain-infra/apps.tf
@@ -12,6 +12,7 @@ locals {
        "issuer"        = var.issuer
        "ingress-class" = var.ingress-class
        "backups"       = var.backups
+        "app-group"     = var.app-group
    }
    traefik = { for k, v in var.traefik : k => v if k!="enable" }
    dns = { for k, v in var.dns : k => v if k!="enable" }
@@ -52,7 +53,7 @@ resource "kubectl_manifest" "traefik" {
    apiVersion: "vynil.solidite.fr/v1"
    kind: "Install"
    metadata:
-      name: "traefik-ui-${var.namespace}"
+      name: "${var.namespace}"
      namespace: "${var.traefik.namespace}"
      labels: ${jsonencode(local.common-labels)}
    spec:
--- a/meta/domain-infra/index.yaml
+++ b/meta/domain-infra/index.yaml
@@ -6,71 +6,6 @@ metadata:
  name: domain-infra
  description: null
 options:
-  dns:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  traefik:
-    default:
-      enable: false
-      namespace: traefik
-    examples:
-    - enable: false
-      namespace: traefik
-    properties:
-      enable:
-        default: false
-        type: boolean
-      namespace:
-        default: traefik
-        type: string
-    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  api:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
  backups:
    default:
      enable: false
@@ -101,11 +36,106 @@ options:
        default: backup-settings
        type: string
    type: object
+  app-group:
+    default: infra
+    examples:
+    - infra
+    type: string
+  traefik:
+    default:
+      enable: false
+      namespace: traefik
+    examples:
+    - enable: false
+      namespace: traefik
+    properties:
+      enable:
+        default: false
+        type: boolean
+      namespace:
+        default: traefik
+        type: string
+    type: object
+  dns:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  api:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain/index.yaml
+++ b/meta/domain/index.yaml
@@ -6,11 +6,78 @@ metadata:
  name: domain
  description: null
 options:
-  ingress-class:
-    default: traefik
+  distributions:
+    default:
+      core: core
+      domain: domain
    examples:
-    - traefik
-    type: string
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
+  erp:
+    default:
+      dolibarr:
+        enable: true
+      enable: false
+    examples:
+    - dolibarr:
+        enable: true
+      enable: false
+    properties:
+      dolibarr:
+        default:
+          enable: true
+        properties:
+          enable:
+            default: true
+            type: boolean
+        type: object
+      enable:
+        default: false
+        type: boolean
+    type: object
+  storage-classes:
+    default:
+      BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    examples:
+    - BlockReadWriteMany: ''
+      BlockReadWriteOnce: ''
+      FilesystemReadWriteMany: ''
+      FilesystemReadWriteOnce: ''
+    properties:
+      BlockReadWriteMany:
+        default: ''
+        type: string
+      BlockReadWriteOnce:
+        default: ''
+        type: string
+      FilesystemReadWriteMany:
+        default: ''
+        type: string
+      FilesystemReadWriteOnce:
+        default: ''
+        type: string
+    type: object
+  auth:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
  backups:
    default:
      enable: false
@@ -41,85 +108,38 @@ options:
        default: backup-settings
        type: string
    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
  domain-name:
    default: your_company.com
    examples:
    - your_company.com
    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  auth:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-  ci:
+    - letsencrypt-prod
+    type: string
+  infra:
    default:
      enable: false
-      gitea:
-        enable: true
+      traefik:
+        enable: false
    examples:
    - enable: false
-      gitea:
-        enable: true
+      traefik:
+        enable: false
    properties:
      enable:
        default: false
        type: boolean
-      gitea:
+      traefik:
        default:
-          enable: true
+          enable: false
        properties:
          enable:
-            default: true
+            default: false
            type: boolean
        type: object
    type: object
-  erp:
-    default:
-      dolibarr:
-        enable: true
-      enable: false
-    examples:
-    - dolibarr:
-        enable: true
-      enable: false
-    properties:
-      dolibarr:
-        default:
-          enable: true
-        properties:
-          enable:
-            default: true
-            type: boolean
-        type: object
-      enable:
-        default: false
-        type: boolean
-    type: object
  apps:
    default:
      enable: false
@@ -142,29 +162,44 @@ options:
            type: boolean
        type: object
    type: object
-  infra:
+  mail:
    default:
      enable: false
-      traefik:
-        enable: false
    examples:
    - enable: false
-      traefik:
-        enable: false
    properties:
      enable:
        default: false
        type: boolean
-      traefik:
+    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  ci:
+    default:
+      enable: false
+      gitea:
+        enable: true
+    examples:
+    - enable: false
+      gitea:
+        enable: true
+    properties:
+      enable:
+        default: false
+        type: boolean
+      gitea:
        default:
-          enable: false
+          enable: true
        properties:
          enable:
-            default: false
+            default: true
            type: boolean
        type: object
    type: object
-  mail:
+  devspaces:
    default:
      enable: false
    examples:
--- a/meta/domain/installs.tf
+++ b/meta/domain/installs.tf
@@ -6,6 +6,7 @@ locals {
        "ingress-class"  = var.ingress-class
        "distributions"  = var.distributions
        "backups"        = var.backups
+        "storage-classes"= var.storage-classes
    }
    annotations = {
      "vynil.solidite.fr/meta" = var.component
--- a/share/wildduck/application.tf
+++ b/share/wildduck/application.tf
@@ -14,6 +14,7 @@ resource "authentik_application" "prj_app" {
  name              = "${var.instance}"
  slug              = "${var.component}-${var.instance}"
  #protocol_provider = authentik_provider_oauth2.oauth2.id
+  group             = var.app-group
  backchannel_providers = [authentik_provider_scim.scim.id]
  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png")
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -6,54 +6,11 @@ metadata:
  name: wildduck
  description: null
 options:
-  domain-name:
-    default: your_company.com
+  ingress-class:
+    default: traefik
    examples:
-    - your_company.com
+    - traefik
    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.5
-        type: string
-      storage:
-        default: 2Gi
-        type: string
-    type: object
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
  backups:
    default:
      enable: false
@@ -293,21 +250,69 @@ options:
            type: string
        type: object
    type: object
-  sub-domain:
-    default: mail
+  domain:
+    default: your-company
    examples:
-    - mail
+    - your-company
    type: string
-  ingress-class:
-    default: traefik
+  app-group:
+    default: ''
    examples:
-    - traefik
+    - ''
+    type: string
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.5
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
+  sub-domain:
+    default: mail
+    examples:
+    - mail
+    type: string
 dependencies:
 - dist: null
  category: dbo