diff --git a/cluster/apps/data/kustomization.yaml b/cluster/apps/data/kustomization.yaml index 3b5f81eaf..50ba53050 100644 --- a/cluster/apps/data/kustomization.yaml +++ b/cluster/apps/data/kustomization.yaml @@ -11,4 +11,3 @@ resources: - sharry - tandoor - truecommand - - vikunja diff --git a/cluster/apps/web-tools/kustomization.yaml b/cluster/apps/web-tools/kustomization.yaml index c7a0258e1..d8d2ec326 100644 --- a/cluster/apps/web-tools/kustomization.yaml +++ b/cluster/apps/web-tools/kustomization.yaml @@ -8,5 +8,6 @@ resources: - music-transcode - theme-park - vaultwarden + - vikunja - wallabag - whoogle diff --git a/cluster/apps/web-tools/vikunja/config/configuration.yml b/cluster/apps/web-tools/vikunja/config/configuration.yml new file mode 100644 index 000000000..82572d8c1 --- /dev/null +++ b/cluster/apps/web-tools/vikunja/config/configuration.yml @@ -0,0 +1,33 @@ +--- +Caddyfile: | + { + admin off + auto_https off + } + + :8080 { + log { + output stdout + } + + @api { + path /api/* + path /.well-known/* + path /dav/* + } + + header { + # Remove Server header + -Server + } + + # API + handle @api { + reverse_proxy localhost:3456 + } + + # Filtron + handle { + reverse_proxy localhost:80 + } + } diff --git a/cluster/apps/web-tools/vikunja/helm-release.yaml b/cluster/apps/web-tools/vikunja/helm-release.yaml new file mode 100644 index 000000000..0f538f3b7 --- /dev/null +++ b/cluster/apps/web-tools/vikunja/helm-release.yaml @@ -0,0 +1,119 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app vikunja + namespace: default +spec: + interval: 15m + chart: + spec: + chart: app-template + version: 0.1.1 + sourceRef: + kind: HelmRepository + name: bjw-s-charts + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 5 + upgrade: + remediation: + retries: 5 + dependsOn: + - name: postgres + namespace: default + values: + controller: + replicas: 1 + strategy: RollingUpdate + image: + repository: caddy + tag: 2.5.2-alpine + envFrom: + - secretRef: + name: *app + service: + main: + ports: + http: + port: 8080 + ingress: + main: + enabled: true + ingressClassName: "nginx" + annotations: + external-dns.home.arpa/enabled: "true" + hosts: + - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + persistence: + files: + enabled: true + existingClaim: vikunja-files + mountpath: /app/vikunja/files + caddy-config: + enabled: "true" + mountPath: /etc/caddy/Caddyfile + subPath: Caddyfile + type: "custom" + volumeSpec: + configMap: + name: *app + vikunja-config: + enabled: "true" + mountPath: /etc/vikunja/config.yml + subPath: Vikunja.yaml + type: "custom" + volumeSpec: + configMap: + name: *app + podAnnotations: + secret.reloader.stakater.com/reload: *app + resources: + requests: + cpu: 5m + memory: 10Mi + limits: + memory: 100Mi + additionalContainers: + api: + name: api + image: vikunja/api:0.19.2 + imagePullPolicy: IfNotPresent + env: + - name: VIKUNJA_SERVICE_JWTSECRET + valueFrom: + secretKeyRef: + name: vikunja + key: VIKUNJA_SERVICE_JWTSECRET + - name: VIKUNJA_DATABASE_TYPE + value: postgres + - name: VIKUNJA_DATABASE_HOST + value: postgres-rw.default.svc.cluster.local. + - name: VIKUNJA_DATABASE_DATABASE + value: vikunja + - name: VIKUNJA_DATABASE_USER + valueFrom: + secretKeyRef: + name: vikunja + key: VIKUNJA_DATABASE_USER + - name: VIKUNJA_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: vikunja + key: VIKUNJA_DATABASE_PASSWORD + volumeMounts: + - name: vikunja-config + mountPath: /etc/vikunja/config.yml + subPath: Vikunja.yaml + frontend: + name: frontend + image: vikunja/frontend:0.19.1 + imagePullPolicy: IfNotPresent diff --git a/cluster/apps/web-tools/vikunja/kustomization.yaml b/cluster/apps/web-tools/vikunja/kustomization.yaml new file mode 100644 index 000000000..25a9c203f --- /dev/null +++ b/cluster/apps/web-tools/vikunja/kustomization.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - secret.sops.yaml + - helm-release.yaml + - volume.yaml +patchesStrategicMerge: + - patches/postgres.yaml +configMapGenerator: + - name: vikunja + files: + - config/configuration.yml +generatorOptions: + disableNameSuffixHash: true diff --git a/cluster/apps/web-tools/vikunja/patches/postgres.yaml b/cluster/apps/web-tools/vikunja/patches/postgres.yaml new file mode 100644 index 000000000..45470f26d --- /dev/null +++ b/cluster/apps/web-tools/vikunja/patches/postgres.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vikunja + namespace: default +spec: + values: + initContainers: + init-db: + image: ghcr.io/onedr0p/postgres-initdb:14.5 + env: + - name: POSTGRES_HOST + value: postgres-rw.default.svc.cluster.local. + - name: POSTGRES_DB + value: vikunja + - name: POSTGRES_SUPER_PASS + valueFrom: + secretKeyRef: + name: postgres-superuser + key: password + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: vikunja + key: VIKUNJA_DATABASE_USER + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: vikunja + key: VIKUNJA_DATABASE_PASSWORD diff --git a/cluster/apps/web-tools/vikunja/secret.sops.yaml b/cluster/apps/web-tools/vikunja/secret.sops.yaml new file mode 100644 index 000000000..e0417240e --- /dev/null +++ b/cluster/apps/web-tools/vikunja/secret.sops.yaml @@ -0,0 +1,31 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: vikunja + namespace: default +type: Opaque +stringData: + VIKUNJA_SERVICE_JWTSECRET: ENC[AES256_GCM,data:4J8HtMOUKxNTEksSXYKrAAQ2KNFvdluzTvzY05/8T7k=,iv:h/666tO3f5hplYEaVJsh4BGjPlO/sFopb3+ryI3dzsQ=,tag:8dJLb9f2QgH9S/8qwF2ryg==,type:str] + VIKUNJA_DATABASE_USER: ENC[AES256_GCM,data:IzqNYqs+HQ==,iv:bfIcOoN/DhtqAcTYtSRBXnnPF+0zM4YY+kKYGesEUJo=,tag:4C1FeAoG6QOc2AqKRKxaSw==,type:str] + VIKUNJA_DATABASE_PASSWORD: ENC[AES256_GCM,data:7EylHKZA0JLmu+9ooB8oVw==,iv:AaXKHrU9yBPE1hci/cfOtnkxq5XHVeoJbRLzJ/SjLxE=,tag:x9stCWILtUYHjxBKNrhXEg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TWU5YTlFY3FPQWhnZ2I2 + akxnZ2xIRVNFZTdOWmg0dFhxTUNoZEFIM1cwCit5WnduNlQ1MkF2aytCVldMeVlC + Yk5QNWRQRllOT3ZTL3VGcjJNK1VqeUkKLS0tIFMyWHNFd29nc2tMektxclJkK0pT + Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq + DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-09-16T15:06:03Z" + mac: ENC[AES256_GCM,data:ZS503nWpZA+fEWUBfbCPIdrWte8kAkmYSchguABhmMKu691NOp0KFfpGV1FTz7MbTozH3m01WH+p90uTnS/o3+Kfv9RmN6J2GMPgO5r0PlIeru2PtUuZ77DjOB48kY/hyOPNG1PAjDYG5pWm9E63/1wbYWwVhnwashxs6pMOeiU=,iv:mE58gfWn6bkr+MPCp5D/421cybxAqbt6QlD2nFOUdts=,tag:0k8Y6hpg3mjq1i/XlXJvoQ==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/apps/web-tools/vikunja/volume.yaml b/cluster/apps/web-tools/vikunja/volume.yaml new file mode 100644 index 000000000..c9a8bbc8c --- /dev/null +++ b/cluster/apps/web-tools/vikunja/volume.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-files + namespace: data + labels: + kasten-io/backup: "true" +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 1Gi