feat: Move cluster services to wild-directory as unified packages

Convert all 15 cluster services from embedded API format to
wild-directory packages using the unified manifest format:
- metallb, traefik, cert-manager, longhorn, snapshot-controller
- nfs, smtp, coredns, node-feature-discovery, nvidia-device-plugin
- externaldns, docker-registry, headlamp, crowdsec, utils

Changes:
- wild-manifest.yaml → manifest.yaml with is, defaultConfig, requires
- Eliminated configReferences and serviceConfig fields
- Flattened kustomize.template/ to package root
- Template vars use flat defaultConfig keys
- install.sh paths updated for apps/ layout
- Updated 9 app manifests: cloud.smtp.* → apps.smtp.* with requires
- Removed dead install: true field from 6 app manifests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

coredns/README.md

@@ -0,0 +1,45 @@
+# CoreDNS
+
+- https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+- https://github.com/kubernetes/dns/blob/master/docs/specification.md
+- https://coredns.io/
+
+CoreDNS has the `kubernetes` plugin, so it returns all k8s service endpoints in well-known format.
+
+All services and pods are registered in CoreDNS.
+
+- <service-name>.<namespace>.svc.cluster.local
+- <service-name>.<namespace>
+- <service-name> (if in the same namespace)
+
+- <pod-ipv4-address>.<namespace>.pod.cluster.local
+- <pod-ipv4-address>.<service-name>.<namespace>.svc.cluster.local
+
+Any query for a resource in the `internal.$DOMAIN` domain will be given the IP of the Traefik proxy. We expose the CoreDNS server in the LAN via MetalLB just for this capability.
+
+## Default CoreDNS Configuration
+
+This is the default CoreDNS configuration, for reference:
+
+```txt
+.:53 {
+    errors
+    health { lameduck 5s }
+    ready
+    log . { class error }
+    prometheus :9153
+    kubernetes cluster.local in-addr.arpa ip6.arpa {
+        pods insecure
+        fallthrough in-addr.arpa ip6.arpa
+        ttl 30
+    }
+    forward . /etc/resolv.conf { max_concurrent 1000 }
+    cache 30 {
+        disable success cluster.local
+        disable denial cluster.local
+    }
+    loop
+    reload
+    loadbalance
+}
+```

coredns/coredns-custom-config.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  # Custom server block for internal domains. All internal domains should
+  # resolve to the cluster proxy.
+  internal.server: |
+    {{ .internalDomain }} {
+      errors
+      cache 30
+      reload
+      template IN A {
+        match (.*)\.{{ .internalDomain | strings.ReplaceAll "." "\\." }}\.
+        answer "{{`{{ .Name }}`}} 60 IN A {{ .loadBalancerIp }}"
+      }
+      template IN AAAA {
+        match (.*)\.{{ .internalDomain | strings.ReplaceAll "." "\\." }}\.
+        rcode NXDOMAIN
+      }
+    }
+  # Custom override to set external resolvers.
+  external.override: |
+    forward . {{ .externalResolver }} {
+      max_concurrent 1000
+    }

coredns/install.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+set -o pipefail
+
+if [ -z "${WILD_INSTANCE}" ]; then
+    echo "ERROR: WILD_INSTANCE is not set"
+    exit 1
+fi
+
+if [ -z "${WILD_API_DATA_DIR}" ]; then
+    echo "ERROR: WILD_API_DATA_DIR is not set"
+    exit 1
+fi
+
+if [ -z "${KUBECONFIG}" ]; then
+    echo "ERROR: KUBECONFIG is not set"
+    exit 1
+fi
+
+INSTANCE_DIR="${WILD_API_DATA_DIR}/instances/${WILD_INSTANCE}"
+COREDNS_DIR="${INSTANCE_DIR}/apps/coredns"
+
+echo "=== Setting up CoreDNS ==="
+echo ""
+
+echo "Using pre-compiled CoreDNS templates..."
+if [ ! -f "${COREDNS_DIR}/kustomization.yaml" ]; then
+    echo "ERROR: Compiled templates not found at ${COREDNS_DIR}"
+    echo "Templates should be compiled before deployment."
+    exit 1
+fi
+
+echo "Applying CoreDNS custom override configuration..."
+kubectl apply -k "${COREDNS_DIR}/"
+
+echo "Restarting CoreDNS pods to apply changes..."
+kubectl rollout restart deployment/coredns -n kube-system
+echo "Waiting for CoreDNS rollout to complete..."
+kubectl rollout status deployment/coredns -n kube-system
+
+echo ""
+echo "CoreDNS configured successfully"
+echo ""
+echo "To verify the installation:"
+echo "  kubectl get pods -n kube-system -l k8s-app=kube-dns"
+echo "  kubectl get svc -n kube-system coredns"
+echo "  kubectl describe svc -n kube-system coredns"
+echo ""
+echo "To view CoreDNS logs:"
+echo "  kubectl logs -n kube-system -l k8s-app=kube-dns -f"

coredns/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - coredns-custom-config.yaml

coredns/manifest.yaml

@@ -0,0 +1,12 @@
+name: coredns
+is: coredns
+description: DNS server for internal cluster DNS resolution
+version: v1.12.0
+namespace: kube-system
+category: infrastructure
+requires:
+  - name: metallb
+defaultConfig:
+  internalDomain: "{{ .cloud.internalDomain }}"
+  loadBalancerIp: "{{ .apps.metallb.loadBalancerIp }}"
+  externalResolver: "8.8.8.8"