diff --git a/apps/do/do-test/vikunja-values-configmap.yaml b/apps/do/do-test/vikunja-values-configmap.yaml deleted file mode 100644 index 530ecce..0000000 --- a/apps/do/do-test/vikunja-values-configmap.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: stackspin-vikunja-test-values - namespace: stackspout -data: - # https://github.com/truecharts/charts/blob/master/charts/stable/vikunja/values.yaml - values.yaml: | - frontend: - image: - tag: unstable - pullPolicy: Always - ingress: - main: - enabled: true - annotations: - kubernetes.io/tls-acme: "true" - hosts: - - host: "do-test.${domain}" - paths: - - path: / - pathType: Prefix - tls: - - secretName: vikunja-test-tls - hosts: - - "do-test.${domain}" - api: - image: - tag: unstable - pullPolicy: Always - ingress: - main: - enabled: true - annotations: - kubernetes.io/tls-acme: "true" - hosts: - - host: "do-test.${domain}" - paths: - - path: / - pathType: Prefix - tls: - - secretName: vikunja-test-tls - hosts: - - "do-test.${domain}" - configMaps: - config: - data: - config.yml: |- - auth: - openid: - # https://vikunja.io/docs/config-options/#openid - # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312 - enabled: true - redirecturl: "https://do-test.${domain}/auth/openid/" - providers: - - name: Stackspin - authurl: "https://${hydra_domain}/" - clientid: "${client_id}" - clientsecret: "${client_secret}" - service: - frontendurl: "https://do-test.${domain}" - motd: "This is a test instance, do not use for production data as it can vanish without notice! Use Stackspin login, as usual." - timezone: "CET" - JWTSecret: "${jwt}" - database: - type: postgres - host: vikunja-test-postgresql - password: "${postgresql_password}" - log: - path: "/app/vikunja" - http: stdout - database: stderr - databaselevel: debug - defaultsettings: - avatar_provider: gravatar - discoverable_by_name: true - discoverable_by_email: true - week_start: 1 - timezone: CET - # TODO default_project_id - #persistence: - # files: - # labels: - # stackspin.net/backupSet: "vikunja" - postgresql: - enabled: true - global: - postgresql: - database: vikunja - username: vikunja - password: "${postgresql_password}" - persistence: - enabled: true - existingClaim: vikunja-postgres - typesense: - enabled: false diff --git a/apps/flow/n8n/n8n-release.yaml b/apps/flow/n8n/n8n-release.yaml index b3383e9..888271b 100644 --- a/apps/flow/n8n/n8n-release.yaml +++ b/apps/flow/n8n/n8n-release.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: n8n - version: 1.0 # TODO + version: 0.20.1 sourceRef: kind: HelmRepository name: n8n diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 69637b8..601d79b 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -4,6 +4,7 @@ resources: - ninja-kustomization.yaml - do-kustomization.yaml - forge-kustomization.yaml - - flow-kustomization.yaml - support-kustomization.yaml + - flow-kustomization.yaml - people-kustomization.yaml + - meet-kustomization.yaml diff --git a/apps/meet-kustomization.yaml b/apps/meet-kustomization.yaml new file mode 100644 index 0000000..494a071 --- /dev/null +++ b/apps/meet-kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: add-meet + namespace: flux-system +spec: + interval: 10m + prune: true + path: ./apps/meet + sourceRef: + kind: GitRepository + name: stackspout diff --git a/apps/meet/calcom-kustomization.yaml b/apps/meet/calcom-kustomization.yaml new file mode 100644 index 0000000..7fd0742 --- /dev/null +++ b/apps/meet/calcom-kustomization.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: calcom + namespace: flux-system +spec: + interval: 5m + retryInterval: 2m + timeout: 10m + wait: true + prune: true + path: ./apps/meet/calcom + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: local-path-provisioner + - name: calcom-secrets + - name: nginx + - name: single-sign-on + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-calcom-kustomization-variables + - kind: Secret + name: stackspin-calcom-variables + # OIDC + - kind: Secret + name: stackspin-calcom-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/meet/calcom-secrets-kustomization.yaml b/apps/meet/calcom-secrets-kustomization.yaml new file mode 100644 index 0000000..7e22b94 --- /dev/null +++ b/apps/meet/calcom-secrets-kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: calcom-secrets + namespace: flux-system +spec: + interval: 5m + timeout: 4m + wait: true + prune: true + path: ./apps/meet/calcom-secrets + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: secrets-controller + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables diff --git a/apps/meet/calcom-secrets/calcom-kustomization-variables.yaml b/apps/meet/calcom-secrets/calcom-kustomization-variables.yaml new file mode 100644 index 0000000..fb86b0b --- /dev/null +++ b/apps/meet/calcom-secrets/calcom-kustomization-variables.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-calcom-kustomization-variables + namespace: flux-system +data: + calcom_domain: meet.${domain} diff --git a/apps/meet/calcom-secrets/calcom-oauth-secret.yaml b/apps/meet/calcom-secrets/calcom-oauth-secret.yaml new file mode 100644 index 0000000..6115fb2 --- /dev/null +++ b/apps/meet/calcom-secrets/calcom-oauth-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-calcom-oauth-variables + namespace: flux-system +spec: + data: + client_id: calcom + fields: + - fieldName: client_secret + length: "32" diff --git a/apps/meet/calcom-secrets/calcom-variables.yaml b/apps/meet/calcom-secrets/calcom-variables.yaml new file mode 100644 index 0000000..5723041 --- /dev/null +++ b/apps/meet/calcom-secrets/calcom-variables.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-calcom-variables + namespace: flux-system +spec: + # DATABASE_URL + # NEXT_PUBLIC_WEBAPP_URL + fields: + - fieldname: postgresql_password + - fieldname: postgresql_postgres_password + - fieldName: NEXTAUTH_SECRET + - fieldName: CALENDSO_ENCRYPTION_KEY diff --git a/apps/do/do-test/vikunja-oauth-client.yaml b/apps/meet/calcom/calcom-oauth-client.yaml similarity index 55% rename from apps/do/do-test/vikunja-oauth-client.yaml rename to apps/meet/calcom/calcom-oauth-client.yaml index a819967..0ca12ee 100644 --- a/apps/do/do-test/vikunja-oauth-client.yaml +++ b/apps/meet/calcom/calcom-oauth-client.yaml @@ -1,8 +1,8 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: - name: vikunja-test-oauth-client - # Has to live in the same namespace as the stackspin-*-oauth-variables secret + name: calcom-oauth-client + # Has to live in the same namespace as the stackspin-calcom-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak @@ -15,7 +15,7 @@ spec: - id_token - code scope: "openid profile email stackspin_roles" - secretName: stackspin-vikunja-test-oauth-variables - redirectUris: - - https://do-test.${domain}/auth/openid/stackspin - tokenEndpointAuthMethod: client_secret_post + secretName: stackspin-calcom-oauth-variables + #redirectUris: + # - https://${calcom_domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post diff --git a/apps/do/do-test/vikunja-postgres-pvc.yaml b/apps/meet/calcom/calcom-postgres-pvc.yaml similarity index 75% rename from apps/do/do-test/vikunja-postgres-pvc.yaml rename to apps/meet/calcom/calcom-postgres-pvc.yaml index bb3d3ef..fd56de0 100644 --- a/apps/do/do-test/vikunja-postgres-pvc.yaml +++ b/apps/meet/calcom/calcom-postgres-pvc.yaml @@ -1,8 +1,10 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: vikunja-test-postgres + name: calcom-postgres namespace: stackspout + labels: + stackspin.net/backupSet: "calcom" spec: accessModes: - ReadWriteOnce diff --git a/apps/do/do-test/vikunja-release.yaml b/apps/meet/calcom/calcom-release.yaml similarity index 56% rename from apps/do/do-test/vikunja-release.yaml rename to apps/meet/calcom/calcom-release.yaml index 0d02bc8..1fa8156 100644 --- a/apps/do/do-test/vikunja-release.yaml +++ b/apps/meet/calcom/calcom-release.yaml @@ -1,30 +1,27 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: vikunja-test + name: calcom namespace: stackspout spec: - releaseName: vikunja-test + releaseName: calcom chart: spec: - chart: vikunja - version: 0.4.1 + chart: calcom-stack + version: 0.1.6 sourceRef: kind: HelmRepository - name: vikunja + name: calcom namespace: flux-system interval: 5m valuesFrom: - kind: ConfigMap - name: stackspin-vikunja-values - optional: false - - kind: ConfigMap - name: stackspin-vikunja-test-values + name: stackspout-calcom-values optional: false # Allow overriding values by ConfigMap or Secret - kind: ConfigMap - name: stackspin-vikunja-override + name: stackspout-calcom-override optional: true - kind: Secret - name: stackspin-vikunja-override + name: stackspout-calcom-override optional: true diff --git a/apps/meet/calcom/calcom-values-configmap.yaml b/apps/meet/calcom/calcom-values-configmap.yaml new file mode 100644 index 0000000..60b4ed3 --- /dev/null +++ b/apps/meet/calcom/calcom-values-configmap.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-calcom-values + namespace: stackspout +data: + values.yaml: | + postgresql: + enabled: true + commonLabels: + stackspin.net/backupSet: "calcom" + #global: + # postgresql: + auth: + database: calcom + username: calcom + password: "${postgresql_password}" + postgresPassword: "${postgresql_postgres_password}" + primary: + persistence: + existingClaim: calcom-postgres + podAnnotations: + backup.velero.io/backup-volumes: "data" + + calcom: + secretRef: "stackspin-calcom-variables" + commonLabels: + stackspin.net/backupSet: "calcom" + podLabels: + stackspin.net/backupSet: "calcom" + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "${calcom_domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: calcom-tls + hosts: + - "${calcom_domain}" + + # TODO Adjust calcom Mailing config + # mailer: + # enabled: "${outgoing_mail_enabled}" + # host: "${outgoing_mail_smtp_host}" + # port: "${outgoing_mail_smtp_port}" + # username: "${outgoing_mail_smtp_user}" + # password: "${outgoing_mail_smtp_password}" + # fromemail: "${outgoing_mail_from_address}" + # TODO Adjust calcom OpenID Connect Single Sign-On Configuration + # - name: Stackspin + # key: "${client_id}" + # secret: "${client_secret}" + # autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration' diff --git a/apps/meet/kustomization.yaml b/apps/meet/kustomization.yaml new file mode 100644 index 0000000..eab4097 --- /dev/null +++ b/apps/meet/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - calcom-kustomization.yaml + - calcom-secrets-kustomization.yaml diff --git a/apps/people-kustomization.yaml b/apps/people-kustomization.yaml index 83563d0..dd2c4e2 100644 --- a/apps/people-kustomization.yaml +++ b/apps/people-kustomization.yaml @@ -1,17 +1,3 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: add-people - namespace: flux-system -spec: - interval: 10m - prune: true - path: ./apps/people - sourceRef: - kind: GitRepository - name: stackspout ---- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: diff --git a/apps/support/zammad/zammad-release.yaml b/apps/support/zammad/zammad-release.yaml index d259618..849ed39 100644 --- a/apps/support/zammad/zammad-release.yaml +++ b/apps/support/zammad/zammad-release.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: zammad - version: + version: 10.3.0 sourceRef: kind: HelmRepository name: zammad diff --git a/apps/video-kustomization.yaml b/apps/video-kustomization.yaml new file mode 100644 index 0000000..6fb3d5f --- /dev/null +++ b/apps/video-kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: add-video + namespace: flux-system +spec: + interval: 10m + prune: true + path: ./apps/video + sourceRef: + kind: GitRepository + name: stackspout diff --git a/apps/video/kustomization.yaml b/apps/video/kustomization.yaml new file mode 100644 index 0000000..ce07ad7 --- /dev/null +++ b/apps/video/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - peertube-kustomization.yaml + - peertube-secrets-kustomization.yaml diff --git a/apps/video/peertube-kustomization.yaml b/apps/video/peertube-kustomization.yaml new file mode 100644 index 0000000..64e6d77 --- /dev/null +++ b/apps/video/peertube-kustomization.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: peertube + namespace: flux-system +spec: + interval: 5m + retryInterval: 2m + timeout: 10m + wait: true + prune: true + path: ./apps/video/peertube + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: local-path-provisioner + - name: peertube-secrets + - name: nginx + - name: single-sign-on + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-peertube-kustomization-variables + - kind: Secret + name: stackspin-peertube-variables + # OIDC + - kind: Secret + name: stackspin-peertube-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/video/peertube-secrets-kustomization.yaml b/apps/video/peertube-secrets-kustomization.yaml new file mode 100644 index 0000000..e79ac0a --- /dev/null +++ b/apps/video/peertube-secrets-kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: peertube-secrets + namespace: flux-system +spec: + interval: 5m + timeout: 4m + wait: true + prune: true + path: ./apps/video/peertube-secrets + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: secrets-controller + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables diff --git a/apps/video/peertube-secrets/peertube-kustomization-variables.yaml b/apps/video/peertube-secrets/peertube-kustomization-variables.yaml new file mode 100644 index 0000000..5057800 --- /dev/null +++ b/apps/video/peertube-secrets/peertube-kustomization-variables.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-peertube-kustomization-variables + namespace: flux-system +data: + peertube_domain: video.${domain} diff --git a/apps/video/peertube-secrets/peertube-oauth-secret.yaml b/apps/video/peertube-secrets/peertube-oauth-secret.yaml new file mode 100644 index 0000000..d6a2744 --- /dev/null +++ b/apps/video/peertube-secrets/peertube-oauth-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-peertube-oauth-variables + namespace: flux-system +spec: + data: + client_id: peertube + fields: + - fieldName: client_secret + length: "32" diff --git a/apps/video/peertube-secrets/peertube-variables.yaml b/apps/video/peertube-secrets/peertube-variables.yaml new file mode 100644 index 0000000..ca9765e --- /dev/null +++ b/apps/video/peertube-secrets/peertube-variables.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-peertube-variables + namespace: flux-system +spec: + fields: + - fieldname: password diff --git a/apps/video/peertube/peertube-oauth-client.yaml b/apps/video/peertube/peertube-oauth-client.yaml new file mode 100644 index 0000000..4ee0865 --- /dev/null +++ b/apps/video/peertube/peertube-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: peertube-oauth-client + # Has to live in the same namespace as the stackspin-peertube-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-peertube-oauth-variables + #redirectUris: + # - https://${peertube_domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post diff --git a/apps/video/peertube/peertube-pvc.yaml b/apps/video/peertube/peertube-pvc.yaml new file mode 100644 index 0000000..d6e0de9 --- /dev/null +++ b/apps/video/peertube/peertube-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: peertube-data + namespace: stackspout + labels: + stackspin.net/backupSet: "peertube" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/video/peertube/peertube-release.yaml b/apps/video/peertube/peertube-release.yaml new file mode 100644 index 0000000..cdad503 --- /dev/null +++ b/apps/video/peertube/peertube-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: peertube + namespace: stackspout +spec: + releaseName: peertube + chart: + spec: + chart: peertube + version: 1.6.0 + sourceRef: + kind: HelmRepository + name: peertube + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspout-peertube-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspout-peertube-override + optional: true + - kind: Secret + name: stackspout-peertube-override + optional: true diff --git a/apps/video/peertube/peertube-values-configmap.yaml b/apps/video/peertube/peertube-values-configmap.yaml new file mode 100644 index 0000000..44054db --- /dev/null +++ b/apps/video/peertube/peertube-values-configmap.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-peertube-values + namespace: stackspout +data: + values.yaml: | + commonLabels: + stackspin.net/backupSet: "peertube" + podLabels: + stackspin.net/backupSet: "peertube" + podAnnotations: + # TODO FIXME comma separation correct? + backup.velero.io/backup-volumes: "data,config" + + persistence: + data: + enabled: true + existingClaim: peertube-data + config: + enabled: true + existingClaim: peertube-config + + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "${peertube_domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: peertube-tls + hosts: + - "${peertube_domain}" + + resources: + requests: + cup: 2 + memory: 4Gi + + environment: + hostname: "${peertube_domain}" + # TODO database + dbHostname: your.postgresql.hostname + dbUser: peertube + dbPassword: postgres + redisHostname: redis + redisAuth: redispassword + #smtpenabled: "${outgoing_mail_enabled}" + smtpHostname: "${outgoing_mail_smtp_host}" + smtpPort: "${outgoing_mail_smtp_port}" + smtpUser: "${outgoing_mail_smtp_user}" + smtpPassword: "${outgoing_mail_smtp_password}" + smtpFrom: "${outgoing_mail_from_address}" + admin: "${outgoing_mail_from_address}" + + # TODO Adjust peertube OpenID Connect Single Sign-On Configuration + # - name: Stackspin + # key: "${client_id}" + # secret: "${client_secret}" + # autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'