Compare revisions

07fe2770 · 07fe2770 · 07fe2770 · 07fe2770 · 07fe2770 · 07fe2770
--- a/apps/flow/n8n/n8n-oauth-client.yaml
+++ b/apps/flow/n8n/n8n-oauth-client.yaml
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: n8n-oauth-client
+  # Has to live in the same namespace as the stackspin-n8n-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-n8n-oauth-variables
+  #redirectUris:
+  #  - https://${n8n_domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post
--- a/apps/flow/n8n/n8n-pvc.yaml
+++ b/apps/flow/n8n/n8n-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: n8n-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "n8n"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
--- a/apps/flow/n8n/n8n-release.yaml
+++ b/apps/flow/n8n/n8n-release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: n8n
+  namespace: stackspout
+spec:
+  releaseName: n8n
+  chart:
+    spec:
+      chart: n8n
+      version: 0.20.1
+      sourceRef:
+        kind: HelmRepository
+        name: 8gears
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-n8n-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-n8n-override
+      optional: true
+    - kind: Secret
+      name: stackspin-n8n-override
+      optional: true
--- a/apps/flow/n8n/n8n-values-configmap.yaml
+++ b/apps/flow/n8n/n8n-values-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-n8n-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # https://github.com/8gears/n8n-helm-chart/blob/master/values.yaml
+    n8n:
+      encryption_key: "${encryption_key}"
+
+    commonLabels:
+      stackspin.net/backupSet: "n8n"
+    podLabels:
+      stackspin.net/backupSet: "n8n"
+    podAnnotations:
+      backup.velero.io/backup-volumes: "data"
+
+    persistence:
+      enabled: true
+      type: existing
+      existingClaim: "n8n-data"
+
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "${n8n_domain}"
+          paths: [ "/" ]
+      tls:
+        - secretName: n8n-tls
+          hosts:
+            - "${n8n_domain}"
+
+    config:
+      database:
+        type: sqlite
+      host: "${n8n_domain}"
+      port: 443
+      protocol: https
+      generic:
+        timezone: "Europe/Berlin"
+
+    # TODO Adjust n8n Mailing config
+    #    mailer:
+    #      enabled: "${outgoing_mail_enabled}"
+    #      host: "${outgoing_mail_smtp_host}"
+    #      port: "${outgoing_mail_smtp_port}"
+    #      username: "${outgoing_mail_smtp_user}"
+    #      password: "${outgoing_mail_smtp_password}"
+    #      fromemail: "${outgoing_mail_from_address}"
+    # TODO Adjust n8n OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
--- a/apps/forge-kustomization.yaml
+++ b/apps/forge-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-forge
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/forge
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/forge/forgejo-kustomization.yaml
+++ b/apps/forge/forgejo-kustomization.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: forgejo
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/forge/forgejo
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: forgejo-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-forgejo-kustomization-variables
+      - kind: Secret
+        name: stackspin-forgejo-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-forgejo-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
+      - kind: ConfigMap
+        name: stackspin-dashboard-kustomization-variables
--- a/apps/forge/forgejo-secrets-kustomization.yaml
+++ b/apps/forge/forgejo-secrets-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: forgejo-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/forge/forgejo-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/forge/forgejo-secrets/forgejo-kustomization-variables.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-kustomization-variables.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-forgejo-kustomization-variables
+  namespace: flux-system
+data:
+  forgejo_domain: forge.${domain}
--- a/apps/forge/forgejo-secrets/forgejo-oauth-secret.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-oauth-secret.yaml
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-forgejo-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: forgejo
+  fields:
+  - fieldName: client_secret
+    length: "32"
--- a/apps/forge/forgejo-secrets/forgejo-variables.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-variables.yaml
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-forgejo-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldName: postgresql_password
+  - fieldName: postgresql_admin_password
--- a/apps/forge/forgejo/forgejo-data-pvc.yaml
+++ b/apps/forge/forgejo/forgejo-data-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "forgejo"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
--- a/apps/forge/forgejo/forgejo-oauth-client.yaml
+++ b/apps/forge/forgejo/forgejo-oauth-client.yaml
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: forgejo-oauth-client
+  # Has to live in the same namespace as the stackspin-*-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-forgejo-oauth-variables
+  redirectUris:
+    - https://forge.${domain}/user/oauth2/Stackspin/callback
+  tokenEndpointAuthMethod: client_secret_post
--- a/apps/forge/forgejo/forgejo-postgres-pvc.yaml
+++ b/apps/forge/forgejo/forgejo-postgres-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: forgejo-postgres
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "forgejo"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
--- a/apps/forge/forgejo/forgejo-release.yaml
+++ b/apps/forge/forgejo/forgejo-release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: forgejo
+  namespace: stackspout
+spec:
+  releaseName: forgejo
+  chart:
+    spec:
+      # https://codeberg.org/forgejo-contrib/-/packages/container/forgejo
+      chart: forgejo
+      version: 1.1.5
+      sourceRef:
+        kind: HelmRepository
+        name: forgejo
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-forgejo-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-forgejo-override
+      optional: true
+    - kind: Secret
+      name: stackspin-forgejo-override
+      optional: true
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-forgejo-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+        nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+      hosts:
+        - host: "forge.${domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: forgejo-tls
+          hosts:
+            - "forge.${domain}"
+    gitea:
+      admin:
+        username: "forgejo"
+        email: "${admin_email}"
+        password: "${password}"
+      # https://codeberg.org/forgejo-contrib/forgejo-helm#oauth2-settings
+      oauth:
+        - name: Stackspin
+          provider: "openidConnect"
+          key: "${client_id}"
+          secret: "${client_secret}"
+          autoDiscoverUrl: "https://${hydra_domain}/.well-known/openid-configuration"
+          iconUrl: "https://${dashboard_domain}/favicon-32x32.png"
+      # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
+      config:
+        database:
+          DB_TYPE: postgres
+        session:
+          PROVIDER: db
+        cache:
+          ADAPTER: memory
+        queue:
+          TYPE: level
+        indexer:
+          ISSUE_INDEXER_TYPE: bleve
+          REPO_INDEXER_ENABLED: true
+
+        APP_NAME: "Forge for ${org_name}"
+        repository:
+          DEFAULT_PUSH_CREATE_PRIVATE: false
+          ENABLE_PUSH_CREATE_USER: true
+          ENABLE_PUSH_CREATE_ORG: true
+          DEFAULT_REPO_UNITS: [repo.code,repo.releases,repo.issues,repo.pulls]
+          MAX_CREATION_LIMIT: 99
+        server:
+          ROOT_URL: "https://forge.${domain}"
+          LANDING_PAGE: login
+        openid:
+          ENABLE_OPENID_SIGNUP: true
+        service:
+          DISABLE_REGISTRATION: false
+          ALLOW_ONLY_EXTERNAL_REGISTRATION: true
+        log:
+          LEVEL: "Debug"
+      podAnnotations:
+        backup.velero.io/backup-volumes: "data"
+    persistence:
+      enabled: true
+      mount: true
+      create: false
+      claimName: forgejo-data
+      labels:
+        stackspin.net/backupSet: "forgejo"
+    deployment:
+      labels:
+        stackspin.net/backupSet: "forgejo"
+    podLabels:
+      stackspin.net/backupSet: "forgejo"
+
+    redis-cluster:
+      enabled: false
+    postgresql-ha:
+      enabled: false
+    postgresql:
+      enabled: true
+      image:
+        tag: "11-debian-11"
+      commonLabels:
+        stackspin.net/backupSet: "forgejo"
+      global:
+        postgresql:
+          auth:
+            database: gitea
+            username: gitea
+            password: gitea # "${postgresql_password}"
+            postgresPassword: "${postgresql_admin_password}"
+      primary:
+        podAnnotations:
+          backup.velero.io/backup-volumes: "data"
+        persistence:
+          existingClaim: forgejo-postgres
+
+    service:
+      ssh:
+        type: LoadBalancer
+        hostPort: 22
+        externalTrafficPolicy: "Cluster"
+        loadBalancerIP: "${ip_address}"
+        annotations:
+          metallb.universe.tf/allow-shared-ip: "share-ipv4"
--- a/apps/forge/kustomization.yaml
+++ b/apps/forge/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - forgejo-kustomization.yaml
+  - forgejo-secrets-kustomization.yaml
--- a/apps/generate-kustomizations.sh
+++ b/apps/generate-kustomizations.sh
+#!/bin/sh -e
+# Generates kubernetes kustomizations for given directories or all subdirectories
+if test $# -gt 0
+then for dir; do
+	{ echo 'apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:'
+	find $dir -maxdepth 1 -type f -name "*.yaml" -not -name "kustomization.yaml" -printf "  - %f\n"; } | tee $dir/kustomization.yaml
+	done
+else
+	find -mindepth 1 -maxdepth 1 -type d | while read dir
+		do echo "[4m$dir[0m"
+			$0 "$dir"
+		done
+fi
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ninja-kustomization.yaml
+  - do-kustomization.yaml
+  - forge-kustomization.yaml
+  - support-kustomization.yaml
+  - flow-kustomization.yaml
+  - meet-kustomization.yaml
+  - status-kustomization.yaml
+  - design-kustomization.yaml
+  #- sprint-kustomization.yaml #charts outdated
+  #- video-kustomization.yaml #missing storage
--- a/apps/meet-kustomization.yaml
+++ b/apps/meet-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-meet
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/meet
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/meet/calcom-kustomization.yaml
+++ b/apps/meet/calcom-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: calcom
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/meet/calcom
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: calcom-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-calcom-kustomization-variables
+      - kind: Secret
+        name: stackspin-calcom-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-calcom-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
No results found