diff --git a/apps/do/vikunja-extra/vikunja-files-pvc.yaml b/apps/do/vikunja-extra/vikunja-files-pvc.yaml new file mode 100644 index 0000000..4cf84aa --- /dev/null +++ b/apps/do/vikunja-extra/vikunja-files-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-extra-files + namespace: stackspout +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/do/vikunja-extra/vikunja-oauth-client.yaml b/apps/do/vikunja-extra/vikunja-oauth-client.yaml new file mode 100644 index 0000000..f706308 --- /dev/null +++ b/apps/do/vikunja-extra/vikunja-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: vikunja-extra-oauth-client + # Has to live in the same namespace as the stackspin-*-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email name" + secretName: stackspin-vikunja-extra-oauth-variables + redirectUris: + - https://{vikunja_extra_domain}/auth/openid/stackspin + tokenEndpointAuthMethod: client_secret_post diff --git a/apps/do/vikunja-extra/vikunja-postgres-pvc.yaml b/apps/do/vikunja-extra/vikunja-postgres-pvc.yaml new file mode 100644 index 0000000..c74ac34 --- /dev/null +++ b/apps/do/vikunja-extra/vikunja-postgres-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-extra-postgres + namespace: stackspout +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/do/vikunja-extra/vikunja-release.yaml b/apps/do/vikunja-extra/vikunja-release.yaml new file mode 100644 index 0000000..c3dc964 --- /dev/null +++ b/apps/do/vikunja-extra/vikunja-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vikunja-extra + namespace: stackspout +spec: + releaseName: vikunja-extra + chart: + spec: + chart: vikunja + version: 1.0.0 + sourceRef: + kind: HelmRepository + name: vikunja-xeruf + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-vikunja-extra-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-vikunja-extra-override + optional: true + - kind: Secret + name: stackspin-vikunja-extra-override + optional: true diff --git a/apps/do/vikunja-extra/vikunja-values-configmap.yaml b/apps/do/vikunja-extra/vikunja-values-configmap.yaml new file mode 100644 index 0000000..391aca7 --- /dev/null +++ b/apps/do/vikunja-extra/vikunja-values-configmap.yaml @@ -0,0 +1,99 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-vikunja-values + namespace: stackspout +data: + # https://kolaente.dev/vikunja/helm-chart/src/branch/main/values.yaml + values.yaml: | + vikunja: + persistence: + data: + existingClaim: vikunja-extra-files + ingress: + main: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "${vikunja_extra_domain}" + paths: + - path: /api + tls: + - secretName: vikunja-tls + hosts: + - "${vikunja_extra_domain}" + configMaps: + config: + data: + config.yml: |- + auth: + openid: + # https://vikunja.io/docs/openid-example-configurations/ + # Example: https://kolaente.dev/vikunja/vikunja/src/branch/main/config.yml.sample#L313 + enabled: true + redirecturl: "https://${vikunja_extra_domain}/auth/openid/" + providers: + - name: Stackspin + authurl: "https://${hydra_domain}/" + clientid: "${client_id}" + clientsecret: "${client_secret}" + local: + enabled: false + mailer: + enabled: "${outgoing_mail_enabled}" + host: "${outgoing_mail_smtp_host}" + port: "${outgoing_mail_smtp_port}" + username: "${outgoing_mail_smtp_user}" + password: "${outgoing_mail_smtp_password}" + fromemail: "${outgoing_mail_from_address}" + forcessl: true + service: + #rootpath: "/app/vikunja" + #frontendurl: "https://${vikunja_extra_domain}" + timezone: "CET" + JWTSecret: "${jwt}" + motd: "Welcome to ${domain_extra}!" + database: + type: postgres + host: vikunja-postgresql + password: "${postgresql_password}" + # https://vikunja.io/docs/config-options/#log + log: + standard: stderr + level: debug + databaselevel: debug + mail: stderr + maillevel: debug + defaultsettings: + avatar_provider: gravatar + discoverable_by_name: true + discoverable_by_email: true + week_start: 1 + timezone: CET + # TODO default_project_id + global: + labels: + stackspin.net/backupSet: "vikunja-extra" + podLabels: + stackspin.net/backupSet: "vikunja-extra" + podAnnotations: + backup.velero.io/backup-volumes: "data" + postgresql: + enabled: true + commonLabels: + stackspin.net/backupSet: "vikunja-extra" + global: + postgresql: + auth: + database: vikunja + username: vikunja + password: "${postgresql_password}" + postgresPassword: "${postgresql_admin_password}" + primary: + persistence: + existingClaim: vikunja-extra-postgres + podAnnotations: + backup.velero.io/backup-volumes: "data" + typesense: + enabled: false diff --git a/apps/do/vikunja-secrets/vikunja-kustomization-variables.yaml b/apps/do/vikunja-secrets/vikunja-kustomization-variables.yaml index f759ca9..9ac866d 100644 --- a/apps/do/vikunja-secrets/vikunja-kustomization-variables.yaml +++ b/apps/do/vikunja-secrets/vikunja-kustomization-variables.yaml @@ -5,3 +5,4 @@ metadata: namespace: flux-system data: vikunja_domain: do.${domain} + vikunja_extra_domain: do.${domain_extra}