prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactor: postgres-operator and migration
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Peter 2023-11-08 21:28:51 +01:00
parent c592010f90
commit 0ac1d722a3
No known key found for this signature in database
48 changed files with 719 additions and 429 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
.drone.yml
View file

@ -28,95 +28,3 @@ steps:
IMAGE_REGISTRY: code.icb4dc0.de
IMAGE_REPO: prskr/infrastructure/keydb
IMAGE_TAG: v6.3.3
---
kind: pipeline
type: docker
name: arm64
platform:
arch: arm64
steps:
- name: manifest
image: quay.io/buildah/stable
network_mode: host
privileged: true
commands:
- |
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
buildah bud \
--tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \
--arch $${IMAGE_ARCH} \
apps/ghostcms
buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
environment:
GITEA_USER: prskr
GITEA_TOKEN:
from_secret: gitea_token
IMAGE_REGISTRY: code.icb4dc0.de
IMAGE_REPO: prskr/ghostcms
IMAGE_TAG: 5.71.0-alpine_arm64
IMAGE_ARCH: arm64
---
kind: pipeline
type: docker
name: amd64
platform:
arch: amd64
steps:
- name: manifest
image: quay.io/buildah/stable
network_mode: host
privileged: true
commands:
- |
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
buildah bud \
--tag "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}" \
--arch $${IMAGE_ARCH} \
apps/ghostcms
buildah push "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
environment:
GITEA_USER: prskr
GITEA_TOKEN:
from_secret: gitea_token
IMAGE_REGISTRY: code.icb4dc0.de
IMAGE_REPO: prskr/ghostcms
IMAGE_TAG: 5.71.0-alpine_amd64
IMAGE_ARCH: amd64
---
kind: pipeline
type: docker
name: manifest
platform:
arch: arm64
depends_on:
- amd64
- arm64
steps:
- name: manifest
image: quay.io/buildah/stable
network_mode: host
privileged: true
commands:
- |
buildah login "$${IMAGE_REGISTRY}" --username "$${GITEA_USER}" --password "$${GITEA_TOKEN}"
buildah manifest create "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}"
buildah pull --arch amd64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64"
buildah pull --arch arm64 "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64"
buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_amd64"
buildah manifest add "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}_arm64"
buildah manifest push --all "$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${DRONE_COMMIT_SHA}" "docker://$${IMAGE_REGISTRY}/$${IMAGE_REPO}:$${IMAGE_TAG}"
environment:
GITEA_USER: prskr
GITEA_TOKEN:
from_secret: gitea_token
IMAGE_REGISTRY: code.icb4dc0.de
IMAGE_REPO: prskr/ghostcms
IMAGE_TAG: 5.71.0-alpine

6
apps/drone/base/config/values.drone.yaml
View file

@ -33,10 +33,12 @@ env:
DRONE_DATABASE_DRIVER: postgres
DRONE_GIT_ALWAYS_AUTH: true
DRONE_LOGS_DEBUG: true
DRONE_S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000
DRONE_S3_ENDPOINT: https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
DRONE_S3_BUCKET: drone
DRONE_S3_PATH_STYLE: true
AWS_DEFAULT_REGION: us-east-1
DRONE_S3_SKIP_VERIFY: true
AWS_REGION: us-east-1
AWS_DEFAULT_REGION: us-east-1
DRONE_REDIS_CONNECTION: redis://drone-session-cache-keydb:6379

10
apps/drone/resources/drone-secrets.enc.yaml
View file

@ -5,10 +5,10 @@ metadata:
namespace: drone
type: Opaque
stringData:
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:bLbQALnKFmjIWayuvgJK+w==,iv:MXpJa4ctbumf8u7erB66dpu6umQFmcKry0rJijECSpQ=,tag:UE8z+UW4ulwG9i3NKyfO4w==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:5oEn7d5MII2h1swwLS2YKHXLUYdTLZ9c4NU+j3xjk/I+ZdXZkXsy4mfewxWCZT+AmJHlJY2A1pB5t0nKFw5H,iv:bgoy8y+eOuIRPSuN7LZSQLVPnRjTVhBhUXJ2Vn54acc=,tag:LeuivYJtkSXtoMVRGz1F5A==,type:str]
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:HWUsFOc2tD8CnEm4m4+2nuynOOW6lbUrtROLaPNgkmI=,iv:pmfvhL69opyb/MPlLRNjhjid5ORtE/E1B2/tCdOJKIc=,tag:xUVez9qJc4eBR14HeHyYmA==,type:str]
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:skSkCr5p1YpNqeiwUz1zTUstRb9wbaSUVOzCgyLJxf9kKXWpPjQOQxve7s5m6iNhwgxICBmjNgxA6f2wYXrF2w==,iv:h/kNCcbYfXDGyH1oUz1A2Nfeb/AM92msQQ65YXHu+o4=,tag:xv7tm2PtVOCBtJ45K6H/QA==,type:str]
DRONE_COOKIE_SECRET: ENC[AES256_GCM,data:zG8FSKnxIRVk7cCbtIP6VC2tbM+FfjFcg5Y6mTE19Tw=,iv:Ac50qD8l7CwtGxFFITl/0dMq1McHbztU7320v4pPWFs=,tag:JZCwGhJ+NQ/pdpULMzI+pQ==,type:str]
DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:qoH2QxBMwK+24ZsWe0F5VcbINvreEIdyT258uusu7BjjzEOWql8b5h8Ipj8fUK4lsPR+WnqG68TlGRYEZFM12o9EB7IPs8R47ERE6qfFN1Sdi5Vdf4kmEYWPnsJrJyc7mzovLTFJLwr85ZpYv64aSw7n0io13y0=,iv:1+xiSO+htrq381gpIri9/2I4CkzGSfT2Av0h3RXEQ5Q=,tag:f9Mg2CDo0HlkWpBkl6j+nw==,type:str]
DRONE_DATABASE_DATASOURCE: ENC[AES256_GCM,data:j5sqt/EpuGOHQH2p+kuwm/CYIxT0DviopKST2MrTpXR+Jh20NRgiq9CnYFTzCIHQZaSsO16b4Gyu0ViXgYSEK5t0j0QNnEjo8/z+ko6mOYEMyAbdAUuBmS9i/vbCb0HaXTpoTy3RG7Vjxif3WqDf,iv:b1rssEhX4K/cHNEytIuLW8NZaOPSnOokmhH+kBggyN8=,tag:Ns4lIcSWntsT1zpKMNd7cg==,type:str]
DRONE_DATABASE_SECRET: ENC[AES256_GCM,data:qSNVcSzH0y0pCY07Y3yDjfMaPZFtPWEmf3tqq076n7o=,iv:XNJaU2kQJeS7iMJyIoAkwzVS3QdqLAZy/FbE3VFvYXU=,tag:FPYbmgQ8/VSkMexXko+7Nw==,type:str]
DRONE_GITEA_CLIENT_ID: ENC[AES256_GCM,data:jTR4bxuyrxt5llnRDuBHnughiIyzKQ2JEylh16wjZDIyWrid,iv:NrUudI15R+ZiaL3M/k70Mdfm20aerCWjDs6R0MHC4Hc=,tag:kfX4fNcCP4Xy//V72WzDrg==,type:str]
DRONE_GITEA_CLIENT_SECRET: ENC[AES256_GCM,data:0t8swJmx5qSvx7q9GsuRU+FOfcKxelIzDm5u16Nypfrqf5m9CbqmT39Uibj1wL8dWwx04Xo4mxc=,iv:agqn9RVuDq9WXly1AvckabpIyOqyK+0E89u4iItKRn4=,tag:KZLQlq+61QZtFGY/CnlQ2w==,type:str]
@ -38,8 +38,8 @@ sops:
VGN1VEJlL3RxOXVwNmo3RTk4aUhEb1EKtAHu3KqQ7EH7SQE/Dvc6gfuSmkcsy3+c
1xxDYh69cMHkV3q4Wfnqg/DyWUq6D7OE4tVAuzNfo1SzZuBHXXCdQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T19:21:02Z"
mac: ENC[AES256_GCM,data:lwiL9GLN8fDPfIrKxqciJXOz7vUbgxtayfqQwrxp94TTOTaAnraKIy60RlkP2PJUuj9Rdcl7sTLSWRrkwgUq08xvNjEOnQ70TuWQAaSR9J0udWsvPQWn951xr3lzzkE6M6ZI/3JCX87gXrocAih1ogpU9b6uz4zUiuhuHk8UogI=,iv:OZJhT0XFhsU2+HZ1YhqAsZniGeBipQqYcP6CJFJjTac=,tag:LYzqKBUiw7ETaRETVOym5A==,type:str]
lastmodified: "2023-11-08T18:21:47Z"
mac: ENC[AES256_GCM,data:Lblzygh5+S25J2c1bH+hlKE9DGkmYAzI+BcBfpoLs3uB16NIyIku833XN0jEerpxINSiJMClLBVzZ2uKCpDCfcxxz0rJIldtoUqOzKtxTtcziMt6VXoG3h5m9pPbILzGU27uzo/D7E9SbXAUAmTGYsEFLx/R7bZYWMCdhgCOO0I=,iv:tnjm+xhTCie9W8LPG4MYCK3KNMZBa8TJPmzpYxZ0HQc=,tag:R4W/OU/aNCz5S7pXHjIWbg==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

15
apps/forgejo/config/values.forgejo.yaml
View file

@ -73,24 +73,25 @@ gitea:
DEFAULT_USER_IS_RESTRICTED: 'true'
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: minio.minio.svc.cluster.local:9000
MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443
MINIO_BUCKET: gitea
MINIO_LOCATION: us-east-1
MINIO_USE_SSL: 'false'
MINIO_USE_SSL: 'true'
attachment:
ALLOWED_TYPES: .bz2,.gz,.md,.pdf,.tgz,.txt,.zip,.tar.gz,.txt,application/gzip,application/x-gzip,application/x-gtar,application/x-tgz,application/x-compressed-tar,text/plain
MAX_SIZE: 30
MAX_FILES: 15
STORAGE_TYPE: minio
MINIO_ENDPOINT: minio.minio.svc.cluster.local:9000
MINIO_ENDPOINT: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com:443
MINIO_BUCKET: gitea
MINIO_LOCATION: us-east-1
MINIO_USE_SSL: 'false'
MINIO_USE_SSL: 'true'
database:
DB_TYPE: postgres
HOST: postgres-15-postgresql.postgres.svc.cluster.local:5432
NAME: gitea
USER: gitea
HOST: default-cluster-primary.postgres.svc
NAME: forgejo
USER: forgejo
SSL_MODE: require
log_sql: "false"
metrics:
ENABLED: true

10
apps/forgejo/resources/credentials.enc.yaml
View file

@ -4,9 +4,9 @@ metadata:
name: forgejo-credentials
type: Opaque
stringData:
database: ENC[AES256_GCM,data:XnZgkrfXpUElOMMqXKSYn4tFNPcKznUZ/U+ZKWnioqC3,iv:s6cwX7Pcic4GSdJUkAp79VZmTjWvaMQGRpRBLym7G+U=,tag:yzSUbsiG9hpTQhkXLK3ZsA==,type:str]
attachment: ENC[AES256_GCM,data:pdNzbwfjEFKk4XBNA+/mKKy/SWQD1cFnu8JuEsZfIoRUM3u6qmcw0Hc8H1epsE+YcLpjfIxM7SLGS+pSaYBHSCltyk4IoJ0kPOetAwg+JcHorzUawKbPTOfRzgZFuSG/x7fze3I3RabWA+hpqM/+8ioVe8ecMRqxiyf8iA==,iv:fs9AzB8mkd4p5yVvaoPh4Hf9RMYv2b6l0dj+sMajhqo=,tag:gIvxxD40wFQH7WhzMWkcZw==,type:str]
storage: ENC[AES256_GCM,data:ESAb9DiIldMUINDnK/xMt8DmFbuFnumHSoDVGS9HBABkKBfb5zKvqNXLq9NIm4KGNKojAoy+axgZwv1sAFZNMLTuDQNOczEJ9yPyr3IbuQHXWKpyDyN6nlY26FLH0ib6JuL6n15s67IaFPYuFa1ukfQn9IRTKnwmY8OK+w==,iv:tmQ4Xtl3rmI/mhBPlTbsVL5yTrDbHZlIc+I4Dx1SeP4=,tag:SWqOxnHg3yE1H8mrroAOtg==,type:str]
database: ENC[AES256_GCM,data:kTQSEpMRi0ze+d0nsYerRFfhlS8VzZ7stF6AaXCKg4c=,iv:ZK+l+N2LTmXiJ7eHbNpgq5cQ2geXJJVUwcnhqSvJaTk=,tag:zfK4sXZVg89aXNco2zVYkw==,type:str]
attachment: ENC[AES256_GCM,data:1yXF5ynIGQ8gv6F9SkehA+xnwlI0b1BuZAaSpmymNF/nm01rM5St0G2HBRAQp9i9HeJuRL3DitywAXqVyT1Usx5PFZrK3DnN1NoCCKFEOq5E3JFDQcVrisWtqab562y4ucR5GlynZHG+mjWEExTldnCoQc03KM8m/JsHI4Z5lV23/p+yrSMu/GpxERsu,iv:Llsh9nftLztMX5+3HML0u3hnaKoFKADR0Lj8WCDtsaU=,tag:yH65vLuB+/jUL+Rvaxt6CA==,type:str]
storage: ENC[AES256_GCM,data:6RyQ4kXlBexGZbHd8/RO7TdZ6jv+I9LC7rqHfZo9949G4FWDS47PdAtMWWV9IG/k2RziB//aBe8E7C5uvFWIpSQF7p4gxNTmdSzRq4/e1HrSdOKZ2+GdDPAzD7PWo7L7GhDN5iuAlUKAVsl/DFJWUkH6vFWPmVf3nJ/sW5MRjpjgzWuAzQAgdJttCxEi,iv:Xoy0TJ4QSoyY/b+EWkFEnx3OlBQSXNLJQL3nwTOv6Tg=,tag:7E2AMs7IkdZkN99cb7gAAg==,type:str]
sops:
kms: []
gcp_kms: []
@ -31,8 +31,8 @@ sops:
bHk2WG41aDdPeWVJR0NjRWZOVnVMS2cKLZZt2VNc5XdqW9Cknr2Re7pW2+s5CSYj
hQyzCSAPp8hN9mietVqzX3eyFf9ngYJ96TjvBd+2dduxchxAEoi4tQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-30T09:24:54Z"
mac: ENC[AES256_GCM,data:pE1MqMtsOmDcpI2N2BK++JLwENVMiN6fhjiqfqsjg0iq90nmmdm55Ot8AW9TK1EHdjBpghMjoIJoF4hI72RPnc6DunZPE/q5LZrTnW37do+EmF+KzSFz4goDovkj9KvAcyjY8b3PobpwX7wtNvRjaUqy1pr6WJZjntkHTojUUSg=,iv:CAGiBKa/ydi4n51dbSxqC9pJ5Wlh87rk9tiJYCoFmTg=,tag:v4ZvCi77mhVjZ90QNtscsQ==,type:str]
lastmodified: "2023-11-07T21:04:47Z"
mac: ENC[AES256_GCM,data:+9JzeBV2UT8O+d98Pvmx4+IujahWvuIIQijjW/JYaE6vbNfzcp21L+3jtU4JZb5Yj3KTySLvlaMvHKDxER/xHsIbYKUF0MMm90eJnccxiiJ7YhPKMkHmRhGbNEP60COv01O1bba4RrAqFdS0velAo74PmYFZO0gAX5T0080+4KQ=,iv:9J6QCO1J4scRCQklRtc62rcNSaVxsKfgqHpjsITruZM=,tag:jlUKMcYvSWmG7KpUOhNN5A==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

11
apps/ghostcms/Dockerfile
View file

@ -1,11 +0,0 @@
ARG GHOST_IMAGE_TAG=5.71.0-alpine
FROM docker.io/node:18-alpine AS s3-storage-adapter
WORKDIR /s3
RUN npm install ghos3
FROM docker.io/ghost:${GHOST_IMAGE_TAG}
COPY --from=s3-storage-adapter /s3/node_modules/ghos3/* ./content/adapters/storage/s3

15
apps/ghostcms/config/base.env
View file

@ -1,15 +0,0 @@
database__client=mysql
database__connection__host=ghostcms-db
database__connection__database=ghostcms
server__host=0.0.0.0
server__port=2368
storage__active=s3
storage__media__adapter=s3
storage__files__adapter=s3
storage__s3__region=us-east-1
storage__s3__bucket=ghostcms
storage__s3__endpoint=minio.minio.svc.cluster.local:9000
storage__s3__forcePathStyle=true
cache__imageSizes__adapter=Redis
cache__Redis__host=ghostcms-keydb.ghostcms.svc
cache__Redis__port=6379

8
apps/ghostcms/kustomization.yaml
View file

@ -5,7 +5,7 @@ namespace: ghostcms
images:
- name: ghostcms
newName: code.icb4dc0.de/prskr/ghostcms
newName: docker.io/ghost
newTag: 5.71.0-alpine
commonLabels:
@ -15,6 +15,7 @@ commonLabels:
resources:
- resources/namespace.yaml
- resources/db.yaml
- resources/pvc.yaml
- resources/deployment.yaml
- resources/service.yaml
- resources/ingress.yaml
@ -22,11 +23,6 @@ resources:
generators:
- ./secret-generator.yaml
secretGenerator:
- name: ghostcms-base-config
envs:
- "config/base.env"
helmCharts:
- name: keydb
repo: https://enapter.github.io/charts/

14
apps/ghostcms/resources/creds.enc.yaml
View file

@ -4,10 +4,12 @@ metadata:
name: ghostcms-secret-config
type: Opaque
stringData:
database__connection__user: ENC[AES256_GCM,data:RB9Ne7UwdiE=,iv:i+qC2xTv2I6iQfJnzui1V+M3YOCu7OD9qmtY6G1pp3A=,tag:PPe9wMGHeM7fItM+GJhchA==,type:str]
database__connection__password: ENC[AES256_GCM,data:EH5AnurBZlQPpybbS+mbFgMQk2H6GXrXlw2nDDChoaU=,iv:wShvZE2GEUG4OVBoSydE9MbFPO9T70QG4H65lf4itWw=,tag:J7fKtAVGWEYvXDWfC7ZNIQ==,type:str]
adapters__storage__s3__accessKeyId: ENC[AES256_GCM,data:zRnYiP0OGRJhYYuYGwjwgw==,iv:3S53/I21EW+ONOdU5lriqcnwEfCa74GK2NVwbOfnUlg=,tag:+Aljr4KLvC0/38LmYbSfpw==,type:str]
adapters__storage__s3__secretAccessKey: ENC[AES256_GCM,data:lK3nL/2VwcA1znIol0mtZOdbTEXoplnh7kb30xj8A/hLUVeWhDXf5EqGXlI5tsBHme2i51KjDTzk+taFEZkb,iv:0nwuVhcoW+7HB9EreZ6jlpzXkxYSAMNbX4wUAHzH0yU=,tag:frst/SlL3sgmM+wRAgQBJQ==,type:str]
database__client: ENC[AES256_GCM,data:sr6EfhI=,iv:pOo9u6/twN/F7O9B2TDoB5Zs5FC60vyLYtvJVDMUtV0=,tag:v2CLpeiV5CVzLK7pKAFbKA==,type:str]
database__connection__host: ENC[AES256_GCM,data:f8eQyV/1OvXQdHs/DtW6q1NbHqLIqbMi,iv:F0ChUjxJunyuKG2hKwHjylaHTDLA9SgMNMMX93aHo7c=,tag:4DcCiD1JRSqPd/KQSsyHsg==,type:str]
database__connection__user: ENC[AES256_GCM,data:zq6qSDV2N18=,iv:Pdt16Av6sw6iAEBPDu6W06AFsgBq7wkhTaxkyQahhac=,tag:RJesMhyVRK5VFFsJQsWeoA==,type:str]
database__connection__password: ENC[AES256_GCM,data:irsrzl+G4+HHosntR8/Y6BEuHmi5WAJEsZf+jwzlsbo=,iv:29BoRix+4CpMIjcFKFFDXTxEaQjHwERUTvxWwUgkLas=,tag:WoB18ym4MxO20oAnqxP5GQ==,type:str]
database__connection__database: ENC[AES256_GCM,data:+tiIhcFt06I=,iv:kwX/n8+4LW5eKmST3wxhdvPcmZoxtEh6zJ+spbvccPM=,tag:ZlwXxLRfZ6XpGE3hRga/2g==,type:str]
url: ENC[AES256_GCM,data:iNCEULqcDoiGhvAA1y80mbL0+lOzCxo=,iv:lw+5Sk1tRPJFOqIKH1MaQn7RvG02Hg0kmLTIT7JSeNE=,tag:vGNQVyRrnu1kBLYNEdNIzA==,type:str]
sops:
kms: []
gcp_kms: []
@ -32,8 +34,8 @@ sops:
UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz
C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-31T17:51:51Z"
mac: ENC[AES256_GCM,data:MMIdx3HIiclIbWDpMkxNiC9cGpzZysYtqZCObA8jBB39GdokRbIFaNS1JQuZ/6u3KyTj2X15HDvgphUWzjTIgl1nYvEumEj6ZyI82VqKP59BBOQ3jCz3rTvLqcqkI+HHd6CUzHehElS11xFZ1VV8CmcGrzhNtoGfIcpFr/7W0/E=,iv:HySrtTaz23uYOOOEnEDY34AGxFYyFRQ92xaD4kCQxe8=,tag:VqBbHcQIxJZRig+Krl3EFg==,type:str]
lastmodified: "2023-11-02T19:37:36Z"
mac: ENC[AES256_GCM,data:W1Q9cRmdgxtpREVPzbI9kF3wEFFkF9vWTek8n6sNEDyYd2sew9FQ0gaqoA2bSKro8ff4iLBpwChQIhM7AZbiw5CP0OjUZMWbcjw8YeJEwowIZ+jp3D4qrMuAfjdqhoAJf2G75RyWsChsRG2fPyQ0rVU0sPJf3haiA0MziZi97xM=,iv:yghPQbr5/CLZIeltIGPXYozs08KdcmypSOTO+OrZiHk=,tag:nIh+ntR5wcLJm2AihwhQ9A==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

46
apps/ghostcms/resources/deployment.yaml
View file

@ -4,6 +4,8 @@ kind: Deployment
metadata:
name: ghostcms
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: ghostcms
@ -12,30 +14,56 @@ spec:
labels:
app.kubernetes.io/name: ghostcms
spec:
initContainers:
- name: plugins
image: ghostcms
imagePullPolicy: Always
command:
- /bin/ash
- -c
- '-'
args:
- |
if [ ! -d "/var/lib/ghost/content/adapters/storage/s3" ]; then
npm install --prefix /tmp ghos3
mkdir -p /var/lib/ghost/content/adapters/storage/s3
cp -r /tmp/node_modules/ghos3/* /var/lib/ghost/content/adapters/storage/s3
fi
volumeMounts:
- name: ghost-content
mountPath: /var/lib/ghost/content
containers:
- name: ghostcms
image: ghostcms
imagePullPolicy: Always
envFrom:
- secretRef:
name: ghostcms-secret-config
ports:
- containerPort: 2368
env:
- name: NODE_ENV
value: production
envFrom:
- secretRef:
name: ghostcms-base-config
- secretRef:
name: ghostcms-secret-config
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
readOnlyRootFilesystem: false
capabilities:
drop:
- ALL
privileged: false
runAsUser: 1000
runAsGroup: 1000
resources:
limits:
memory: "384Mi"
cpu: "100m"
volumeMounts:
- name: ghost-content
mountPath: /var/lib/ghost/content
securityContext:
fsGroup: 1000
runAsGroup: 1000
runAsUser: 1000
runAsNonRoot: true
volumes:
- name: ghost-content
persistentVolumeClaim:
claimName: ghost-content

13
apps/ghostcms/resources/pvc.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ghost-content
spec:
storageClassName: hcloud-volumes
resources:
requests:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

6
apps/hedgedoc/config/base.env
View file

@ -31,6 +31,8 @@ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_IMAGE_UPLOAD_TYPE=minio
CMD_MINIO_ENDPOINT=minio.minio.svc.cluster.local
CMD_MINIO_PORT=9000
CMD_S3_BUCKET=hedgedoc
CMD_S3_PUBLIC_FILES=false
CMD_MINIO_ENDPOINT=2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
CMD_MINIO_PORT=443
CMD_MINIO_SECURE=true

8
apps/hedgedoc/resources/config.enc.yaml
View file

@ -5,8 +5,8 @@ metadata:
type: Opaque
stringData:
CMD_DB_URL: ENC[AES256_GCM,data:4nqueG0hIb5fPQbPJll+keWZVODpFxBUhVkeHTKJ2/J8Kpj8DMuU41HLQ1+iGFiUtEdv2LPvbgDOeXT4UR3zjDdGL96SpKbLQIKQlNjPWNfUXeHASkiIiMHh9Y7z3d/s2coopzk9ULTHs5XIMywCUoY8DX4=,iv:drx1hQdbsLbPSojSL79TFop1wni2KxNPJ+KwlOL9WQo=,tag:4JbriWueqRye/n3rnBpSkw==,type:str]
CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:X35aVIq7gnKpmqDRc7GTPA==,iv:awU1uonCr4xtgUB5/aFWWQOH+ztD8VQVj4b0wX/Lrwg=,tag:5VYSNlAVGuW1WGQHJfrsvA==,type:str]
CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:jM21N3cxeiKh/IJJY9Tka4cj77yzTmI6F8lxA/H69XErUnOy8Ve8NQWCGb6NkZvHCVelfs2FUoPtVitNbXte,iv:jNVspSWVTCco0R6sbRdn8EyIzA5YPziMzUrpf0q57ow=,tag:Oo6ppZnPo9umgCYMEDC8Zg==,type:str]
CMD_MINIO_ACCESS_KEY: ENC[AES256_GCM,data:VqudURssSgmCDVhCRjak2TDG10pwvCNfi0w9FlEh4SI=,iv:VGavO528JfqsUVyvWSAlWkMTXJAmLUablaGZ3VCEtq8=,tag:unvEa2k/9AzfVMEnhCDB1Q==,type:str]
CMD_MINIO_SECRET_KEY: ENC[AES256_GCM,data:/iQq6wnoH/WwEzApap6szpr7z+KZJ+twcuINgqtbHOMDXeVz9Yi7cjC0hGlqQHZTCO4jR5gp+OwdIkzRk0zDsw==,iv:1OHm8K3AA340q0xkNCF3RsPpcpKmUE5Yibu+IWIZ7+E=,tag:cB/pckdoEZQlzlRVWoYKmA==,type:str]
CMD_OAUTH2_CLIENT_ID: ENC[AES256_GCM,data:x1zEeQl4WM49dmbx9v159APlimVVmQX4uPUTa0Nwu7jazcD1,iv:eXSk8Js2OhKC6q1M2anzCdC30IqA9YIj7rxmzFRE4bo=,tag:zgutG/3INA7DxUY5PRJoIg==,type:str]
CMD_OAUTH2_CLIENT_SECRET: ENC[AES256_GCM,data:biyLVbyONbJK2V16Zz9/MVdpdqu3iTzsyBVx0iKK5MCyNfU1Y0lV9g88w44junGvvby/LWOAEGs=,iv:uSRtuu+bHpt8JOVfw5BpCXjqWW07x0jJ8Ja2pIcoQf4=,tag:He4d6BrE1V9OJbNH3hrPcQ==,type:str]
CMD_SESSION_SECRET: ENC[AES256_GCM,data:Nq6arL1aE69BeTRjx4pA90xZqcOtqOb3R/Zt98FyIVd+Uq53dWsqURG2M+IQpvl9MEpY8FpUNY0=,iv:JaOAe8YgNVnDBzV2x1TSqMJq36Qwqazk6cCkWwseBZc=,tag:FMKKOhow/w5HLwfNarQdjQ==,type:str]
@ -34,8 +34,8 @@ sops:
ZXpzNmEzbXhtZDkySFM2L0VQTzZCdTQKh46uRnVtRzzdnnnuCJNwgQo8AeNKpc6B
WC91My4qyOtvM9J+FJC71DTovfmHrZw0YWbPwXqNRU6XBWHfC/MViA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-25T20:06:34Z"
mac: ENC[AES256_GCM,data:WbkEZi02UASYMudLJVaQpuB7blx4UDm80dBiN0zPad6n5tRs+W0g5cahhMa9LkFH6mlUQbGTk4ndjQZgVeXVBE8LKyfvz+tlAP7+OR6yFx3AsHG1KCORolDJkFAQbqmV6fprvE0OxZZgPtu6OkSEMw2s5tdpRYr2EV1E2y7X0NU=,iv:AUeybEhdKQJNqBtTgpLWojk4x0aEpT5QFisEAQCFmWg=,tag:hAWw0vd8lzKeWbS1nb7fJA==,type:str]
lastmodified: "2023-11-08T19:19:28Z"
mac: ENC[AES256_GCM,data:mG1SOLX1AFuPuJ3v8o12ofU+rHD/Iwwp3xFfIoayHp+K/w8btnwZ1rrbzZLRwZfR2nnxF9Rn4UZ2d1v6B9z2Dlz/p4EDc2pDyyhgWFCoJgf1J3w7Gj7b1C9ukoGrxcQ0RaZjhhZrU0XjN5EyfTgxcl1e5UahOrHVUu5OMBukkKg=,iv:2M5gtUdMpsYmLZkuaWXoHGGKPM9pvXwEpqqRjhSN8yo=,tag:ORpppvL5KKXRVgIwAoTOCw==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

7
apps/hedgedoc/resources/deployment.yaml
View file

@ -24,6 +24,9 @@ spec:
- containerPort: 3000
protocol: TCP
name: web
volumeMounts:
- name: upload-tmp
mountPath: /tmp
resources:
requests:
memory: "168Mi"
@ -41,3 +44,7 @@ spec:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
volumes:
- name: upload-tmp
emptyDir:
sizeLimit: 500Mi

2
apps/nocodb/config/base.env
View file

@ -5,7 +5,5 @@ DB_QUERY_LIMIT_MAX=1000
DB_QUERY_LIMIT_MIN=1
NC_JWT_EXPIRES_IN=1h
NC_DISABLE_TELE=true
NC_S3_REGION=us-east-1
NC_S3_BUCKET_NAME=noco
NC_ADMIN_EMAIL=peter.kurfer@gmail.com
NC_REDIS_URL=redis://nocodb-keydb:6379/0

2
apps/nocodb/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: nocodb
images:
- name: nocodb
newName: docker.io/nocodb/nocodb
newTag: "0.202.4"
newTag: "0.202.5"
commonLabels:
app.kubernetes.io/instance: icb4dc0de

9
apps/nocodb/resources/config.enc.yaml
View file

@ -5,13 +5,10 @@ metadata:
type: Opaque
stringData:
#ENC[AES256_GCM,data:Hs6V,iv:5x3mHRFQ64to+CJGDDx+JNW1IEnHJ/ybe6JeecPJNeE=,tag:PBkuJceINQDF0YdjqmtcjA==,type:comment]
NC_DB: ENC[AES256_GCM,data:OkLE4jyqG4jH0bSH0bU0oGrm5ARbXOaw91MQOM6IfqVMOd0Z+Z9z6bHc1iFrt5NvQlNeJm/ivHxaj3fX0kyOp5Y5JQq9sJfkOPaOxYbI2Z5VCQymxFreT/5sH/it8cLqpkt2G5r1PIpch0p3,iv:nuv8A73AYhCWhIRp0o3IN2YV0xo7l/gtlv8EgBeJ4uk=,tag:FyNH9FvTz3P+kod52kCHLw==,type:str]
NC_DB_JSON: ENC[AES256_GCM,data:z2Ersb4CH2aQKdO8f4lxWfxUnNvYA5ese5hMsAnDT5uuaSGCUIIOEYhbREbbu/3rZhIrOMm10S3DZAlDDmc+Z1a4UeRHTsO5WEA9eyMG4mq5+6FV2FELORn+23jhpLgn9rP17IP5fSPlmWp6RdGsdsvXCFbHrz5YEofIlxJYQDL8ix/toTkVjKynNheqzU2bSyTQTfC7ZzDmGaCw43OtB4lo4S1flrNDyZubsqIAM3E8igOCTLbXf7ak9AMwTIs2jo/HAj5ErWXcdgBUZkNOPOYGbdKAIBdMS49EUsX4k5CAKZEmU14VGdWYwwpthAQ2osOELuZleXdlAdkhqFGgBG5zwKpDqV5EZ9HkbQtgL81gDnVR+nVXgU/Lnor2qS32szWl3xNskk0wyB/9OdbvJwV4L9yuLW0rwWI07aBWRACfXAvtDL/kUi7YPzC2ZueFw6628Bfjif3gUbm++plNpkDPKJw+MJRXvDqjCnB+ewaZ7O1nqQh7BjO0ZjkrOsJqm1HaCr8FpXVc5i8PrkYCIPrVA8zcdbu7AO/ngLpmN7AfcXOwjXKdFKdtwVgkK3mJBh976vGFRPTc0+4ENt3OnDVRIb+A0AdGuqWWNp9ctkjDGv4Ne2sH7dwCnnK0r0yORyfkr5ZQRUT8YCd42hUnEUlP54TDBMH9ZOpZX/nYKbv9BfFPRPP44hbYElkLtwAM02DkJX9EEW2yILGVE/roMrDlham+VNNSB7/Hrm7aUEWYwOBk9XghxOC1vhrxaG9LPZHhsKBakX/Jz1I3lWpcDf4ILa4clfej4M5gYwzMYY9P38G+MAzjnmyrjrgSvPVw8dZw9d6X4X+CRNKPXWm2UYLQHFHODkx1F4yH3aXQUy7nkCosX9SK03/kuBFo5FcARSudsYDJ9Y8SSTVtn3rTJeZF2hFww5tstZ3Ca0jTz75kaWYwvj4DpCd3AKw7/b9pw6DNCpPg07ipFI+fPjLVY+wXy1S+e8HmB6041BiMmc3dDyd4r0vuCH8a8b3Gna6/E4SyQWEv2dhEBAcKb5Eekdf8u9aSMjT7z9fVfrG7V5FQXZ+U46OgbNIUYKzQkJzO5WfRwVhbtUWlqV+YGIaBdq4V6lt0eNq5gdWSgY4pXLBOFtELbJN4wkwqeNh30vJAqmyT+SzfZxxEhire/kRAUFArql2m1aaWUEUw1rwMED8NIRryrQsBSirUFtHPSJM8NtU5/9bvZmS73prn3PTYJfKSVxD8b4c9/5O8WMWL9DxcLNRt863DT1p/RzA=,iv:dLiu9WddIz9iO3cOT7jny4PpdxiN7R/YccF/aaEy6Rc=,tag:w71GGULEaSzy0vrh4gOLvQ==,type:str]
#ENC[AES256_GCM,data:MQnRuJg=,iv:E82k3W8MaSx0BM7hXCkY1tN+H7D5S1kDPKmvP3Gi4/4=,tag:H4502GVmN8WvwPsiek5VpA==,type:comment]
NC_AUTH_JWT_SECRET: ENC[AES256_GCM,data:Js/NIpruZBw9hqvEP8cC0poEh5jf99mPd7fpDEJYsfNf5bGNN1hdXgypl8Y=,iv:aYw84L2YA4NBkICn/kP8eo345O4hEE87MwodzmlAGZk=,tag:5wyFoE9zpV9bp1ltheVHIQ==,type:str]
NC_ADMIN_PASSWORD: ENC[AES256_GCM,data:sKchDix8Q5VtC56G6cjT1rbO4h0/wzy+bFm9TUbhtvA=,iv:eR7nEDGn18t8hPMZK2xV26EvmrGmiWGuGFF1vgR0giA=,tag:KHLXghuZ8FE2oQ5HOkQbiQ==,type:str]
#ENC[AES256_GCM,data:48558Bjlc8t8SgJRrG1FH1Bs,iv:7wiJ1kI5A373sHUZXdHzJVC+jRTtI9fCLal3uo3TQXg=,tag:QOC0SCF9aJQNp/Gir6UyMw==,type:comment]
NC_S3_ACCESS_KEY: ENC[AES256_GCM,data:5KLAyGVTRJmdv+Pf4VLtxA==,iv:YluvNO+9YH9i/kJiiAwriQx5+zd1WXuvR0Grne8hHk0=,tag:WsULzFKDgHspG/hfBLQuOg==,type:str]
NC_S3_ACCESS_SECRET: ENC[AES256_GCM,data:Zquz2bKAYoHYWvKde1HqlNSC7kD66xYS9ZU51RYvWaYZGCk1vP+mC1iqmSRn0L9yjictpDJU6QtTzm9QTDBT,iv:oHaWAXWIqdz3DCtTuzeoN1OGE4dn6iNKR43b/VF4Evo=,tag:+1ROQuBjpceJHDkCFhz4Yg==,type:str]
sops:
kms: []
gcp_kms: []
@ -36,8 +33,8 @@ sops:
UmFSZEd1ekI1alFVOG1qUVNBcHFUQlUKW7idC59jIRv2NgxxwDIMAYRe9tvBI6or
rjkpmb3b1ONLX470pY4FtmejOw02rm7YoeFTLPSePQgeK/+7tE3P+Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T19:51:21Z"
mac: ENC[AES256_GCM,data:Fv6ttgDO4Y+SOwxNh6Qa14EZXvYbao9SL8wekODKs4S7jhY16pGfziMkqWXkc7pzb+BszeBO9Ajc+XZ5GpGg5EAbSdb8faZgsg1lBN6JM4ptbV7E8F6wB3iBNDb0aW4W3Oq35b4CBzjUbP7Sh+SkxnSpla8LLK/wZTs+fMhkTZs=,iv:3KjNdKoM3FEvlaT0YeeQVcBSoc3v1exmBl0FYYCXrLc=,tag:E1qsnAqpCMUjE9Xng9EQdw==,type:str]
lastmodified: "2023-11-08T20:15:51Z"
mac: ENC[AES256_GCM,data:Hvm/nLFI9TV9r8QxLzGM/dWRTX96TFcSUlEo1Q5nWfXym3pAI8LXqtxOri8IF9aZYdo87G9u3K+IPoGHL+1rYchYRF5O9T/Dez5lm9rMBc0z3dvq3gU0HKVjNaK9bso0b7Z90VSilbb7S0ZgI8gd2Xc//jgKnRrlMTeNVVgICQ0=,iv:icFu9+L4zlFLY62J7z+/1xwkTilUh2a1ZhrkCkbWyPI=,tag:L5QgfT9w2S2N+EIugXABuQ==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

5
apps/nocodb/resources/deployment.yaml
View file

@ -32,6 +32,8 @@ spec:
name: nocodb-metadata
- mountPath: /usr/src/app/
name: app-volume
- mountPath: /tmp
name: app-tmp
livenessProbe:
httpGet:
path: /api/v1/health
@ -72,6 +74,9 @@ spec:
- name: app-volume
emptyDir:
sizeLimit: 1500Mi
- name: app-tmp
emptyDir:
sizeLimit: 500Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000

6
apps/postgres-operator/kustomization.yaml
View file

@ -1,8 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: postgres-system
labels:
- includeTemplates: true
pairs:
@ -24,3 +22,7 @@ resources:
- resources/rbac/role.yaml
- resources/rbac/role_binding.yaml
- resources/manager.yaml
- resources/db/default-cluster.yaml
generators:
- ./secret-generator.yaml

77
apps/postgres-operator/resources/db/default-cluster.yaml Normal file
View file

@ -0,0 +1,77 @@
---
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: default-cluster
namespace: postgres
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
postgresVersion: 15
users:
- name: postgres
- name: coder
databases:
- coder
- name: drone
databases:
- drone
- name: fider
databases:
- fider
- name: forgejo
databases:
- forgejo
- name: grafana
databases:
- grafana
- name: hedgedoc
databases:
- hedgedoc
- name: nextcloud
databases:
- nextcloud
- name: noco
databases:
- noco
- name: vikunja
databases:
- vikunja
- name: zipline
databases:
- zipline
instances:
- name: instance1
replicas: 2
dataVolumeClaimSpec:
storageClassName: hcloud-volumes
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 10Gi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: default-cluster
postgres-operator.crunchydata.com/instance-set: instance1
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
configuration:
- secret:
name: pgo-s3-creds
global:
repo1-path: /pgbackrest/default-cluster/repo1
repo1-s3-uri-style: path
repos:
- name: repo1
s3:
bucket: backup
endpoint: 2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
region: us-east-1

37
apps/postgres-operator/resources/db/pgo-s3-creds.enc.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: v1
kind: Secret
metadata:
name: pgo-s3-creds
namespace: postgres
type: Opaque
stringData:
s3.conf: ENC[AES256_GCM,data:nd12eOx2aXNyvUyNxZVP7v9dgh/P51f5UM+vgvP2odnBX9dzE79/2/kI5dn/hJsa/6Jibmk/3Pvexl9PTc1BmYFogVXfkVH04RhH1iaP6Jsl8oycIaG4oPdPgfwSseZlGCmSIBP+GTRoQ8mUmNDVxaSb4SwYHI9vjTalxoSyo+vnE8ABBt7h5J5QgXo=,iv:av60ntIqiRfv7gum585jjO1McCOXmMVD+voBuWfukm0=,tag:+GgMk3Z16JFyfLvsHH/m0Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoU3pnbVhrREF3d3ZiU040
UjU1TUMraXhlV0k3aGprSnZvaUZncDU3Q1hFCkZtMklKS0VWS0w1SllxQ3lKYmxC
b2NFSitjSEtqMEpiZnNmeEhPb2RBa28KLS0tIFYxQ2w1aW1zaFVGY1RZekJVOEdH
UGZwVWhNTHdCS1hDMjJYcy9kVittTlEKLMWQALBbEmqMLx2gGMWr6m6CHb7vP9k3
lIZNhA5nwpH2R7TSbbNpnzsq3yhC9ClM8smfAmr+02rUK6T4RYaZiQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RVRxb2h5WjRFc0xBdE5m
b0JrbHJvM1pCZDlFVXU4bG0wdVpnQjRRaUd3CmphMU9LbGx4NURrNUlUekJMUHN6
ZVFncDgvcXdNeVVjSk52LzZ1N2NmSk0KLS0tIEJvQlBnNHFEQnVvZFZESDlRSHox
RHhmT1VJWHNsK2QrS1p1dEkyM2JrcTQKs4gzaEY/ofkMHkD03Yu9JIgnR12c5LWm
2bwb+wJ056Sxz2jwC66gW2F7CcX8tIBOuWW99JqfHhFBj9oYZGoDxw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-07T18:09:57Z"
mac: ENC[AES256_GCM,data:yndsk1ZStyVRDFm8h3dTARBzsiXAgWNNvrVmQeHuzYAYO78UxDXljbuQHBIJHGpSD4jEZl569cy3VY8Wk8ulUHHJM82LSMtYeAabv3GMJIpPxMHsczngBpbqmLQEpW6Yb6EB8eY7F8gL0MtZu46r4Dw9zZJKmGW6V1cIPK6G6As=,iv:udMhvZbf966Rdyl/2I/0IQL6kOvUOY4OSQMj+bWEKvM=,tag:BQPy3GoWP9FKcH6+o4B/8g==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

1
apps/postgres-operator/resources/manager.yaml
View file

@ -3,6 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: pgo
namespace: postgres-system
labels:
postgres-operator.crunchydata.com/control-plane: postgres-operator
spec:

7
apps/postgres-operator/resources/namespace.yaml
View file

@ -5,3 +5,10 @@ metadata:
name: postgres-system
labels:
prometheus: default
---
apiVersion: v1
kind: Namespace
metadata:
name: postgres
labels:
prometheus: default

1
apps/postgres-operator/resources/rbac/role_binding.yaml
View file

@ -12,3 +12,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: pgo
namespace: postgres-system

1
apps/postgres-operator/resources/rbac/service_account.yaml
View file

@ -3,5 +3,6 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: pgo
namespace: postgres-system
labels:
postgres-operator.crunchydata.com/control-plane: postgres-operator

10
apps/postgres-operator/secret-generator.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: postgres-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/db/pgo-s3-creds.enc.yaml

28
apps/vikunja/kustomization.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: vikunja
images:
- name: vikunja-api
newName: docker.io/vikunja/api
newTag: latest
- name: vikunja-ui
newName: docker.io/vikunja/frontend
newTag: latest
commonLabels:
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources:
- resources/namespace.yaml
- resources/api/pvc.yaml
- resources/api/deployment.yaml
- resources/api/service.yaml
- resources/ui/deployment.yaml
- resources/ui/service.yaml
- resources/ingress.yaml
generators:
- ./secret-generator.yaml

36
apps/vikunja/resources/api/config.enc.yaml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: v1
kind: Secret
metadata:
name: vikunja-config
type: Opaque
stringData:
config.yml: ENC[AES256_GCM,data:tmSeQoniqMDqsVqhpBvEZaSgQtXXwJFShVtwaUW/z43tsOybO38w1NkkyjPnOxVLb0SWkznSG5bDdvDPEXgk7EXBA2N29+hnDpp6kxE2MPQbIzLlNgZrfLC6tjEZtezOmXrZE6Xb5kleljuHFN+ph9WGes2m/ha7++fVKf/GD48MytqmC7SPBAJpitROXfx8NkqI2fhJIHkBhRsfTVy4Ur69dTryFt7xGLsC1ckxOWZebf7TYj10bpVPLAtxyLN7Os+l4Hl9GGbfjWMQ9lkSzIat3l4BNnkIWoZ2CoRqla2z/POn1crMJm7xeMkx1f6yB45NQM9r+/9HSbk3LDNGw5rgqrwkShj+/aXk2ePzGJK5O6zUSUidZpPpTLmxPNSaCu7QVmz6XR9zfzoXa4Ppdee4vbnqTa6FxUeM/oGcFI68X8kqRR+UImbjTrFKzFOPRw3hU7zHVwg2Wzh/k/4R+GNpLTLU+RlrT3dw9IvRFIERb15XTJzfId5+nWIxoMaH6tjaib84HVe1wtaRahYZNoYi7WZ748fiSx1b+AWRnxhCfK2EsQjul5Zdh2SSkYZysHi9Bmog,iv:K41jhC1s98trTYvcceAQOxx+ckAHrx22HLa5U6CYxWk=,tag:r7m/tjgYfaW3Wpfl8cJKTA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRkFMcWRyNE9tMU5NVkVs
UmNsSFVDN3k4SDJxK2tva1Rza2xuR2ExcUhVCndua28xNUZBaVlGeTJ0TG0xMlpo
cTB5ZTBkMzZ4NW03T1ZacmVGRnZMUXMKLS0tIEYyVGdMZlVCTHREdnBOR3h3NU4x
UzBWYXdMS3RadXpEQmN6cVBBUUpHWkUKugUfHbVc5+0597P5r8k8bAIcXHx2BfFe
DVdOoxLasWTXvz1GWTFuzvin3Z42GB9zCnjfzkEnwXbATwQy26MhaQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndE9JcHB5NWtBRDZLYTQ4
QXhJRG93bEtXYUlmRWhKWC93Mng2YUtDN2ljCmE3RklOdTN2dE42Q0RSc0djSXpX
UzBkdXRPVHJ2YUFDR0REeSt5YS9NNEUKLS0tIGJGR0pBWUp3Vm5tMVNneUtaQ1NB
UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz
C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-03T13:04:43Z"
mac: ENC[AES256_GCM,data:V29XEZk91KgM0cgTFO6qtwWcY73o+mSFTEVw5MN/NJoEPEHtzcnGXVcHePSvtVEWdWajOX8mz51WM/5sV/B3+Iah3tHNXXzlyCte/kBBa+8NTWvWXSrVUAY0b+W7kRAaAHtXIwYrHwMGkyN+lvNRTAXEcs21OSmM7n375nDsmlY=,iv:wTEKdY34e6B1lxM9qiOGcm5MWIa7RP5wYewwafz+X7A=,tag:XoGiBJwplBWyhVcqaJhkng==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

82
apps/vikunja/resources/api/deployment.yaml Normal file
View file

@ -0,0 +1,82 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vikunja-api
spec:
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: api
app.kubernetes.io/part-of: vikunja
template:
metadata:
labels:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: api
app.kubernetes.io/part-of: vikunja
spec:
containers:
- name: vikunja-api
image: vikunja-api
command:
- /app/vikunja/vikunja
env:
- name: VIKUNJA_DATABASE_TYPE
value: postgres
- name: VIKUNJA_SERVICE_FRONTENDURL
value: https://todo.icb4dc0.de
- name: VIKUNJA_DATABASE_SSLMODE
value: require
- name: VIKUNJA_DATABASE_HOST
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: host
- name: VIKUNJA_DATABASE_DATABASE
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: dbname
- name: VIKUNJA_DATABASE_USER
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: user
- name: VIKUNJA_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: default-cluster-pguser-vikunja
key: password
ports:
- containerPort: 3456
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
privileged: false
resources:
limits:
memory: "384Mi"
cpu: "100m"
volumeMounts:
- name: vikunja-config
mountPath: /etc/vikunja
- name: vikunja-content
mountPath: /app/vikunja/files
securityContext:
fsGroup: 1000
runAsGroup: 1000
runAsUser: 1000
runAsNonRoot: false
volumes:
- name: vikunja-config
secret:
secretName: vikunja-config
- name: vikunja-content
persistentVolumeClaim:
claimName: vikunja-content

13
apps/vikunja/resources/api/pvc.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vikunja-content
spec:
storageClassName: hcloud-volumes
resources:
requests:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

14
apps/vikunja/resources/api/service.yaml Normal file
View file

@ -0,0 +1,14 @@
---
apiVersion: v1
kind: Service
metadata:
name: vikunja-api
spec:
selector:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: api
app.kubernetes.io/part-of: vikunja
ports:
- protocol: TCP
port: 3456
targetPort: 3456

30
apps/vikunja/resources/ingress.yaml Normal file
View file

@ -0,0 +1,30 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vikunja
annotations:
gethomepage.dev/description: ToDos
gethomepage.dev/enabled: "true"
gethomepage.dev/group: Apps
gethomepage.dev/icon: vikunja.png
gethomepage.dev/name: Vikunja
spec:
rules:
- host: todo.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: vikunja-ui
port:
number: 8080
- pathType: Prefix
path: /api/v1
backend:
service:
name: vikunja-api
port:
number: 3456

7
apps/vikunja/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: vikunja
labels:
prometheus: default

32
apps/vikunja/resources/ui/deployment.yaml Normal file
View file

@ -0,0 +1,32 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vikunja-ui
spec:
selector:
matchLabels:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: ui
app.kubernetes.io/part-of: vikunja
template:
metadata:
labels:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: ui
app.kubernetes.io/part-of: vikunja
spec:
containers:
- name: vikunja-ui
image: vikunja-ui
env:
- name: VIKUNJA_API_URL
value: https://todo.icb4dc0.de/api/v1
- name: VIKUNJA_HTTP_PORT
value: "8080"
resources:
limits:
memory: "128Mi"
cpu: "50m"
ports:
- containerPort: 8080

13
apps/vikunja/resources/ui/service.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: vikunja-ui
spec:
selector:
app.kubernetes.io/name: vikunja
app.kubernetes.io/component: ui
app.kubernetes.io/part-of: vikunja
ports:
- port: 8080
targetPort: 8080

10
apps/vikunja/secret-generator.yaml Normal file
View file

@ -0,0 +1,10 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: vikunja-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- ./resources/api/config.enc.yaml

5
apps/zipline/config/base.env
View file

@ -3,10 +3,11 @@ CORE_HOST=0.0.0.0
CORE_PORT=3000
CORE_LOGGER=true
DATASOURCE_TYPE=s3
DATASOURCE_S3_ENDPOINT=minio.minio.svc.cluster.local
DATASOURCE_S3_PORT=9000
DATASOURCE_S3_ENDPOINT=2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
DATASOURCE_S3_PORT=443
DATASOURCE_S3_BUCKET=zipline
DATASOURCE_S3_FORCE_S3_PATH=true
DATASOURCE_S3_USE_SSL=true
DATASOURCE_S3_REGION=us-east-1
FEATURES_INVITES=true
FEATURES_OAUTH_REGISTRATION=true

10
apps/zipline/resources/config.enc.yaml
View file

@ -4,10 +4,10 @@ metadata:
name: zipline-secret-config
type: Opaque
stringData:
CORE_DATABASE_URL: ENC[AES256_GCM,data:yfEb6JfVXws1d9hgLggSCMd3Wj6IN9oul9Atc3mnv6Wf61b7RXzvRxAm6Jh9kI8/4Rujb5AAfUGSFcfSFGTtLE+ZrCNO5FN+sYmviDpegMBZPLj0/FBipCsAqqhbVMjDpIgIzFsEDplJ+w5loY3LQvLs,iv:TDED4Us+87Y58SiBZMLbjo98uEFaQoQGoMz5VtoR16M=,tag:mUlgfZEDyTRcjNIyygBQsQ==,type:str]
CORE_DATABASE_URL: ENC[AES256_GCM,data:5wI/kj0+X2vx4898sQS9Axhgp20IQh1xpbQgZOgobvYRvPxni7ad3RDd6misLSGF4eTeNWn7LQltf5aONGmvC6C6ueAF+sZhnzQPRfXZS2msiL8CtWXaON3Vo+boPqUNfoGHpg2+NH3tm+L1r3HwZDQkWg==,iv:hMTkTw/oLPFs4XVRnCViKNxKmE7OBlcLQa+aXgqnWes=,tag:Au1mkU0XBQPPumGvx+VWvw==,type:str]
CORE_SECRET: ENC[AES256_GCM,data:taa93xNb8h0vUVdWgDQ69+PQr541weQQmGJWau+2fXdTm13VtOLv2sH430Y=,iv:vxh60WKz2MM62O1AA4Uzxsz8rvxkdQTKxBfpjAOa1KY=,tag:OF5fOv5W+2U4yaRHOo2ohA==,type:str]
DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:v9qPjC25URN5AANOsXYCpQ==,iv:PuBrLEVmME3nFLPLW/KZQ9cBm0xjdLJg3NZ+ywktP2E=,tag:Xy0xeViZ1TD4g72VdpCSrA==,type:str]
DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:YkErE1Enmw70fD53Q1xs175zm58SGPblj3lUXFwG01i7vLXFPhlw3MezcF9Oi6a9Lobw/NzYVhXVaZZjVJ8w,iv:zy/F9GwdE2aR3sGCd7aCurcsBRI5e0qHVqvBuZxFtm0=,tag:1DstmxoIX0yCe4X5Gz4YeQ==,type:str]
DATASOURCE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:WcbIP7ir/5/j14GSXprxNGSQxnNhSxZHdqNk5k4EKy0=,iv:fCWBiA2vXbNFTQhjaoOl5Lhy5oKmIfnJr80El3O2SXY=,tag:uaPwWdtR2y07nuxzti14JA==,type:str]
DATASOURCE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:52dOiJH4BxDVgHBLGAHVv0yocB4VWJx7RPUQ4ge012T9gU8k2jYJ2Y3aL3Y+mFqdB24S6HJZ918dR0aglhiQyA==,iv:j+cs1zkb3VY3AVdbGeNcdIJ1S9ytSwfxwGt5/S96dsI=,tag:iy+Xgc97GierA74BYtHMZg==,type:str]
OAUTH_GITHUB_CLIENT_ID: ENC[AES256_GCM,data:7a773t7iacejEQayPqUbkKxL2XY=,iv:tfZuc2oTEmB/LI1BvPTbPVoA07kSW0AG4FH+8yJ72/A=,tag:B/kD0/rOW38trSpe+LVH5w==,type:str]
OAUTH_GITHUB_CLIENT_SECRET: ENC[AES256_GCM,data:IgxkqECtYbUdc3u/o2AATlQVkVPtcRU0+zvjwBLWNoPYdneWd2YBJg==,iv:XQq/HjK3wca31T8g5zqIreJ58Ar6GptLK3Um0Eh1CHY=,tag:lfvAOFAtj57mPPHdIdW7mQ==,type:str]
sops:
@ -34,8 +34,8 @@ sops:
eEQxM25tM2FxY1RvNEhxQWk2cE1wdTgKFq1rbrN1ScKuujg2xyRaESwswoMu2+zr
LvIVDhLTl4jyUb0WH8Iy8/xQhUhsp7KJnccXFoCc5TFE7QzEKfrv6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-26T18:54:35Z"
mac: ENC[AES256_GCM,data:Vzm8EBTJXvPNFeV/6UlnVzeId41SiiVpEftTdrDBxTD+5bDU6xq047MzLGGzo4dhFmxOXD7PMbQw40fcEZz2+DT9BOzuk8JBDIN7d+WhOtrwXjP6fqtvqpYqc9Go1VHbhVpNApYyK7fhz7eqfARmlZNam7XD5dySJnjccuXSujk=,iv:4CW3t7b8EsFtMnHQ24oDOhnffNmTRnK2x4MTaXiPHRE=,tag:9+ZFYyAatfc4dUnY67RzAQ==,type:str]
lastmodified: "2023-11-08T20:23:36Z"
mac: ENC[AES256_GCM,data:+PwY2NaAQTCbWAWl5sovsb0dang4WmUBI6FIjtwn2OzCIkUkvKvsHOl5sVoj8DyiQJT46Ui4xDwB/kKDUwobmQZXxaorJrEmBv1tfF7NBXIilrs0JWprxQ/0AZZY94KrQ/1lgcZ/a+Ax5JXDUxmHh81gM224X2sHLKS4tAaTfzY=,iv:vWHbCE50vIoI4uQMexywNB+HiBo43F2Ne067ITK2f1I=,tag:q8zqd8FCjdEYXhADlOg/yA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

13
k8s/configure_cluster.yaml
View file

@ -1,11 +1,10 @@
- name: Configure cluster
hosts: localhost
roles:
- role: cifs-csi
- role: coder
- role: prometheus
- role: postgres
- role: hcloud
- role: minio
- role: fider
# - role: cifs-csi
# - role: coder
# - role: prometheus
# - role: postgres
# - role: hcloud
# - role: fider
- role: nextcloud

304
k8s/inventory/group_vars/all.yml
View file

@ -1,149 +1,157 @@
$ANSIBLE_VAULT;1.1;AES256
32616231373536333534333134333639396335323730386466333964323263326332356662653264
3038646138613833306131396563636263313536626630360a393138343635646461366465353537
61633861303137363930623139306435643034323739386537656333366466646664386138633762
3366353962656531620a393162393638653963636563643636616436373030316263626133376263
65396561623631633134663133383863363932633661663265633361386165616436326366386461
66326230626337643737313738313031323638393234633236383764333035343162326364363364
66323130643831663734616635373131386435373832363732373462313236366337323438396631
36666430316131386235646138383461396564616363646639343833613964323864386536343766
31376432656337646131386136366563373562663236636137396363316333623336306262386266
63383330613163323332663666373163626535303934313232646330366561303664393634303137
31396135656338643037306239623634613632643365313866366166366430616435363332653564
62393366643765616564363465303565393362663461383066613033646634363635373437303638
62656139626233663465333232343437326138376137316163373936366530626638363335356565
61373339383762623135356531646564623834323130633538306330616530396638393833383938
30326361373065333966613430633638303931396530636335326338653237633535663033373734
65643831633538393434313030306432363664626435326238343631336661323461373965376162
38336466393631393564313365393263333638663539386536336135636635613566356566653030
33353530316264626330643830623166613233353262363461346135646135396337356639323035
64616435363366306138613565366236623963666632303566356565373130353961643163356365
64663031346362356237313437316136376661373063353338383137363865393163353632343966
62626262383262613739623635393966653730323263636462613966633135633938336535323062
66326363636463313633313036386138323330346538376666616437373932366235373163393061
65383036333264636633643332356363383634663234643031333866376664646232643735333064
35653231363261636365336362326533636461363331623665623465306234623061623161366663
64373063373631643166306433383834396165656231643566386438653535386131376531633164
65633136653862313233623033383463623534633934376364313535323133323134643430623531
31353234316436306437643565623064663262616638333031343138623165633939616465613932
62353939613061326639303936663534303531396330336135383663343435363362313737323762
34366161353030653839383532613234653864373138343934333862366339363334336337656335
32393666613333363331353236633563333931363965633064613431316133323637643639623439
37616537613437656539313031316639376136386136653932346264386562623562333632386136
65346662663539656163363331346166623862666666656638383434616333303062643365636561
37376465393237666134303564306164316334626334383865333161303137323235616437666137
32323830376530636133386464656533386137626135393762383462313935613961656332303132
38356262663962333465393635613963333434333865326633383033353361663064653833396232
37396136353036623861643538616132636332613835643738366531303339663761346636383030
33383030336137343235633439343339646332613735316366656264306134386561323637336136
31353466313561353664623034363662383136626166633033366430383738323766313832633565
36386338663131666264396238623731656464316261646630346333623737633130373336653066
65306336366436303930393337626630653634333666373461666337623337366235323236656537
36663863323938313333626433323635623933313364353433616239393566333366353334616262
65653538653834373834383066323636396364356666343638353766623033666133386237306137
32393836306435336634646661623137663935653535616162376338636462343430353966306435
63343132656332323635636261326330306530316666666661653833613339373363643466626163
34353962616564316162656530643335356637643166356334393035633736633534353838313830
36656666383130396539333861613738396364366132626539643735353465653033393934393530
30656664376462333236363236326238623337323665663930653964356566353033396236663434
33656332326434326632356239343931653430363465623735343237656639373536666131636163
64656539626130633463303739653439396534313536373336393630363538623466663936353765
36663139643132333937353032363538663138383365383866656530643439303136316363386430
62646266396364656565323539333538623437303530663837653864363537316134316532316530
62663438396137313331636233396630326535633364336162376432663730356439663861393264
30636339633863356362373865663561383162363431393832373664393965363834653263353632
61376137663963616433363866636331376634623664623639373333343461616563633030333634
38646238353035663438343734616166316236643138643362343865633565666231366465633662
37363830316161303033623537616639663738303964373662373933353035623064626166653835
61343038383735353566636464376639376636353264366136613934383238396230633034313464
61353039643964303766663031623065396464343935353630386631396631633262363962633962
65313435396130633936663031386237306365633833303766336365356434636131383930316337
65656566613065376334363065396332363138346130633230643935376339643339616632666631
35376361393262663736316666346138303031323431623461646234363635353366366336323532
34353361386466323162623330343137633933663639303631656636346238376531653361656464
32353838326534396130346233313965303365303332653539343562623136373531363939633466
66336666633239396130393836363961633233643435613463343262623132316535343962333433
35633233353631666536383633353462313630353762643764643264663137633636333635303935
39663036633833306561326165393962613963343135373365336432336638316438383639396161
35353136636664383435383031383064303039653766653735336339353365313465666337353839
39323132636639323637316665373132346462613633643633653536626561376161366132393164
32353930303265396163373236653534383536666537366238356362623237393264306133623035
64613764373862366635336139326235313138663165313335663433306336353332626236366639
61343336613762636630366538393564356130363263636562626438333534613437663635633431
33613438343134393963393563316437373364356632323865343132356435366565306138363133
36346135636339626263353663376236393238656131326233653666333336636536303562356231
64306135333764333136356131616264346266323562346466333830303664313336333263313861
37333235623635613934313561306437333962363931323235653337643331343037333039326434
65323031653265656237623535383035393562353365656161353634646666393965313332353736
33666234336432333038326430343461353365326263313638363665623435613333653032353637
66663934613038643131653266643539646437323132383966383665643838623862613333663433
65343866306134613134656633336534333334313033626565663062363961306139376631373466
38343937383338343136626634343366363863663663373538653931353765303839326136643365
63663665656238323961396433663530363535616337636361616137393066653234383434636539
37326366646534313934313261366463326335323662643930326665306431306632333036313863
36303966393865353762346431643132626266653733336530626132376261363438326537616535
61336339653839643463343365643336643431613533376237333731316334656439326565663035
33326465646437623638336437613839316231343563303032613835653362616261646162646363
35383530383230396332356238373866633962653362336230646335393138323131313661613166
36323430623161343462653830373938393766353230373765613463313531323533313838346630
35633035613639353638323239306262366232363537643562643330373961623964363432393161
30626433663139303331636435343639666532626136623865366261623266323162643730346363
36333864343832613961323461353239383663643030306434623165343938613739303836613064
33636566336561326335346535623232393636663139313866323233393437373139636636353338
30363132636131303734336564353066336233613138633262313936646134303837656466363064
39643337336237396235356333356331613665323766333064643239393530643937663736386631
35366366653431353730343066643938373937306464626636373562353534353232326263656463
38636134376432396465653130663132366462323362633539396464653764366566346462313537
35613933333864373435336637666362316131313064326136653862663366346437663134323532
31386563306464333631653530626265383838323138616334396564333139643038623639383264
39336331333630633732383231373266376134623265373434373438383363663130303030653664
39383639613830343132613763656433366431666666376430626464363961303564663737613736
39363339356136656464613366363933643263386464336565646538633938333930386135666132
65396137626634316361346435623435383931656262336230343634373231323866306331323565
61663162393965643361323734303362303030316262623332346131613865616563303961363933
61373931636566376131323262313132663838373635336438613334626264666635633931333733
61643739313763303564376362373536343035633234313562383565363865643761666364303333
31343230646161666463313465316464343239383936646135623839646234623365616332373234
61353966336666353034663034333037663539333963333737303532313062303938666433323461
30623833656565363061646665623861663564396362366562393161363539613036353139353635
38623965313934353764323666636231356263653837363633306463636632646166313434333637
32623937383730303233323532646430306239333564303935353963363863313937383839386335
31663939356333393834626535383961356464333132333662333032613036386530636564323938
38393863353563353533323166343430326435616666386366663835306361376535303365343366
36633265316637313732653335633230306531313637356131316437643230303266356537393037
66303564333561656335383530323063643437616562326435653433306263633932363065323662
35653065663738326633343732373939323362623035323137363366646234313165376230663538
65616238303363636334343434613132636234343431323530343738613530313730373261306562
36326538663164396565303762623366396633323961373633363365303038643435366436623366
62656162383936663434323335336565313031346361373636613665356433396533323461653339
39626131386466623836653766376666663765396430343334343237616464366163656532646232
37323239376438353166363834313937393033373737376135326462646564333931303734613335
35386564666132366236336337656136633733323132653065386435386562663436646263383638
36376636646563303264646562316166656331363065383035393330656161353065663062323732
62393237353035303736643032623662333637346364343762373534326134343063613734306565
66636636663933383236663062323661393435633235313639633162636638346335613735656435
66633736343630663765343034323466333261356433343137346237393035643665396136363533
30353233393662613234633139386164366166623562346630313638366362306531383938623130
30386461353065333730303037663338393765663239353666376565633336643530396566323765
36366232326531653164393138353435303230663639633531376562663638656262343863373136
63366330633330633139313664663638313534386266393830613766373732346431646131353134
39653962303433373066613463386431343838376536326630613066383865643032303031386361
30636136333363666430396330633134366461396630363464613465373166633031303431626438
31643665306265323061393264343936393661306166643261343835616439353939363463353139
38373365303539333965633733373830363865373737623061383232643130623463333037666135
35363038663435313330396433613230373132363939613262306532383636383636623730363732
32313534353634393834363331653264353436656264363636616133333432323263303734316330
38636336323934316165626337393639376361626137643033396432343336323562386265613962
64393061626465336135323137303566316337336131646336623062396432333134393966643230
61623165346338353432386637653630663132353861363839383564643439336363656631393730
65316162396631393139663664663761643539323664623730316231653534646163653465333565
35363937316231346261626564393464303033393433313361663964353937393438376130303933
36333234303833656130363939316363653136316236363166353539323137623630646333366562
33623136323031656162373363653663363237346235356563333161643565303861373638626162
37656561353230373133363362613562643130356163623664376238376337323037653136636364
36313933663162303861336230326630373837653866373935643138613666393933313463633164
35333739663932666635353231633163653335386635316637376331323430663962393334326265
38626336646332326361376137663737656631353235373433353563373335313566383164343437
32626634616264336265323632323433343938633232633161643665366231616362383137656239
64386365383066326361303331376334626431666662616439303537333337366131313733386633
34373232666238303537
38303064643634643931393932353266653032316631303432633136323165376165653136396533
6436393762353630373231366530366239316337303066360a336132663334336462656533303134
66643134373439633931366638316365306330303334613033396238333361333434653833393039
3538396130653538330a616264386230396633346131663032663764353937313162333630333365
35323064636531363937613563333336636634393763613730386237393633653136616165313034
65396166373334386236396266616639333866616434666337626433323233363461316666383034
63373131376239353330316236306464303739386139663439616339363636666137613137336336
65393462386436376137656363333362393265396537323632646561373030303263613466383534
35353834646461363661356430646463383663626135663133643633633335383763326438646462
64393062646264386364343638326562646130313330316162633636356233363661613033303965
32346565373839663233336338366536333636306333353839633761326638393538343638343436
38313466393836336137643162663862313732303161356161343234393965393337346161666535
34336534356463653331643163653032643631343832323838633862353339303632353033343761
66356465323838313966623832396338316436616162633866386262306134623134393430393737
66333664333133376638306238393534303230386133346661636435373035323736306230613132
66633838303939636564346333666636336434303839303565363063666430623866356232646336
39316636616239646538636537396336363933376136663263633830623235303038613030326337
37633264376534303061343539653538633137316464386438653639613035613962646431626436
38656437323963663935353430303462653865353666346362343536623836653733366538323239
37316330303131333238303263653235303063616230663139396130646432626664636531343934
30383665316364303661373330373838383565323637636532333961363863316235366264373634
62313936386334326332313235366461613636376533333262623262636539656336633531643435
36613435383763303761646263653139633233346661306265333365376135306238663465313331
64326139306338633664646437363639373564643131616436343163313838346137396462373536
33376530636130623437623561343239663163346232316664326533316339353165623735343236
37626136626662633561616233666338353863633330323933373863316462623361633066646632
63386565626537363932643534633730346564326163383064303735656164636439353039333138
61656238356462303836633361663938346436666638316233356631646365666636376134396133
37346366663363306336326532666439353333666137663832363064316331316337613763633863
33333665316432373965356261613638613261633937383365653936666538346432353838613162
63376534313135646331626662623037376363323465653963376431633835643238386161383630
39313436643566326630336639663464316538323262623238666662653364626432353963626333
30663335613265383138626532653061643933336664346266396263363130386162613637353561
65643464376536323139613566653633633533666438323838666230383638316266646334326632
36306130383138656565366638323766656261636564346464616339633465303539343137636465
35346238326161356634313136323331393539663965353635616439393765643731373238663131
36383036663166373562376333393236383266653337613766386636303638666362613264336231
32373164326538613432356136353935623930663965323932653133343836636566353739383766
65386266383665653835386634653531623161346165383335376165316538316130353432343533
35306431663135626162636165613464326538633163383563383166353236643038616631653233
36613330373130376364303662356464343462303039383934316432346539393130336662376364
32306537656436393438373565373735363530323366336431363165393033326661343732366333
31333031326633616536636338393932643337376237666533383238343761663538303235633036
61366433326662623663376331316363643633356335353939336462636335656263313665663333
36306361353432663639616339616338346663346532356534303165393664636263333861343066
31636266643861316539353639616163393535393935343763313863656438613733643866323363
36316337393936623836356332373239663365303863616563343833336337633731303063376431
66653139353764313631333134383262666331316632623438316537343039396539643130376631
38623134393339363033623136393538633830363764323661623332356139303035653236623265
63653366343133303564626231396336666533316534356230363664333231313862393631346432
37336231656262633763356162656264623363633237643661393337323034613338336239376331
65663833613564353139666332613062373162333831393636363835373237636464356235323836
61363532383939653638376464393232303636353836613936623362646661316534313366643337
37633534333465306330303433353264636534303037616639316464336161393339636462393738
31336563303134336133313737653933373137393532623238396464636665613166633438623132
65346161646362653661376639366636653336373364636439316363656530386334333233336530
36663137643736356264636438363837363561353666333232343639343361646534396166316163
34373262336332373961326631363065613364316131633838616539333632373835653333616535
31343034373939353834313532383264343939303931366632386362663065303637356362306564
36376365393865323036613165303538343938343132663137626635643031653637383961613861
65303366363236386431373761346261353466613035616331613835333332303235613834346439
33646634393434323164363631393639616661336233346562646461613231613064646331633932
35376538663764303137616138353030353664646564356534363139643836613937303838343239
32623739376332633531363766343862353530313837353535346337623337333238353231303636
62616134323730623732313633343230613735663766353665636538383761346131313634393036
61646163343332653339643933326665366536383365376535643265613535396137663962666538
32626166326462306331313133343736323664646234376239623861643833383839373439343139
33386536366435653861363738333338316162383365636632343431376131656562616432313163
39623066386638396662653338656533373135393338623037383037353865626566366131363639
64393462656135623237623832373063626166633166663337653633396332393364316331326136
30316563386434333534656163656639663031323265643462626136616435376262346336633534
64626533623535323061373834326139326634396564343861356366323461313334326165633336
33323639613765623431363661613065386561373639646333333132313263356535396363333134
61346237323565383632393031373635656135383162633066653730366562336265653136393934
30613231643132633936326531303131663139633630323734643166316636626338373136333266
62623165363536393766626438613934613532323566646634383263663331623461393335666265
61653063633030633866353630623038653463383131613332626630323835373836656138333335
63323335393737323134333065633733343631333638373463356531313562383532653137653063
33363065306662353633666535373961643862613161626664613634303233376664373566336666
64643862346563666261363938306464383931383035326262316135343662343338393164336233
63373361303034306134396365323466303139363062383537353862393964316664313238393233
37313732633732303535316437663865653537613330616466623531656461636530623163393465
66353233616133343935663061666130643536623634396363383930373761623732323066666264
38666332353038666665636561323561383037353864316365343635313764653966366531396331
32306531323763353736333231386663616662663834616263316565393736323239636163323031
34616437316564666335343735356435306231616331363038393136663733643934356462313566
37623032363135306633343964343464333434396366303162613135633365343436376363656164
30646334613266613638326665313930343163303238336362633061366337346338313430663165
37336536343632356538343536373033363263376630626666643563646331306438653262386530
61346362653338383865656131363165353634393739323465613865373437633166643861356536
64333139636233646166376361393937643937383765306362613662383537663765363961353263
30313637646536373233343033653936613233373635616366343463323837616537396539643036
33346435636164333362303461323237383937343366356534633435633631616233383539636562
66356461303735323863633465356133303339333139326133366465353435373962663435383863
34323931653465306336356132396235623135333061623538616632613834393630393663373638
32316331343438386564386238323764313033396535663461626163393166386534373061636530
64633236636139393164613862623338313839623233353963363866363530663032633264356563
62366636626230383032353930656134363061366262643234343838306566366463333430373630
32316563616461313764306434633133366361383938616339383161653563313930313165353962
37326466393438383762656335653763316236633139363562306332373030313639666363346633
63656531633934633261653331383531653831663331373932613665643430323063376331656438
33666639646530613735366665666238336263663066373234663332373533313031633565643535
61653465623462633131393864393964316561643562343966316166373035656436376361336564
32363339363666616335376630613137333761333239653534376666386438396438333363313530
61643638353139313931323765313336653263636433633765666535643532636362656539633632
31393964373434366435613763343737646235313236613361666334656237333438303265313630
35366233393561303432383834656537373562336633316437316432383031383431653931393763
66616664363735663261383732333438356237653830326336666666343761653963393533653037
35643339346566396634356137323661663037373830373438613866376333613838356362303934
33373361633437326265353035653033656436346539396166626634633530316465656630326134
37353265363533653938363337643039336464633962663130383032643664663536323664303138
39323661316636316361393534376338346666636336656234363166356461383732313164393231
61633936336162663464353631313931373533313861633335383662343131653566343863326432
33333961323231623239356437393166636463323465613234346434373264323565633162626535
64643337366439633736623933393761623266363036313763376535643834366633663937376564
61336238336130323632653138326536656165346237663463336336303363623838633665393330
65376236303564336434613566613565363366613065356334623734616134373239663430373631
37333862386364653262336436313639656565356233376239363565396638393761616466653763
33323238626434316334376264653831346236616332383533333964643832356330363439393433
34666532396661333439346430656637343033323831663962613838616132663365393465613435
64656534316164343839633063323431613135633665613630656265366334333262636363346531
30356331373464663736656661373661356265393064346539313034356334633437313838346338
61663137353733383333363836343130326662343633336637616134393163663939316663333738
61316333663862643038663466343733636465383739376363396534373061666430336163376265
39663066303534343936323032393038396139373733663133336330363436643638643561343465
62343930653539356664643934613433336462363634616439346338303161656632616435633831
31343934313636323665303037303862376236333765323436343734303535663565303237656237
30373431643631623232646265393839653538383636333230663563393531653637303237376465
36353235623839653630353663306135353131343537656338343631386263653833393234333238
30353232303433396434393730666662373230343838616264363466393365326239333537363138
35363163333564373865366265373566363763326466653164313636626337336636623834643335
36643564323839316435633032376433393938393030643531636265663635366331346137396339
38663831643237646239353463343662633931613464326132376139303764643930636265656466
35646530643330356662623238646635316134663962613164323566653231363464313530356263
64376335636266613333653361353739306131373364316335623764306566366535633530376432
32356363626633633138623132666638623236353539366531643637383030636239656138386537
34303431623039316565613036626531666638343835633133393533306334323866623630393462
65343832663434323338313433376135333439336133636438373938386233386633633337346362
30303062633735363339323934393730373761333133333166636639623764383330383732343061
39623735356238333333616362646137376562333432313535323835383263633165323930303461
32396662643664333566653239306137636430313434393335633161336330386637343261633737
32323337383834366563626565363639663536346538386466623936396636666339353037646166
30346238323164663839386364333963313336666435393935613730616433346630613463383938
65343736343764373465316261383731626631363661613639393162643566646365333061323035
66623030363961356335663334376530313961366235646431336538336162383632363264643639
65646531373964323635386134343032313137633239363030633539383639373965656135316334
62343131643333383131323662366163326137343933323539383063373066363561643665363063
36653036643930313835343631383631326231653762323433336238396332386133303132373462
62333366383133326161343537623833323431323732393433333839656464373433396531653262
64313930656162326637656534323263393336303235653362323632316138663166363864653164
31383462373033616137623339633031343235623537353130333235613464636333383064376137
64313365356335636235616333313965366264366134376235333565323132313636643239376639
64373439636230623537663834653763616133356537313566306261343933386130623566373165
35663263393034306134633630643463383063643339623533383235646266363234336562303636
65623238343936353933313465363330333361323262656535653133396538366462306564643265
32636362633239633162

2
k8s/roles/fider/files/config/base.env
View file

@ -17,5 +17,5 @@ EMAIL_SMTP_ENABLE_STARTTLS='true'
# Blog storage
BLOB_STORAGE=s3
BLOB_STORAGE_S3_REGION=us-east-1
BLOB_STORAGE_S3_ENDPOINT_URL=http://minio.minio.svc.cluster.local:9000
BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
BLOB_STORAGE_S3_BUCKET=fider

6
k8s/roles/fider/tasks/main.yml
View file

@ -22,7 +22,7 @@
namespace: fider
data:
# Connection string to the PostgreSQL database
DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/fider?sslmode=disable' | format(fider.db.user, fider.db.password) | b64encode }}"
DATABASE_URL: "{{ 'postgres://%s:%s@default-cluster-primary.postgres.svc:5432/fider?sslmode=require' | format(fider.db.user, fider.db.password) | b64encode }}"
# SMTP credentials
EMAIL_NOREPLY: "{{ fider.smtp.user | b64encode }}"
@ -37,8 +37,8 @@
OAUTH_GITHUB_SECRET: "{{ fider.github.clientSecret | b64encode }}"
# Blob storage
BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ fider.blob.accessKeyId | b64encode }}"
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ fider.blob.secretAccessKey | b64encode }}"
- name: Deploy Fider kustomization
k8s:

14
k8s/roles/minio/files/values.minio.yaml
View file

@ -1,14 +0,0 @@
mode: standalone
existingSecret: minio-credentials
persistence:
enabled: true
storageClass: hcloud-volumes
size: 50Gi
resources:
requests:
memory: 250Mi
cpu: 100m
limits:
memory: 384Mi
cpu: 250m

38
k8s/roles/minio/tasks/main.yml
View file

@ -1,38 +0,0 @@
---
- name: Create MinIO namespace
kubernetes.core.k8s:
name: minio
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
- name: Create MinIO secret
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: minio-credentials
namespace: minio
data:
rootUser: "{{ minio.rootUser | b64encode }}"
rootPassword: "{{ minio.rootPassword | b64encode }}"
- name: Add MinIO chart repo
kubernetes.core.helm_repository:
name: minio
repo_url: https://charts.min.io/
- name: Deploy MinIO chart
kubernetes.core.helm:
name: minio
chart_ref: minio/minio
release_namespace: minio
chart_version: 5.0.9
release_values: "{{ lookup('ansible.builtin.file', 'values.minio.yaml') | from_yaml }}"

2
k8s/roles/nextcloud/tasks/main.yml
View file

@ -34,6 +34,6 @@
name: nextcloud
chart_ref: nextcloud/nextcloud
release_namespace: nextcloud
chart_version: "4.3.5"
chart_version: "4.4.0"
update_repo_cache: true
release_values: "{{ lookup('template', 'values.nextcloud.yml.j2') | from_yaml }}"

2
k8s/roles/nextcloud/templates/values.nextcloud.yml.j2
View file

@ -79,7 +79,7 @@ internalDatabase:
externalDatabase:
enabled: true
type: postgresql
host: postgres-15-postgresql.postgres.svc.cluster.local:5432
host: default-cluster-primary.postgres.svc:5432;sslmode=require
database: nextcloud
user: "{{ nextcloud.db.username }}"
password: "{{ nextcloud.db.password }}"

24
k8s/roles/prometheus/tasks/main.yaml
View file

@ -28,18 +28,18 @@
user: "{{ grafana.admin.user | b64encode }}"
password: "{{ grafana.admin.password | b64encode }}"
- name: Update Prometheus operator CRDs
kubernetes.core.k8s:
state: present
definition: "{{ lookup('ansible.builtin.url', item, split_lines=False) | from_yaml }}"
loop:
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
# - name: Update Prometheus operator CRDs
# kubernetes.core.k8s:
# state: present
# definition: "{{ lookup('ansible.builtin.url', item, split_lines=False) | from_yaml }}"
# loop:
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
# - https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.66.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
- name: Deploy Prometheus chart
kubernetes.core.helm:

4
k8s/roles/prometheus/templates/values.yaml.j2
View file

@ -93,11 +93,11 @@ grafana:
root_url: "https://%(domain)s"
database:
type: postgres
host: postgres-15-postgresql.postgres.svc.cluster.local:5432
host: default-cluster-primary.postgres.svc:5432
name: grafana
user: "{{ grafana.db.user }}"
password: "{{ grafana.db.password }}"
ssl_mode: disable
ssl_mode: require
auth:
disable_login_form: true
auth.generic_oauth: