From e967fe72aae049ae051e4f76e35d9800a328aa6c Mon Sep 17 00:00:00 2001
From: Daniel Cosme <cosmedaniel8@gmail.com>
Date: Fri, 1 May 2026 15:19:46 -0400
Subject: [PATCH] Add NFS and iSCSI backed StorageClasses

---
 apps/hydra/immich/kustomization.yaml          |   2 +-
 apps/hydra/secrets/immich-db.yaml             |  18 ++++++-------
 apps/hydra/secrets/immich-secret.yaml         |  24 +++++++++---------
 apps/hydra/secrets/kustomization.yaml         |   8 +++---
 apps/hydra/secrets/linking.yaml               |  18 ++++++-------
 apps/hydra/secrets/truenas-csi.yaml           |  16 ++++++------
 infrastructure/hydra/truenas-csi-driver.yaml  |  17 +++++++++++++
 .../truenas-csi/iscsi-storage-class.yaml      |  13 ++++++++++
 .../hydra/truenas-csi/kustomization.yaml      |   2 ++
 .../hydra/truenas-csi/nfs-storage-class.yaml  |  11 ++++++++
 pkg/enc/immich.go.age                         | Bin 2568 -> 2568 bytes
 pkg/enc/linkding.go.age                       | Bin 2126 -> 2126 bytes
 pkg/enc/secrets.go.age                        | Bin 2207 -> 2207 bytes
 pkg/enc/truenas.go.age                        | Bin 2072 -> 2072 bytes
 pkg/root/services.go                          |   2 +-
 pkg/truenas/truenas.go                        |   8 +++---
 16 files changed, 91 insertions(+), 48 deletions(-)
 create mode 100644 infrastructure/hydra/truenas-csi/iscsi-storage-class.yaml
 create mode 100644 infrastructure/hydra/truenas-csi/nfs-storage-class.yaml

diff --git a/apps/hydra/immich/kustomization.yaml b/apps/hydra/immich/kustomization.yaml
index e34cda2..2976dee 100644
--- a/apps/hydra/immich/kustomization.yaml
+++ b/apps/hydra/immich/kustomization.yaml
@@ -4,6 +4,6 @@ metadata:
   name: immich
   namespace: immich
 resources:
+- deployment.yaml
 - namespace.yaml
 - uploads-pvc.yaml
-- deployment.yaml
diff --git a/apps/hydra/secrets/immich-db.yaml b/apps/hydra/secrets/immich-db.yaml
index 8c11ffd..c2a5e2b 100644
--- a/apps/hydra/secrets/immich-db.yaml
+++ b/apps/hydra/secrets/immich-db.yaml
@@ -4,20 +4,20 @@ metadata:
     name: immich
     namespace: cnpg-cluster
 stringData:
-    password: ENC[AES256_GCM,data:+zTZydXQhJNoPd5i7DDkmzp6C6lxyLx7abyDj4E1tdFUlWGqtFbQUQ==,iv:z5JM00MiNu1U3dWMbYy1DS7++D+ezdRCudufhDqWXNo=,tag:WWfLEPix+6eguUIVNMav/Q==,type:str]
-    username: ENC[AES256_GCM,data:aSkTrfeJ,iv:QqUrhzGvT7qbwCggZwpugdD2eRgig+fA3812x2oX54U=,tag:5sNY9+OoEDDhtYMe8w1ubQ==,type:str]
+    password: ENC[AES256_GCM,data:VkxA0bLvUCrZ0diI43jX3UH6ct1+WQPr6C5VWV3UB84yI9ykcpSI1w==,iv:NqMCPOZQK2mjlAZgo9YSg+Pd5ttg86XyDMWVtYdBI/w=,tag:harDScxSeaHuG5kQ6/zdAQ==,type:str]
+    username: ENC[AES256_GCM,data:8SzMn5od,iv:Ms+En29rrpyYQFKx28RoS5QDouimOz/ouYaK+sOg1J4=,tag:clKYTXHC/BMJcaEbyCvw2Q==,type:str]
 sops:
     age:
         - recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvekNFdXNDV3Zzdllockw5
-            aFAyYm9zYUZzVFNZUENDODFLc1phWW5RSWtVCjRFSDdlaDBDRnIwMlp4RDN1YXZu
-            a0cyVHNNdVNDUW43UytOVGVyRGZ2aVUKLS0tIFFEeGtuVVRkUDNmaC9IRDBmOTVV
-            amJ6OTJvc0EyaXZTcHhHeXA5QTF6RDQKL8UiivxcPu2dKMpJRiFw58SZpX0Qc+WQ
-            P99bAZq/d1EwlYdjta9MRd4Ie04D+EcZtA8+F7t+XCby4gvkS6xxRg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyeUxaVng1aUlDRVo1cEMz
+            L0hweXdKaUdJUzZkVGdRaDhFdTJlaWJTOGk0Ci9DeEtxU1VnRDFNMDIzSmpUU0Fn
+            RXVXQ2FVYmI0eVhUei8rNUV2TldTc00KLS0tIEdZVDJvY1pZYUZZNTdBYWZvQlBZ
+            UUFzME1oZGZwVmNqRTE5dlY1aG81TjQKgKecbQunB5ggN663XBf74isxG3goUzQG
+            DH0bfj95E0+xZ5STPrgWiu33NHJHATT/2W1A9OYWCn02gz6uJPhadw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-01T19:01:27Z"
-    mac: ENC[AES256_GCM,data:jyfmrXB3nYTxGCog4i1kUZjY6xMhfLppkZDY+Bv6cevrXmLR1bDFkvt8suaOl0MAFkoBpvSkVNLC2riRnbHTf7GwRgY6AYTAKQAoRtuENe4sXL7ph9Brf3MkGsxguf93JKmL6QkokC/EEVW18/14iLTDuLb8+UhS3r3dYlUCHHU=,iv:bQFMtgCgeR0b6VLyS3v1Fn6WGh2qqga8EMBkPYNS4h8=,tag:Ji3UgaUVWFp2iwhZKYLDbw==,type:str]
+    lastmodified: "2026-05-01T19:19:44Z"
+    mac: ENC[AES256_GCM,data:2i2L+lRbzfQ+v252fB1oKgAmZr+cv0ozaYCz3Mhbq8vpSu5JteWbzM+abhBqP9cdvuiwJdEcXe2MOpxE/swlRBBHGGKDxLkIkpeCQWN98bghnyNZp5nhkDAnQzXnoV/XpwJRIQo3DM6v+2xWqxU1ira1asmhixFaMDfHQMI99bk=,iv:ihTqtmNk7nkgVGAkyhpcobuEEoZa++fzkBnqyFcEZyA=,tag:i0NP/vWVvl7uqjU1xUSAzg==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
diff --git a/apps/hydra/secrets/immich-secret.yaml b/apps/hydra/secrets/immich-secret.yaml
index 5e67073..6361fde 100644
--- a/apps/hydra/secrets/immich-secret.yaml
+++ b/apps/hydra/secrets/immich-secret.yaml
@@ -4,23 +4,23 @@ metadata:
     name: immich
     namespace: immich
 stringData:
-    db_host: ENC[AES256_GCM,data:2MV9dErTC4Di9qFUZtWVAc2ad6/ElQX5uDKflHjO/phm8aoDDE12w2ty12z08w==,iv:+P1yYKMheueCmcwUzYNoYOccoqLXlvbimIF8+k0u51M=,tag:ApnYW9n+qMGiQ6oRoVI58g==,type:str]
-    db_name: ENC[AES256_GCM,data:KcPMIVfj,iv:FtgrUX82DHNP6GjCt/Gs2P6dvc2JhmwqADlKAhneCgg=,tag:ifUR93N/OcO/DqRXwccRuw==,type:str]
-    db_password: ENC[AES256_GCM,data:amJjSCHVwdtg84H2u8waUUcs7PqBJc6vcjwUFI4oBjGG6ZOJuEZirw==,iv:CmXl4Del1DytyK0oj/6XjuY12wJT2NB/Ewwaa6bje6E=,tag:a+5BFIvhmC+CqhkXbOrvYw==,type:str]
-    db_port: ENC[AES256_GCM,data:ZCrUVA==,iv:VcBzsDkRKOBCApIfDgO9D52Z3CBRvW+THaViTe1sIy0=,tag:OTrZiW+1KJ7rQob3jzwO6A==,type:str]
-    db_username: ENC[AES256_GCM,data:6yv3/Naz,iv:CgoU6FWdaBGqOC+B0lLAJSCvOmd3Lm4jNTP8hAAiCwo=,tag:UNYZj4aUTL+t2oKzobVE6g==,type:str]
+    db_host: ENC[AES256_GCM,data:L0HLVyTp9Jp9DYghtHx1TB5NsEv+fBOnixqszjUvoF/uWXGb/xnZZGbxs3VOxQ==,iv:Nv9O1GqAIz0hQZ3rTE+lL2Rr6HSMu8MwHjtTpxzRWz4=,tag:Kg4oIa1PBfuscym7bZJ6XQ==,type:str]
+    db_name: ENC[AES256_GCM,data:uXAmysLn,iv:WH0CSa/MgqAeoPiY+iiG20qsal+nqalRx5D21DF7fJ4=,tag:YH4Vy7NCIj20CBHJb4ELKw==,type:str]
+    db_password: ENC[AES256_GCM,data:oP8mRF5f1YHdnLHDBGh58WUVoh3H7uBtarKnKgsnR35C4cQsHNud9g==,iv:MekInE4P4mNI3dbdkg8ltOQ7Cu6YGbrmbWL8zntpqjY=,tag:DKvZvg9pH/k0w7PIVRCZfw==,type:str]
+    db_port: ENC[AES256_GCM,data:jYe7NQ==,iv:joakjKW/1F2ls/TqBcJHlOoVFJzocGieKurU0Pj8amg=,tag:Z6UoVh3FfIQ8U+WYO8D95w==,type:str]
+    db_username: ENC[AES256_GCM,data:0ffOSkgC,iv:0XyDqJ89hm9Ej4QVg8qBOZzNlIKYX0fEceyY1IaTNzo=,tag:nl6jddgYlzwZ5P8oHqI57A==,type:str]
 sops:
     age:
         - recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Q3hBV2dQTzhEMDBvbTl2
-            eEFBQndkR0lOcGpxSDZwNzlMa1IrbDlmYmdFCnVJMGo5cThqRng4VnRjS2x5aWVS
-            d3JnOGlQZTJ0aDFFSUlwRTFjNTNUNFkKLS0tIDdmNmpRSi9hYno4SmYxZ0dkZWNG
-            UWtOZFJuK1M0anQ2VWpNd29hQzBlNUkKBG0OgcOgBDm1m5a5ZksMXrhpXitA4X+E
-            gX0CiMjFZ88jpbgAmp+i8McoXB3Pgs5otO+qX9gccWe3SEQet+CFWg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaUh1YTVyM0g0Tmpsei9O
+            ZUdrMkxLaU5ydy90aTJaZkNFbjBkaU02MFZvCmc3T05zS3EvTXVSZjFZMHBNMSts
+            MXhYb21aY2ZSeFMvR1lUc1h1cnRhbjQKLS0tIDhWOWs1MC9nYm40RGNuOWJpTTVo
+            MnpIdWdBSFAvM2ozZmlDc1lxR3JhTkEKsmQgoKGOslYoFq18RcTY13R0HJilfaD/
+            aidHdBslKYU+QyRYAwNTr47cnuZ34OBYnWpfASyhTHexTkpH7Aqkjg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-01T19:01:27Z"
-    mac: ENC[AES256_GCM,data:siCjV+Z5YLlwzfcdjO1+FoXfWW0LLA4VwxQrqaAAE6Q6BZFkXZD83l9mDyXKkya93oOwwVNPmcZyqoJpRwpddA8Lhh/zh6LkWtAhK9gCk4/B33w9iq/TbWS9AJsePrgSjXuSO8KNUl6SOIp6xAMZ7maUj4CIGic+8Z+g149Bwxs=,iv:4HlnGoesdg1Ui8SPI4mNq1FfART9+h8qsVdMw2rgKns=,tag:i4XyPWRZrc2emJsT9Tjnlw==,type:str]
+    lastmodified: "2026-05-01T19:19:44Z"
+    mac: ENC[AES256_GCM,data:VsetkkENkQ7JQsRX3ihytBUbXTOMwnlhsPs9FmQQTe6uO3lidYIOiqNsRObhg9Vs0To68aca4cZo132wFu/2nVMiK5+fItWfnJRKyf5TaN/1hILunAVdmZlD673XbogaazDHNGbX7qUMaUDB4O4vGtjbx+WXx2ez84vcP7Yswsw=,iv:MF7nccEGrxXcBPJmI2c4rtnKKBPlgQepT5HdntuGfaw=,tag:v9o78sJNOgYZsBJHBBqp6w==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
diff --git a/apps/hydra/secrets/kustomization.yaml b/apps/hydra/secrets/kustomization.yaml
index b5d5df7..fca869a 100644
--- a/apps/hydra/secrets/kustomization.yaml
+++ b/apps/hydra/secrets/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization
 metadata:
   name: secrets
 resources:
-  - linking.yaml
-  - truenas-csi.yaml
-  - immich-db.yaml
-  - immich-secret.yaml
+- immich-db.yaml
+- immich-secret.yaml
+- linking.yaml
+- truenas-csi.yaml
diff --git a/apps/hydra/secrets/linking.yaml b/apps/hydra/secrets/linking.yaml
index 0dc45c6..4764315 100644
--- a/apps/hydra/secrets/linking.yaml
+++ b/apps/hydra/secrets/linking.yaml
@@ -4,20 +4,20 @@ metadata:
     name: linking
     namespace: linkding
 stringData:
-    supe_user_name: ENC[AES256_GCM,data:u67lwRTU4J5IxQazkFhtY6M=,iv:V7SgzZdRzYbt0Xiprgz4eR5tSR3PMFmArJ/1QN7JFOc=,tag:4hTpjlEyoNoOwNkr/pCEFQ==,type:str]
-    supe_user_password: ENC[AES256_GCM,data:bO8IYw8pPB4HrAow9iJXF+mTQqYnWawMh21I/ivgIDVVD+zn7TpLGJgbWIg=,iv:fybrYsAIsdGUqQzcLmutlsR+K+kJ4FVZydaU2f+j6yg=,tag:4VfnVxMswCh8poqrV3vdvw==,type:str]
+    supe_user_name: ENC[AES256_GCM,data:Xeuhs3+gKI+Thtxu7CXgMq0=,iv:GaVEyHGWTWnqU2WQtzi0EsgPHHflenwBv7WVvBev7ys=,tag:7r1ES+DyJwBCjJJJxr3LkQ==,type:str]
+    supe_user_password: ENC[AES256_GCM,data:N369fIANeiNkCezoaxEKYXb6AwRkQEbW3ADZ399Ex2NFBLGigL0O2W6m4Kg=,iv:TroN+3lwyZSEPwgPTdEsgis9FIxMBuP9rX/lrYH6woI=,tag:jo54+pzv40szqCTC43VtrA==,type:str]
 sops:
     age:
         - recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweU9jN3Jpd1RSaFkreVM4
-            TkY3WFdUUmhQY21rcWNvQ1dIT29iNG5SL0VJCm1xeDJ1QnpJMkJLUUtrU0FyN2kr
-            bzR5U2pxM0JiNDN0T0ZNcXZVT1NOUXcKLS0tIFU3bGtCNG8wQUJjTWlwUTNCSVpl
-            OG9NWTRHUWxpM2VEN2s1VHZuRm5OUXMKwKC/dAJIwHNM8aCdjhLn6teFRMQLfHx5
-            jK6RLcMmplqYzLCStt6dlLjwIwbDbCpMpY5v9vrwHXin8lN2DPgygQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1OXBMOVZqb2pMNHdSTkpO
+            TFRpVDRGOFk4WEFhNjV2SXVIMlU1U20ydG1ZCkFGbGsvSDIxMEU0V3VWemx2RWYv
+            Q0F3MFFKVTVOUnJndXl5RU5DQkFsS3MKLS0tIEY4K3BTM01FWnovcm13S1lZQnN2
+            QmI0QnhDWk5vdGI2RjN0RnZ6aGgxdFkKjg7vUteJoIyj+zEGRJHIvEuCCkNnB2+B
+            9so1cDdgUiiMTk1WFkzC4gA0kYcXZktmuHYd3Y9dO0NXD2cgDuGLEQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-01T19:01:27Z"
-    mac: ENC[AES256_GCM,data:W3XJB7kXMPZgFGL7OJ4/9iNpPujvbtjfVglN/WfQ3FpuMcnH088DHg7UKN9D0XdtG5UnSLGhF/OxuumQq2tKUs3Zvnr2YjBiAGf2XGbqEEpiW75dZMSVp/OcdR9kjGOkSxucuPN8NlyV2799wQmBoAOq+C6zejNNCWMuZAGRQnM=,iv:rAiyCWR9LOPtMVUckWMfxXWd2e8eSl/CG/nyWFGUFQ4=,tag:SEtc82xE4SU7jfYTJOEoYA==,type:str]
+    lastmodified: "2026-05-01T19:19:44Z"
+    mac: ENC[AES256_GCM,data:/50P+rSY54NK+bD7X7VlSx/NvQXiQpCEj7QK8ua6cs/oIro/ESGWjNekfaBBVUXL6hmF6fmXYdIw5svUJiszXyv3QIIwVmTxxITsigDKpCJZllCuswTs2QfyrEqTS2c974oxx2RdAZ+765urW7oIglHAhvvAjCBv4x44Dg/f+fE=,iv:L4I+kGd7uGZqFwv2DVNFxfRwKFsSpgN6kgeDfDQlhUI=,tag:Q0hfOYYkTRO+9JS6edLJzQ==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
diff --git a/apps/hydra/secrets/truenas-csi.yaml b/apps/hydra/secrets/truenas-csi.yaml
index 2634e57..392f670 100644
--- a/apps/hydra/secrets/truenas-csi.yaml
+++ b/apps/hydra/secrets/truenas-csi.yaml
@@ -4,19 +4,19 @@ metadata:
     name: truenas-api-credentials
     namespace: truenas-csi
 stringData:
-    api-key: ENC[AES256_GCM,data:vIufuqaIdNQH53pLCPfdi7cYIJlqwuHRbzUshgVJDw6Ayw9fPcVj2Ctp0bY34toHgmMjghYs4GdEtiQJz8BithRf,iv:J1woXagNbwqkjNTerrYjvCDQn/+FpvI25ow/szOCxN0=,tag:mRMKq2Nrs8qnyoQRYkIBtQ==,type:str]
+    api-key: ENC[AES256_GCM,data:qjm3UeKS2MPTNCg4GhcR+vq74Hza8P10FFDrAbmzoPE3PS8VyIxucFSIvIk7IkDtG6YHlW91KXPqExIzquNM2fFd,iv:JyoL1jOFNH1NotpHrqxVq4+HREeaYgE3bkeEO5uTs7c=,tag:5llAWqj7/Ml5/sSqplbl6g==,type:str]
 sops:
     age:
         - recipient: age1lelpkv7u2xh5wezuwp09fmf9gsa8gp4rzy92jz0t203au82a7u5sutsjwa
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbDhQMmMyNGlUTW9ZSVla
-            MHF3Sm1lS2prVGlFMnVlSWFYaENhUGlBa1I4Ckw0N0RJUTBnTk53eVFFZXZyQmEy
-            Sk1rLysxMnRYNVJEZzdoS0xTVXF4eTgKLS0tIFZZZ3lJRmNSOEVocG54TWd2bzM4
-            cDVMM3JoTzMzckhpSVA3eFRwR2dnZ0EKD9PygzmR3aAhVIqKQXkmu4acE7Vq5QPj
-            alS3B/qmLWKIt2jaRlB5hpCK8DXKT4321dRQ0qE113sIPeL3IKxbEg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcC9sZ1FhbjU1Y2U2Z2hz
+            WkEzZFZiNk56My9tRDJXTnhLaXJ1V3lBeEVnCndUcjFvTlh6aFFWbnM1N3BsaTgv
+            WHkxeDVZdEh5Uno2bkF5QnlSeEl3NGMKLS0tIEJnRDFRZmJpaGhhcFIvVVNyRU80
+            M3FiRWFpa29hdGlTMG5aa0lNajRHSHcKFzeMQ82WD85tmnBmUy16BzCmqIEcad7B
+            atNXtrNCW8RFiFiu+zDUd628DiQIsvPXCx5ugCoiJlc3jxSNMOHtIA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-01T19:01:27Z"
-    mac: ENC[AES256_GCM,data:m4dQ2as1gWh/C29r4oP7Gdoz1a+E+nSeT5qqA2hjegdMb/RQDh0qt69Cb3cVPXtguM0gi9D7toajHUAWwxCwrYGECtKtuA7VA38aRKheUHUJ+qNo6THzBcZRru3vFNgWwoi4r4fQbX97z92vTehblANm+YPIjK/orwfaXPsQA0Y=,iv:BOVDv+zreFJdbfrCySfip7BXe6FCKoEdGXccBoJ4SV0=,tag:soco0NPvlLKh6DtZQ4Gcfw==,type:str]
+    lastmodified: "2026-05-01T19:19:44Z"
+    mac: ENC[AES256_GCM,data:wwI5KlD+917zgLKqSDTlLnd90DQo7mNcK0oHnd+8ou2KI3UM4xg4zVKZSitOelgmbP4G12K3uBHpya60GP30mFVetqgghs/gSoUakyUG3C8LJuOUS8iYemESx5J/02hfDRFVLripiumtQGIGMahVbskLt2F5vo65djdu5JJqFMo=,iv:0J+AUZ5GfNc3E4NtSXw4DZrWt6fNhj40Vl4+pwlm45Q=,tag:WVuXRkO583xQ7j06m2FBeQ==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
diff --git a/infrastructure/hydra/truenas-csi-driver.yaml b/infrastructure/hydra/truenas-csi-driver.yaml
index 66b5a90..a503793 100644
--- a/infrastructure/hydra/truenas-csi-driver.yaml
+++ b/infrastructure/hydra/truenas-csi-driver.yaml
@@ -1,3 +1,19 @@
+---
+# ServiceAccount for the CSI driver
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: truenas-csi-controller-sa
+  namespace: truenas-csi
+
+---
+# ServiceAccount for node plugin
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: truenas-csi-node-sa
+  namespace: truenas-csi
+
 ---
 # ClusterRole for CSI controller
 kind: ClusterRole
@@ -300,6 +316,7 @@ spec:
         app: truenas-csi-node
     spec:
       serviceAccountName: truenas-csi-node-sa
+      dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       hostPID: true
       hostIPC: true
diff --git a/infrastructure/hydra/truenas-csi/iscsi-storage-class.yaml b/infrastructure/hydra/truenas-csi/iscsi-storage-class.yaml
new file mode 100644
index 0000000..46b108e
--- /dev/null
+++ b/infrastructure/hydra/truenas-csi/iscsi-storage-class.yaml
@@ -0,0 +1,13 @@
+allowVolumeExpansion: true
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: truenas-iscsi
+parameters:
+  compression: LZ4
+  iscsi.blocksize: "4096"
+  protocol: iscsi
+  volblocksize: 16K
+provisioner: csi.truenas.io
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
diff --git a/infrastructure/hydra/truenas-csi/kustomization.yaml b/infrastructure/hydra/truenas-csi/kustomization.yaml
index 540c509..3616ec0 100644
--- a/infrastructure/hydra/truenas-csi/kustomization.yaml
+++ b/infrastructure/hydra/truenas-csi/kustomization.yaml
@@ -4,5 +4,7 @@ metadata:
   name: truenas-csi
   namespace: truenas-csi
 resources:
+- iscsi-storage-class.yaml
 - namespace.yaml
 - config.yaml
+- nfs-storage-class.yaml
diff --git a/infrastructure/hydra/truenas-csi/nfs-storage-class.yaml b/infrastructure/hydra/truenas-csi/nfs-storage-class.yaml
new file mode 100644
index 0000000..23f8500
--- /dev/null
+++ b/infrastructure/hydra/truenas-csi/nfs-storage-class.yaml
@@ -0,0 +1,11 @@
+allowVolumeExpansion: true
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: truenas-nfs
+parameters:
+  compression: LZ4
+  protocol: nfs
+provisioner: csi.truenas.io
+reclaimPolicy: Retain
+volumeBindingMode: Immediate
diff --git a/pkg/enc/immich.go.age b/pkg/enc/immich.go.age
index 6d959a6676cf89898ad7d9fa2e5ced35c7b24e12..6a06fceaf35f107092efedff0d5dad190a93748d 100644
GIT binary patch
literal 2568
zcmWNSi<8p?9>>Swp@JR=9texFfN)5yZJMTOMs#WVZj&}?o1_h%W78&0nzU)VZJGoX
z#o-nO<a`e&_7GQGk7Hzc+zsC9E)P*2qB5d_&a8l}oCt_`fFN@F2mF3Bzt8tKpKrFn
zTlsRXW>o5uTE0)M6>J(X#`<7;Ns;*y>~iZ42m+9Hk0&i)5LO7~M22ZFV9`}Y!ZlG%
z(;l#>7bKMeP^9V4;{u$ZbhjR^^C*hBzyjq(^L8%n&l(=i$wk>fUaVwk#^K^5M8SED
zkg_Ig_%t-aRz;AgQ6;L=9#b&U#xz{<dI>Uhs3EB#(=R(cGUE5cMA(;c<lv|UHJdg%
zNwZqRQI%5BCaIwnz%JxMiVG*hi8{ike35WC$&vLcR|6UljIp6|BWZLJ7$j5?H_$1>
z@TkC*no6la)RJx_Bjeso0EuTiBLJIj@~Sgabk*RL!SK<f-SlN*V1+R7KpL^3Xh;#I
zLQv_H&<1VVvt%%+0VW3Mijv7YU=*|mk&Is`!fq0F=L~^1L#C@vc4A`Ofp{pCPwIKo
zDEJGUhh@T25TSTanikALiN>mqY?i}eyexz`84mgyw5~fXgpe_K!0mvFWoO!3s5Cll
zMmms5`&1eV*RTQ>L~Nkpi;Ge%h_MWnDY0d)syCBBH5@MbLjo(+(`Yfm@}!Ko<dBSu
z5(oxUbzj&?h*%{<s^z*J$QvRqVYIyw;X|6HB<(z^gc2sqLJF*~O)Z5dgKWA80~K9W
znzBK`sLuJqJ~OAX*&@l?kvN<oOC;{*5ss0_x&Uz&C{QieGchg^0kif*D4War0S{0k
zl3>OX8=fipAb$jL0X2IaPmr-P;p2>Yu8`3q2|SV0b7rL~5g`X0h!rs`fj~kyL8UDi
zQ4W>32J7-wauFI3NhblQj$oiFD+~!Rd6`ben~Li9aw%7t#)n@IGE<5rf$~i{tFS>;
zsu*lG8I5=fN{vMFcp*+DhS9M)Kvg|8AMQ3Ib(Y6jTeysO+5(X1EJ2AT&F7>bOyR1Z
z&Pk0L9`zUuk#5L!&L7JtLISKq2q!T`qnJQ!bhK=@`D0m<!-|=5kd~ZzJtmo9gmV^i
z2%~zuq#yUibvqOG*&3!#j`NYQ0a5t?A;^*(t#s;@td?}}9)OC2E_d8(GvgVhFdV%%
z2S)60!NGW;tP^zzae@;G#D}=@{+uQh8-aSv)Z8jkbvoH-0>r9N1;s0(B*;Jt?Nm!D
z8V;o~IvI7s7zfl!0GTPm25Tw9a1bakM3w-XCDcobi3}(UGL8GhlAKg2&Ci7xl=Q|a
zi)tpE=}c2==*@iEE+}LLEmswatrRSp0+z%~l&qB_A+na0irz?A5hEOmKurfv+QCXH
zPUWIG&10f&EsOhvSb|Q|WnUp6HXOs3S!&r~shED3-DYrr+ieyVXR{I{5H}1aL0<C6
zP_7;?)q)XE5{+?L7}gtdELhhG5l)-7G}2i$N|M42?}_vAV#*B`c#|bmP-YAuONdM+
z*7Oqvm!YfPvRlyt4$xyW(_Dcf<662J#>&p3&4bf|n9ao-nR3FRfnFX?Vqy%UVpviq
z)u3LGLoiB6d^uE0kx4$HB*?tfpfjFiL}2oS#V42fVFgtZ5w*m@cF=GFge~UHgolyn
z6&Cd}!E~|-0)(!WV_XFQC<Ciha-xs0P#!iF?L_lUTFA+q=!`>%s(CC)e?=_XX@?;T
zB*Tk-Z=&cRi!nYL19O#t7o@7PndCGtrg#ZwQ%$%<Aku^^1_)+77F?loP_4k1R5|Dw
zlP4{h<_Cmw(WU7TH$y{F!(Vl=NZJck6gU%tA}n625-E#wjMZvwFZiP{MLQ|p7K{1n
z6+V!T6Jd-2jershFesnXY&?$mLt4l)=5x7U?j4BtHFj+M->*-sIr7<(?&IwX-=BYC
z#>uux9qaO+Tl##ro!$a2xO#Zs;rm~kvXZafe82R|gr0Gi)1AF+Q2XfJtN9;C`aXQ{
zfm?4mu()_?<N3eunf2t)XP>jqjJ9??C7c}l-@|9dt~=y}|21Lnr2g2sCs%8S9MeZQ
zdmfp+4!r2@82V}7rl(@Nt*<?O{2^+@{BN(l@Ja5}RpXBv4$OJ0+xlyD`o23m|8VV|
zW1(pq)|%?nt?zyMyBR$D*r|SC*0CLf+kv!oRp5dCyZPYqU+#XRuXTLR{JT~@D$Qwk
zFFbU4^q_hsvt;hz$`dP6tx*BPx@_~biL=tPTa86y#I9HW`crG<uipSYZ6~jK_t)S5
zq35#;8+Sai@`wJ>-BN7(`LAZT^)Zus@Q$x<U*EobLjRS(*wm``rr%|qH0!mSqjx5T
zJMcVo;`xD>ysx*f=o;*@pS$wX`u10Qmu$XQzBuXe#b3V>tt`DNZB^&ChNaLo4o-G3
zH$HJhPt7~@(!@{HNxS}WW$#Cip8Dqc_|3ns?R)*6o!!zMEsJl(eJe&yiEJo6deJ&?
z?V_)3M04JlXO0|gyt!@jx#P>=xx9@0XFeO>Ic3i^WZ{%}i-1?Z{(>Qo7(qzKL$^KF
zT5)NqbI+ci&dlC4bn=m{-|GYY0~c-@*od8-Hb<YrZgL-LgIn80%h0Lr#^B-u(^^dJ
z&B+IkbVQG?o3`MR>#HBOT>k#Kn{Qh7(1&esY~AYi?Z&q0tNo+E9m`(nJ!pM+$)feA
zzwR0Ihu`k+dTz@H^X^&v^2j^R_PwQTeRp)`pD&(R+5KaJarK_K-k3US=Fs@L3zBOe
zpFHJi$ICa8YyNWoP7kriO?;Oenn~ZjHL>#Crm3yL8^(S5%CWK57x#ZWXQF*Fx2E^X
z=$ZXgepcJInGY}DyjS@5<V!2k#I8e2L&Cz=xV~enc12%&{@Fdv($op_KE7q(vz?c}
z^mJXh>9^hW_RHNx<Jna`J<feV?~nej!nU5p1+sN=Xi>9zWbL0OZ27XIIc;GP9y|T*
za~IlfKQ!->_1e!|F0wm*rlk)|nbXmIaQv*H3vF8h&z75a&o&=Sd~<yC!ogcVT&w8&
z7mQ!f$Ie{y{HWaV>)O-LJp9IY$=}~O2^)tu461jo=X&2;cY4E?Y~h{or4_5tKT~J-
zul5}LV8~o@-UWm&F8^frJ7d4-pZ2#IEWGxKqe~sN8#Wvm_sr+-ADy-LgM+7E?Y*+F
prA(|(zjtJE(QN43>&vN0=VvVaLKy4~{<aibJZ|d8i&t*^>i_jB`bGc%

literal 2568
zcmWO6`IplK0>E)Z5S$e`6jnT76dibku}zvZt%_^XJ86zKO_N3t+B8j@Hf@uhsmdXO
zh$5#Wt_RLrg~dfVJP-u|WjQ>6Wk5lcC*le_E36}j2g}>#r|)0z{UlYTQz^=(Rj%er
z#k)(UYO8~7o%grvg}kDpPFE8`5YXM;R03{V&7)#HA~_LXm^M*++^$pZYRO31ymqc^
zn1U`h!GdZ92%3r0iUS1<U90AtSQ*s0SR__L>8wbJVG4s%vZkU5%?k1*e>G32p(2QI
zJ{Og+NYp4sY9%_?07yqYTdlHsyug+XxmsiSbcqx=&dLSFf=|Y>!L-1Mws3>SAy9=g
zaZm@V5YPKlNQM!WJZ#WBWD+nz`)amY!OmE08ub)WKLbfE$X?F3!dVAQz?dgwAgM-y
z&XG#hi~(%284q}{mYMTcpt6V3IeVD)D>*}!ykb$zH}EQz&f=+>Xa!xd0*}Qr6cuqR
z87qP`BPp8<YhG1w)T(?`6|!Vl_Qed*3{$MbNt0?ds+N&zh$~iHS<OxJa=ld)B%O(1
zShgVvMa~CE71i$miA*A-SuqR`qd^3SWGju5rzL1?-rK-RQmG)6DS~w34L6rDN*<@J
z>ILAeOSHU%O&0icHEx$_S~mchBdw;8lJhm^m3m`_TFj?-Fyg@c0i}e7)x73PXCo>^
zDm4`;JL^IS$)K`H1B#8tjYbtHh&mFYVUMc1nurAZTwzioC`+NFhJZWpR-&P+E}AO?
zxoBQXA>JlV`#dlyn9UelkI?o2=O}s+ULX;s1lD~DfJb2|=eC<_Oa`o~q2z)}im)^Q
z6sv+0C?PH*3g~=OgndrG&jsgrhK)EvDYK$!nF7xe6lqsA%rY|3cmZK@@hX^N8MWAi
z^JcLDHeoR2t?LDcB&Vz(fk|bHq3bXuST-`oT8?CkQSA1#8)#Vxt!%(yK&O>vo|8=2
zv=mjRicFI6FmwVnFftqP#0jZH6hqY@qav)Bab)d{mKp)`buYq3v+;O}rBR<;N^w3E
zha*xd<Vd3|mlVp3k>p$Uh=6J-8vx|VD9R=q5La{CGo=`zs8k3Bc*JyTshp3;Ykt<|
zZIqg-x0FcLXw|^;0bUANSTYt5R>V9TNw!$Q<`f7OVs#OT5-}B28V(?wis6A&9SpcV
zl&9$s;aaU=rUkp6P8X%HWy8fxvFP<XTlIV*AJ+{9v9JadGBl=8MQE=ZP9$>qa!&L{
zopL(oOvf_mmR}|i+=ej@+F@Xv5VV*qpkqdqk0YLJz*Vk9A(xkKgv^HO#8`mQ0(quc
z<Wn+f0G8H5^Q|=OVik|r2>3#f2LiyX#-RR2GNHuFc%z0!aSRUg4uWoZb5_|;fmo<$
zrQ<pRP?&^bkOMYs5s|Nxgo=VS++DL3F(Vj^%0A3h)HtV>2q!dEW@MBWN=+vcFPmyO
z1A$sozhXy34-~=$7EH;ZrcdCqdPU8YBqiVqLJqI(3QLTg7qZzD#5P(A05)_g0}*u$
ztyj}zG>W6~G@HoTWnWm4qP!3cnKdXx#V}vXE;)2g@`gm3B@xM1iMmX`Gh1jCeS{p#
z)KFIjjoZUf+7GuVCYOVQL7e0Wg%oNruq?81DNr%f@fg-1?Ls+As&clPs>vBTfxDrQ
zI|b%qPB>tP(PUV~+;+yxXkpYK!VR;8gDt3PGKk+G>{N!sc#^L($qZGNNOvLYvkXWG
z2AmBHE}1~FR1}$<OqyZTolJzHDpP@5K33vtg$(Hp*Zl>vY2rz>P2qiE)=ls(Bmk04
zopS<;vyM=Rsy7_Y6qkVAA)93>5&-$yIy*bt844$SUcK(-TgmE`Ga$H7$L%l_s|LAR
zq!oATfNA&Yr9`3B=J_}>UvbTNaQrhJt6v@Qr*-Gn?@ow=+v490oj3Kp*nwHU9+uu+
z)-BHkw;isG+r7B^;MVs$x|tVnbtWH~lfL%h9UrdVb@n#zLz_FsKqL13d%>5FUA=GR
z#=wO$iyig9J+b%E(^FQw0F3T?tNZH(Y*+Pxi_+Bf8{{`GJ)*7MV*6<Q*cIU?+rL`2
z_4yMNdR+Q!&7RILx8J{L`g_X*{hZT+N2Yw2n=iJH(OX;4*EaP}RQmUa2MtTUKI!86
zcbl^pua%~!?>Mk+?$*z}6qcGMExC2e=((Lp7aKWo^Mpee_rJan8L+zV=xXQebNi=h
z8{h7!pV^APXl>hl9#}Cbs(k;%xWfN-9ghZX+dJdeq5k<DCr7fM)_bH`<FoVFCAVhJ
z-0{;@6SZZhf_*=%y)<ay4a%Cy-%Ylkf9SH<bMf#$UcP4YEqBlQWGFFyZ11v{;+uas
zH}BFry?=Rs&Y1$k;76x?J8O;-yd*5%e&fx38_p^>eYodBdp5E7^2V)d4}bcv1D-B?
zu#V?LzV}|aF>vF)gL<?KwqLvR8tdS`&g-8fKGvREGrGWhy;s`UBd!=Yg53Sw@E=Dn
zozU@5{H0&0B|}zD`D1VKvGFtTb@vV0F|z&kRYxYZ9bI(t%i_8F&c4&G_n)`Cd-B36
zef@`{?qXl~Xza7=&%Lj_x?$Ly&Uxo|6F=?in!RbUbk)w*0{*w<Xav1uPw+p*&!&%n
zdjH$oaZ6tp`p`SS%i_^PM^fWXc0Td?2agV3mJ_?mZJ*9whiR>slfefx=RG6;m66&z
zPR(8PMu3}mYRAA+ej>Xwnv}nN`L{QFPi&erd=PP->o;x6tMKf{Q7-4ErouB1uRi;j
z`si%v*t&k5!nOU5ZHAWyyIvc<I&{A58Mt!loc(Y8wu&8pUvkFIJE1=u`J`*2UV3wB
z6B%2be0)E8=U2=m!#QJkeB&<%pZs-Te8o2LLf?sR4%~bD)SewP9v`M(Hw5_l*=N9?
zdw2CH(2z$?%m=#$Pkm7uRk<+iv~AI>wbOv1Z2RZ7t&=t#uHE%T-$&n+^X9aL(gF16
zlk}c#?wyypB@agXwT&3rvGe&6+js57_nG_0oLEWZR*kx>%^h{~yne5ge~HbUHFU_?
z`~Q4bhMDlm>0QTve%p3v!n6nP{bIm`)oZaG?6EWP<xh1VI<?@Yb8G&7{zu=U-Lf>U
z^UQ=>{qnee^s1T1?%8>dal<o}%)&9dh=&{7zdzA8;Mi@KJAR+|N<O;kYIkq>_~2QY
f=caG@3_G{<<LfqrM;xAT-4C^!y2oF$_ox2@A~5Ok

diff --git a/pkg/enc/linkding.go.age b/pkg/enc/linkding.go.age
index 634c988481e09c31dbc53058599b608f751fcb47..b849e4a3a3473394643570a934d8a64086760850 100644
GIT binary patch
literal 2126
zcmWO5{m&Z(0l@KL7|4S`9y4GAAwV+8c0Bg3z3cU4lH5z%yKC>Y_tq24dhNaSdhczo
zEeHsR3QR~q7IYx848jl?5Xj<YoEym!2Smoq0)ml5UUWg&m>GzI`v<;1e3Ea^wO8z@
zpUso8A4lJgGq*H_mR7F4JRAjfh*oQ}GJ-(Z<uf@Zl7Yfv0YkG59JFyC?9xV|%)^o!
zxriZj0T7KQRuVR}p-Wb^RB%fOPgH%UtV+&Eo5Rk0<Z-&mX;Dq2dto&XOpS9|kZDW^
zs|gi}pj)Od#lSoxu~|K7HQ6$&BmrW8(-Ouzg*k<xp~eMLY?wtO)l1c^H+3^3fZAQg
z$$(xS=)7IV!5R+t_yN|es}?MSoH&n*X-W-bP*+NvlY+w<He}m<poxvep;zj5Gzu*j
zH3=Pfu2e1nH~?LqmOJQZ;l;65AwwLT^T|kv-MW^=oJO1KBvmc06XI4dnb8X`2Nh`%
zcp@2PJRz4;Qcl|1xEOTtXb8el8S?^QOy#PU>78c1((OClc`Qzx#(*z-^Ck-FUa_#N
za#~Pk0(3&hq5Lx5=~1nANB3L4+HuPc6XXq;_89{i2&#q9rd(Z=)5zxe5bu$!G^IHJ
z?ThA|QzmHx0%f%+>%0iTAUk$}ncnx3khVu)wis3jtvPPj7*<5Y1f(%iBlOBx?>MH!
z841fxYBbx8?3y;HlBcyNx?#F#8G~jZ$rP0k2-;@I4h+McPr$6gYou!H!OUlffvAYB
zh!b<ZOqNSJ+a7esm3qM!lVG9NeJ=Iq5mFttlTLNsD`_>O-wL6!VH0lRQ7ueF02a&5
z%=HjArl!8avn2*fVnW~`MRM!Y$YV93EDKEpkml2<LQ~Mf_iYj!@p9UOSZaYwwUQWN
zSj(-=5S6G=qa>8A1OXHT<7?2|EGPo6nx0GfmetD|<@QvRxJESQ*+Gd>T5KEwkq<Hn
zO*NEGrK`Fe#ZOvbXIj#_pe0oL7KGzLf<lYhJe`i_Zs>`Q!^gu&7*(;BS<rYwhMwSY
zp5^0Q-)~8Y>IGH>)a_2tph<@#B?{&-vKJCE;kRUfQ(y|@#llgV?VQI1-y8vsA2dfu
zf#G?P4`54J*il(Q3Al^ubd@Tqbl(~d+@aj*R3{ibX>}?VA$tnU8BH%r!I~Cp0<Y3$
zDi1)R-=Gbhl@N!QY>)P<1Gth~V*?&K^iVGGi-myF;DDleN3IT7wpnUS*nHe)TX9A0
zG@+R@P;9K3DXu(Ag$gN%+1O(my~$~NFDSxDgiWU%qXi_(!ZfWnON#=jt16i>^03VV
zh0FERycP>tSkRb3vb7Pg&;V2D%<+68_HwDolZ>pWHfdJ6RWRsgg9aYBHV83MMW}X-
zyv`CnSkdHa)(`V8;p1X21vx~@pq4Au#CQ~Bn6_9Dp-2p;)45AK5a9sRCSznsiYxHA
z9}Cku&tsyESschaRxhZ`Dx|uoF&X1px;&B=U0cmk5m}@qVic7o4xqtf*MJdtQr3nn
zq_Q(t?gZJGm+=N$(Plmj7;P@X6_)8K0K%I?fst^)n`)C{9(Jv1OAx>jg<5u+=MjQb
z1#0F&1>4V=m@Q^f)C}ifU=v+t)PyT2Rn;8<<UI~O9m64|Cyzxw>Yz1)^}2QnhnA2}
z834_lbkP|DRI3FsMp;fPty(K5hn@K_Xr7Lhg*r44A+?fW6b`FsGO{IVR_>z|#%KT%
zM}3UeX~JC^IjYv3CM1g{99#qwU3GPqw%VXlE>STKr}629ta9r5%+kur%H?d~wt;cg
z*AO~ZN!&#TNns5Nz#t4CVEUdNfM#h{!w5fKT0xC$-y7}GmN##9e)8qUJ=rGtz1PnA
z)s8(s|8Twb!T$T0$;ChX#rz5LxO|JgZts`Z{Aqsc;m*lJC)(St-So+EWa}GC<l4^F
z(w)aY2(Nl%^6V$>`=2eHT>ayV4t#Ob{#BdLn7(%KU(Cbtg$MuWoH{$o4xV@PsT0`+
z&wXY0`Fk#X;KM6lU$y+Q`0tH32if!d5%$=p_rLY>tLFGbZB_l_ul`}ba`dk6mR|b%
zXXD`UXEwZh>|-1_CY306-La2uy=Up<k?oJ2dG4z9?$*Z}zkc|}NB^?=cCjw}V_Cax
zeCVN9?mYFgd%pHw@~um@uYG#u{OT?D-nI6fxAW!cb8p@L=8o@xm!0={eP4F{7kjr3
zg-2`O`<wmtBShnlfH}Nr)7d|5*|(Wrm#v)>_!e+*$rT&Fapk3x4RCnXbw~G}kT&dE
zx8up(AEXC2=f&pnt2bP*YUghsdhNhjd!M-Pm34<|g!|x&NB{iM@{#2ad)uDk_S~Bs
z*!S3V%g=BA=DD*y?;Zc|3+RFE+tv)<zvGm?efPE>9o+Eg)8F5+;|KdLGatOab&=;k
zfOguu)|0Eh_}!%!#~WVX;vW6w-RR*L?k<*|J?F{a92tK6&h=;Cr0hB*ueo~5{Rgi2
z6u6ov@7sFK6>Dxh_51PhM~^)7;+}W+UAFVW8*V=He``7EKcC;QdbfJU-G^VgsaRgQ
MQ8@P3bN;#N{}kmB{r~^~

literal 2126
zcmWO2i_hEy0RV7$$lybe#}?2rva#_9^`qC<U8`oH&+Gef*K2znV(zZ(z1rTjcfDS#
zEGlGV0wTyJAi-b;$k4DMZxoh=Ko9~62nYfWF!BiUN<ayq@+bU$oxZ>7$Gx<e&WDru
zyh+*z7tqS;){Rj(_M=)AU&0s$5gQ$b^#Ye6=Q<P?I=Q6Um8w=RHFVNIN>0iMIOrsn
z#58=a57&&In72&d#Cn*}UeaBI#}ZmlO^tyd1<DIkp^~97Mqw}OQ1w|jE@i^0vrT1!
z#tkE40k*2>HpQx~{<zeFNOvetDd{n;m{h;!Q&P;r+@KDy?gSW4<*{UsZNSAehfXqy
zMj44<vPPrD6*JPnGH)EV#hfU4A?`4E*5Lvx&{=oT>c=D_$Fi1{RZyXenZ?s4qS28*
zL1qfr8D<1yx+3m@ZI1N%5+H`TyNCkB(fGcm$09ckO*3U=10n%WNX-SzR#}EnC1F@h
z+tV09Qb8WtjX_IekOc9>gqz_4tV)*dYN}a}&1R=A7i7cJ{Ge`HU}{f2KTawJo-c!_
z8@DwL!i^<ZQ(TlDkrQWDsE`p?62R)UhLe)W{W*Xjtk;<nwS1W-yg%rt*<d6yP^;A#
zV#&fN30ibzY+_FrpsiLgFRnUNIoFYrfdsrV@<&Uo;C0YZ$$VPmV1J3vtSK}{qxn><
z&x%ETSsiPGm@j-?ZdC;ot?;$UVrD_IAnU%vk}0JstXC1KNhU*!yh4~1AY{Ik;aay3
zvNcByrc4=vs%kG?*~mn)GwhbGMUf~5m{TLSTOCtZqk(3PRLkhWOGaxbb59&wxq@h>
zZgO-LOwxv;Qz*kRm8uPeU7TJ>Y%Livran%JI*;@DBJ|qyv;Z`_)f8n(=<|)F9VEnn
zcR+Mz&4W=(D1fwJ3U7pt%@V}p4q6`|8foZptuh+~E;gQcj0#~Rja%j>s01~qmCOMO
zFbNy(^&CkfClM>Pi)w;QyFiVV8t}A%>T&2(gh&}Sm(qAtfdd^#yC5|u+e3aJGvFj+
zlmuPkPB0i@6v!^4kgZJnP8A2z5YF-nHY}BX&vWa5kUOYM*o5eyM2KODjc~D?@i<9z
zN=BeY?5y-b8=PtUP_rZ?4=RvI_a?UF=QKaJCPg-7C3L3DF}|K@)ma!e#c{o)=Om<$
zii{LpcItCxgLG!qAP-W%+2|I2M`mrH?2{6}I1|a@^CnFq*oeSA$QZ>G2<Czb!ei5b
zI{g^eYeW#}(_u|w#|DH%E)sSej~97=0jo@V9#8`bw`5P_ITDZ40je;Ku^C03s142v
z(;%EC?h0wZmH}4>9EJh93IIcfCaH_X!sk5~L_uUpW}PS_ycmLFHpU8)r^8{hGOszg
zzDNs5E5lwf2H+uVVNiprHgzp@DHczNW@}NeQC*8iOc9>2s*%g$u-=w!ZkSaoofs0E
z1xd)WfiQA_X&0W?n*|8N3oVLT%YlY4h=_PPG|fG5LOF^AlC32QX;nTNPOVsMv+0sI
zq*&<T@eq(yt%c|#(Qft#88a!H>~uLYjlF8AD{~i`VgQHL5?-~jY~BK_xsvN8U{<W5
zAln52Pf$WvBFr+{dNwl?L5Sjk=X7eM&l`w3$y$lbr;;AILVIK{`!q+xD8d^9T9|~5
za$=1+RO6E<<m*TlxRlG*VwRz(UQsQ`R^)?juLTU34Y8Y$<+usLaZyET%K=Q1E9N2x
zO1>{udW+f+st&tf2KObeYjr11dsMH9c8&A<Uurt7mDSbNjm=gzo`bSEl9UikLUY7s
zGp#pegEUWRJ1onfE90D+^t$=V^GAHV?$s}j`QGQ2@!&Vey}N&vypzBF#Kn95_0YkG
z*SeeT`sH7CJV+gT8od6VvmgEXi#Kvd@A%nK-zoN<_0P}ly}?Cqz5jjUn!WeFe9V(;
zw_SbV@#6Wt=QdOCRc4zHUHjf?2Twn4=LvRY-4A;!Up#-t^|#;ok4JX?=lnCb`_F#*
z*u$6q_+fLtxNS4@=9{PNeujPL(?i)wuRItTAN*Ze)B5Jt$Bx?0se8`2VSBxCk?@u0
z|AyXt+l`l<{<`?wtB-uay#M}o>xm!yT77!!o9o_KgWs{|+&f-5aPj5?zklnTV*%vu
zLx&%AM2FbDhCY5v`qGmRJhWjOl&!2BJh*lJ;isbQeV4sa+3d~^+q>=iFMhJO`@q-E
zKBQlF;<tcJ7hU~_?9Z!jeg4$DU;R+MqIm6@*ZzIqo#{!>d~(ix|2?^P{kN~GJr3Tq
z?yhdK<;rMR{kYyke|_6SH{$UA{lxwYkZZT>x$2r<jJ#R%e+Ty6jeoHJu;P<HuKf1H
z%8{GSyT`Xa;w$gq&z*bnt(!-)8`s~p+uL`hbQ`-9Tl>2M*Q`Fd{O-#~@6>;Cxh{OP
z>o?S=+>gdj|EaQV{RLNCvRwD*bs_R>@7--Dzj(q~Z_|sb#+R?T<&;ZyLD)})kM|wF
zVaMY)-E6(`^QX^y&0c%tk%zq`J+?Qv1$<-2u2V030l9w5h70mXFFo;v5AS$t!==@8
MKfC?P(fw!rA8%j=UjP6A

diff --git a/pkg/enc/secrets.go.age b/pkg/enc/secrets.go.age
index 7e5bfc1e9c5203e5ac8310d733911fc684e8d7a2..2dabf8e29e12ff0f65d7134b98d8962fd97db135 100644
GIT binary patch
literal 2207
zcmWNQ{qNL-0f(o+{6d@z!;Bgoh+pI81^aTnmkM*c-u2pRuXoq>dVPs5yX*D(a_#l{
za(&aO84isOHa8X}utgy-qcSvnGuRY$6P-&)hz6sgG6k~vKIY~iy6N}>K0iFqlTTmQ
z)@l>gPp6^jPOf)-9f+W1Yj0fb*kjEp70U@+C_w1yNH!&1OPxl}u!;kLwuZ)79FBd7
zbFwT>M|CM`SLy{K(DJf6NG00>;&#e$ks0+(NJ6}-65>cAOz8k0bZG>y1(+GOUA_Ve
zM3YAHK$)!8(YjC6;?xE>Zw#wV!>&(Tnb@wQCAARnS_vXmdNfHjjhRIuGz~bmE&Ah;
zmKR#8P7N)NH*3X`mk0%yXFQ9u1CyOtwL&uP^Mz6<H=%YLwR;uCRxu>&Ft9kWk@he!
zaZZ$=vXpaKoHEpIQ?|?*qnLsf;UvJ7%DQM2(MsH_#HB>lb2!wL+CUA17-80O+tY#2
z%Sj1MDS+=V)-3eLel*RQg&+^sK$A10qCe`u-CkZx5(d$$Oyo|~-T=jNis15o0F+FM
zjTBh~I~Wy-Q6ILnNl++f6^$Xod{8xp0*TrTfJ#IrRcrY|Itn;f6TMiHiJ)RZ@W8WE
zEjODahGYm37))izEfMvZR)uTiEOT<PtdP9L+htVMr)G<?Lrkk6X`J=2j4EoR*AdM+
z$J!<q8YJcttdR~Rw3m&CK1`|r)dvjA%m_<Ud_=@38+WOeiYYa**Wf8uloDO>1&FFP
zXHASX3JK7+;7%XtkoF+y`I*=16wYCYXpe6z9at-y`j|=qNMZOAD%e?v&FLiTG+nJ!
zLmEoh27-nxL%f5^x=04Zz?{??<hg>`$dv6A7>k+$yKu2Yf*_uX1U`aI67C_Sps6S%
zOdDlR={d!2)HG<8vdXNllZ4`o5*Q20VMgPyqbZ!1w^?Tf&s>i%W;#X40HVbqf(@9y
z=jBkwnW%a=!VFJFl*COZ7Ntgb*Pb+Htly%65e3NASwDa(5I7{2*hI=UX2pQ+cZZag
zArk{7Sfr&lo5MN)c||f3C|FfyEi0-6L9L;R{cs?TY*3DSx<Jb1fz29IAjYIYTSlXN
zzK=1n2s42c`=nE)T2tDM3dMdxA!D1AI})9iBA+LHyI``}1Zeb#1{ms*pSVU{sTD_)
zL92%cwjK@#7D_Wx>{4YCE}K5+=5#foNfYJOTvtqMiCaJSb^(OoT)p6p0xyy4HcDsb
z3YL>5qp?H5(x($HXBrVogLFX;S{$p|9j2}4fTZhbNhKSEf}5KOxH=9-J`crW14N}9
z#)dPbt5s}Q@7rS2Ogr+-gGNLVmfC)|z#>MZYLh-28Dv(Qpi`zinpqqd#C(SHJPiR(
zm_}S1$XZ#1n}ZfAGo+)>#*S}e&ZwWy#ZiHq#ywGhO$gMqI6~r9z6&{dDqo31v*fAL
zC?CXGq6DKBPS$1>q1y70V%&jRs+RJmiqW+s36<2zgE<}7$R;3ZV;_%kfN2iT={Ldw
z57c|oVAvbRkX;!Flcv<cKwaw>yR5<6v6`S_cc=}WY$BD1{Sd3uvOl#Ul2ejVH7E(g
zX1NIna?o>ApDU@=DkGVmhtEJUJ2%lH&}>e_fq)R*LKv0-*3QxSModi$TB|UKEWQe*
zrq`3PhC)@r6ah&qsm~@MH_(&@Et|3?fHkb|)w>$)IAcU-(iT}Bc_}MQ(5eP-4ccHk
zl_n9^>FE&4dr4hlmpN!>SQz`E6;>+z1ORNM4G@$e0TM|PGtX(E(>x4&^vFe)tzElz
zwVX`HH7e6FOx7n|LpJnEMstFe)`1#Yl^jZT8Du(634OfmR4pst@?rP9UBB8lnl2!3
zeCOHaAKb8f<&{@xKg0`r2ai6pqr!<#U0eBZ<5NF=>yBga!gb3xZ{Gf!?FZgH_0m+m
z;wt8sSFZc}NAImTy8h4V`*++i|HoZu?afP?Tk-vehKDY1bx!2p{C;76QL=sazwRIW
z?xv@&BXI7Mv#U0}aQwvh<fU_OGvRGdELpW=)h2S!L2dUN@wUfW_Z&wKe|5Iu&<Fch
z?RjsfxaOs+j;~++qx0{2<={v2m)^ekzx%$49A1Hx-tlB2VdTn5>liTp^*igoa&!g%
z#hH_5npb4_qr0Ctb9U!7i_G)B_vxaKFWz{e`#-$#$@sqKX!DgFZF|c-SJJ2LZF3vm
zzyGJVEPd&~)#SWx9$U&>@cfhej<+uPo4x+R&b98dJECj0{`|5ndsm#l<B^*6@yqwF
z`{eD#M>mGQ{q)@>+a7%KwIhE$wkdwMFur!*(T5iH6YG{-zn^&Ll8c_^zcu1N?{w|$
zTe>%&ATKz6Qj%93TKmj5vRe=C`1JQ@h&gW;*xd92Q-A!(+-+NSjbGmU>Z7CA7pPxc
z+zyYm9@{uQh0p!vRGck6?M+V7-))w@xODk}U2C2@60e(f?pE(*zkUK-H19w7_6<I|
zZRh4?FYY<Au=n9tHdwDMy0N$TrsMy)T>JM0AKh@{4t9L!)!efCUM#Pldt_ndU1uM6
zSG~UGYqy?$06q4?0~bC7zVYJapMPB0aQd=s|5$i90>7MH^zD;Zm-|1NKKZlH9$38c
xE%D&Z3wJ($cy9R**8HJ&*8S5H=uLaJQY-i0e&E&54!4)Sy7SBV`G4-s{U5B7L{0zz

literal 2207
zcmWO5`}5lb0RZsZA&-3>C@_J8!EL~I!op}?%|ixWn@5v0ZIU)glfnUgBx%~_)h10F
zbUb7{oI7wZ2RKo;lj$9>4dfi+;fV+gfrAN-!Fik9F~;N&+{qjpO#Xn+kDr!ft+f2k
zXcoq9;9nVxoZJMOTY1e=Z#b|#93!T1J`a&g4Z~uZ-HZj|ghOJS8a4EAiq`tJ8X#J1
zFkz*eOm$Mhifl>i#bRN^*IKd1`FIpZt}Jy1*0@wqJ6_B~S#gkRNRk!#N+-{xwYp&y
zeM%n0mLougzCIgxiPTWVTE1@9SOwIT3`ls+h5!_yyORnrQ+Z=-xE*lnbAsl_5nySl
z3~G!<k6_pY@S=??Rg@R)$fssNfw3pB2YIF~*RZIpWW!E`Sw4`P416$$OytgxY^Poy
zE4M2Ca4>4+`%Vq7SCFdI;X6GzLAoScE+v(`H|}dOSxROFrc{rry-7z5GR!1`=?t=a
zz^IM&T9v5>y9!Jj3|JK=dD1JkeXQtCj8aL+O)0tnrU_3W8Cj~b0Z2q-69fP}K-|3Q
z^rTh*%N(n>N=)9u2aH1%JaGny<Y>qbA~p|H2NT%pCp=n6VxnA2^XU|%IJ)Cm<YXL>
z?OY|bCKUsmQix?}vWl@KvLF=X0!)!~|0|%|1#0N95LB?MjdlRkS-P$;=6I?%z+67<
z!8xe_%4(z5iJaz?pSb7%WQP?KDrG=z+#ux&nks(3gY&(HV}-36qoqjM(99Y$%IlaZ
znnKV>XsCsh<FGKy6y1z%bW~_H9BDR=%Eg%D;X2CIKuQDBb|I#Nrh&Gci9v<aGyol}
zMiN0<bVh<{*e=oV@P4V23<e1eD(z~dVJ^wlJ+)QJ`F`9b)JzH+ZkEcmtOnNeQM))S
z2TC8+g<$|?wIM(2%I&J}SGjyyrdU2Iqc|>=d8I9ChG)Z71@)^MZN^p2n2<qBVpA>9
zsDz1<SzAmkIhuHgO_E}g6l>L}?@aZvi`Lv+lW?X~4huo9RIw?K;mi<6Jwuq#ZUh7F
z7*fY6rnj|Wv6w3cjY4P8mIk0k<;8J@;S^iIf{8eog~AL~sb0wP2Eho*818#LSLd@d
zfGn_8Bp{enWw#ZMLR#$*4YjAKGBubYMa&5yC+F}}QEfWq*cmlD&320;ic(sqvhq~+
zxgOfoLW#+7h{E|ZI8a((f|GpEP+5${`wlE<uu$v74n7S!l!3$4BrB`_&`v?$YJ`H=
zL~>c1W_l6hKw98N!>-_@a7c|g+YF46f>R7;<_58n2T5xXXeFoNh1Qtu=0X)1%k_3X
z1|(8I%SDN7kU)b^MpYATf@D?8$pv)el|yOj>sf)!tFjK-KuqNIVYAF@reL_{a5x~1
zJnwetSO9pF;|Lv0^p-Z};a-%4!6YXaCtr2sp^gh6dL=Tkiohd1lF1y_A&4wf*{)=y
zK3rgNuO#+oEpUjo6G<==wKqfv4n)OqzXDc}Xe!}ehK}8A&_e-7cN>Jzpt7tWhvT|n
z={+36X;+RK23_}wRtHysauxJ38bGvuDF~ffo0fplr~oHU3ku6<l^9BiD*02-jVO)4
za3w9<xqPnI>f+;p)?*M)%PRC#sK*XFRXIheAO?aLn<m{47`xafQO32pp~4nrYK(V~
z3^GRm7z<F(80#V=bal(nDX3dk+Dam;c2=kgG*hZIV0ysT*)-umfs%1R48;y#Z_;E@
zw>z2R&M@D^s%Wj{@P)aG1;XBhuA9C{&N!z`;6l4wE5^~xln{_Cg+!ZZH;Iv#DRV1V
zu3V}#$5LonK2sLOFkeo5w(FyqQP<*b$0lOWDGi-rDANOTJh#oQ|NXOl__p`Y{6x6%
z<$J@u2huOET08#|hTXO7*#{p!x@rIC2kA{4KRadry5m<IR?$3v*2WM1a1L|wW%ic)
z(qr#Dh9BJde*2NrF6dppcJ482<B}?h?7H>9>c3v{+#lcTo^s%qo4BPrRwu(RcVG2L
zTwir{`sVeA7JU7;oP5JidEuet$Mf-PzlhHJ_WzP=m%qHLbl-KC?z-ngfBvvIxcJb9
z+)XcSV2*Bn`qMjJ*dyNZ!1J%1v|{0^L!T|w&snqS_waXa-u~q3x6a-Fv$xjmeuu@5
z)RSix{de8Z)jO}f>%@)M(}zzin!gVF+7nOIo?`Bw9k}`nd6oS^eC2O`XYRi3!-w9v
z{b+o?go|r0Svv<}#rfw~&s}uzba}R3{Qm6qi|;sp@#e?+XNo8E>c4NkWZALj@Kd+k
zzv)~48JAypJ-_(5dzY*oeg2;D58>G(3*K1xucNI$pM28F&FdexH+;AE>V+?6hwD3z
zT`<3R3p5*^_ui>{zy&th*g&l~uX3b*V9B!=*$3~~`SuFwpUX12^!APi+R|yi-uLM1
zpY9`8>|L|x%H4N=^yoKUT=mV~J=OJ_rQtI>_dU7w<IjJUyJF47gO?7ppxL$uKisys
z^)B@8^p@>s-Nc;zlQS3YDP4vvzkBQQlb(FKx~C?-vHtyCC$^lm^qS+`8)v+_y8rQZ
zcl`~OPo7`=$j)<~dUMeY-#eVSn~o_DEWlP6+n0RgJ${JG_%D{-d8E5@%e4#o=N|me
zpSJ$xx~E^eRh~b7HgfQ_tuI`9`BgXGRzJG;2e<!7-EZ9a!_(L8_+T3cA7Avhhxfkn
G@&5s&_dE^&

diff --git a/pkg/enc/truenas.go.age b/pkg/enc/truenas.go.age
index 6b87f392724a5edabcb24331236d625ce68d4653..28c4feb1433cdf20fb123a456a00c5211cfdab2d 100644
GIT binary patch
literal 2072
zcmWO6`w!d%0l;x&AjtwEIzbsmF!*52XnVcuwPHqky*}@H?OpG#*W(e}Ua!5r+w1eD
z86%q#kqzR5Y&@38W1FJ!u`mM)3WJD49P@!@I&lmqafk>iLNx9#`2O<ASF_BGW?&>$
zlrF;H>M*gu9A3L|)8)SBntl_-%37lV<Co*CZPG?Z9#vDxEJ$sU>bjXGrDjMRJ<Hgv
zZ!W5i#z~~oZ8$iuBw7e?fa=F6>JNRqDa(mcPue|D2OAV^)FHq!G|wA{I;nMA`8;Gy
zwyUE<aoO#+`NVNx5gOJ2Cr3=Ix17k%h~NiyKv0t+uT6AJ#q+jRk|`!Y_M*)*$+XcE
z<&h+FsY>@zd5VF9CRmp;!0&(y8g4BFR23`Jr(?VtdYx$1jaJ&2VQ2zFt%7n}o<GYv
z?a4fMQ&H>$uFu5^CobxAz(AZ!4tjz;#i26F8*D9=SHg1O1=32DGaknVq1BPCNukPY
z-dorJ1o;sT51m9)=bl_}6W(6X9SmLMiaYQ{5k$JMXN?sR(YeCT)Sf+(2%z7ripZW2
zW4SqlB7aEe=AuvOxGy<9iB?<HNDbQqW|<VNP9{?kCN3!m^$D#U3$d&EqgHpAGsKK{
z?NF7Fj4UBC=!K@@vCSr)#wBa3L1qBbkdlbHNwE>)#(BqO!Q6vFjd993s!n0C<A*g2
zj&Mk=c|u&DR8pxXs~Opjr=vmBgDs^P7-5O@OJ!<R(;h5%1lpc>{ZLF9XI9NXH%T(3
zUrt;~ZWW_hUe@5Y0Aj03tjh-8DH#eG!7%BQfrw_sY)HppS0qpavAckVRFz2Q%TeEk
zL5<gZP9QjXY`21xG?hW#E{33mQmCABjXF;=*s>Lfu|!B>#4R{EC@>yspNTM(tb0S6
z$61K#!#+##GbjazxHhj#vlv*aQ%aUeH!^4h!h2DN6EmIe*|eh#hHB~)<QY(vX%TE%
zgSrzKC-eH;w|y$^%F1e#2{>oV{h;CHh((Nxm7$QCW0o_;j%yRA(VQo-F%p!r#-_=b
zCUdtR8A{-+&|x(y>_#KvCxbaa&0T|cOd*3=Hd#U>x>Ae=9>W43QE~@cL4Zd{fu~BC
z(xF47P!@G=Oxjqzlt77H@I9q4P^|FA`mpcf<1u5ooWJPT#%*LCXf3nR=Mk?qGMI_O
zv0@(_cx-F9Y7mIMu*BB1yQC8!WR;~@2Bb2=t0@$ZG}t2QLhNObz|X6O&l!oB%zy~#
zkxdJ72VkTIoG>4BYt^d7LqZFe5}~PABY$ZFJ>DZ2M;zuw8D?`t8`SV*kkztD)9f)b
zPz0CLq*-6Kz@bNS_1tPD5(Tt$O=(~q9SnG|0LqCd8;Oumv!<Ghpn^L-QuKLY-X)S2
zkO~wZ&qf^)7C{G#MGn=gaYG$WmT{5KT$;pMcvdS$sgY~ptlh1}q%$g}n6vUT$l^l|
z#a31wnYkdG@Ka+Bnj;MmfykvmPpfluI!ukU>6!hW-oWZ4tavIh<zP(_Rb8@?P}XHe
zT=5m&bi6a@r!kC<wE_VhHz%Wz(?NWpWD<$WtIj~};(j_-=p<^lL4=+;3WANh70J?m
zI+ggYv?_AN$w3@$3Iv`y#Y#}xrQ@Sny<r6wY336uP@$zkqsXESP3IyM)`TL}D^2UW
z6pmH{a0;+FEVuc2P#fY?EVd%f3Nd}@&)NdVxP~f0ysz6Uq2F1!bqUB+Az>A63?U<8
zZ86a!yYlNwd)ZAUq=$GZ3&`N4%Ty>M$Q0~)2B33z94yyv+_>>_s<s&Wq=?jqPNn)a
zJyBsXT;X)!L`c@<S^<?2$U>Tzkg)cg^ua4nUi&Dx<MhS1oH}>0{$%y^%@<y?=XU$g
z`;F%2-|-Kfygi-a%#L5~nZ0`O-9PJf@82q1a>F0+9~?eCedBuO?uT#xjPQ5!lh1*#
zEAQWN#aF=pp4Iy1JHW0lY~S!D`M~2B|Mres+Yj#j;1}O$zw6nXKGE;4IrVb7ulJt&
zw>@+BiCsJYdhA2W^-t);edj&^D~(4k-1N^)`wwrb{&D2_YmYwjpNpoq?f&Bh#K#B!
z+xOUqL;m&Md;i7G4<7%>IV4ek(cQ|w)O-GY+i!Z4&HugS(AwL~&3|F;SZAENm$^fq
zJY+p89eVZi<=~n>{qW8o9lzwQSLl!KUcYVUEyut2D0AaIp94P7di%tWnXT6`yAEK#
zx%z95o!qkFTbCVO|I<f`v%Y$nQ@wd|=hnO0r`{WH-h1bhYo6VD>DrgJ-+JDsXFpjV
zpC-TY-QxVSuX_8%Uk|Z+U)yu#7U6=6z7wCff6c*PJVvYalQ$lCMKr&C!|r!>tU0i)
z_}KSveBp!^?L4yY1$^Ib=IPI#J-D=WX0^n9_uO_W9c{Sz{MDx4pFXM`Ja+8oPi+8>
zK2_*z4n6rey9Z0ZULIL@@c32Fz5L}N^{I6aT>Nmk<#6^Z@2$Vx`UHQ)Yj@pz9r%Ac
CmHaUP

literal 2072
zcmWNNeasUF0f%8SKo)h(ge(h&*J;dV^U~h;b-qZhcfD(S-|e;6tC4Ycy^r3t_to~U
zSIn|Gx2eM+kZ1^DBa1ROhPW+relQ)FX=X$OM4dq$5EX(E7Ie(GiTwLZp5%Fcx??R`
zftlpdWDo`$!^A13z?#L+E{ul0HNsGQ1|kShUZ^m|j#4d}GoYorGU@bYQJm#Gm$gJM
z2O-Q#9iy9uV`xyOJU18sLPRs3As6Pl0v3}&HZ&EBZG=Rh>3T!JtGCqNlq@qq)(O)H
zMJZuE<*P9sm$PAs!!&)8l`W7~$7CJKfOaV>R7qxzhB<BNM7aphVcus(4(D_^rO@Ln
zO)%g(Z`4f%YsRR_QoL&oVnJf4Y#f#i3?q6Wi17T(9oa5Xh2)NpjJ2kw0?~NFmS~(R
zWQ+v*h0HVZu_w?S*dnn+sExaYBxhi|F{W#n7vpX+u8OQU76(;4*QYm0&T;CMj*$|O
z$x2Wr3MqyU`u;2(&SaIKD=o-t$+PZ6ulg=)Q@D=LYDNdG73K02s80Y)9V4S;eDfzB
zBg1ag5NmD-O%+5GOrRLFY`#mP{Y(@|Rx8^MOG+jeGNG=tR2D1^qoSLX6%>NPv=r6(
z0Jl(P>WIe3wP&#3n~Zt`RBiSGXiN>q5NL^1yE~!uUMlo>n>9KyO_H{k+NCU%Ym)$u
z<o>+mdR13vc~BV;F2al&6CH>6wv^Uzm?Nzb4wmUUQAf12!IM^|b)>)(gn6Hi5Co-)
zH&Z#5hfu$b>1d-d336T><Bm<HRa_~%O_-2a!e)92VMGq9@D`fuO|)QZY@5rtnafM*
zbYLNBb1Hxa*_Ty=r=^119g?=B*a?-_dIjGO@J5<6tnN%?;R4?bcolbPUmcPoT@xs>
z(N>yqwKQm;L04&)eJ<{e@R1}AWm20slQ}YH2m#CUteLS~=o^61B9Lmv`gx6nBim{M
zDddNZya!AsUImFmlQp`YB{pPl=vld?V3h9_XuX!2abTuqkF3@uXs-5rf{Ovn!~C41
zp*me8IvgJbY?$#9G1pNl5`3Zxb{JW49Ie~WdgY{TDhMehgeBk{R`O;M+%db9R1_z9
z6<2k4?lGgdK=5G;bVe4HEB4qMM1{sQ9CnDQRcFH%L`6-)0B51?0WR5K@p><$MkL@z
zcI3`|*P78)2sG1nrECxxA<B_es%0@vHzPo4x8$4iT#6&R-t`kSQzTf`CNpN%AC3rG
zNU3rWnGIW0ms6Wj6K;Z-WCbaL4x~0~DsbN^4$UHMYhqDX>ls+1)NEL>l2T^SQ3O?V
zxvHzN-*?7p9#4`)Q_zZU%s{v;d0mu*kT%!OiV55m0hcLaAkPws)0jIN9M?v;(=v-j
zkQUL=q+e+$jvWjTfom{w>heJ?WfTb;tHX+C(usvAvt-aJfnr;dYLJGa9fz%$rsb45
zkFO!6pjw74B<|Ssyk?Jd0cZ|1-XKLOn)ah96(hDHPt$xhgEdtHGh>ntXskZ1M^XhW
zQJw|_obUESsx_0`X+Vo!NY`~B<A|2u?-VG@%yW4vH|jC(N^z^;vT}+{>{)@E*5H;7
z%4!-{1O$M<q(I<0$B&3w#UzC(B6m`)4-f-m7=T)*i;UBHV#jd-4@k9>cwVuqG!4_B
z1;dK6Y${W2RRClQ9`+50C={B_wo}0IerQi77D6||7CJCV(^4vZ$>u8aBGXCypxj~x
z?g)Yz5_KY!me-7ppaAw00t`AO07*xF$xo{7Kpu3Gw26(nM6ZMSQnw}bvo(v0iwluZ
z>`P#&soXTwI!Tx+0$CS>N~^9hUROr)jFs8BpSwzZ&B05<<y*%8zPe)LZEwC0J$U-u
ziv2&la%nAo{+T<?4;&`eFFn8h$cgZ}jIWx#a^+97_p_I^{jb09=g-{s?!(V~{md7!
zZ6g2P^4|{zk80aiA6$JNfYl;>{OmWfqo+P}V7q;Wd+~~R%MU^$e-Bo-{z`dz=l7pH
z^1;my%^%!-<o>(1eE#Q;KY#4<`{&l~Sh;6i_wiR(D%<v4ee>vDue`Bm(;pYNoZN}8
z|JGW1!^J0#H|b@c`e^N+A9<Z!`N;Vjs`uQzyVv!WK7H)M-b1gg`yXpw0>KRz51;$*
zvwN-v3i5})+;g--|8A>z>%}|2^zwf;?&o&xobR~%3)}y-aNpkVR`!1EsUx2_`Rna3
zoEl&F$Gr5{pH{$E4>wlb@wqp&LqB<L*_s;<!wXAuQaoxu^pgC`kN^0!owq*gzq9(c
zn@=1loR0Tj{@SKfQ}LyJTX!^9GW)LV-1X#AzVh#HPxo&)Tid$pD~GPWb@tkiHhuWU
zQgiu*i`caX&fI(K+=>UZrQf`D;@b=P_1n>f$K>VqwbgGws{JC|A0PkT<z?4bZEW1}
z&A*+w`-yjI<Bj)hK6%)>-+ko1Qs=R2@mJsd<bkJNT=ulM^Y$yH-KVkjw?qf8e5Y-G
IdEdqV1H*d%CIA2c

diff --git a/pkg/root/services.go b/pkg/root/services.go
index d0cd042..554b5b6 100644
--- a/pkg/root/services.go
+++ b/pkg/root/services.go
@@ -52,7 +52,7 @@ var (
 var (
 	TrueNAS_CSI               = "truenas-csi"
 	TrueNASURL                = "apex-truenas.orca-uaru.ts.net"
-	TrueNASProvisioner        = "cis.truenas.io"
+	TrueNASProvisioner        = "csi.truenas.io"
 	TrueNASSTorageClassNFS    = "truenas-nfs"
 	TrueNASSTorageClass_iSCSI = "truenas-iscsi"
 )
diff --git a/pkg/truenas/truenas.go b/pkg/truenas/truenas.go
index 2432cfd..f069b5d 100644
--- a/pkg/truenas/truenas.go
+++ b/pkg/truenas/truenas.go
@@ -81,11 +81,11 @@ func Stack() stack.Stack {
 			// "node-service-account":       nodeSA,
 			// "node-cluster-role":          nodeRole,
 			// "node-binding":               kube.ClusterRoleBinding(nodeRole.Name+"-binding", nodeSA, nodeRole),
-			// "node-deamonset":             nodeCSI(),
+			// "node-deamonset": nodeCSI(),
 			// "CSIDriver":                  CSIDriver(root.TrueNASProvisioner),
-			"config": config,
-			// "nfs-storage-class":   NFSStorageClass,
-			// "iscsi-storage-class": iSCSIStorageClass,
+			"config":              config,
+			"nfs-storage-class":   NFSStorageClass,
+			"iscsi-storage-class": iSCSIStorageClass,
 		},
 	)
 	return kz.Stack(root.TrueNAS_CSI)