From 2ba73c8db0dbb59c227efd970813fdb9566d727c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 15 Jul 2024 21:12:53 +0200 Subject: [PATCH] Update a lot of apps --- installations/applications/helmfile.yaml | 132 +++++++++++++++ installations/databases/helmfile.yaml | 2 + installations/pipelines/helmfile.yaml | 2 + installations/platform/helmfile.yaml | 2 + installations/system/helmfile.yaml | 2 + values/badhouseplants/secrets.funkwhale.yaml | 22 +-- values/badhouseplants/secrets.mealie.yaml | 21 +++ .../secrets.shadowsocks-libev.yaml | 25 +++ .../badhouseplants/secrets.vaultwarden.yaml | 23 +-- .../secrets.vaultwardentest.yaml | 23 +-- values/badhouseplants/secrets.zot.yaml | 106 +++--------- values/badhouseplants/values.funkwhale.yaml | 4 +- values/badhouseplants/values.mealie.yaml | 75 +++++++++ values/badhouseplants/values.vaultwarden.yaml | 158 +++++++++--------- .../values.vaultwardentest.yaml | 135 ++++++++------- values/badhouseplants/values.wikijs.yaml | 47 ++++++ 16 files changed, 531 insertions(+), 248 deletions(-) create mode 100644 installations/applications/helmfile.yaml create mode 100644 values/badhouseplants/secrets.mealie.yaml create mode 100644 values/badhouseplants/secrets.shadowsocks-libev.yaml create mode 100644 values/badhouseplants/values.mealie.yaml create mode 100644 values/badhouseplants/values.wikijs.yaml diff --git a/installations/applications/helmfile.yaml b/installations/applications/helmfile.yaml new file mode 100644 index 0000000..e51b168 --- /dev/null +++ b/installations/applications/helmfile.yaml @@ -0,0 +1,132 @@ +{{ readFile "../../common/templates.yaml" }} + +bases: + - ../../common/environments.yaml + +repositories: + - name: softplayer-oci + url: registry.badhouseplants.net/softplayer/helm + oci: true + - name: requarks + url: https://charts.js.wiki + - name: goauthentik + url: https://charts.goauthentik.io/ + - name: ananace-charts + url: https://ananace.gitlab.io/charts + - name: gitea + url: https://dl.gitea.io/charts/ + - name: mailu + url: https://mailu.github.io/helm-charts/ + - name: minio + url: https://charts.min.io/ + - name: bedag + url: https://bedag.github.io/helm-charts/ + + +releases: + - name: authentik + chart: goauthentik/authentik + version: 2024.6.1 + namespace: applications + createNamespace: false + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + + - name: funkwhale + chart: ananace-charts/funkwhale + namespace: applications + version: 2.0.5 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + + - name: gitea + chart: gitea/gitea + version: 10.3.0 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + - template: ext-tcp-routes + + - name: mailu + chart: mailu/mailu + namespace: applications + version: 2.0.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-certificate + - template: ext-tcp-routes + - template: ext-database + + - name: minio + chart: minio/minio + version: 5.2.0 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + + - name: nrodionov + chart: bitnami/wordpress + version: 22.4.20 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + + - name: openvpn-xor + chart: softplayer-oci/openvpn-xor + version: 1.2.0 + namespace: applications + inherit: + - template: default-env-values + - template: ext-tcp-routes + + - name: vaultwarden + chart: softplayer-oci/vaultwarden + version: 2.0.0 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database + + - name: vaultwardentest + chart: softplayer-oci/vaultwarden + version: 2.0.0 + namespace: applications + inherit: + - template: default-env-values + - template: default-env-secrets + + - name: shadowsocks-libev + chart: softplayer-oci/shadowsocks-libev + namespace: applications + version: 0.3.1 + inherit: + - template: default-env-secrets + + - name: wikijs + chart: requarks/wiki + namespace: applications + installed: false + version: 2.2.21 + inherit: + - template: default-env-values + - template: ext-database + + - name: mealie + chart: softplayer-oci/mealie + namespace: applications + version: 0.1.0 + inherit: + - template: default-env-values + - template: default-env-secrets + - template: ext-database diff --git a/installations/databases/helmfile.yaml b/installations/databases/helmfile.yaml index 7aefd88..bea94d1 100644 --- a/installations/databases/helmfile.yaml +++ b/installations/databases/helmfile.yaml @@ -6,6 +6,8 @@ bases: repositories: - name: bitnami url: https://charts.bitnami.com/bitnami + - name: bedag + url: https://bedag.github.io/helm-charts/ releases: - name: mariadb diff --git a/installations/pipelines/helmfile.yaml b/installations/pipelines/helmfile.yaml index 0774da9..1ba9ba6 100644 --- a/installations/pipelines/helmfile.yaml +++ b/installations/pipelines/helmfile.yaml @@ -6,6 +6,8 @@ bases: repositories: - name: woodpecker url: https://woodpecker-ci.org + - name: bedag + url: https://bedag.github.io/helm-charts/ releases: - name: woodpecker-ci diff --git a/installations/platform/helmfile.yaml b/installations/platform/helmfile.yaml index dde5515..c26aea0 100644 --- a/installations/platform/helmfile.yaml +++ b/installations/platform/helmfile.yaml @@ -10,6 +10,8 @@ repositories: url: https://db-operator.github.io/charts - name: zot url: https://zotregistry.dev/helm-charts/ + - name: bedag + url: https://bedag.github.io/helm-charts/ releases: - name: argocd diff --git a/installations/system/helmfile.yaml b/installations/system/helmfile.yaml index 7306403..c1a6fa8 100644 --- a/installations/system/helmfile.yaml +++ b/installations/system/helmfile.yaml @@ -20,6 +20,8 @@ repositories: url: https://coredns.github.io/helm - name: cilium url: https://helm.cilium.io/ + - name: bedag + url: https://bedag.github.io/helm-charts/ releases: - name: namespaces diff --git a/values/badhouseplants/secrets.funkwhale.yaml b/values/badhouseplants/secrets.funkwhale.yaml index 8ca3587..3e2a35c 100644 --- a/values/badhouseplants/secrets.funkwhale.yaml +++ b/values/badhouseplants/secrets.funkwhale.yaml @@ -1,10 +1,10 @@ -djangoSecret: ENC[AES256_GCM,data:Usu+QgI7MLUmU1m3ExE=,iv:wv4i60NCuG13xBPSCZ3NDQI+z5h9ENPVQcZmqUUFvls=,tag:2SPu5TC4sDxXkxVdZ9j11Q==,type:str] +djangoSecret: ENC[AES256_GCM,data:9ZPeukvGT3fQ19ef3Q0=,iv:P4VZY9Ils7CmQ9iDwbo8RmM1niY2xH8xY/BXJMjSp0w=,tag:ipIwKH4nVaGkbhITUZun+A==,type:str] postgresql: auth: - password: ENC[AES256_GCM,data:Ly65GeUvKfwKfRakpDZWftzzE11hw6/mQ/rP,iv:DUIGI68MyWF7H56QIjajgP9GRNwdirX4i1lNMP02vXw=,tag:bl0bHFIbMWG2gVns+Fvfiw==,type:str] + password: ENC[AES256_GCM,data:GVVmpA4LRiBe25NxUtyTVFDxq4mTRCfGnLgz39Y=,iv:eCKjnm44xfRCnqyGqo/bSPElItD/atx2NblTTeVuSDE=,tag:B3fkqQUK/wKo80GvPEOV4A==,type:str] redis: auth: - password: ENC[AES256_GCM,data:ZLhshhCqRR4ks/UoMIwSbHtwSE4yg5Kv6GvqUvq9,iv:urWADLANGZz/W35grDnaFuvkzFx71fcqWOzpvz/5fR8=,tag:MLUMmSkTSGCntlooOWtR/Q==,type:str] + password: ENC[AES256_GCM,data:2kocp+hA3u/ZQi6OiwrbomeYiNvFtvU1G4poP1P+,iv:StiScUrhNpS2W/57LMHVmy3Grqg1hH95aCGwhr1XlzU=,tag:GdQ+JP4y+kDPe5EBbI5KIA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21wYkxzTnJpemJSUWty - dm5EYy8rcXVnT1dVSlhjbkgxZkdsdGV1WkFnCk9pNnU5U0FRL1l3NWwyMzc4Q1JG - SVlmRUwwalR2M3NwcjhJTlVTZWFIWXcKLS0tIDBtU1V4YlJxNVN4UVdscGM0RW1Y - ZXFURTlCWnJLNWtjOENSclIxbHZWeWcKPzZZsTcvVWbLCroJZWeI78H8cgoLfxjC - nXtzdPpaENY1k6XULtsMWmh73Yj1Ul0pRvGiYRetRV0LOo+JeLcJ1Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUWJITHdYVi9BTnlqZnlz + UjIweWZqV3pGcDVTWGZTdVFRYW8wMkZITWx3CmRCZTNYRk1KQUEzUHhMT3R4VkVF + b1BUd0lzRWVFR1RrRjFndnFuYWdOVncKLS0tIHU4UUpCNklsYnA1aVBHMzNVTVBy + dm43N2prYncxMFlIZW95MVdrTG96UFkKZWfR0r5LiQRo8C+lu1E2tX70BdmZ3n5W + bl6s0js6wcGEciwQ4jwxQvfsJrecCQLprUbynuGuQXrCqDIHxHsTiA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T09:33:11Z" - mac: ENC[AES256_GCM,data:OCvHNmxwe5pd/xZiwd1LKD/QvzLd7pEQxqhj6xREeq/VQHDapM580DS+BJYEYWRVJUxIJP05E5ZrzYqfmXbynNvY87f1SHNWLVsRTDsKVI5j3ND6mxXH658DcJKfPcJlc3bV8SYX8ATiWI4JIyV43jvhFZ0JFrWLMzPlc2wVdQI=,iv:stgL/nBiCh33GEkBTRvcVyoc8LtX4ZEHgVbsl8x2GII=,tag:grVO5PT8kOlbbF/FfXBPmA==,type:str] + lastmodified: "2024-07-15T04:21:35Z" + mac: ENC[AES256_GCM,data:k06a/0Oh/xqrTo7396RqTDOvpXwor702HIKA99m+lT8aXrNQ1X2S6DZjDqeKdkjAcFfraWgKhc4kAq5kFH9zVq6T56E9VxxhgyQ9GkrX3Q33aehfD++57yWkkhwwYfFOzM5784CW6HHct7QZGPsNSYQO8IM+RJOKkPfa0taPraU=,iv:lsjg5Z0cix1uOC9ghj8Cg/bASB0BQEhnDG82opoW44Q=,tag:Q8xl1i1i4UA2uwnzb6TZIg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.mealie.yaml b/values/badhouseplants/secrets.mealie.yaml new file mode 100644 index 0000000..efe31a2 --- /dev/null +++ b/values/badhouseplants/secrets.mealie.yaml @@ -0,0 +1,21 @@ +test: ENC[AES256_GCM,data:Z9uAiA==,iv:yRpujiEbPbMSKwwP0MWqUMCNPbi0/XMc/XBVxcxPj7g=,tag:o3mM00BrPHw/CrkudMEJiA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadlhiWmx1NDdrSWNNOU5J + TTVja25kUXdoY1ozdkVha1dkSFBUL2pTM3dRClYwNU1xVWhnMi9xRDVkcytzVHJ0 + bzNRSUNXSEtTTGdzVXBRcnNHcE56cWsKLS0tIENNbDZpOGZTOStDUnczMUhNUzFT + VUFuS21YL0ZRTlJXc3hiaG1BMlJ5VUUK5A5blBgzkWLMGA84SGufQ+dlWn3dQme+ + wNnHg8bFT8BStoz8hiJQDS8yAJNed1OToma1sKMxsPZgytn7p2y0rg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-15T04:30:53Z" + mac: ENC[AES256_GCM,data:tKEz7m+YIfBLD2VQXbEPm7JjBi5Oxf9lx+ECiFZiJmWwD0Sh9edSx7sT+sxgGCaPnAB8tKCGnRmgBYL8kxtptiNW9X8Go6L4RnR5WrqKB86D7hdoGJj3clu3NpbicGNvaTKTv46dKgANEL1L/ykNrEkyeAxaXTrZwpScGFSzb3o=,iv:ic33IlLS2fCcMvT7031ndoZ1knYYM/OVEcyrEa2i4Ok=,tag:9KUyUGFl2PzNkHeZJ6Z6Nw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/values/badhouseplants/secrets.shadowsocks-libev.yaml b/values/badhouseplants/secrets.shadowsocks-libev.yaml new file mode 100644 index 0000000..70aa09a --- /dev/null +++ b/values/badhouseplants/secrets.shadowsocks-libev.yaml @@ -0,0 +1,25 @@ +env: + secrets: + sensitive: ENC[AES256_GCM,data:DAkG0Q==,iv:TBwu9ozIY9hHOtgZD8kXC9zL7jbguCBnB0CCXgNY0BA=,tag:Yxlv4EE9V0D+OsjSQccbsQ==,type:bool] + data: + PASSWORD: ENC[AES256_GCM,data:cgMrKkfKHg06GuNGA1YFyD7RzGg8NK57eAyULtB9f5AYEG2GH642nmmHPCOyUpkItSg=,iv:u1kzkrG9CBXWPYDQa1aasym4dkbxGQoerZYqh4rGVjQ=,tag:QDdQ4+1KX77GGp7lNYCq4g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRW40RDJkLzBDcXBxTkRN + akhJRGdTUnFPNmZRVEQzcXdjdXFaK1IvRVc0CnJ0MGdrVHA4SzVueWQ3U0lKMHk2 + Q0psQ1p5RTdDdEtqZ0EvcWw3RWYvb2cKLS0tIFU5R1VJN1U0ck1QTnp2c0p1bzBZ + aE5DUWh0elFVMVNJN212cG5JV3AzSFUKvMFOpbGIbLtGYldgvrfKbcJO17OPGZoc + TdHaWk2f+HVb29M2D9ovW4ewuxLL/ADNl4rAGMVmpxEAVfxO5XPXlQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-09T18:58:52Z" + mac: ENC[AES256_GCM,data:T1TdR8G2G+aN/tYGzmEGIvkd6cCpGa9wiEZK4g3dR2Qe4eFi9go7h9X81VE3v+HgjwxDfWm4uITNthWgGN7P0hVV6SWwRiG01CnVYDQgRh+tEBKPOFcmq6Tvm5xNGUfv9OeaF1TizIFFDeQ4a/A0qWGR4ZN6HYk2J6lIAccxEmQ=,iv:dz59+TwgL8O94h2rQsSiDY2lRu3dJdNveR4nCQDYzlc=,tag:hLuLZRv63c1oz/cBh0obHg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/values/badhouseplants/secrets.vaultwarden.yaml b/values/badhouseplants/secrets.vaultwarden.yaml index 61f6e40..c713806 100644 --- a/values/badhouseplants/secrets.vaultwarden.yaml +++ b/values/badhouseplants/secrets.vaultwarden.yaml @@ -1,10 +1,13 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:j/y4Wzhb1obnLW9zHYqpM7/Glfd15hDAAn+6,iv:wNQgESf/0zbfcwFWrKgdSKcoCYVUJ3pnQYuMhfeergQ=,tag:/DPHJGrySeH9xZ9gfH7yFg==,type:str] - password: - value: ENC[AES256_GCM,data:lM5RLAEz5K2LqoCEt2KfOgVv+Dg8zDwUKg==,iv:tT/71iljjyCyBxVoAKOZgdC7BHxhQfjH7ECZUGTv8So=,tag:sd2+m7KyoJmEY3l6Qey6yQ==,type:str] - adminToken: - value: ENC[AES256_GCM,data:8+nwPIKqrzIHvfxzVvUx+hh6qz6c8lCTYzJQsbGFx3c/76wzgJZ08TVNRu2VNmlHBOE=,iv:U5Cv0rykPbBql6wu9HFuMIGoLMM40TlDp8MNM5OGzzw=,tag:++lPoZaKQD/RsVm1xZfMRA==,type:str] +env: + secrets: + enabled: ENC[AES256_GCM,data:WG5QPA==,iv:uYf+nTK+RRDlvlskBRAHQuRuFpmv1KoSsUqv/O8fbQQ=,tag:Zr7cDfHHvoaRYeV408QBTw==,type:bool] + sensitive: ENC[AES256_GCM,data:tW/TJQ==,iv:6/MKYxGz3wHQlr0DVMkLDgD+SKosIakEVhCYZV/Ayoo=,tag:QFoOthMocjwcpqEOz30BWg==,type:bool] + data: + SMTP_USERNAME: ENC[AES256_GCM,data:OGnPg84jd3qQz0ZsJZlGW8B/Zux4Es3fVL4u,iv:GiyH+/1dA4TQhgY+LJml+M5Q3y3lS4v+7FNbS0yLZ/Q=,tag:4LXnZ9+mp2y/iM4VF9P+fA==,type:str] + ADMIN_PASSWORD: ENC[AES256_GCM,data:WXm5lWgr0ItwuHCgLJbRajwfUDLUhHDVOXbFHPbfGdb9kfeIzWcY/AfkVTRj3S0Xacc=,iv:kRKKE88pv9J+7RHORwymbDqwTys0uY27GBHfjFqRZXU=,tag:LoUecZzPqCIBdRJNBmoGzA==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:4UQ5sWFwJQ6eM/hBCDZFOufh6df1mCElEfCg6yGHU6e8lyn804Dkw3EfgFuS1JlQTaCY+SFTfGAQLLcylM10t1eaXguKGiAy3fyohGzH4bOUiaAKJtze8w==,iv:Wl3dLjW1MokTZe6HR0gL4YsNjPwLlBCP2/MVQDQ/80g=,tag:Vy+cDXWu/TZs2yy4Gjc9Sw==,type:str] + DATABASE_URL: null + SMTP_PASSWORD: ENC[AES256_GCM,data:F17rTY4wSaW2W3qoZo4yBxv4a9s=,iv:A5ODmOPdG8ydrK6TL24J5S65rwjwMb1oGb5o3U4gagU=,tag:7s7OxKkO/6AO3+Lb0hRDbA==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +23,8 @@ sops: a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-30T18:44:39Z" - mac: ENC[AES256_GCM,data:1cpPRtzipDI0/fXlbcbuQQyjAZMk7MR005sJAIwfNVG4o1UdV6cIEG6096yeXGP8aKYXJwm1GUZ0NtdipQpieNnj59xClZHJ00m0K/0b6UHoGzSMY82t0nNrS3KvVEQP0a+LR5WVQEl7ac2m4FmbHpGtSWWMW6CYBnflfHQisFA=,iv:exvh14LUOeZnLrnvPrX9Hzfnv7wMd1Qfx37F0aVf2q8=,tag:62QX/P5K3U72O0zkgyyXhg==,type:str] + lastmodified: "2024-07-15T18:52:23Z" + mac: ENC[AES256_GCM,data:WgVkg91V7NEXw6gqAkDODnpS3z4Bs/QSsMMOtu+RhjzoxZqupi4JNDcqjlWmiX/y5tw/021PyMTim0uhiCuiigooIY8z4BBABBPnjKocLqQ+BLQtQD//kv78RJhS9XsYPioF3hfe+9oXP3Xsn8b2mHsv77dfnWb9++zJMypiMYQ=,iv:6T5bTmYyk5FKLE2qUXzlpe3roU8cWVKIbX+1buE8EQk=,tag:hD+1TjiXuVtNaIg85+HDxg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.vaultwardentest.yaml b/values/badhouseplants/secrets.vaultwardentest.yaml index 39b3c9b..b065630 100644 --- a/values/badhouseplants/secrets.vaultwardentest.yaml +++ b/values/badhouseplants/secrets.vaultwardentest.yaml @@ -1,10 +1,13 @@ -vaultwarden: - smtp: - username: ENC[AES256_GCM,data:9bEvyZkXadW7Hx2iW6ByPDdnuIFPkeoUjoOyoQ==,iv:Y5M/16L16AWXeaWyKCSsV/c/l9JXmNzx/IsLBmMJuGg=,tag:nFN1ZssjtqZOG8Gvka9f3A==,type:str] - password: - value: ENC[AES256_GCM,data:CF2VgDpxlwHmvCDJhx0GDLT/yyw=,iv:t8JwQFeK9Te2zVdg+gPdMlh1E5g0vMG+ApAGKbGZ4WI=,tag:7UJuxFqS/hUTVunv0CJcTw==,type:str] - adminToken: - value: ENC[AES256_GCM,data:lrb99F1zn7AWlAttShQGGyMz5Ds=,iv:nas5hzd/XMQWFA2pTaTDkqXReoToBulf6s7tZraxM3s=,tag:UH/AXIWKbZOmu/W8XyuWNw==,type:str] +env: + secrets: + enabled: ENC[AES256_GCM,data:vAWPyA==,iv:nEzYTUi6VLTOIoPuKljxwNLoo1jD2twVXG8rbJt++5E=,tag:fQ6mHwjdsaaLXjPgy691RQ==,type:bool] + sensitive: ENC[AES256_GCM,data:vM91LA==,iv:/mNXXR6oI4/eMiyym+kK9N6q8RtchsGGZghgdrw9iMM=,tag:TCULlwJIKVSXF6IMuEV0aw==,type:bool] + data: + SMTP_USERNAME: ENC[AES256_GCM,data:2vIkJbVsF88SqkOCLspDd1qADWvlvDxZTPED,iv:9w05Hm9MDcrUDar2yo35jy/fDrF5aluf9T9gmuOCQjw=,tag:CIJKd8lyUZUuwsCBbdaBsA==,type:str] + ADMIN_PASSWORD: ENC[AES256_GCM,data:2i85zdr26/Id0zhtsAe0zJGavxYOxZ/zd7/bK+uEhPzQTduz7j3oXb9mvqpZD8PJxiw=,iv:hZDJMVhowwfpfxVobPztO4Dx5jEp6Vf57uWWppAC+Ak=,tag:MBKd6JS8nw4NscKfHIb22A==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:VyDuMYCnyC1NRkqMAnnejfPe2UpEDRiAHMt8CO2WWpbGWI2mUb3ApmnBmYclo2xpYduAwHzYfCtR3xZbXCsU5Tx7pNeGXkDaNL68Hzy90p3C9wVhjA==,iv:55Fl+NLBKUsgjugCHp7tmhM4fCCtzPrZdCyJfgFomWU=,tag:oSrfwc1gLy/VmQfeEBcElA==,type:str] + DATABASE_URL: null + SMTP_PASSWORD: ENC[AES256_GCM,data:iztp5mMTHIm4OROpLRZf/VC5ZO8=,iv:jOnAkVsEfSdGrwIIuc7PKPvACTGe3racjcjqqcfLjgE=,tag:BWBWJnWvaaSZM5u6Z1ywSA==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +23,8 @@ sops: a2xWUGZpMmovY1Qya05nVXRZVUFDTFEKhF34OSdGZizs1/Rs9qvUOVtomQBvOFbS hRsK3Orwig4HJdzj1UOZd8UMGwj6Mzhw+aKUJKL67igMwxbxVcaU1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-06T15:15:43Z" - mac: ENC[AES256_GCM,data:9GsJoDWT1Onv6f8aUcwkbeTcpr0vF2MIgtJjKTbvvPHhzVeVev4FPFZ5R0YQXD1CmQycu/rnElktohgu9Xwum3j4hfs8Ga2qDqOk6heleBcptXDYwcBUAxg8QD5NNAkefsq5oJi+QsdD0nOeRjG6o5XYRccyoFiucTcpT9eASzw=,iv:7UJzUShRD+tzhIEeKygZlgaWHOYOS+L2Io69K0xW2MM=,tag:alOPQPbM6cex7kgQv8mqQQ==,type:str] + lastmodified: "2024-07-15T18:51:59Z" + mac: ENC[AES256_GCM,data:FWplZ9jLQM4WkYU+FH3Unmq7o0Ma4vqXB6dX6ZAp87URaP3NHLfK8kFGlvUJKWDBKPOVlvdAMo9Mc+3yLwJgmhMEYOt7OX/tu1tRVKRD1LsyvCMJEMFDyBCwvdXw0p5dvap5/strpZU65keBKjfqhJvnAsDtAPQBrhV1kfiotRY=,iv:1J1DCgmJPAPQm0zsjCiyunNFqddhJfNBhBLJnESt17s=,tag:GSbogrUfTkIhGqYAFJQSpg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/values/badhouseplants/secrets.zot.yaml b/values/badhouseplants/secrets.zot.yaml index a07576f..9780ae9 100644 --- a/values/badhouseplants/secrets.zot.yaml +++ b/values/badhouseplants/secrets.zot.yaml @@ -1,83 +1,25 @@ configFiles: - config.json: |- - { - "distSpecVersion": "1.1.0-dev", - "storage": { - "rootDirectory": "/var/lib/registry" - }, - "http": { - "auth": { - "htpasswd": { - "path": "/secret/htpasswd" - } - }, - "accessControl": { - "metrics": - { - "users": ["admin"] - }, - "repositories": { - "**": { - "anonymousPolicy": - [ - "read" - ], - "policies": [ - { - "users": ["admin"], - "groups": ["admins"], - "actions": ["read", "create", "update", "delete"] - } - ] - } - } - }, - "address": "0.0.0.0", - "port": "5000" - }, - "log": { - "level": "info" - }, - "extensions": { - "sync": { - "registries": [ - { - "urls": [ - "https://git.badhouseplants.net" - ], - "onDemand": true, - "tlsVerify": true, - "maxRetries": 3, - "retryDelay": "5m" - }, - { - "urls": [ - "https://git.badhouseplants.net" - ], - "onDemand": true, - "tlsVerify": true, - "maxRetries": 3, - "retryDelay": "5m" - }] - }, - "scrub": { - "enable": true - }, - "search": { - "enable": false - }, - "metrics": { - "enable": true, - "prometheus": { - "path": "/metrics" - } - }, - "ui": { - "enable": false - }, - "mgmt": { - "enable": false - } - } - } -authHeader: YWRtaW46YWRtaW4= + config.json: ENC[AES256_GCM,data:y1NtF/rIC+ZEyGElctMGpSMgjU7SZUx34WHSmnvf/ckc4TqbJYIq33uN1YrmwVLf1OjaXspnAkw//MzEjMAHxUkEFIn6IzYOpAqiLY1+B78v02g3o0bmNp66gJhdPEOfGU31DFxCseeFDWQFUxqM+J1su1DumXIvuFA57SBCC0d85zD8ZORUuepre8lyr6LfPau2YayB65vTWhXDmdwwpglzzeUB3Ym9laEggKHd228v4TTanSBQh6jeWtBevDlo4BQdCmgM+VtaTqvBmYAsl5unCCyRhpgw2g8YhioCOTX6lHSTQcojbbbBqhs8kCNCRlEBluT3RNzPfxlAzXztnHSgZvkhNiBDlJpO/5jYjentCEteu69ssC+Ut88lJhSQ4A/4fxNYnQZckmMqyNLzPlpqnm9LRdyerHu2Deps6v6nQA8Un0yby7j0T8dG/b7PMkCEGuqY7zOyHXryL22r5YBOUN68ClWlrUzItQEtxIpW8Ahyfur4MfhOoz8Yl0/hyRHHm9SJcYcxmKX6Q9kyryFrsfryfL+kvGmZvtB+cZOGfKhSHMXDfyK7DM6WDkCG3WQFx2rtqr6rGu1xDMo6Gra8vF8HhhN4Of2NqcS/MzJb8NKzLWk5GusIXmDl7FyGAGub+wAYbYLqGshaNFSdGIkvHLbiU4lLrN3KFPb+c40Cf5CGGRi8tZU00VttddbXofsrYPtSn81imuvqM34hn0c74UQb7tKPD58DYwkH9nCuLrEShBS12rrL2VKKOqP1RdGm7xEcS5QUjga2AUeCG3qVQn3MkLrlonFS2pHwigNwWEpujsK90hPMwpA6IT0ctBkfc0k2b3f/c/8UQ/pjrPaDI/3V8c6FVj6PRjW9m5LPtamvQpE8mJ0C7JvNRt9UevcFf3QtwvFlWZfcPUxEsmhy/1CJliVYE3MpInL1dPko5B2kMlYnXfjcJW5WGjAfFK68jBgkjVbypmHuVb3nLLu+wgGzmOCoLTlvaGtneUzimKpKVXu4ceeGKGzfJqDvfbRCX95vivamNiAl/nccSoTwuzdBsBVByJNbdKgb50M4LLGwYhBaLKL+8NsYufiDaIZo/kNinMFFnml4LIwvu1fVEDY4qsMXeQyFei5EYTT2p+AZuGWoisLBzAtn9gvdtQMrRL/KJuBYBObkgQxTCq38HbXprkfDhEBZZ0Jd7geH4uTeWyG5u77BH9RUl4+tz7uGmOq6k+VuEcl5eMEjinzptXc80JkAa4LK9BFSsHAGCeyTtj4xTV5FoxgQ2PYPblX710MHpyNJFogf4xJ1P7/6byum/6qbhSmiJ0C7Zkf25pYATwbx41rO1ldYEZB8gCZ4zo+DjzJ+LXK5qjRvDeHFEZ/6BydHuke8Mp7Jun2A/yNCumOiOnDqHwv/Hifkpt0BhZkDN76Xzj0p6ANRu8OUOzlO8qoMahlOxakV/zJq9ff3L7p43LEXun/uBCRLIFhg1PmO/yl9UUVdSoFFYsOs0986OaiNsZgGsRqQB3CPNGpV3BRb/4Kc/Z7mafMpONMqPXnh1buJXD8OgA6z4oCkhL7DkNmbyq8Q2gO9iXr6YMeDZVQXJFt09giEVcGK1pn3/d0YXAaqopzk/r2pJFMcXnNIA+WG/4HvB7cMnUcYw2Jf7xIG8zHMT3qvoNjYLAFAVLdcR37hcJFBBkAPDM6TMNdnunq7kf5NjcwcHumO1dgt4hQZusUviLDfo0MQr3jBf2n+JECGHzac8/REHmdwb8KhvaM/2dDlSmym8ur9G31zqiuJKk1FP7q8UZ4zzVStQPrQBoZ7UMcCRAwDmE/yR01m8W+2VHE88A76rZWuaC9U+fmT+a9BugwyDOeg0GoTgN9c9TQWaFKbSeNpEOyv7q2fbj275hKRie3iNJ0ke+6HQGLG6kKoggEk4ZNQtwZmgasIiBy32eiSaNtZHhkrrit2Y6lmbjCuvP3Tit7hwgTsekSPWyDE1YbzQ3aepJUUP8keazlSgeTWbN+JKrpSZ5MNe6rnUwZENR+aVKTdH5pFpjsFm3llbKjVJoQ5Rej6diec1/kQuZ02BkKfmitCV2AkIzsz6Iixma0w+inRVD7gLzDX5R6GXjPxWSw68YMJWS3b5xCaw0ACi0vn2khfipKiVpqr/bdQLkynL7AblFxtU/dGqeL4NxUGQJSOcXcKT/F9Jox6NY1Fpvul9F+CBPfRGWuEK1t4AZMX8/FhIgF5FMSORpwHjiKvV4QLdp3aIEUhD8N/bN3GTiZ9vkmH5PaaB0m51UuilewD3BwcReKSzbnitKG1bzMMvJzDODKBHy3cwO2pvBZ4KsxjpbABcbKzkYB1GYwV54qJ9nyVd6jqymXrly5MqryJWcQlr5HObM5JCju9BJmL6D0buvrwp4mQ4E+yVNJVwB0oTOOKxQy7m0jQwXl/qsFpvsuWm/KjI7ieuqLspYOANdkdcd7taLL2+8L1hS0tVciqK8zxvyA7e14eKycmi0T4XgtxxjtW1uNp1SlhUvgHxxyOHCL7bwKC/aZ0jVjEVAdJZl+DCONN2QADyWAbaFVpNdXVEjdQIqg8qrmo2D218pZZy1gToHkfvASxJLBldFgu82+slzXveLDY5YCN6pZDkE5XVs35kN9SnGketEMr22Wx19ANNbX4uMLB6bV8xRR9EvdnvAZt1ITn1Mm/Nb+S0rSO2uF0sLRdZWIgYC8359mrH9NVBaSr56BCLCvoE9yCoZDyD99EJh1cQzUu4z6aZA6Ps0SX8q4Barx6zYgHPnbhbSQ8bIc4taoTx9NJAQ==,iv:lctj1rL01MeoIT/y9FaowkOrDjQgni3FqkvibhWqbt0=,tag:JvBp/P0SO8e4MOBFByB0SQ==,type:str] +secretFiles: + htpasswd: ENC[AES256_GCM,data:OQ7xoCb30dZ0wdD7oHxP2y45Tr7LXtGFqLdw6gcFsA4vySxmFt+NOvwRwev1C4IdTICOCji7FflCcKJsJQnBRqKNqJUJCSZ60t+6gZ4h+1N38ktaDp7DPOVeZDbLhNwnwVw+ZqyJ8JghDOc7og6ejAoIetxOgq18mixjrWmRCwWX91DXjh9efQ==,iv:OlGZalsNmwppLuXrBNTWMZqZvuRFZ6WGGfnS/QkeWI4=,tag:Aw8Va/00hx+L4nMv/lgcbw==,type:str] +authHeader: ENC[AES256_GCM,data:nRRy42htfqHKv8oUbJuKmAkCv6hd9yVEDN0EbSiFjEyjHviBklxYz93PQ0yCMVDC,iv:b4OefNZ0bbbX7BFMrGv6zp58cEQoYdlS1sn5NYxKF6k=,tag:B//VFLJKItWREjaO56DGdg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0c3F5R2VGTFVMbHZRU0dS + cCt5SVFESFlFaDhCdld6ZlJneTZMc1lFb253CmlwSnhYTFUrNUg2VzV0YUdtTmkz + Zkx1QzVhZXNveis5TGxZMzRBWi95b00KLS0tIHNjYytnR3E3UE8reWx4eXRON00r + NG1YS2pFcTlmWkdoMk95VUc2ek1KS1UKi2QUiMLJXcSoHfGe0wTu+ii/8KdBNC12 + 1yuCCgSn/WI+eEtBN4ES1v0M1dp8TH/qXNBh78fJlUGUQQ+s3BUcLg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-14T09:37:07Z" + mac: ENC[AES256_GCM,data:bGfNyevNWy2PdwRJDxwuVQE8tcqaSQTkX5EYUtq4qPdDEj+SN2Kw/Y18e1+J5WjXitzNeViaXIPzlcs++EylB10RRBG/JzgdduVpQ6r90HKPBjZmXxImdCZPykRFP7zN4N5Qe3MXXjF/mtFLfK5uIRcFVgIVnQMhoXD0phBOsXo=,iv:cTxVR7M4fQ1YyhrHQHyU/jA1JyJ3pPUvI+59Ilh6R4E=,tag:KNs0U+lWp+PqOgZ4pFdiJw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/values/badhouseplants/values.funkwhale.yaml b/values/badhouseplants/values.funkwhale.yaml index 5a4a38e..1b0a9b6 100644 --- a/values/badhouseplants/values.funkwhale.yaml +++ b/values/badhouseplants/values.funkwhale.yaml @@ -61,8 +61,8 @@ postgresql: enabled: false host: postgres16-postgresql.databases.svc.cluster.local auth: - username: funkwhale-application-funkwhale-postgres16 - database: funkwhale-application-funkwhale-postgres16 + username: applications-funkwhale-postgres16 + database: applications-funkwhale-postgres16 redis: enabled: false diff --git a/values/badhouseplants/values.mealie.yaml b/values/badhouseplants/values.mealie.yaml new file mode 100644 index 0000000..d7e26d4 --- /dev/null +++ b/values/badhouseplants/values.mealie.yaml @@ -0,0 +1,75 @@ +--- +ext-database: + enabled: true + name: mealie-postgres16 + instance: postgres16 + credentials: + POSTGRES_SERVER: "{{ .Hostname }}" + POSTGRES_PORT: "{{ .Port }}" + +workload: + containers: + mealie: + envFrom: + - environment + - secretRef: + name: mealie-postgres16-creds + livenessProbe: + httpGet: + port: 9000 + readinessProbe: + httpGet: + port: 9000 + +ingress: + main: + class: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + rules: + - host: mealie.badhouseplants.net + http: + paths: + - backend: + service: + name: "{{ include \"chart.fullname\" $ }}" + port: + number: 9000 + path: / + pathType: Prefix + tls: + - hosts: + - mealie.badhouseplants.net + secretName: mealie.badhouseplants.net +env: + environment: + sensitive: false + data: + ALLOW_SIGNUP: "true" + PUID: "1000" + PGID: "1000" + TZ: Europe/Berlin + MAX_WORKERS: "1" + WEB_CONCURRENCY: "1" + BASE_URL: https://mealie.badhosueplants.net + DB_ENGINE: postgres + OIDC_AUTH_ENABLED: "true" + OIDC_SIGNUP_ENABLED: "true" + OIDC_CONFIGURATION_URL: "https://authentik.badhouseplants.net/application/o/mealie/.well-known/openid-configuration" + OIDC_CLIENT_ID: mealie + OIDC_USER_GROUP: "Family" + OIDC_ADMIN_GROUP: "DevOps" + OIDC_AUTO_REDIRECT: "true" + OIDC_PROVIDER_NAME: authentik + secrets: + sensitive: true + data: + POSTGRES_USER: ~ + POSTGRES_PASSWORD: ~ + POSTGRES_SERVER: ~ + POSTGRES_PORT: ~ + POSTGRES_DB: ~ diff --git a/values/badhouseplants/values.vaultwarden.yaml b/values/badhouseplants/values.vaultwarden.yaml index d3100a9..744e995 100644 --- a/values/badhouseplants/values.vaultwarden.yaml +++ b/values/badhouseplants/values.vaultwarden.yaml @@ -1,81 +1,89 @@ --- -# ------------------------------------------ -# -- Istio extenstion. Just because I'm -# -- not using ingress nginx -# ------------------------------------------ -istio: - enabled: true - istio: - - name: vaultwarden-http - kind: http - gateway: istio-system/badhouseplants-net - hostname: vault.badhouseplants.net - service: vaultwarden - port: 8080 -# ------------------------------------------ -# -- Database extension is used to manage -# -- database with db-operator -# ------------------------------------------ ext-database: enabled: true name: vaultwarden-postgres16 instance: postgres16 -service: - port: 8080 -vaultwarden: - smtp: - host: badhouseplants.net - security: "starttls" - port: 587 - from: vaultwarden@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vault.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: false - invitationsAllowed: true - signupDomains: "https://vault.badhouseplants.com" - signupsVerify: "true" - showPassHint: "false" - database: - existingSecret: vaultwarden-postgres16-creds - existingSecretKey: CONNECTION_STRING - connectionRetries: 15 - maxConnections: 10 - storage: - enabled: true - size: 1Gi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" + credentials: + DATABASE_URL: "{{ .Protocol }}://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}" + +workload: + kind: Deployment + strategy: + type: RollingUpdate + containers: + vaultwarden: + mounts: + storage: + data: + path: /app/data/ + extraVolumes: + logs: + path: /app/logs + envFrom: + - environment + - secrets + - secretRef: + name: vaultwarden-postgres16-creds + ingress: - enabled: true - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure - kubernetes.io/ingress.class: traefik - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vault.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vault.badhouseplants.net - hosts: - - vault.badhouseplants.net + main: + class: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + rules: + - host: vault.badhouseplants.net + http: + paths: + - backend: + service: + name: '{{ include "chart.fullname" $ }}' + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - vault.badhouseplants.net + secretName: vault.badhouseplants.net +extraVolumes: + # -- Because by default the fs is read-only, we need to add an emtpy dir volume + logs: + emptyDir: {} + +storage: {} +env: + environment: + enabled: true + sensitive: false + data: + DOMAIN: https://vault.badhouseplants.net + SMTP_HOST: mail.badhouseplants.net + SMTP_SECURITY: "starttls" + SMTP_PORT: 587 + SMTP_FROM: vault@badhouseplants.net + SMTP_FROM_NAME: Vault Warden + SMTP_AUTH_MECHANISM: "Plain" + SMTP_ACCEPT_INVALID_HOSTNAMES: "false" + SMTP_ACCEPT_INVALID_CERTS: "false" + SMTP_DEBUG: false + DATA_FOLDER: /app/data/ + ROCKET_PORT: 8080 + SHOW_PASSWORD_HINT: true + SIGNUPS_ALLOWED: false + INVITATIONS_ALLOWED: true + SIGNUPS_DOMAINS_WHITELIST: "*" + SIGNUPS_VERIFY: true + WEB_VAULT_ENABLED: true + LOG_FILE: /app/logs/log.txt + LOG_LEVEL: info + DB_CONNECTION_RETRIES: 10 + DATABASE_MAX_CONNS: 10 + ORG_GROUPS_ENABLED: true + ORG_EVENTS_ENABLED: true + ORG_CREATION_USERS: "" + \ No newline at end of file diff --git a/values/badhouseplants/values.vaultwardentest.yaml b/values/badhouseplants/values.vaultwardentest.yaml index cfa139b..0edc735 100644 --- a/values/badhouseplants/values.vaultwardentest.yaml +++ b/values/badhouseplants/values.vaultwardentest.yaml @@ -1,59 +1,78 @@ -service: - port: 8080 -vaultwarden: - smtp: - host: mail.badhouseplants.net - security: "starttls" - port: 587 - from: vaulttest@badhouseplants.net - fromName: Vault Warden - authMechanism: "Plain" - acceptInvalidHostnames: "false" - acceptInvalidCerts: "false" - debug: false - domain: https://vaulttest.badhouseplants.net - websocket: - enabled: true - address: "0.0.0.0" - port: 3012 - rocket: - port: "8080" - workers: "10" - webVaultEnabled: "true" - signupsAllowed: true - invitationsAllowed: true - signupDomains: "test.test" - signupsVerify: false - showPassHint: true - # database: - # existingSecret: vaultwarden-postgres16-creds - # existingSecretKey: CONNECTION_STRING - # connectionRetries: 15 - # maxConnections: 10 - storage: - enabled: true - size: 512Mi - class: longhorn - dataDir: /data - logging: - enabled: false - logfile: "/data/vaultwarden.log" - loglevel: "warn" +--- +workload: + kind: Deployment + strategy: + type: RollingUpdate + containers: + vaultwarden: + mounts: + storage: + data: + path: /app/data/ + extraVolumes: + logs: + path: /app/logs + envFrom: + - environment + - secrets ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.allow-http: "false" - kubernetes.io/ingress.global-static-ip-name: "" - cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 - hosts: - - host: vaulttest.badhouseplants.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: vaulttest.badhouseplants.net - hosts: - - vaulttest.badhouseplants.net + main: + class: traefik + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + kubernetes.io/ingress.global-static-ip-name: "" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + rules: + - host: vaulttest.badhouseplants.net + http: + paths: + - backend: + service: + name: '{{ include "chart.fullname" $ }}' + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - vaulttest.badhouseplants.net + secretName: vaulttest.badhouseplants.net +extraVolumes: + # -- Because by default the fs is read-only, we need to add an emtpy dir volume + logs: + emptyDir: {} + +storage: {} +env: + environment: + enabled: true + sensitive: false + data: + DOMAIN: https://vaulttest.badhouseplants.net + SMTP_HOST: mail.badhouseplants.net + SMTP_SECURITY: "starttls" + SMTP_PORT: 587 + SMTP_FROM: vaulttest@badhouseplants.net + SMTP_FROM_NAME: Vault Warden + SMTP_AUTH_MECHANISM: "Plain" + SMTP_ACCEPT_INVALID_HOSTNAMES: "false" + SMTP_ACCEPT_INVALID_CERTS: "false" + SMTP_DEBUG: false + DATA_FOLDER: /app/data/ + ROCKET_PORT: 8080 + SHOW_PASSWORD_HINT: true + SIGNUPS_ALLOWED: true + INVITATIONS_ALLOWED: true + SIGNUPS_DOMAINS_WHITELIST: "test.com" + SIGNUPS_VERIFY: false + WEB_VAULT_ENABLED: true + LOG_FILE: /app/logs/log.txt + LOG_LEVEL: info + DB_CONNECTION_RETRIES: 10 + DATABASE_MAX_CONNS: 10 + ORG_GROUPS_ENABLED: true + ORG_EVENTS_ENABLED: true + ORG_CREATION_USERS: "" diff --git a/values/badhouseplants/values.wikijs.yaml b/values/badhouseplants/values.wikijs.yaml new file mode 100644 index 0000000..3363157 --- /dev/null +++ b/values/badhouseplants/values.wikijs.yaml @@ -0,0 +1,47 @@ +--- +ext-database: + enabled: true + name: wikijs-postgres16 + instance: postgres16 + credentials: + DATABASE_DATASOURCE: "postgres://{{ .Username }}:{{ .Password }}@{{ .Hostname }}:{{ .Port }}/{{ .Database }}?sslmode=disable" + +volumeMounts: + - name: postgres-creds + readOnly: true + mountPath: "/etc/postgres/connection_string" + subPath: DATABASE_DATASOURCE +volumes: + - name: postgres-creds + secret: + secretName: wikijs-postgres16-creds + #externalPostgresql: + # databaseURL: $(cat /etc/postgres/connection_string) + +ingress: + enabled: true + className: traefik + annotations: + kubernetes.io/tls-acme: "true" + kubernetes.io/ingress.allow-http: "false" + cert-manager.io/cluster-issuer: badhouseplants-issuer-http01 + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + hosts: + - host: wikijs.badhouseplants.net + paths: + - path: "/" + pathType: Prefix + tls: + - secretName: wikijs.badhouseplants.net + hosts: + - wikijs.badhouseplants.net + + +postgresql: + enabled: false + postgresqlHost: postgres16-postgresql.databases.svc.cluster.local + postgresqlPort: 5432 + postgresqlUser: applications-wikijs-postgres16 + postgresqlDatabase: applications-wikijs-postgres16 + existingSecret: wikijs-postgres16-creds + existingSecretKey: POSTGRES_PASSWORD