feat: sharry conf

kubernetes/apps/default/sharry/app/config/sharry.conf

@@ -15,27 +15,33 @@ sharry.restserver {
     }
     jdbc {
       url = "jdbc:postgresql://postgres16-rw.database.svc.cluster.local:5432/sharry"
-      user = "${SECRET_SHARRY_DB_USERNAME}"
-      password = "${SECRET_SHARRY_DB_PASSWORD}"
+      # user = "${SHARRY_BACKEND_JDBC_USER}"
+      # password = "${SHARRY_BACKEND_JDBC_PASSWORD}"
     }
 
     # How files are stored.
     files {
       # The id of an enabled store from the `stores` array that should
       # be used.
-      default-store = "minio"
+      default-store = "filesystem"
       # A list of possible file stores. Each entry must have a unique
       # id. The `type` is one of: default-database, filesystem, s3.
       #
       # All stores with enabled=false are
       # removed from the list. The `default-store` must be enabled.
       stores = {
-        minio =
+        filesystem =
           { enabled = true
+            type = "file-system"
+            directory = "/var/mnt/vol1/apps/sharry"
+            clean-empty-dirs = true
+          }
+        minio =
+          { enabled = false
             type = "s3"
             endpoint = "https://s3.${SECRET_INTERNAL_DOMAIN}"
-            access-key = "${SECRET_SHARRY_MINIO_S3_ACCESS_KEY}"
-            secret-key = "${SECRET_SHARRY_MINIO_S3_SECRET_KEY}"
+            # access-key = "${SECRET_SHARRY_BACKEND_FILES_STORES_MINIO_ACCESS_KEY}"
+            # secret-key = "${SECRET_SHARRY_BACKEND_FILES_STORES_MINIO_SECRET_KEY}"
             bucket = "sharry"
           }
         }
@@ -74,7 +80,7 @@ sharry.restserver {
       # When storing binary data use chunks of this size.
       chunk-size = "512K"
       # Maximum size of a share.
-      max-size = "1.5G"
+      max-size = "5G"
       # Maximum validity for uploads
       max-validity =31 days
     }
@@ -93,7 +99,7 @@ sharry.restserver {
 
         ssl-type = "none"
 
-        default-from = "Sharry <sharry@${SECRET_DOMAIN}>"
+        default-from = "Sharry <sharry@${SECRET_EXTERNAL_DOMAIN}>"
       }
     }
   }

kubernetes/apps/default/sharry/app/externalsecret.yaml

@@ -14,11 +14,14 @@ spec:
     template:
       engineVersion: v2
       data:
+        # App
+        SHARRY_BACKEND_JDBC_USER: &dbUser "{{ .POSTGRES_USER }}"
+        SHARRY_BACKEND_JDBC_PASSWORD: &dbPass "{{ .POSTGRES_PASS }}"
         # Postgres Init
         INIT_POSTGRES_DBNAME: sharry
         INIT_POSTGRES_HOST: postgres16-rw.database.svc.cluster.local
-        INIT_POSTGRES_USER: "{{ .POSTGRES_USER }}"
-        INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
+        INIT_POSTGRES_USER: *dbUser
+        INIT_POSTGRES_PASS: *dbPass
         INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
   dataFrom:
     - extract:

kubernetes/apps/default/sharry/app/helmrelease.yaml

@@ -45,6 +45,7 @@ spec:
             image:
               repository: eikek0/sharry
               tag: v1.14.0@sha256:8b1388310e9f93a61f54f27d1b4b1c91d8ef2e846ac1068023c4315fa7794729
+            envFrom: *envFrom
             args:
               - /opt/sharry.conf
             resources:
@@ -68,6 +69,15 @@ spec:
           external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
           nginx.ingress.kubernetes.io/proxy-body-size: "0"
           hajimari.io/icon: mdi:account-arrow-up
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/name: Sharry
+          gethomepage.dev/description: Share files with others in a simple way.
+          gethomepage.dev/group: Applications
+          gethomepage.dev/icon: sharry.png
+          gethomepage.dev/pod-selector: >-
+            app in (
+              sharry
+            )
         hosts:
           - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
             paths:
@@ -86,3 +96,9 @@ spec:
         globalMounts:
           - path: /opt/sharry.conf
             subPath: sharry.conf
+      nfs:
+        type: nfs
+        server: 192.168.9.10
+        path: /var/mnt/vol1/apps/sharry
+        globalMounts:
+          - path: /var/mnt/vol1/apps/sharry

kubernetes/apps/default/sharry/app/kustomization.yaml

@@ -13,3 +13,5 @@ configMapGenerator:
       - ./config/sharry.conf
 generatorOptions:
   disableNameSuffixHash: true
+  # annotations:
+  #   kustomize.toolkit.fluxcd.io/substitute: disabled

kubernetes/apps/default/sharry/readme.md

@@ -1,65 +0,0 @@
-# Sharry
-
-## S3 Configuration
-
-1. Create `~/.mc/config.json`
-
-    ```json
-    {
-        "version": "10",
-        "aliases": {
-            "minio": {
-                "url": "https://s3.<domain>",
-                "accessKey": "<access-key>",
-                "secretKey": "<secret-key>",
-                "api": "S3v4",
-                "path": "auto"
-            }
-        }
-    }
-    ```
-
-2. Create the outline user and password
-
-    ```sh
-    mc admin user add minio sharry <super-secret-password>
-    ```
-
-3. Create the outline bucket
-
-    ```sh
-    mc mb minio/sharry
-    ```
-
-4. Create `sharry-user-policy.json`
-
-    ```json
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": [
-                    "s3:ListBucket",
-                    "s3:PutObject",
-                    "s3:GetObject",
-                    "s3:DeleteObject"
-                ],
-                "Effect": "Allow",
-                "Resource": ["arn:aws:s3:::sharry/*", "arn:aws:s3:::sharry"],
-                "Sid": ""
-            }
-        ]
-    }
-    ```
-
-5. Apply the bucket policies
-
-    ```sh
-    mc admin policy add minio sharry-private sharry-user-policy.json
-    ```
-
-6. Associate private policy with the user
-
-    ```sh
-    mc admin policy set minio sharry-private user=sharry
-    ```

kubernetes/flux/vars/cluster-secrets.sops.yaml

@@ -15,10 +15,6 @@ stringData:
     SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
     SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_TOKEN: ENC[AES256_GCM,data:Bwvuy/jHIRduy/r1A8dOs0OE8ewdjCgs8g/br1oW,iv:PdnPH9I509MT6UJkUG1zLAGn9aV4AVrROgAVCD4a3Y0=,tag:59kBGx9qx3jeauokyoolQQ==,type:str]
     SECRET_KUBE_PROMETHEUS_STACK_GRAFANA_ADMIN_PASSWORD: ENC[AES256_GCM,data:L7LS6+tuwPCyb5HN4zg=,iv:JM2KTtDN/VrKicjp5qwqusWiJKHRZnfTtsZE2hkLq6Q=,tag:XGF3L5P6JxVBrlGuKosdZA==,type:str]
-    SECRET_SHARRY_DB_USERNAME: ENC[AES256_GCM,data:wWnV6hHz,iv:+uV0X2tovaisFuO5KcF9PpKPyYeS4WtrrPt4Ll+CnsU=,tag:zNWR9AqheMGho0yV923vvw==,type:str]
-    SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:HYnqUw3owZ6lQSgAVhY68Pi64pv4iNHePVNgOq3a,iv:3I2C4k3ge3WGmNB7NPE7bxucjuhBs386gPTYSLhu5IA=,tag:AryVw5aecht3NO7gN2vNyQ==,type:str]
-    SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:vAVoafxfbareIodsClVGDQ==,iv:1zojUukd2WQEE3ZBpGrIHaDwkWfAqmF1esjxCGWz3mQ=,tag:8HvBGXkTBJwhel89qffWgA==,type:str]
-    SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:3MuIeOh66mJ5mblWSPdz/WybNnSRJKZypRuo4ycvKBA=,iv:NHDNCo+y9f5GlwhlPco5nyrHH7t5diFSUydiX3KFfdY=,tag:vf7RCvIznpiM576gmyJK6w==,type:str]
 type: Opaque
 sops:
     kms: []
@@ -35,8 +31,8 @@ sops:
             WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
             pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-16T22:10:15Z"
-    mac: ENC[AES256_GCM,data:E/7/eH1+c3FL3i3JGq9M5WzW504RdyJiMAaKIeQ35lz9I6k10ohZd4z9sVeRfshveKLKZ5Kk6vzzjHNdjjFO0W0SqM8ix2JB+3+KiUBL/KteTDxcfUZ3SjiL42YB86uwI+msrCekXrHpsSY/dtBgmNyItuVZdvMWDjJBZ9cM8P8=,iv:eJIUMdqx8pr82goXGaoNHZgWIjUZ0nU0QfJAsP1Kk94=,tag:wEPUgxfQXE5qoxAFi3dsfw==,type:str]
+    lastmodified: "2024-08-21T20:32:55Z"
+    mac: ENC[AES256_GCM,data:KEiOqecL9LenpkLZZkgfaSA9tZUklild1QHj00n5IuKu3JZVtSfdqG9lDw6KMb02ZenG5e+NRzLQ/kek+TdekoNRFK65zFcPR2DtmimjapE383eNe+gwqGggCynxjse1o+HhtJq/0zeEukRpBVkl8pWt9d10oaGDTpbLfHwZbWg=,iv:p8TsrgDv4GMEnNGaDlBbCmE5MzueKmKReLmHpYME63s=,tag:o7e4sV+eVmhmqcAHOhFkkg==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
-    version: 3.8.1
+    version: 3.9.0