From bf8a85c2735abc0b1ba09f5b0ccba03a5f5ae391 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= Date: Thu, 13 Feb 2025 00:26:03 +0100 Subject: [PATCH] delivery stage almost done --- .gitignore | 5 +- .../.noreply-email-password.template} | 0 .../.envs/.forgejo-oidc-secret.template | 1 + stages/delivery/helmfile.yaml | 12 +++- stages/delivery/kustomization.yaml | 11 --- ....values.yaml => argocd.values.yaml.gotmpl} | 2 +- .../values/forgejo.values.yaml.gotmpl | 69 +++++++++++++++++++ .../values/authentik.values.yaml.gotmpl | 2 +- 8 files changed, 85 insertions(+), 17 deletions(-) rename stages/{identity/.envs/.authentik-email-password.template => .common/.noreply-email-password.template} (100%) create mode 100644 stages/delivery/.envs/.forgejo-oidc-secret.template delete mode 100644 stages/delivery/kustomization.yaml rename stages/delivery/values/{argocd.values.yaml => argocd.values.yaml.gotmpl} (92%) create mode 100644 stages/delivery/values/forgejo.values.yaml.gotmpl diff --git a/.gitignore b/.gitignore index acb1107..9ddb866 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ **/*/.envs/.* -!**/*/.envs/.*.template \ No newline at end of file +!**/*/.envs/.*.template + +stages/.common/* +!stages/.common/*.template \ No newline at end of file diff --git a/stages/identity/.envs/.authentik-email-password.template b/stages/.common/.noreply-email-password.template similarity index 100% rename from stages/identity/.envs/.authentik-email-password.template rename to stages/.common/.noreply-email-password.template diff --git a/stages/delivery/.envs/.forgejo-oidc-secret.template b/stages/delivery/.envs/.forgejo-oidc-secret.template new file mode 100644 index 0000000..4540407 --- /dev/null +++ b/stages/delivery/.envs/.forgejo-oidc-secret.template @@ -0,0 +1 @@ +{{ pw "46289080-39de-4e5e-bae5-6be41b08e25b" }} \ No newline at end of file diff --git a/stages/delivery/helmfile.yaml b/stages/delivery/helmfile.yaml index 5c21d4b..6810034 100644 --- a/stages/delivery/helmfile.yaml +++ b/stages/delivery/helmfile.yaml @@ -1,7 +1,6 @@ repositories: - name: argocd url: https://argoproj.github.io/argo-helm - --- releases: @@ -10,5 +9,12 @@ releases: chart: argocd/argo-cd version: 7.7.21 values: - - ./values/argocd.values.yaml - installed: false \ No newline at end of file + - ./values/argocd.values.yaml.gotmpl + installed: false + - name: forgejo + namespace: forgejo + chart: oci://code.forgejo.org/forgejo-helm/forgejo + version: 11.0.3 + values: + - ./values/forgejo.values.yaml.gotmpl + installed: false diff --git a/stages/delivery/kustomization.yaml b/stages/delivery/kustomization.yaml deleted file mode 100644 index b6ee7ad..0000000 --- a/stages/delivery/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -labels: -- includeSelectors: true - pairs: - app.kubernetes.io/managed-by: Kustomize - - -resources: - - ./deployment.yaml \ No newline at end of file diff --git a/stages/delivery/values/argocd.values.yaml b/stages/delivery/values/argocd.values.yaml.gotmpl similarity index 92% rename from stages/delivery/values/argocd.values.yaml rename to stages/delivery/values/argocd.values.yaml.gotmpl index 587a565..af041ab 100644 --- a/stages/delivery/values/argocd.values.yaml +++ b/stages/delivery/values/argocd.values.yaml.gotmpl @@ -3,7 +3,7 @@ global: secret: extra: - dex.kropcloud-idp.clientSecret: {{ readFile ../.envs}} + dex.kropcloud-idp.clientSecret: {{ readFile "../.envs/.argocd-oidc-secret" }} configs: params: diff --git a/stages/delivery/values/forgejo.values.yaml.gotmpl b/stages/delivery/values/forgejo.values.yaml.gotmpl new file mode 100644 index 0000000..d666620 --- /dev/null +++ b/stages/delivery/values/forgejo.values.yaml.gotmpl @@ -0,0 +1,69 @@ +redis-cluster: + enabled: false +redis: + enabled: true +postgresql: + enabled: true +postgresql-ha: + enabled: false + +gitea: + oauth: + - name: kropcloud-idp + provider: openidConnect + key: VcyEM48aqaMlau356WMVO10cNcmd6McnxW1KvBLu + secret: {{ readFile "../.envs/.forgejo-oidc-secret" }} + autoDiscoverUrl: https://idp.kropcloud.net/application/o/git/.well-known/openid-configuration + skipLocal2fa: true + scopes: forgejo + requiredClaimName: forgejo + groupClaimName: forgejo + adminGroup: admin + + + config: + service: + DISABLE_REGISTRATION: false + ALLOW_ONLY_EXTERNAL_REGISTRATION: true + oauth2_client: + ENABLE_AUTO_REGISTRATION: true + UPDATE_AVATAR: true + openid: + ENABLE_OPENID_SIGNIN: false + ENABLE_OPENID_SIGNUP: false + database: + DB_TYPE: postgres + indexer: + ISSUE_INDEXER_TYPE: bleve + REPO_INDEXER_ENABLED: true + mailer: + ENABLED: true + FROM: no-reply@kropcloud.net + PROTOCOL: smtps + SMTP_ADDR: smtp.seznam.cz + SMTP_PORT: 465 + USER: no-reply@kropcloud.net + PASSWD: {{ readFile "../../.common/.noreply-email-password" }} + +ingress: + enabled: true + className: nginx + hosts: + - host: git.kropcloud.net + paths: + - path: / + pathType: Prefix + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/baWckend-protocol: "HTTP" + cert-manager.io/cluster-issuer: cloudflare-issuer + tls: + - hosts: + - git.kropcloud.net + secretName: forgejo-tls + +service: + ssh: + type: LoadBalancer + annotations: + metallb.io/allow-shared-ip: kropcloud \ No newline at end of file diff --git a/stages/identity/values/authentik.values.yaml.gotmpl b/stages/identity/values/authentik.values.yaml.gotmpl index 4bbe778..7a26b11 100644 --- a/stages/identity/values/authentik.values.yaml.gotmpl +++ b/stages/identity/values/authentik.values.yaml.gotmpl @@ -14,7 +14,7 @@ authentik: use_ssl: true from: no-reply@kropcloud.net username: no-reply@kropcloud.net - password: {{ readFile "../.envs/.authentik-email-password" }} + password: {{ readFile "../../.common/.noreply-email-password" }} postgresql: password: {{ readFile "../.envs/.authentik-postgresql" }}