apps: add n8n, zammad, suitecrm

apps/code/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gitea-kustomization.yaml

apps/flow-kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-flow
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/flow
+  sourceRef:
+    kind: GitRepository
+    name: stackspout

apps/flow/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - n8n-kustomization.yaml
+  - n8n-secrets-kustomization.yaml

apps/flow/n8n-kustomization.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: n8n
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/flow/n8n
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: n8n-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-n8n-kustomization-variables
+      - kind: Secret
+        name: stackspin-n8n-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-n8n-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables

apps/flow/n8n-secrets-kustomization.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: n8n-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/flow/n8n-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables

apps/flow/n8n-secrets/n8n-kustomization-variables.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-n8n-kustomization-variables
+  namespace: flux-system
+data:
+  n8n_domain: flow.${domain}

apps/flow/n8n-secrets/n8n-oauth-secret.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-n8n-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: n8n
+  fields:
+  - fieldName: client_secret
+    length: "32"

apps/flow/n8n-secrets/n8n-variables.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-n8n-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldname: encryption_key

apps/flow/n8n/n8n-oauth-client.yaml

@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: n8n-oauth-client
+  # Has to live in the same namespace as the stackspin-n8n-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-n8n-oauth-variables
+  #redirectUris:
+  #  - https://${n8n_domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post

apps/flow/n8n/n8n-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: n8n-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "n8n"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path

apps/flow/n8n/n8n-release.yaml

@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: n8n
+  namespace: stackspout
+spec:
+  releaseName: n8n
+  chart:
+    spec:
+      chart: n8n
+      version: 1.0 # TODO
+      sourceRef:
+        kind: HelmRepository
+        name: n8n
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspout-n8n-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspout-n8n-override
+      optional: true
+    - kind: Secret
+      name: stackspout-n8n-override
+      optional: true

apps/flow/n8n/n8n-values-configmap.yaml

@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-n8n-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    n8n:
+      encryption_key: "${encryption_key}"
+
+    commonLabels:
+      stackspin.net/backupSet: "n8n"
+    podLabels:
+      stackspin.net/backupSet: "n8n"
+    podAnnotations:
+      backup.velero.io/backup-volumes: "data"
+
+    persistence:
+      enabled: true
+      type: existing
+      existingClaim: "n8n-data"
+
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "${n8n_domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: n8n-tls
+          hosts:
+            - "${n8n_domain}"
+
+    secret:
+      database:
+        type: sqlite
+
+    # TODO Adjust n8n Mailing config
+    #    mailer:
+    #      enabled: "${outgoing_mail_enabled}"
+    #      host: "${outgoing_mail_smtp_host}"
+    #      port: "${outgoing_mail_smtp_port}"
+    #      username: "${outgoing_mail_smtp_user}"
+    #      password: "${outgoing_mail_smtp_password}"
+    #      fromemail: "${outgoing_mail_from_address}"
+    # TODO Adjust n8n OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'

apps/forge/forgejo/forgejo-values-configmap.yaml

@@ -102,8 +102,8 @@ data:
     service:
       ssh:
         type: LoadBalancer
-        loadBalancerIP: "${ip_address}"
         hostPort: 22
         externalTrafficPolicy: "Local"
+        loadBalancerIP: "${ip_address}"
         annotations:
           metallb.universe.tf/allow-shared-ip: "share-ipv4"

apps/kustomization.yaml

@@ -4,3 +4,6 @@ resources:
   - ninja-kustomization.yaml
   - do-kustomization.yaml
   - forge-kustomization.yaml
+  - flow-kustomization.yaml
+  - support-kustomization.yaml
+  - people-kustomization.yaml

apps/people-kustomization.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-people
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/people
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-people
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/people
+  sourceRef:
+    kind: GitRepository
+    name: stackspout

apps/people/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - suitecrm-kustomization.yaml
+  - suitecrm-secrets-kustomization.yaml

apps/people/suitecrm-kustomization.yaml

@@ -0,0 +1,70 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: suitecrm-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-suitecrm-kustomization-variables
+      - kind: Secret
+        name: stackspin-suitecrm-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-suitecrm-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: suitecrm-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      #- kind: ConfigMap
+      #  name: stackspin-suitecrm-kustomization-variables
+      - kind: Secret
+        name: stackspin-suitecrm-variables
+      # OIDC
+      #- kind: Secret
+      #  name: stackspin-suitecrm-oauth-variables
+      #- kind: ConfigMap
+      #  name: stackspin-single-sign-on-kustomization-variables

apps/people/suitecrm-secrets-kustomization.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables

apps/people/suitecrm-secrets/suitecrm-variables.yaml

@@ -4,6 +4,7 @@ metadata:
   name: stackspin-suitecrm-variables
   namespace: flux-system
 data:
-  password: "{{ 32 | generate_password | b64encode }}"
+  fields:
-  mariadb_password: "{{ 32 | generate_password | b64encode }}"
+  - fieldName: password
-  mariadb_root_password: "{{ 32 | generate_password | b64encode }}"
+  - fieldName: mariadb_password
+  - fieldName: mariadb_root_password

apps/support-kustomization.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-support
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/support
+  sourceRef:
+    kind: GitRepository
+    name: stackspout

apps/support/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - zammad-kustomization.yaml
+  - zammad-secrets-kustomization.yaml

apps/support/zammad-kustomization.yaml

@@ -23,3 +23,38 @@ spec:
         name: stackspin-zammad-oauth-variables
       - kind: Secret
         name: stackspin-cluster-variables
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: zammad
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/support/zammad
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: zammad-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-zammad-kustomization-variables
+      - kind: Secret
+        name: stackspin-zammad-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-zammad-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables

apps/support/zammad-secrets-kustomization.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: zammad-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/support/zammad-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables

apps/support/zammad-secrets/zammad-kustomization-variables.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-zammad-kustomization-variables
+  namespace: flux-system
+data:
+  zammad_domain: support.${domain}

apps/support/zammad-secrets/zammad-oauth-secret.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-zammad-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: zammad
+  fields:
+  - fieldName: client_secret
+    length: "32"

apps/support/zammad-secrets/zammad-variables.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-zammad-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldname: minio_password
+  - fieldname: redis_password
+  - fieldname: postgresql_password
+  - fieldname: postgresql_postgres_password

apps/support/zammad/zammad-postgres-pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: zammad-postgres
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "zammad"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path

apps/support/zammad/zammad-release.yaml

@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: zammad
-      version: # TODO
+      version:
       sourceRef:
         kind: HelmRepository
         name: zammad

apps/support/zammad/zammad-values-configmap.yaml

@@ -5,26 +5,56 @@ metadata:
   namespace: stackspout
 data:
   values.yaml: |
-    # TODO verify structure matches chart
+    commonLabels:
+      stackspin.net/backupSet: "n8n"
+    podLabels:
+      stackspin.net/backupSet: "n8n"
+    podAnnotations:
+      backup.velero.io/backup-volumes: "data"
+
     ingress:
       enabled: true
-      # Elaborate style
       annotations:
         kubernetes.io/tls-acme: "true"
       hosts:
-        - host: "support.${domain}"
+        - host: "${zammad_domain}"
           paths:
              - path: /
                pathType: Prefix
       tls:
         - secretName: zammad-tls
           hosts:
-            - "support.${domain}"
+            - "${zammad_domain}"
-      # Bitnami style
+
-      hostname: "support.${domain}"
+    zammadConfig:
-      tls: true
+      minio:
-      certManager: true
+        enabled: false
-    # TODO Configure PVC for data & database
+
+    minio:
+      auth:
+        rootUser: "zammadadmin"
+        rootPasswort: "${minio_password}"
+
+    postgresql:
+      auth:
+        username: "zammad"
+        postgresPassword: "${postgresql_postgres_password}"
+        password: "${postgresql_password}"
+      persistence:
+        # TODO PVC Name & backup annotation
+        existingClaim: zammad-postgres
+
+    redis:
+      auth:
+        password: "${redis_password}"
+
+    persistence:
+      enabled: true
+      existingClaim: zammad-data
+
+    autoWizard:
+      enabled: false
+
     # TODO Adjust zammad Mailing config
     #    mailer:
     #      enabled: "${outgoing_mail_enabled}"

apps/time/kustomization.yaml

@@ -0,0 +1,3 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: