From 3c02297cab9d168884f1edfdc0df615735da35f2 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Mon, 27 Jun 2022 21:37:14 +0100
Subject: [PATCH] vikunja: create subdirectory with ConfigMap and OAuth2Client

---
 .../stackspout/do/vikunja-oauth-client.yaml   | 21 +++++++++
 basic/apps/stackspout/do/vikunja-release.yaml | 27 ++++++++++++
 .../do/vikunja-values-configmap.yaml          | 37 ++++++++++++++++
 basic/apps/stackspout/vikunja-release.yaml    | 44 -------------------
 basic/install.sh                              |  3 ++
 5 files changed, 88 insertions(+), 44 deletions(-)
 create mode 100644 basic/apps/stackspout/do/vikunja-oauth-client.yaml
 create mode 100644 basic/apps/stackspout/do/vikunja-release.yaml
 create mode 100644 basic/apps/stackspout/do/vikunja-values-configmap.yaml
 delete mode 100644 basic/apps/stackspout/vikunja-release.yaml

diff --git a/basic/apps/stackspout/do/vikunja-oauth-client.yaml b/basic/apps/stackspout/do/vikunja-oauth-client.yaml
new file mode 100644
index 0000000..db05121
--- /dev/null
+++ b/basic/apps/stackspout/do/vikunja-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: vikunja-oauth-client
+  # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-vikunja-oauth-variables
+  redirectUris:
+    - https://do.${domain}/oauth/openid/
+  tokenEndpointAuthMethod: client_secret_post
diff --git a/basic/apps/stackspout/do/vikunja-release.yaml b/basic/apps/stackspout/do/vikunja-release.yaml
new file mode 100644
index 0000000..98bc0a2
--- /dev/null
+++ b/basic/apps/stackspout/do/vikunja-release.yaml
@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: vikunja
+  namespace: stackspout
+spec:
+  releaseName: vikunja
+  chart:
+    spec:
+      chart: vikunja
+      version: 5.5.3
+      sourceRef:
+        kind: HelmRepository
+        name: k8s-at-home
+        namespace: stackspout
+  interval: 10m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-vikunja-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-vikunja-override
+      optional: true
+    - kind: Secret
+      name: stackspin-vikunja-override
+      optional: true
diff --git a/basic/apps/stackspout/do/vikunja-values-configmap.yaml b/basic/apps/stackspout/do/vikunja-values-configmap.yaml
new file mode 100644
index 0000000..cbc3f22
--- /dev/null
+++ b/basic/apps/stackspout/do/vikunja-values-configmap.yaml
@@ -0,0 +1,37 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-vikunja-values
+  namespace: stackspout
+data:
+  # Defaults: https://github.com/k8s-at-home/charts/blob/master/charts/stable/vikunja/values.yaml
+  # Inherits: https://github.com/k8s-at-home/library-charts/blob/main/charts/stable/common/values.yaml
+  values.yaml: |
+    vikunja:
+      config: |-
+        auth:
+          openid:
+            # https://vikunja.io/docs/config-options/#openid
+            # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312
+            enabled: true
+            providers:
+              - name: Stackspin
+                authurl: "https://sso.${domain}"
+                clientid: vikunja
+                clientsecret: "${client_secret}"
+          local:
+            enabled: false
+    ingress:
+      main:
+        enabled: true
+        primary: false
+        hosts:
+          - host: "https://do.${domain}"
+            paths:
+               - path: /
+                 pathType: Prefix
+        tls:
+          - secretName: vikunja
+            hosts:
+              - "https://do.${domain}"
diff --git a/basic/apps/stackspout/vikunja-release.yaml b/basic/apps/stackspout/vikunja-release.yaml
deleted file mode 100644
index 8995cba..0000000
--- a/basic/apps/stackspout/vikunja-release.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: vikunja
-  namespace: stackspout
-spec:
-  releaseName: vikunja
-  chart:
-    spec:
-      chart: vikunja
-      version: 5.5.3
-      sourceRef:
-        kind: HelmRepository
-        name: k8s-at-home
-        namespace: stackspout
-  interval: 10m
-  values:
-    # https://github.com/k8s-at-home/charts/blob/master/charts/stable/vikunja/values.yaml
-    vikunja:
-      # TODO https://vikunja.io/docs/config-options/#openid
-      config: |-
-        auth:
-          local:
-            enabled: true
-          openid:
-            enabled: true
-            providers:
-              - name: Stackspin
-                authurl: "https://sso.${domain}"
-                clientid: vikunja
-                clientsecret: "${client_secret}"
-    ingress:
-      main:
-        enabled: true
-        primary: false
-        hosts:
-          - host: do.ftt.gmbh
-            paths:
-               - path: /
-                 pathType: Prefix
-        tls:
-          - secretName: vikunja
-            hosts:
-              - do.ftt.gmbh
diff --git a/basic/install.sh b/basic/install.sh
index c2a73d0..93a25eb 100755
--- a/basic/install.sh
+++ b/basic/install.sh
@@ -16,3 +16,6 @@ flux create kustomization stackspout \
   --path="./basic/clusters/production/" \
   --prune=true \
   --interval=10m
+
+python ../../stackspin/install/generate_secrets.py vikunja
+python ../../stackspin/install/generate_secrets.py gitea