Go to file

xeruf 899a9c0095 overrides: raise source-controller max helm index size For truecharts: https://github.com/fluxcd/flux2/issues/4635		2024-04-03 17:53:21 +02:00
apps	apps/forge: comment out stray log key	2024-04-03 11:09:20 +02:00
infrastructure	infra: readd truecharts	2024-04-03 17:19:15 +02:00
overrides	overrides: raise source-controller max helm index size	2024-04-03 17:53:21 +02:00
.gitignore	Fix name	2022-03-31 16:51:08 +02:00
README.md	Restructure Repository	2024-01-23 22:50:41 +01:00
adopt-secrets.sh	infra: migrate secrets and rename helmrepo files	2024-02-18 10:10:58 +01:00
install.sh	Restructure Repository	2024-01-23 22:50:41 +01:00
stackspin-local-path-provisioner-override.yaml	overrides: disable defunct retain policy for local-path	2024-02-08 14:06:16 +01:00

README.md

Stackspin Outwards - Stackspout

This repository extends Stackspin with extra applications and overrides focused on business use. Once stabilized, the aim is to contribute as much upstream as possible.

Stackspout is used in day-to-day business with a double-digit user number, so all experiments happen carefully. Still, it is an experimental offering.

Tools

Useful tools for administration:

my stack CLI helper, currently part of my dotfiles: https://git.jfischer.org/xeruf/dotfiles/src/branch/main/.config/shell/server#L11
stackspin docs: https://docs.stackspin.net/en/v2/system_administration/customizing.html

Guide: Creating OAuth Credentials for an external service

add a line in install.sh and run it to generate the secret (TODO: Update to new stackspin mechanism)
append another OAuth2Client definition to overrides/oauth-clients.yaml, adjusting metadata.name and spec.secretName as well as spec.redirectUris
apply changes to the cluster

obtain the generated client_secret for your application from kubernetes:

kubectl get secret -n flux-system stackspin-APP-oauth-variables --template '{{.data.client_secret}}' | base64 -d

with client_id:

kubectl get secret -n flux-system stackspin-APP-oauth-variables --template '{{.data.client_id}}{{"\n"}}{{.data.client_secret}}{{"\n"}}' | while read in; do echo $in | base64 -d; echo; done

Customizations

Overrides

Adds many Nextcloud extensions and some configuration -> most notably external to add Applications into Nextcloud as hub
Add Email Auth back to Zulip so guests can be invited

New Applications

below list is formatted as:

subdomain: Service (helmrepo, if not provided by the service authors)

Stable including Single-Sign-On

dev: Gitea (TODO: Forgej)
do: Vikunja (k8s-at-home - migrating to creators chart)
ninja: InvoiceNinja (No SSO)

In Development

people: SuiteCRM (bitnami repo)
time: Kimai (robjuz repo)

Planned

meet: Jitsi Meet
wiki: Wiki (maybe wikijs, but I'd like something that integrated with Nextcloud and Markdown/Orgdown)

Ideas

link: URL Shortener
connect: Bonfire

Issues to Tackle

generate_secrets.py was copied from Stackpin -> new mechanism

Functionally

Nextcloud too slow - add Redis?
Preconfigure user settings in Nextcloud, Vikunja and more

Setup

Warning: Lots of experiments happening here!

First install Stackspin. Then apply the configuration to your cluster:

install.sh

Done! Note that the added applications are currently only toggled via repository changes and integration with Stackspin mechanisms is very rudimentary. To list the central resource related to this repo:

kubectl get gitrepositories -A
kubectl get kustomization -A -o=jsonpath='{.items[?(@.spec.sourceRef.name=="stackspout")].metadata.name}'
kubectl -n stackspout get helmreleases
kubectl -n stackspout get pods

But there are also ConfigMaps, Secrets, StatefulSets, PVCs, Helmrepos and more...