diff --git a/kubernetes/apps/default/sharry/app/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf index 25b3b45f4..95b941505 100644 --- a/kubernetes/apps/default/sharry/app/config/sharry.conf +++ b/kubernetes/apps/default/sharry/app/config/sharry.conf @@ -15,27 +15,33 @@ sharry.restserver { } jdbc { url = "jdbc:postgresql://postgres16-rw.database.svc.cluster.local:5432/sharry" - user = "${SECRET_SHARRY_DB_USERNAME}" - password = "${SECRET_SHARRY_DB_PASSWORD}" + # user = "${SHARRY_BACKEND_JDBC_USER}" + # password = "${SHARRY_BACKEND_JDBC_PASSWORD}" } # How files are stored. files { # The id of an enabled store from the `stores` array that should # be used. - default-store = "minio" + default-store = "filesystem" # A list of possible file stores. Each entry must have a unique # id. The `type` is one of: default-database, filesystem, s3. # # All stores with enabled=false are # removed from the list. The `default-store` must be enabled. stores = { - minio = + filesystem = { enabled = true + type = "file-system" + directory = "/var/mnt/vol1/apps/sharry" + clean-empty-dirs = true + } + minio = + { enabled = false type = "s3" endpoint = "https://s3.${SECRET_INTERNAL_DOMAIN}" - access-key = "${SECRET_SHARRY_MINIO_S3_ACCESS_KEY}" - secret-key = "${SECRET_SHARRY_MINIO_S3_SECRET_KEY}" + # access-key = "${SECRET_SHARRY_BACKEND_FILES_STORES_MINIO_ACCESS_KEY}" + # secret-key = "${SECRET_SHARRY_BACKEND_FILES_STORES_MINIO_SECRET_KEY}" bucket = "sharry" } } @@ -74,7 +80,7 @@ sharry.restserver { # When storing binary data use chunks of this size. chunk-size = "512K" # Maximum size of a share. - max-size = "1.5G" + max-size = "5G" # Maximum validity for uploads max-validity =31 days } @@ -93,7 +99,7 @@ sharry.restserver { ssl-type = "none" - default-from = "Sharry " + default-from = "Sharry " } } } diff --git a/kubernetes/apps/default/sharry/app/externalsecret.yaml b/kubernetes/apps/default/sharry/app/externalsecret.yaml index 2524fdbff..ca24e9280 100644 --- a/kubernetes/apps/default/sharry/app/externalsecret.yaml +++ b/kubernetes/apps/default/sharry/app/externalsecret.yaml @@ -14,11 +14,14 @@ spec: template: engineVersion: v2 data: + # App + SHARRY_BACKEND_JDBC_USER: &dbUser "{{ .POSTGRES_USER }}" + SHARRY_BACKEND_JDBC_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}" # Postgres Init INIT_POSTGRES_DBNAME: sharry INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local - INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}" - INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}" + INIT_POSTGRES_USER: *dbUser + INIT_POSTGRES_PASS: *dbPass INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" dataFrom: - extract: diff --git a/kubernetes/apps/default/sharry/app/helmrelease.yaml b/kubernetes/apps/default/sharry/app/helmrelease.yaml index 8abbd6b0a..5fc7ce80f 100644 --- a/kubernetes/apps/default/sharry/app/helmrelease.yaml +++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml @@ -45,6 +45,7 @@ spec: image: repository: eikek0/sharry tag: v1.14.0@sha256:8b1388310e9f93a61f54f27d1b4b1c91d8ef2e846ac1068023c4315fa7794729 + envFrom: *envFrom args: - /opt/sharry.conf resources: @@ -68,6 +69,15 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. nginx.ingress.kubernetes.io/proxy-body-size: "0" hajimari.io/icon: mdi:account-arrow-up + gethomepage.dev/enabled: "true" + gethomepage.dev/name: Sharry + gethomepage.dev/description: Share files with others in a simple way. + gethomepage.dev/group: Applications + gethomepage.dev/icon: sharry.png + gethomepage.dev/pod-selector: >- + app in ( + sharry + ) hosts: - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: @@ -86,3 +96,9 @@ spec: globalMounts: - path: /opt/sharry.conf subPath: sharry.conf + nfs: + type: nfs + server: 192.168.9.10 + path: /var/mnt/vol1/apps/sharry + globalMounts: + - path: /var/mnt/vol1/apps/sharry diff --git a/kubernetes/apps/default/sharry/app/kustomization.yaml b/kubernetes/apps/default/sharry/app/kustomization.yaml index 9297acaaa..84776ff48 100644 --- a/kubernetes/apps/default/sharry/app/kustomization.yaml +++ b/kubernetes/apps/default/sharry/app/kustomization.yaml @@ -13,3 +13,5 @@ configMapGenerator: - ./config/sharry.conf generatorOptions: disableNameSuffixHash: true + # annotations: + # kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/apps/default/sharry/readme.md b/kubernetes/apps/default/sharry/readme.md deleted file mode 100644 index d57897dbb..000000000 --- a/kubernetes/apps/default/sharry/readme.md +++ /dev/null @@ -1,65 +0,0 @@ -# Sharry - -## S3 Configuration - -1. Create `~/.mc/config.json` - - ```json - { - "version": "10", - "aliases": { - "minio": { - "url": "https://s3.", - "accessKey": "", - "secretKey": "", - "api": "S3v4", - "path": "auto" - } - } - } - ``` - -2. Create the outline user and password - - ```sh - mc admin user add minio sharry - ``` - -3. Create the outline bucket - - ```sh - mc mb minio/sharry - ``` - -4. Create `sharry-user-policy.json` - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:PutObject", - "s3:GetObject", - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": ["arn:aws:s3:::sharry/*", "arn:aws:s3:::sharry"], - "Sid": "" - } - ] - } - ``` - -5. Apply the bucket policies - - ```sh - mc admin policy add minio sharry-private sharry-user-policy.json - ``` - -6. Associate private policy with the user - - ```sh - mc admin policy set minio sharry-private user=sharry - ``` diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index 017ab0056..aebdb49c8 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -15,10 +15,6 @@ stringData: SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str] SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str] SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str] - SECRET_SHARRY_DB_USERNAME: ENC[AES256_GCM,data:wWnV6hHz,iv:+uV0X2tovaisFuO5KcF9PpKPyYeS4WtrrPt4Ll+CnsU=,tag:zNWR9AqheMGho0yV923vvw==,type:str] - SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:HYnqUw3owZ6lQSgAVhY68Pi64pv4iNHePVNgOq3a,iv:3I2C4k3ge3WGmNB7NPE7bxucjuhBs386gPTYSLhu5IA=,tag:AryVw5aecht3NO7gN2vNyQ==,type:str] - SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:vAVoafxfbareIodsClVGDQ==,iv:1zojUukd2WQEE3ZBpGrIHaDwkWfAqmF1esjxCGWz3mQ=,tag:8HvBGXkTBJwhel89qffWgA==,type:str] - SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:3MuIeOh66mJ5mblWSPdz/WybNnSRJKZypRuo4ycvKBA=,iv:NHDNCo+y9f5GlwhlPco5nyrHH7t5diFSUydiX3KFfdY=,tag:vf7RCvIznpiM576gmyJK6w==,type:str] type: Opaque sops: kms: [] @@ -35,8 +31,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-16T22:10:15Z" - mac: ENC[AES256_GCM,data:E/7/eH1+c3FL3i3JGq9M5WzW504RdyJiMAaKIeQ35lz9I6k10ohZd4z9sVeRfshveKLKZ5Kk6vzzjHNdjjFO0W0SqM8ix2JB+3+KiUBL/KteTDxcfUZ3SjiL42YB86uwI+msrCekXrHpsSY/dtBgmNyItuVZdvMWDjJBZ9cM8P8=,iv:eJIUMdqx8pr82goXGaoNHZgWIjUZ0nU0QfJAsP1Kk94=,tag:wEPUgxfQXE5qoxAFi3dsfw==,type:str] + lastmodified: "2024-08-21T20:32:55Z" + mac: ENC[AES256_GCM,data:KEiOqecL9LenpkLZZkgfaSA9tZUklild1QHj00n5IuKu3JZVtSfdqG9lDw6KMb02ZenG5e+NRzLQ/kek+TdekoNRFK65zFcPR2DtmimjapE383eNe+gwqGggCynxjse1o+HhtJq/0zeEukRpBVkl8pWt9d10oaGDTpbLfHwZbWg=,iv:p8TsrgDv4GMEnNGaDlBbCmE5MzueKmKReLmHpYME63s=,tag:o7e4sV+eVmhmqcAHOhFkkg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ - version: 3.8.1 + version: 3.9.0