diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index c508a9ca42b3be00acc6ee6833f0ae8a30622208..0b47f8dc8de1057d3d9db5baaacb4cb2aabb4cca 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -20,6 +20,12 @@ onlyoffice_jwt_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoff
onlyoffice_postgresql_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_postgresql_password chars=ascii_letters') }}"
onlyoffice_rabbitmq_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_rabbitmq_password chars=ascii_letters') }}"
+# Rocketchat credentials
+rocketchat_mongodb_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_mongodb_password chars=ascii_letters') }}"
+rocketchat_mongodb_root_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_mongodb_root_password chars=ascii_letters') }}"
+rocketchat_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/rocketchat_admin_password chars=ascii_letters') }}"
+
+# Grafana credentials
grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafana_admin_password chars=ascii_letters') }}"
# git repo versions
diff --git a/ansible/group_vars/all/settings.yml.example b/ansible/group_vars/all/settings.yml.example
index f5ad5d7252966b3b7726b17fd2c4dbf585e00cf0..b7d05d5c9e17dea992476d2ea670cb7574a7ff9e 100644
--- a/ansible/group_vars/all/settings.yml.example
+++ b/ansible/group_vars/all/settings.yml.example
@@ -19,6 +19,10 @@ helmfiles:
- 05-cert-manager
- 10-nginx
- 15-monitoring
+# This setting makes Flux use a local git repository to see if apps need
+# updated. In the future this should only be enabled on development machines,
+# but at the moment it's te only option
+local_flux: true
# Optional, custom rke config.
# I.e. you can set the desired Kubernetes version but please be aware of
diff --git a/ansible/roles/apps/tasks/init.yml b/ansible/roles/apps/tasks/init.yml
index a1cd66afc8b512e55566f1be081f71679bb6cf17..ddfec9dace6cbbda512cea2ed9b229161f6769a2 100644
--- a/ansible/roles/apps/tasks/init.yml
+++ b/ansible/roles/apps/tasks/init.yml
@@ -20,7 +20,6 @@
- name: Create value overrides directory
tags:
- config
- - oas
- nextcloud
- prometheus
- nginx
@@ -32,7 +31,6 @@
tags:
- config
- helmfile
- - oas
- nextcloud
- prometheus
- nginx
diff --git a/ansible/roles/apps/tasks/main.yml b/ansible/roles/apps/tasks/main.yml
index 10de1819a8f9b1c23c40f549f10e2262c94f2207..a2ca1d070df18821f1d4df3be5f33e6e2ba92e20 100644
--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
@@ -28,5 +28,8 @@
tags: [ helmfile ]
when: '"15-monitoring" in helmfiles'
+- name: Tasks pertaining to Rocket.chat
+ import_tasks: rocketchat.yml
+
- name: Tasks pertaining to NextCloud
import_tasks: nextcloud.yml
diff --git a/ansible/roles/apps/tasks/nextcloud.yml b/ansible/roles/apps/tasks/nextcloud.yml
index 1b6047647c34a46d0a7f88d6fc044f3266f783ea..fea230ef46b86eb087cd45007bb4f9dc05fad855 100644
--- a/ansible/roles/apps/tasks/nextcloud.yml
+++ b/ansible/roles/apps/tasks/nextcloud.yml
@@ -4,7 +4,6 @@
tags:
- config
- flux
- - oas
- nextcloud
k8s:
state: present
diff --git a/ansible/roles/apps/tasks/rocketchat.yml b/ansible/roles/apps/tasks/rocketchat.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c090a8667050b43919717237859a551f6ee89ce1
--- /dev/null
+++ b/ansible/roles/apps/tasks/rocketchat.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Create Kubernetes secret with Rocketchat values
+ tags:
+ - config
+ - flux
+ - rocketchat
+ k8s:
+ state: present
+ definition:
+ api_version: v1
+ kind: Secret
+ metadata:
+ namespace: "oas-apps"
+ name: "oas"
+ data:
+ rocketchat.yaml: "{{ lookup('template','secrets.rocketchat.yaml') | b64encode }}"
+
diff --git a/ansible/roles/apps/templates/secrets.rocketchat.yaml b/ansible/roles/apps/templates/secrets.rocketchat.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f33a1032ee8c56092e0ebc17d61e9a0081d282b5
--- /dev/null
+++ b/ansible/roles/apps/templates/secrets.rocketchat.yaml
@@ -0,0 +1,28 @@
+# Hostname for Rocket.chat
+host: "chat.{{ domain }}"
+
+# Extra environment variables for Rocket.Chat. Used with tpl function, so this
+# needs to be a string
+extraEnv: |
+ ADMIN_USERNAME: admin
+ ADMIN_PASS: "{{ rocketchat_admin_password }}"
+ ADMIN_EMAIL: "{{ admin_email }}"
+
+ingress:
+ enabled: true
+ annotations:
+ # Tell cert-manager to automatically get a TLS certificate
+ kubernetes.io/tls-acme: "true"
+ tls:
+ - hosts:
+ - "chat.{{ domain }}"
+ secretName: oas-rocketchat
+
+# Use 2 GB of storage for NC storage (maybe make configurable later?)
+persistence:
+ enabled: true
+ size: 2Gi
+
+mongodb:
+ mongodbRootPassword: "{{ rocketchat_mongodb_root_password }}"
+ mongodbPassword: "{{ rocketchat_mongodb_password }}"
diff --git a/ansible/roles/local-flux/tasks/main.yml b/ansible/roles/local-flux/tasks/main.yml
index 00e5a4257ff302478c78db13ab37d3269de8550e..4bf719ff6a91e77be5a29e5a8d5616593fb10a93 100644
--- a/ansible/roles/local-flux/tasks/main.yml
+++ b/ansible/roles/local-flux/tasks/main.yml
@@ -66,7 +66,7 @@
- name: Install local-flux helm chart
tags:
- flux
- shell: helm install --namespace=oas --name=local-flux /var/lib/OpenAppStack/source/local-flux
+ shell: helm upgrade --install --namespace=oas local-flux /var/lib/OpenAppStack/source/local-flux
vars:
repo: "/var/lib/OpenAppStack/local-flux"
diff --git a/flux/rocketchat.yaml b/flux/rocketchat.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..02a0b01993cfb4d92fd5fa1c85d540affd7cf960
--- /dev/null
+++ b/flux/rocketchat.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+ name: rocketchat
+ namespace: oas-apps
+ annotations:
+ flux.weave.works/automated: "false"
+spec:
+ releaseName: rocketchat
+ chart:
+ repository: https://kubernetes-charts.storage.googleapis.com/
+ name: rocketchat
+ version: 2.0.0
+ valuesFrom:
+ - secretKeyRef:
+ name: oas
+ key: rocketchat.yaml
+ timeout: 300
+