Test notification

.woodpecker/.cdh.yml

@@ -13,6 +13,7 @@ steps:
       RUST_LOG: info
     commands:
       - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml --helmfile-environment badhouseplants -o --output html >> result.html
+
   notification:
     image: deblan/woodpecker-email
     settings:

.woodpecker/.helmfile.yml

@@ -16,6 +16,22 @@ steps:
       - mkdir $HOME/.kube
       - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
       - helmfile -e $ENVIRONMENT diff --suppress-secrets
+
+  notification:
+    image: deblan/woodpecker-email
+    settings:
+      from: woody@badhouseplants.net
+      host: badhouseplants.net
+      username:
+        from_secret: smtp_username
+      password:
+        from_secret: smtp_password
+      recipients:
+        - allanger@badhouseplants.net
+      subject: CDH result
+      target: main
+    when:
+      - status: [success, failure]
   apply:
     image: ghcr.io/helmfile/helmfile:canary
     secrets: [sops_age_key, kubeconfig_content]

badhouseplants/helmfile.yaml

@@ -27,6 +27,11 @@ releases:
     namespace: nrodionov-application
     createNamespace: false
   
+  - <<: *elementor
+    installed: true
+    namespace: elementor-application
+    createNamespace: false
+
   - <<: *minecraft
     installed: true
     namespace: minecraft-application

badhouseplants/values/secrets.elementor.yaml

@@ -0,0 +1,28 @@
+wordpressPassword: ENC[AES256_GCM,data:WVNPgi7QCoCeYqpWETnZWtxnT5dl7Ffzlg==,iv:1nhk8JDEfBSXQwEVUgimsYvv1iyTS2YgALW3Pr2R3Jc=,tag:Xy9BtSWl4V7pyJelZyZN1g==,type:str]
+wordpressEmail: ENC[AES256_GCM,data:BXVBeqlUsBS3iLB1LlaZmEVBbCifjSjOiEg=,iv:hbkrawGiZCFka0zuK0mPSLpR6JMgP87pEZIGhAXB1dg=,tag:sWzT00jZZ3mnCPQR85ncEA==,type:str]
+mariadb:
+    auth:
+        rootPassword: ENC[AES256_GCM,data:BT0YXF8MxiapCyJ4sZ0LwAAfLYzImtfPfw==,iv:W5l1TA6FJXZ9iNTWXKP5wsyB75hG+R0WrCM/QdJ4gxo=,tag:qPg5hBfY7gsAbIFVgUilYQ==,type:str]
+        database: ENC[AES256_GCM,data:EB/3kKgiTLOWORXhgRpZKYA=,iv:XZXr0vPl0idWYewicpNB+P4CypF3HqndH0uDsx8ZMFY=,tag:2X6rZ3Rw8uCnM+c/I+1Jew==,type:str]
+        username: ENC[AES256_GCM,data:41CY65J+EfKW0oiq,iv:VGs3Ka3u1KjFI7ZK6WXvus/DNbQkNAHModJcvnAkQ14=,tag:VNDVXpixML+bTc9RZ7IGCg==,type:str]
+        password: ENC[AES256_GCM,data:Kg417xg8acWSAyMgKyRNzpQ4y5Ow+kLr4A==,iv:L2vr8DtMx6mYPMAStdUooVSVhKKv8YLB3rCsNwzE4f0=,tag:I/j1EAgc65qzHrCUABcDeg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0U2QxWDMwMkxxdG1QK0No
+            VU1sejBKellnSGFpSXpVRTE0clcvS0Q0NXpVCnFXRlpsVXQ0V2NlYk1nUjlUY1Fj
+            NEJVYkVxalEvdDliSGY3c2dqRmQ4ZWcKLS0tIERYd0laME1iR203SFRPWTlPaCtB
+            T0dvMXp6NkwwTkRKcFpYMHlJVGFKejAKIy1VdB7mSXLkHZywSc1c+VUgtc0mrUrD
+            oStf0xCbfZvKx0XhA+u7R0jM5rM6CfvQr4yYTpW2fDszsS9yKjH33A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-12-13T20:16:19Z"
+    mac: ENC[AES256_GCM,data:vQZxLR2SCEJd29DC9OuSeoblM4vgELPEAVG/1fxpchKzlh2QpKdyz51Art0ATsKcoHM8RjKztMxne5LN2VciFAdvfn3fa4/itG1oK/b8FM0PQkcLJAxtZFeZLfTtW9NCPfTorcEIcA+3PUwSjW1dO6BaeEFxpA9dSceOJd6dXd8=,iv:DzpEwuTFtdzjEh0T1x7W70nluLM1XH8gabLeulgow7g=,tag:9ak6El1tY8W8X//gC0Gbqw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

badhouseplants/values/secrets.vaultwarden.yaml

@@ -2,7 +2,7 @@ vaultwarden:
     smtp:
         username: ENC[AES256_GCM,data:6kAu3et5PmRgZ7B/qQQKA/hwsubozpBEcuzA,iv:cqNO3VWKFRWqBRAFTf2AyMQskuZvcDghseT2PWEsCjA=,tag:nkzugvJTJ/KhLuldXxdBrg==,type:str]
         password:
-            value: ENC[AES256_GCM,data:rTCIH4vU7sfCNu6FxfdfyPKKQ01MQHBM0g==,iv:ZKD98V5W1GH0NZCfYG86AdFhbe8Ig+nCHFdU0NGcQT4=,tag:cL3fSAKntmWZ/QvSPYwbvw==,type:str]
+            value: ENC[AES256_GCM,data:9PJzeGeXiNN50GrWMxU1ho9+jHs=,iv:wOrU8g/xBBKFRYvDB1G/I+VG3lpvFdMirgJmP01PbhQ=,tag:dlDq9S+SQmlb4SZIGYhrlQ==,type:str]
     adminToken:
         value: ENC[AES256_GCM,data:PT62LcyiNqW1NVeuZ5+HTj8fzwSwuD1av/Z8S2GnR6j62+F8/aibhW/ATFG92chw++w=,iv:LnaRBem4dsggV4u4IlNjlWY301ajAHot2D259Y383m0=,tag:f24QDtGrtNJFA95Qo6Umqg==,type:str]
 sops:
@@ -20,8 +20,8 @@ sops:
             U25tMkxQS1gzcyt6R2NkZnVLRVVoOWMKZSaIZxzTlYim2kmiHrQcgRu9XmWelRkT
             HZZmSa0L9yEdksUCK3+iqjCZhQBYc/6qJHRYvuAaJ+/hs5RxuLUr8g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-25T19:33:37Z"
-    mac: ENC[AES256_GCM,data:Fl9x8f4YlhAciCdRNRWukK4lj/OqP+TJ8+xEXUSb+1FqUAv/aHocy/f3IuzEhgq/+i9RSKORy2+glYBdK+tL50FzaPQCXz9YgYMtshsIkfkVIw2j9R7sqs5Uo5fQ6g5V3ir5/czb8FSqoS7S+2onyHxZawuG1XCWYPPLATVrKa8=,iv:7K6NABns5rzYIJgthRxqkGD5bQXKPhgIxoCs2ZS0JGY=,tag:FvTTObosyFZom45xuVABog==,type:str]
+    lastmodified: "2023-10-20T07:01:25Z"
+    mac: ENC[AES256_GCM,data:Oa6UiHJR5U8Tquo/FmKM2LNR1l7Tdc95T55sl8IbC80ywC5hmJcpOdYXSeVzAdEtr2EauEH74FAwyFtjeFHpneRjkl8Hx0Vann3qBMJ1laxYEQhKESqeyJTcMv15Hu61aUQ+OhW9hP9xkcRCNmkXHa0KeoCXy1aloTWc3u7Ls8E=,iv:SsywMpg5KQvfsFbIRiZkEadtQ7Ce2AqjM9+zeaG/ZaM=,tag:X426dGhxmeMqDJnRs4Qhww==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

badhouseplants/values/values.elementor.yaml

@@ -0,0 +1,59 @@
+---
+# ------------------------------------------
+# -- Istio extenstion. Just because I'm
+# --  not using ingress nginx
+# ------------------------------------------
+istio:
+  enabled: true
+  istio:
+    - name: elementor-http
+      gateway: istio-system/badhouseplants-net
+      kind: http
+      hostname: elementor.badhouseplants.net
+      service: elementor-wordpress
+      port: 8080
+
+ext-database:
+  enabled: true
+  name: nrodionov-mysql
+  instance: mysql
+wordpressPlugins:
+  - elementor
+wordpressBlogName: Elementor
+wordpressUsername: admin
+wordpressFirstName: Nikolai
+wordpressLastName: Rodionov
+wordpressTablePrefix: wp_
+wordpressScheme: http
+existingWordPressConfigurationSecret: ""
+resources:
+  requests:
+    memory: 300Mi
+    cpu: 10m
+service:
+  type: ClusterIP
+  ports:
+    http: 8080
+    https: 8443
+
+persistence:
+  enabled: true
+  storageClass: ""
+  accessModes:
+    - ReadWriteOnce
+  accessMode: ReadWriteOnce
+  size: 2Gi
+  dataSource: {}
+  existingClaim: ""
+  selector: {}
+
+mariadb:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true
+      storageClass: ""
+      accessModes:
+        - ReadWriteOnce
+      size: 3Gi
+  

badhouseplants/values/values.redis.yaml

@@ -1,10 +1,6 @@
 metrics:
   enabled: false
 
-secretAnnotations:
-  reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
-  reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
-  reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitea-service,funkwhale-application"
 architecture: standalone
 master:
   persistence:

badhouseplants/values/values.woodpecker-ci.yaml

@@ -18,11 +18,6 @@ ext-database:
   credentials:
     WOODPECKER_DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable"
 server:
-  #image:
-  #  registry: git.badhouseplants.net
-  #  repository: allanger/woodpecker-server
-  #  pullPolicy: Always
-  #  tag: icon
   enabled: true
   env:
     WOODPECKER_GITEA: true
@@ -39,9 +34,13 @@ server:
     - woodpecker-postgres16-creds
 agent:
   image:
+    # -- The image registry
     registry: git.badhouseplants.net
+    # -- The image repository
     repository: allanger/woodpecker-agent
+    # -- The pull policy for the image
     pullPolicy: Always
+    # -- Overrides the image tag whose default is the chart appVersion.
     tag: dev
   enabled: true
   extraSecretNamesForEnvFrom: []

helmfile.yaml

@@ -8,9 +8,13 @@ bases:
 releases:
   - <<: *metrics-server
     installed: true
+    namespace: kube-system
+    createNamespace: false
 
   - <<: *istio-base
     installed: true
+    namespace: istio-system
+    createNamespace: false
   
   - <<: *istio-gateway
     installed: true
@@ -24,6 +28,8 @@ releases:
 
   - <<: *cert-manager
     installed: true
+    namespace: cert-manager
+    createNamespace: false
 
   - <<: *minio
     installed: true
@@ -37,10 +43,7 @@ releases:
   
   - <<: *metallb
     installed: true
-
-  - <<: *reflector
-    installed: true
-    namespace: reflector-system
+    namespace: metallb-system
     createNamespace: true
 
 helmfiles:

releases.yaml

@@ -96,8 +96,6 @@ templates:
     name: metrics-server
     chart: metrics-server/metrics-server
     version: 3.11.0
-    namespace: kube-system
-    createNamespace: true
     values:
       - common/values.{{ .Release.Name }}.yaml
 
@@ -105,19 +103,14 @@ templates:
     name: metallb
     chart: metallb/metallb
     version: 0.13.12
-    namespace: metallb-system
-    createNamespace: true
 
   cert-manager: &cert-manager
     name: cert-manager
     chart: jetstack/cert-manager
     version: 1.13.3
-    namespace: cert-manager
-    createNamespace: true
     set:
       - name: installCRDs
         value: true
-
   longhorn: &longhorn
     name: longhorn
     chart: longhorn/longhorn
@@ -133,9 +126,7 @@ templates:
       - template: default-env-values
       - template: default-env-secrets
       - template: ext-istio-resource
-  # -------------------------------------------------------------------
-  # -- Monitoring
-  # -------------------------------------------------------------------
+
   monitoring-common:
     labels:
       bundle: monitoring
@@ -170,11 +161,9 @@ templates:
   # -- Istio
   # ----------------------------
   istio-common:
-    version: 1.20.1
     labels:
       bundle: istio
-    namespace: istio-system
-    createNamespace: true
+    version: 1.20.1
 
   istio-base: &istio-base
     name: istio-base
@@ -186,8 +175,6 @@ templates:
   istio-gateway: &istio-gateway
     name: istio-ingressgateway
     chart: istio/gateway
-    needs:
-      - istio-system/istio-base
     inherit:
       - template: istio-common
       - template: default-env-values
@@ -204,8 +191,6 @@ templates:
   istiod: &istiod
     name: istiod
     chart: istio/istiod
-    needs:
-      - istio-system/istio-base
     inherit:
       - template: istio-common
       - template: default-env-values
@@ -265,6 +250,16 @@ templates:
       - template: ext-istio-resource
       - template: ext-database
 
+  elementor: &elementor
+    name: elementor
+    chart: bitnami/wordpress
+    version: 18.1.24
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-istio-resource
+      - template: ext-database
+
   minio: &minio
     name: minio
     chart: minio/minio
@@ -367,8 +362,3 @@ templates:
       - template: default-env-secrets
       - template: ext-istio-resource
       - template: ext-database
-
-  reflector: &reflector
-    name: reflector
-    chart: emberstack/reflector
-    version: 7.1.216

repositories.yaml

@@ -1,3 +1,4 @@
+---
 repositories:
   - name: metrics-server
     url: https://kubernetes-sigs.github.io/metrics-server/
@@ -39,7 +40,3 @@ repositories:
     url: https://badhouseplants.github.io/helm-charts/
   - name: woodpecker
     url: https://woodpecker-ci.org
-  - name: firefly-iii
-    url: https://firefly-iii.github.io/kubernetes/
-  - name: emberstack
-    url: https://emberstack.github.io/helm-charts