✨ ghostfolio

kubernetes/apps/default/ghostfolio/app/helmrelease.yaml

@@ -0,0 +1,65 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app ghostfolio
+  namespace: default
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controller:
+      annotations:
+        reloader.stakater.com/auto: "true"
+    image:
+      repository: docker.io/ghostfolio/ghostfolio
+      tag: 1.256.0
+    env:
+      NODE_ENV: production
+      REDIS_HOST: redis-lb.default.svc.cluster.local
+      REDIS_PORT: 6379
+    envFrom:
+      - secretRef:
+          name: ghostfolio-secret
+    service:
+      main:
+        ports:
+          http:
+            port: 3333
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "nginx"
+        annotations:
+          hajimari.io/icon: mdi:cash-multiple
+        hosts:
+          - host: &host "portfolio.${SECRET_CLUSTER_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi

kubernetes/apps/default/ghostfolio/app/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+  - ./secret.sops.yaml
+patchesStrategicMerge:
+  - ./patches/postgres.yaml

kubernetes/apps/default/ghostfolio/app/patches/postgres.yaml

@@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: ghostfolio
+  namespace: default
+spec:
+  values:
+    initContainers:
+      init-db:
+        image: ghcr.io/onedr0p/postgres-initdb:14.7
+        env:
+          - name: POSTGRES_HOST
+            value: ${POSTGRES_HOST}
+          - name: POSTGRES_DB
+            value: ghostfolio
+          - name: POSTGRES_SUPER_PASS
+            valueFrom:
+              secretKeyRef:
+                name: postgres-superuser
+                key: password
+        envFrom:
+          - secretRef:
+              name: ghostfolio-secret

kubernetes/apps/default/ghostfolio/app/secret.sops.yaml

@@ -0,0 +1,33 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: ghostfolio-secret
+    namespace: default
+type: Opaque
+stringData:
+    ACCESS_TOKEN_SALT: ENC[AES256_GCM,data:79MYxQfsI5/a2s0vgwG1MlDgiGjfsDzRPIojVG+0YRw=,iv:DeACgrhPIJYXxZCtZX5AkOLNFvj+CyC040jy1HV9sgY=,tag:SSoj3EZyhf5Svrn2iqvhIw==,type:str]
+    JWT_SECRET_KEY: ENC[AES256_GCM,data:bAuSYbpG0UIN5b88fFr0FTK/6R6paiJ8KNizVxLz+/w=,iv:ByWc4lj/EhkEkU/Ugdy+IxrjEgts74cvH8rpWDOv9Cs=,tag:sWPfQUOPz5UzUg+6X5NADg==,type:str]
+    POSTGRES_USER: ENC[AES256_GCM,data:YOTeKyVzEPyMMA==,iv:i4IBUD2c/4VcxwkeNyD5kdJ/Z/MOzqAo9ZOEtiMv/bI=,tag:xrdHy6TFr9qCEz/xLuLi9w==,type:str]
+    POSTGRES_PASS: ENC[AES256_GCM,data:ua1cNOaGxhPF0DS78ktPh8nUP4w=,iv:aFMFikc1aCINcqAgK1/1H1P+eLheV3M1CASHxQiztL4=,tag:IekQpaYz90L6N/fdec264A==,type:str]
+    DATABASE_URL: ENC[AES256_GCM,data:atodPD9zTsTde/D9z9b10YME/YT9IeV6+WxDJ7CteNUoihlVvXNq+820tZsDXX7Zon765XAYh65A2mAnqALf5C4LCuUWgpHQMtx9GSg=,iv:XTOHziHyU0vfoQ3Wocief14k3cQ4j0lEidrmq5VkGsI=,tag:1wQ+dITKmuLICESIzuV8aQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaU16anJNV2pBZmxPR3h2
+            bWREUnpjcTFvd05ZQ2E4VVBDdm1FL2k4WEYwCkdQSStTNWtpdjNkUW51WS9MekdC
+            VkpTUUFjSjY2a1JMOUtqOVh5M0JRR2sKLS0tIDRmcWpJSEVvaUp4U1lsaTZYZGNw
+            OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+
+            LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-04-18T11:46:24Z"
+    mac: ENC[AES256_GCM,data:hmdekBADO2YO/iFpGDQ5H/yhnXBhUdT0Ov14BsyqZJeKLJZNQN5haR5WGxf/NSWCpy98QX0A0w/03AoqE9EmVyElnz/ZMLLsJGTOGlvINh3dXqrg+ZcXZGzmCp6cuY+CUHXhKTKvuxQiYoLf5hhJi66LWHmBIpQXUaXEUOmSCI8=,iv:cp9UiJb+LXsDXwR1UXva0J37joo3F7mzluC1/muLdco=,tag:/GpRG5Eu3hLLc5YtARwfVQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3

kubernetes/apps/default/ghostfolio/ks.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: cluster-apps-ghostfolio
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./kubernetes/apps/default/ghostfolio/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  dependsOn:
+    - name: cluster-apps-cloudnative-pg-cluster
+    - name: cluster-apps-rook-ceph-cluster
+    - name: cluster-apps-volsync-app
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: ghostfolio
+      namespace: default
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m

kubernetes/apps/default/kustomization.yaml

@@ -17,6 +17,7 @@ resources:
   - ./firefly-iii/ks.yaml
   - ./flood/ks.yaml
   - ./freshrss/ks.yaml
+  - ./ghostfolio/ks.yaml
   - ./gitea/ks.yaml
   - ./glauth/ks.yaml
   - ./hajimari/ks.yaml