README.md

@@ -28,17 +28,16 @@ basic/install.sh
 List the resource created by this flux repo:
 
 ```sh
-kubectl -n example-basic get gitrepositories
-kubectl -n example-basic get kustomizations
-kubectl -n example-basic get helmreleases
-kubectl -n example-basic get pods
+kubectl -n stackspout get gitrepositories
+kubectl -n stackspout get kustomizations
+kubectl -n stackspout get helmreleases
+kubectl -n stackspout get pods
 ```
 
-Show output of the single app applied, [podinfo](https://github.com/stefanprodan/podinfo)
+## Customizations
 
-```sh
-curl --resolve podinfo.local:80:CLUSTER_IPV4_ADDRESS http://podinfo.local
-```
+- Nextcloud apps overrides
+- Gitea installed
 
 ## What's next ?
 

basic/apps/dev/gitea-oauth-client.yaml

+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: gitea-oauth-client
+  # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-gitea-oauth-variables
+  #redirectUris:
+  #  - https://dev.${domain}/oauth/openid/
+  tokenEndpointAuthMethod: client_secret_post

basic/apps/dev/gitea-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gitea
+  namespace: stackspout
+spec:
+  releaseName: gitea
+  chart:
+    spec:
+      chart: gitea
+      version: 5.0.4
+      sourceRef:
+        kind: HelmRepository
+        name: gitea
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-gitea-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-gitea-override
+      optional: true
+    - kind: Secret
+      name: stackspin-gitea-override
+      optional: true

basic/apps/dev/gitea-values-configmap.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-gitea-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hosts:
+        - host: "dev.${domain}"
+          paths:
+             - path: /
+               pathType: Prefix
+      tls:
+        - secretName: gitea-tls
+          hosts:
+            - "dev.${domain}"
+    gitea:
+      oauth:
+        - name: Stackspin
+          provider: 'openidConnect'
+          key: "${client_id}"
+          secret: "${client_secret}"
+          autoDiscoverUrl: 'https://sso.${domain}/.well-known/openid-configuration'

basic/apps/do/vikunja-oauth-client.yaml

+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: vikunja-oauth-client
+  # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-vikunja-oauth-variables
+  redirectUris:
+    - https://do.${domain}/oauth/openid/
+  tokenEndpointAuthMethod: client_secret_post

basic/apps/do/vikunja-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: vikunja
+  namespace: stackspout
+spec:
+  releaseName: vikunja
+  chart:
+    spec:
+      chart: vikunja
+      version: 5.5.3
+      sourceRef:
+        kind: HelmRepository
+        name: k8s-at-home
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-vikunja-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-vikunja-override
+      optional: true
+    - kind: Secret
+      name: stackspin-vikunja-override
+      optional: true

basic/apps/do/vikunja-values-configmap.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-vikunja-values
+  namespace: stackspout
+data:
+  # Defaults: https://github.com/k8s-at-home/charts/blob/master/charts/stable/vikunja/values.yaml
+  # Inherits: https://github.com/k8s-at-home/library-charts/blob/main/charts/stable/common/values.yaml
+  values.yaml: |
+    vikunja:
+      config: |-
+        auth:
+          openid:
+            # https://vikunja.io/docs/config-options/#openid
+            # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312
+            enabled: true
+            providers:
+              - name: Stackspin
+                authurl: "https://sso.${domain}/"
+                clientid: "${client_id}"
+                clientsecret: "${client_secret}"
+          local:
+            enabled: false
+    ingress:
+      main:
+        enabled: true
+        primary: false
+        annotations:
+          kubernetes.io/tls-acme: "true"
+        hosts:
+          - host: "do.${domain}"
+            paths:
+               - path: /
+                 pathType: Prefix
+        tls:
+          - secretName: vikunja
+            hosts:
+              - "do.${domain}"

basic/apps/example/podinfo-release.yaml

-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: podinfo
-  namespace: example-basic
-spec:
-  releaseName: podinfo
-  chart:
-    spec:
-      # https://artifacthub.io/packages/helm/podinfo/podinfo
-      chart: podinfo
-      version: 6.1.1
-      sourceRef:
-        kind: HelmRepository
-        name: podinfo
-        namespace: example-basic
-  interval: 60m
-  # Default values
-  # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml
-  values:
-    ingress:
-      enabled: true

basic/apps/people/suitecrm-release.yaml

+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: suitecrm
+  namespace: stackspout
+spec:
+  releaseName: suitecrm
+  chart:
+    spec:
+      chart: suitecrm
+      version: 8.1.2
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-suitecrm-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-suitecrm-override
+      optional: true
+    - kind: Secret
+      name: stackspin-suitecrm-override
+      optional: true

basic/apps/people/suitecrm-values-configmap.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-suitecrm-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    ingress:
+      enabled: true
+      annotations:
+        kubernetes.io/tls-acme: "true"
+      hostname: "people.${domain}"
+      tls: true
+      #  - secretName: suitecrm-tls
+      #    hosts:
+      #      - "people.${domain}"
+    # TODO Adjust OIDC SSO to service
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      customAuthUrl: "https://people.${domain}/login/login"

basic/clusters/production/gitea-kustomization.yaml

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: gitea
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 30m
+  dependsOn:
+    - name: single-sign-on
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./basic/apps/dev
+  prune: true
+  # TODO what does this mean?
+  #validation: client
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: gitea
+      namespace: stackspout
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: gitea
+      namespace: stackspout
+  postBuild:
+    substituteFrom:
+      #- kind: Secret
+      #  name: stackspin-gitea-variables
+      - kind: Secret
+        name: stackspin-gitea-oauth-variables
+      - kind: Secret
+        name: stackspin-cluster-variables

basic/clusters/production/infrastructure-kustomization.yaml

 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
-  name: example-infrastructure
-  namespace: example-basic
+  name: sources
+  namespace: flux-system
 spec:
-  interval: 24h
+  interval: 5m
   sourceRef:
     kind: GitRepository
-    name: stackspin-flux-example
+    name: stackspout
   path: ./basic/infrastructure
   prune: true
   validation: client

basic/clusters/production/apps-kustomization.yaml → basic/clusters/production/overrides-kustomization.yaml

 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization
 metadata:
-  name: examle-apps
-  namespace: example-basic
+  name: stackspout-overrides
+  namespace: flux-system
 spec:
-  interval: 24h
+  interval: 2m
   sourceRef:
     kind: GitRepository
-    name: stackspin-flux-example
-  path: ./basic/apps
+    name: stackspout
+  path: ./basic/overrides
   prune: true
   validation: client

basic/clusters/production/suitecrm-kustomization.yaml

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 30m
+  dependsOn:
+    - name: single-sign-on
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./basic/apps/people
+  prune: true
+  # TODO what does this mean?
+  #validation: client
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: suitecrm
+      namespace: stackspout
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: suitecrm
+      namespace: stackspout
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-suitecrm-variables
+        optional: true
+      - kind: Secret
+        name: stackspin-suitecrm-oauth-variables
+        optional: true
+      - kind: Secret
+        name: stackspin-cluster-variables

basic/clusters/production/vikunja-kustomization.yaml

+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: vikunja
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 30m
+  dependsOn:
+    - name: single-sign-on
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  path: ./basic/apps/do
+  prune: true
+  # TODO what does this mean?
+  #validation: client
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: vikunja
+      namespace: stackspout
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: vikunja
+      namespace: stackspout
+  postBuild:
+    substituteFrom:
+      #- kind: Secret
+      #  name: stackspin-vikunja-variables
+      - kind: Secret
+        name: stackspin-vikunja-oauth-variables
+      - kind: Secret
+        name: stackspin-cluster-variables

basic/infrastructure/namespaces/example-basic-namespace.yaml → basic/infrastructure/namespaces/stackspout-namespace.yaml

 apiVersion: v1
 kind: Namespace
 metadata:
-  name: example-basic
+  name: stackspout

basic/infrastructure/sources/podinfo-hr.yaml → basic/infrastructure/sources/gitea.yaml

 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository
 metadata:
-  name: podinfo
-  namespace: example-basic
+  name: gitea
+  namespace: flux-system
 spec:
-  interval: 1h
-  url: https://stefanprodan.github.io/podinfo
+  interval: 10m
+  url: https://dl.gitea.io/charts/

basic/infrastructure/sources/k8s-at-home.yaml

+# For Vikunja
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: k8s-at-home
+  namespace: flux-system
+spec:
+  interval: 10m
+  url: https://k8s-at-home.com/charts/

basic/install.sh

 #!/usr/bin/env bash
 
-echo "Creating / updating gitRepository stackspin-flux-example-basic in namespace example-basic"
-flux create source git stackspin-flux-example \
-  --namespace=example-basic \
-  --url=https://open.greenhost.net/stackspin/stackspin-flux-example.git \
+kubectl get namespace stackspout 2>/dev/null || kubectl create namespace stackspout
+
+echo "Creating / updating gitRepository stackspout in namespace stackspout"
+flux create source git stackspout \
+  --url=https://open.greenhost.net/xeruf/stackspout.git \
   --branch=main \
-  --interval=1h
+  --interval=3m
 
-echo "Creating / updating kustomization stackspin-flux-example in namespace example-basic"
-flux create kustomization stackspin-flux-example \
-  --namespace=example-basic \
-  --source=GitRepository/stackspin-flux-example \
+echo "Creating / updating kustomization stackspout in namespace stackspout"
+flux create kustomization stackspout \
+  --source=GitRepository/stackspout \
   --path="./basic/clusters/production/" \
   --prune=true \
-  --interval=1h
+  --interval=3m
+
+python $STACKSPIN/install/generate_secrets.py vikunja
+python $STACKSPIN/install/generate_secrets.py gitea

basic/overrides/stackspin-nextcloud-override.yaml

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: stackspin-apps
+  name: stackspin-nextcloud-override
+data:
+  values.yaml: |
+    nextcloud:
+      # https://artifacthub.io/packages/helm/nextcloud/nextcloud#configuration
+      # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#user-experience
+      #'defaultapp' => 'dashboard,files',
+      # https://github.com/moment/moment/tree/2.18.1/locale
+      #'default_language' => 'en_de', # https://www.transifex.com/explore/languages/
+      #'theme' => 'dark',
+      nextcloud:
+        configs:
+          defaults.config.php: |-
+            <?php
+            $CONFIG = array (
+              'allow_user_to_change_display_name' => false,
+              'default_phone_region' => 'DE',
+              'default_locale' => 'en-gb',
+              'lost_password_link' => 'https://sso.ftt.gmbh/login/recovery',
+            );
+    apps:
+      # Basics
+      - name: password_policy
+        enabled: false
+      - name: photos
+        enabled: false
+      - name: passwords
+        enabled: false
+      - name: contacts
+        enabled: true
+      # Common Apps
+      - name: external
+        enabled: true
+      - name: polls
+        enabled: false
+        #unsure - maybe redundant to forms?
+      - name: forms
+        enabled: true
+        #- name: spreed
+        #  enabled: false
+        # redundant to Zulip & Jitsi
+      - name: appointments
+        enabled: true
+      # Management
+      - name: deck
+        enabled: true
+      - name: tasks
+        enabled: true
+      # Convenience
+      - name: files_rightclick
+        enabled: true
+      - name: metadata
+        enabled: true
+      - name: extract
+        enabled: true
+      # Collaborative apps
+        #- name: drawio
+        #  enabled: false
+        #buggy
+      - name: notes
+        enabled: true
+        #- name: files_mindmap
+        #  enabled: false
+        #buggy
+      - name: files_markdown
+        enabled: true
+      - name: files_texteditor
+        enabled: true
+      - name: maps
+        enabled: true
+      - name: jitsi
+        enabled: false
+        # waiting for /var/lib/Stackspin/local-storage/pvc-3b008674-544c-46e7-b456-f20932eb9f23_stackspin-apps_nextcloud-files/custom_apps
+      # Aesthetics
+      #- name: theming
+      #  enabled: true
+      - name: apporder
+        enabled: true
+      - name: side_menu
+        enabled: true
+      - name: breezedark
+        enabled: true
+        #- name: unsplash
+        #  enabled: true
+      # Flow
+      - name: analytics
+        enabled: true
+      - name: workflow_pdf_converter
+        enabled: true
+      - name: files_accesscontrol
+        enabled: true
+      - name: files_automatedtagging
+        enabled: true
+      - name: workflow_media_converter
+        enabled: true
+      - name: workflow_ocr
+        enabled: true
+      # Testing
+      - name: event_update_notification
+        enabled: true
+      - name: integration_google
+        enabled: true