apps/support/zammad/zammad-pvc.yaml

+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: zammad-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "zammad"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path

apps/support/zammad/zammad-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: zammad
+  namespace: stackspout
+spec:
+  releaseName: zammad
+  chart:
+    spec:
+      chart: zammad
+      version: # TODO
+      sourceRef:
+        kind: HelmRepository
+        name: zammad
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-zammad-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-zammad-override
+      optional: true
+    - kind: Secret
+      name: stackspin-zammad-override
+      optional: true

apps/support/zammad/zammad-values-configmap.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-zammad-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # TODO verify structure matches chart
+    ingress:
+      enabled: true
+      # Elaborate style
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "support.${domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: zammad-tls
+          hosts:
+            - "support.${domain}"
+      # Bitnami style
+      hostname: "support.${domain}"
+      tls: true
+      certManager: true
+    # TODO Configure PVC for data & database
+    # TODO Adjust zammad Mailing config
+    #    mailer:
+    #      enabled: "${outgoing_mail_enabled}"
+    #      host: "${outgoing_mail_smtp_host}"
+    #      port: "${outgoing_mail_smtp_port}"
+    #      username: "${outgoing_mail_smtp_user}"
+    #      password: "${outgoing_mail_smtp_password}"
+    #      fromemail: "${outgoing_mail_from_address}"
+    # TODO Adjust zammad OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'

apps/time/kimai-secrets/kimai-variables.yaml

+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-kimai-variables
+  namespace: flux-system
+data:
+  password: "{{ 32 | generate_password | b64encode }}"
+  secret: "{{ 32 | generate_password | b64encode }}"
+  mariadb_password: "{{ 32 | generate_password | b64encode }}"
+  mariadb_root_password: "{{ 32 | generate_password | b64encode }}"

apps/time/kimai/kimai-data-pvc.yaml

+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kimai-data
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "kimai"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path

apps/time/kimai/kimai-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kimai
+  namespace: stackspout
+spec:
+  releaseName: kimai
+  chart:
+    spec:
+      chart: kimai2
+      version: 1.3.0
+      sourceRef:
+        kind: HelmRepository
+        name: robjuz
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-kimai-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-kimai-override
+      optional: true
+    - kind: Secret
+      name: stackspin-kimai-override
+      optional: true

apps/time/kimai/kimai-values-configmap.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-kimai-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # https://github.com/robjuz/helm-charts/tree/master/charts/kimai2#parameters
+    image:
+      tag: apache-1.21.0-prod
+    kimaiAppSecret: "${secret}"
+    kimaiAdminEmail: "${admin_email}"
+    kimaiAdminPassword: "${password}"
+    kimaiMailerUrl: "smtp://${outgoing_mail_smtp_user}:${outgoing_mail_smtp_password}@${outgoing_mail_smtp_host}?encryption=tls&auth_mode=plain"
+    kimaiMailerFrom: "${outgoing_mail_from_address}"
+    ingress:
+      enabled: true
+      certManager: true
+      tls: true
+      hostname: "time.${domain}"
+    persistence:
+      existingClaim: kimai-data
+    mariadb:
+      auth:
+        password: "${mariadb_password}"
+        rootPassword: "${mariadb_root_password}"
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'

basic/apps/example/podinfo-release.yaml

-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: example-basic
-spec:
-  releaseName: podinfo
-  chart:
-    spec:
-      # https://artifacthub.io/packages/helm/podinfo/podinfo
-      chart: podinfo
-      version: 6.1.1
-      sourceRef:
-        kind: HelmRepository
-        name: podinfo
-        namespace: example-basic
-  interval: 60m
-  # Default values
-  # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml
-  values:
-    ingress:
-      enabled: true

basic/clusters/production/infrastructure-kustomization.yaml

-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
-kind: Kustomization
-metadata:
-  name: example-infrastructure
-  namespace: example-basic
-spec:
-  interval: 24h
-  sourceRef:
-    kind: GitRepository
-    name: stackspin-flux-example
-  path: ./basic/infrastructure
-  prune: true
-  validation: client

basic/infrastructure/sources/podinfo-hr.yaml

-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: podinfo
-  namespace: example-basic
-spec:
-  interval: 1h
-  url: https://stefanprodan.github.io/podinfo

basic/install.sh

-#!/usr/bin/env bash
-
-echo "Creating / updating gitRepository stackspin-flux-example-basic in namespace example-basic"
-flux create source git stackspin-flux-example \
-  --namespace=example-basic \
-  --url=https://open.greenhost.net/stackspin/stackspin-flux-example.git \
-  --branch=main \
-  --interval=1h
-
-echo "Creating / updating kustomization stackspin-flux-example in namespace example-basic"
-flux create kustomization stackspin-flux-example \
-  --namespace=example-basic \
-  --source=GitRepository/stackspin-flux-example \
-  --path="./basic/clusters/production/" \
-  --prune=true \
-  --interval=1h

basic/clusters/production/apps-kustomization.yaml → infrastructure/kustomizations/apps-kustomization.yaml

-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
-  name: examle-apps
-  namespace: example-basic
+  name: stackspout-apps
+  namespace: flux-system
 spec:
-  interval: 24h
+  interval: 10m
+  retryInterval: 1m
   sourceRef:
     kind: GitRepository
-    name: stackspin-flux-example
-  path: ./basic/apps
+    name: stackspout
+  path: ./apps
   prune: true
-  validation: client

infrastructure/kustomizations/namespace-kustomization.yaml

+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: stackspout-namespace
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./infrastructure/namespaces
+  prune: true

infrastructure/kustomizations/overrides-kustomization.yaml

+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: stackspout-overrides
+  namespace: flux-system
+spec:
+  interval: 2m
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./overrides
+  prune: true
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables

infrastructure/kustomizations/sources-kustomization.yaml

+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: stackspout-sources
+  namespace: flux-system
+spec:
+  interval: 10m
+  retryInterval: 1m
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./infrastructure/sources
+  prune: true

basic/infrastructure/namespaces/example-basic-namespace.yaml → infrastructure/namespaces/stackspout.yaml

 apiVersion: v1
 kind: Namespace
 metadata:
-  name: example-basic
+  name: stackspout

infrastructure/sources/8gears-n8n-helmrepository.yaml

+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: 8gears-n8n
+  namespace: flux-system
+spec:
+  interval: 60m
+  type: "oci"
+  url: oci://8gears.container-registry.com/library

infrastructure/sources/forgejo-helmrepository.yaml

+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: forgejo
+  namespace: flux-system
+spec:
+  interval: 60m
+  type: "oci"
+  url: oci://codeberg.org/forgejo-contrib

infrastructure/sources/gitea-helmrepository.yaml

+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: gitea
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://dl.gitea.io/charts/

infrastructure/sources/invoiceninja-helmrepository.yaml

+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: invoiceninja
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://invoiceninja.github.io/dockerfiles/