apps: refactor to new structure

2024-02-06 18:32:49 +01:00 · 2024-02-06 18:32:49 +01:00 · 853522f5d4
parent 0710ff6532
commit 853522f5d4
56 changed files with 255 additions and 16 deletions
--- a/apps/code-kustomization.yaml
+++ b/apps/code-kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: stackspout-apps
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 2m
+  prune: true
+  path: ./apps/code
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/code/gitea-kustomization.yaml
+++ b/apps/code/gitea-kustomization.yaml
@ -5,7 +5,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m
-  retryInterval: 1m
+  retryInterval: 2m
  wait: true
  timeout: 3m
  dependsOn:
--- a/apps/code/gitea-secrets/stackspin-gitea-variables.yaml
+++ b/apps/code/gitea-secrets/stackspin-gitea-variables.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-gitea-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldName: gitea_mariadb_password
+  - fieldName: gitea_mariadb_root_password
+  - fieldName: gitea_session_secret
--- a/apps/code/gitea-secrets/stackspout-gitea-oauth-secret.yaml
+++ b/apps/code/gitea-secrets/stackspout-gitea-oauth-secret.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-gitea-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: gitea
+  fields:
+  - fieldName: client_secret
+    length: "32"
--- a/apps/code/gitea/gitea-data-pvc.yaml
+++ b/apps/code/gitea/gitea-data-pvc.yaml
--- a/apps/code/gitea/gitea-oauth-client.yaml
+++ b/apps/code/gitea/gitea-oauth-client.yaml
--- a/apps/code/gitea/gitea-postgres-pvc.yaml
+++ b/apps/code/gitea/gitea-postgres-pvc.yaml
--- a/apps/code/gitea/gitea-release.yaml
+++ b/apps/code/gitea/gitea-release.yaml
--- a/apps/code/gitea/gitea-values-configmap.yaml
+++ b/apps/code/gitea/gitea-values-configmap.yaml
--- a/apps/code/gitea/ingress-gitea.yaml
+++ b/apps/code/gitea/ingress-gitea.yaml
--- a/apps/code/gitea/kustomization.yaml
+++ b/apps/code/gitea/kustomization.yaml
@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gitea-release.yaml
+  - gitea-values-configmap.yaml
+  - metallb-gitea.yaml
+  - gitea-oauth-client.yaml
+  - gitea-data-pvc.yaml
+  - gitea-postgres-pvc.yaml
--- a/apps/code/gitea/metallb-gitea.yaml
+++ b/apps/code/gitea/metallb-gitea.yaml
--- a/apps/do/do-test/kustomization.yaml
+++ b/apps/do/do-test/kustomization.yaml
--- a/apps/do/do-test/vikunja-oauth-client.yaml
+++ b/apps/do/do-test/vikunja-oauth-client.yaml
--- a/apps/do/do-test/vikunja-postgres-pvc.yaml
+++ b/apps/do/do-test/vikunja-postgres-pvc.yaml
--- a/apps/do/do-test/vikunja-release.yaml
+++ b/apps/do/do-test/vikunja-release.yaml
--- a/apps/do/do-test/vikunja-values-configmap.yaml
+++ b/apps/do/do-test/vikunja-values-configmap.yaml
--- a/apps/do/vikunja-kustomization.yaml
+++ b/apps/do/vikunja-kustomization.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m
-  retryInterval: 1m
+  retryInterval: 2m
  wait: true
  timeout: 3m
  dependsOn:
--- a/apps/do/vikunja-secrets/stackspout-vikunja-variables.yaml
+++ b/apps/do/vikunja-secrets/stackspout-vikunja-variables.yaml
@ -0,0 +1,9 @@
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-vikunja-variables
+  namespace: flux-system
+spec:
+  fields:
+    - fieldName: jwt
+    - fieldName: postgresql_password
--- a/apps/do/vikunja-test-kustomization.yaml
+++ b/apps/do/vikunja-test-kustomization.yaml
@ -6,7 +6,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m
-  retryInterval: 1m
+  retryInterval: 2m
  wait: true
  timeout: 3m
  dependsOn:
--- a/apps/do/vikunja/kustomization.yaml
+++ b/apps/do/vikunja/kustomization.yaml
--- a/apps/do/vikunja/vikunja-files-pvc.yaml
+++ b/apps/do/vikunja/vikunja-files-pvc.yaml
--- a/apps/do/vikunja/vikunja-oauth-client.yaml
+++ b/apps/do/vikunja/vikunja-oauth-client.yaml
--- a/apps/do/vikunja/vikunja-postgres-pvc.yaml
+++ b/apps/do/vikunja/vikunja-postgres-pvc.yaml
--- a/apps/do/vikunja/vikunja-release.yaml
+++ b/apps/do/vikunja/vikunja-release.yaml
--- a/apps/do/vikunja/vikunja-values-configmap.yaml
+++ b/apps/do/vikunja/vikunja-values-configmap.yaml
--- a/apps/forge-kustomization.yaml
+++ b/apps/forge-kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: stackspout-apps
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 2m
+  prune: true
+  path: ./apps/forge
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/forge/forgejo-kustomization.yaml
+++ b/apps/forge/forgejo-kustomization.yaml
@ -5,7 +5,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m
-  retryInterval: 1m
+  retryInterval: 2m
  wait: true
  timeout: 3m
  dependsOn:
--- a/apps/forge/forgejo/forgejo-data-pvc.yaml
+++ b/apps/forge/forgejo/forgejo-data-pvc.yaml
--- a/apps/forge/forgejo/forgejo-oauth-client.yaml
+++ b/apps/forge/forgejo/forgejo-oauth-client.yaml
--- a/apps/forge/forgejo/forgejo-postgres-pvc.yaml
+++ b/apps/forge/forgejo/forgejo-postgres-pvc.yaml
--- a/apps/forge/forgejo/forgejo-release.yaml
+++ b/apps/forge/forgejo/forgejo-release.yaml
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@ -1,8 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - gitea-kustomization.yaml
-  - forgejo-kustomization.yaml
-  - invoiceninja-customization.yaml
-  - vikunja-kustomization.yaml
-  - vikunja-test-kustomization.yaml
+  - code-kustomization.yaml
+  - forge-kustomization.yaml
+  - ninja-kustomization.yaml
--- a/apps/ninja-kustomization.yaml
+++ b/apps/ninja-kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: stackspout-apps
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 2m
+  prune: true
+  path: ./apps/ninja
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/ninja/invoiceninja-customization.yaml
+++ b/apps/ninja/invoiceninja-customization.yaml
@ -5,7 +5,7 @@ metadata:
  namespace: flux-system
 spec:
  interval: 10m
-  retryInterval: 1m
+  retryInterval: 2m
  wait: true
  timeout: 3m
  #dependsOn:
--- a/apps/ninja/invoiceninja/invoiceninja-mariadb-pvc.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-mariadb-pvc.yaml
--- a/apps/ninja/invoiceninja/invoiceninja-pvc.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-pvc.yaml
--- a/apps/ninja/invoiceninja/invoiceninja-release.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-release.yaml
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
--- a/apps/ninja/invoiceninja/stackspout-invoiceninja-variables.yaml
+++ b/apps/ninja/invoiceninja/stackspout-invoiceninja-variables.yaml
@ -0,0 +1,12 @@
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-invoiceninja-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldName: app_key
+  - fieldName: password
+  - fieldName: redis_password
+  - fieldName: mariadb_password
+  - fieldName: mariadb_root_password
--- a/apps/people/suitecrm-secrets/stackspout-suitecrm-variables.yaml
+++ b/apps/people/suitecrm-secrets/stackspout-suitecrm-variables.yaml
@ -0,0 +1,9 @@
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-suitecrm-variables
+  namespace: flux-system
+data:
+  password: "{{ 32 | generate_password | b64encode }}"
+  mariadb_password: "{{ 32 | generate_password | b64encode }}"
+  mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
--- a/apps/people/suitecrm/kustomization.yaml
+++ b/apps/people/suitecrm/kustomization.yaml
--- a/apps/people/suitecrm/suitecrm-release.yaml
+++ b/apps/people/suitecrm/suitecrm-release.yaml
--- a/apps/people/suitecrm/suitecrm-values-configmap.yaml
+++ b/apps/people/suitecrm/suitecrm-values-configmap.yaml
--- a/apps/support/zammad-kustomization.yaml
+++ b/apps/support/zammad-kustomization.yaml
@ -0,0 +1,25 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: zammad
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 2m
+  wait: true
+  timeout: 3m
+  dependsOn:
+    - name: single-sign-on
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./basic/apps/name
+  prune: true
+  postBuild:
+    substituteFrom:
+      #- kind: Secret
+      #  name: stackspin-zammad-variables
+      - kind: Secret
+        name: stackspin-zammad-oauth-variables
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/support/zammad/zammad-oauth-client.yaml
+++ b/apps/support/zammad/zammad-oauth-client.yaml
@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: zammad-oauth-client
+  # Has to live in the same namespace as the stackspin-zammad-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-zammad-oauth-variables
+  #redirectUris:
+  #  - https://support.${domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post
--- a/apps/support/zammad/zammad-pvc.yaml
+++ b/apps/support/zammad/zammad-pvc.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: zammad-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "zammad"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
--- a/apps/support/zammad/zammad-release.yaml
+++ b/apps/support/zammad/zammad-release.yaml
@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: zammad
+  namespace: stackspout
+spec:
+  releaseName: zammad
+  chart:
+    spec:
+      chart: zammad
+      version: # TODO
+      sourceRef:
+        kind: HelmRepository
+        name: zammad
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-zammad-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-zammad-override
+      optional: true
+    - kind: Secret
+      name: stackspin-zammad-override
+      optional: true
--- a/apps/support/zammad/zammad-values-configmap.yaml
+++ b/apps/support/zammad/zammad-values-configmap.yaml
@ -0,0 +1,40 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-zammad-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # TODO verify structure matches chart
+    ingress:
+      enabled: true
+      # Elaborate style
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "support.${domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: zammad-tls
+          hosts:
+            - "support.${domain}"
+      # Bitnami style
+      hostname: "support.${domain}"
+      tls: true
+      certManager: true
+    # TODO Configure PVC for data & database
+    # TODO Adjust zammad Mailing config
+    #    mailer:
+    #      enabled: "${outgoing_mail_enabled}"
+    #      host: "${outgoing_mail_smtp_host}"
+    #      port: "${outgoing_mail_smtp_port}"
+    #      username: "${outgoing_mail_smtp_user}"
+    #      password: "${outgoing_mail_smtp_password}"
+    #      fromemail: "${outgoing_mail_from_address}"
+    # TODO Adjust zammad OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://sso.${domain}/.well-known/openid-configuration'
--- a/apps/time/kimai-secrets/stackspout-kimai-variables.yaml
+++ b/apps/time/kimai-secrets/stackspout-kimai-variables.yaml
@ -0,0 +1,10 @@
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-kimai-variables
+  namespace: flux-system
+data:
+  password: "{{ 32 | generate_password | b64encode }}"
+  secret: "{{ 32 | generate_password | b64encode }}"
+  mariadb_password: "{{ 32 | generate_password | b64encode }}"
+  mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
--- a/apps/time/kimai/kimai-data-pvc.yaml
+++ b/apps/time/kimai/kimai-data-pvc.yaml
--- a/apps/time/kimai/kimai-release.yaml
+++ b/apps/time/kimai/kimai-release.yaml
--- a/apps/time/kimai/kimai-values-configmap.yaml
+++ b/apps/time/kimai/kimai-values-configmap.yaml
--- a/apps/time/kustomization.yaml
+++ b/apps/time/kustomization.yaml
@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - kimai-release.yaml
-  - pvc.yaml
-  - kimai-values-configmap.yaml
--- a/infrastructure/sources/zammad.yaml
+++ b/infrastructure/sources/zammad.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: zammad
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://zammad.github.io/zammad-helm