WIP: Installing tandoor

installations/applications/helmfile-badhouseplants.yaml

@@ -113,6 +113,16 @@ releases:
       - template: default-env-secrets
       - template: ext-database
 
+  - name: tandoor-recipes
+    chart: allangers-charts/tandoor-recipes
+    installed: false
+    version: 0.1.0
+    namespace: applications
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-database
+
   - name: badhouseplants-net
     chart: badhouseplants-helm/badhouseplants-net
     namespace: production

values/badhouseplants/secrets.tandoor-recipes.yaml

@@ -0,0 +1,25 @@
+env:
+    secrets:
+        data:
+            SECRET_KEY: ENC[AES256_GCM,data:9ABsIVICRj0LO7q1iKPatWkjPLaqpBa7EaXIHzT7,iv:2P2qRyUnP7GP0VXTulxbgplagyaAV4RvHsUPEXuieq0=,tag:juNh+eY/7GfxWMb5VXlNjQ==,type:str]
+            SOCIALACCOUNT_PROVIDERS: ENC[AES256_GCM,data:VaPaCl6QAn7cn1OlZYD/tkJk8jgDCyiTvrfGydWrFtpUJFyNA+Wfj6sWvkTqhHTk5GYN4h0IIfqQScxhTmbxHmnEctyorC0AvFEZRw6IQ0KGFgdoQFZ5MPcb1kL3neY+GJwm7UAmH2AjAwG7PTZJsnha7N8q672IkAljCAVAokL7s6IS0vGzVHbyRy/tbR1BxCWcJX2WF2kpXAlc+mTKMZWsFChvrjjK1h4RyrYIDgbKGhJVM4cnrOzGrliuI58Ief+QERMXsFMIY6fbUsPT3eGe+oQQ+lKZxvlEbgVZsnsafQX6ZSWvtylmYVMgNsXbdqsWKlCnRfmATkS9sSJiUX59/ZtZcL3giRrXNlnv5poumEp9PO5euexXwlmJURXOnnD/kEcJn/PxuL2aV390I8TmaNGUZe0vzrNDSVOhCsykGMxf1L+MO5+aU+OndT0FH6l1GTQHNzzeo8XRrF5U9EPN6dTxbYWsu4GL9WuL0jhm/wYlbn1bhNnr5+1+xTpAHl20MeVQ0t+cCiB/7ALraPnFS88HQiA59YfiJA==,iv:qZa9zUL3c2bemBFk2SexY5TfDYUVNkk8QbB8Ucj/040=,tag:8e6CddYfCPnCKSN4bh3XMA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZ3JPMzhhVlVFR2R0R1hP
+            L25HUUdZRGp3dzViSk9vVXVvMVNTWWN0VmhnCkF1Y2F3SWdzR1p2LzJFd2xiWExW
+            UnhjZVpFM3NOaVkyYXBKUGZiMXFSM1EKLS0tIGJyS1VRTnJKYjAzcXpMbnd5LzhP
+            bHd1UGd0R3NZMXdUblAzMXZFUWtPUncKab/saT736wWdksBB1swEZMY25LICviqc
+            pzSL7VWlN4d+KEZu2mS4Z8Fxd+PqLmbKFtBL0pIYyXxmHmfI2AVS6Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-01T23:22:38Z"
+    mac: ENC[AES256_GCM,data:+5B69+er2ofT3sk1a7bvZiTqNpGjlaPTWza+pZP2O0wOw52IxhLtJdzQbxaCeAYoztYqAnFuqnaSZM7BL9AoV8bq1aAwnq64/KquWQ5KtBaY5YxDSrt0XFqDW63gAmcO+kyi777HwYSjpphMg8L3hRMebnypVju08il0twaDfww=,iv:xI3cU0WfH9TQ8YyLwqsJqnPKhVCKX+3EXQrm3ToY7ZY=,tag:Lz1jjjiZnd11AZaQv//9CA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

values/badhouseplants/values.tandoor-recipes.yaml

@@ -0,0 +1,46 @@
+shortcuts:
+  hostname: tandoor.badhouseplants.net
+ext-database:
+  enabled: true
+  name: tandoor-postgres16
+  instance: postgres16
+  credentials:
+    POSTGRES_HOST: "{{ .Hostname }}"
+    POSTGRES_PORT: "{{ .Port }}"
+workload:
+  kind: Deployment
+  strategy:
+    type: RollingUpdate
+  containers:
+    tandoor:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 3000
+        fsGroup: 3000
+        supplementalGroups: [3000]
+      envFrom:
+        - main
+        - secrets
+        - secretRef:
+            name: tandoor-postgres16-creds
+ingress:
+  main:
+    class: traefik
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
+      kubernetes.io/tls-acme: "true"
+      kubernetes.io/ingress.allow-http: "false"
+      kubernetes.io/ingress.global-static-ip-name: ""
+      cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
+
+env:
+  main:
+    enabled: true
+    sensitive: false
+    data:
+      DB_ENGINE: django.db.backends.postgresql
+      SOCIAL_PROVIDERS: allauth.socialaccount.providers.openid_connect
+      REMOTE_USER_AUTH: 1
+      SOCIAL_DEFAULT_ACCESS: 1
+      SOCIAL_DEFAULT_GROUP: guest