diff --git a/base-values/mycloud-firefly-iii.yaml b/base-values/mycloud-firefly-iii.yaml new file mode 100644 index 0000000..ce512fc --- /dev/null +++ b/base-values/mycloud-firefly-iii.yaml @@ -0,0 +1,17 @@ +## +# commons are from mycloud-core +## + +components: + mycloud-services: + # patch mycloud-core to get another database + values: + databases: + firefly: + type: postgresql + + mycloud-firefly-iii: + enabled: true + namespace: + # current namespace + name: diff --git a/mycloud-firefly-iii/.helmignore b/mycloud-firefly-iii/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/mycloud-firefly-iii/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/mycloud-firefly-iii/Chart.yaml b/mycloud-firefly-iii/Chart.yaml new file mode 100644 index 0000000..4a18b2a --- /dev/null +++ b/mycloud-firefly-iii/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: mycloud-firefly-iii +description: A Helm chart for Kubernetes +type: application +maintainers: + - name: WrenIX + url: https://wrenix.eu + +version: 0.1.0 diff --git a/mycloud-firefly-iii/templates/authentik-application.yaml b/mycloud-firefly-iii/templates/authentik-application.yaml new file mode 100644 index 0000000..50992bc --- /dev/null +++ b/mycloud-firefly-iii/templates/authentik-application.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-auth +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: "wrenix-helm-charts" + namespace: "flux-system" + chart: "./authentik-application" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + {{- $domain := .Values.ingress.host | default (printf "money.%s" .Values.commons.ingress.domain) }} + {{- $url := printf "https://%s" $domain }} + blueprint: + authentik: + domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}" + provider: + name: "Firefly III" + type: "proxy" + proxy: + externalHost: {{ $url | quote }} + skipPathRegex: | + /favicon.ico + /v3-local/logo/logo-session.png + /api/.* + ingress: + enabled: true + domain: {{ $domain | quote }} + backend: {{ .Values.commons.auth.authentik.backend }} + {{- with $.Values.commons.ingress.annotations }} + annotations: + {{- toYaml . | nindent 14 }} + {{- end }} + {{- if $.Values.commons.ingress.tls.enabled }} + tls: + {{- with $.Values.commons.ingress.tls.override }} + {{- toYaml . | nindent 14 }} + {{- else }} + - secretName: "{{ .Release.Name }}-cert" + hosts: + - {{ $domain | quote }} + {{- end }} + {{- end }} + + groups: + - slug: "mycloud - users" + bindID: "06415890-7d9e-4f54-9749-f6eebc3008a9" + + application: + policyEngineMode: "any" + openInNewTab: true + publisher: "WrenIX's myCloud" + slug: "mycloud-firefly-iii" + group: "Office" + name: "FireFly III" + launchURL: {{ $url | quote }} + icon: "{{ $url }}/v3-local/logo/logo-session.png" + description: "A free and open source personal finance manager." diff --git a/mycloud-firefly-iii/templates/configmap_init_crd.yaml b/mycloud-firefly-iii/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..f82bbe4 --- /dev/null +++ b/mycloud-firefly-iii/templates/configmap_init_crd.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} diff --git a/mycloud-firefly-iii/templates/release.yaml b/mycloud-firefly-iii/templates/release.yaml new file mode 100644 index 0000000..f15a355 --- /dev/null +++ b/mycloud-firefly-iii/templates/release.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: "{{ .Release.Name }}-hr" +spec: + chart: + spec: + sourceRef: + kind: HelmRepository + name: "{{ .Release.Name }}-repo" + chart: "firefly-iii" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + valuesFrom: + - name: {{ .Release.Name }} + kind: Secret + valuesKey: "APP_KEY" + targetPath: "secrets.appKey" + values: + podAnnotations: + config-hash: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + config: + existingSecret: {{ .Release.Name }} + env: + DB_CONNECTION: pgsql + DB_HOST: {{ .Values.database.host | quote }} + DB_PORT: "5432" + DB_USERNAME: {{ .Values.database.username | quote }} + DB_DATABASE: {{ .Values.database.name | quote }} + + AUTHENTICATION_GUARD: "remote_user_guard" + AUTHENTICATION_GUARD_HEADER: HTTP_X_AUTHENTIK_UID + AUTHENTICATION_GUARD_EMAIL: HTTP_X_AUTHENTIK_EMAIL + + MAIL_MAILER: smtp + MAIL_HOST: {{ .Values.mail.host | default .Values.commons.mail.host | quote }} + MAIL_PORT: "587" + MAIL_FROM: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "firefly-iii" .Values.commons.mail.from) | quote }} + MAIL_USERNAME: {{ .Values.commons.mail.username | quote }} + MAIL_ENCRYPTION: tls + + cronjob: + enabled: true + auth: + existingSecret: {{ .Release.Name }} + secretKey: "STATIC_CRON_TOKEN" + + {{- if .Values.commons.persistence.hostPath.enabled }} + persistence: + enabled: false + extraVolumes: + - name: upload + hostPath: + type: Directory + path: "{{ .Values.commons.persistence.hostPath.prefix }}/firefly/upload" + extraVolumeMounts: + - name: upload + mountPath: "/var/www/html/storage/upload" + {{- else }} + persistence: + enabled: true + {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }} + storageClassName: {{ . }} + {{- end }} + storage: {{ .Values.persistence.size }} + {{- end }} + + {{- $host := .Values.ingress.host | default (printf "money.%s" .Values.commons.ingress.domain) }} + ingress: + enabled: true + annotations: + {{- $annotations := mergeOverwrite (dict) .Values.commons.ingress.annotations .Values.ingress.annotations }} + {{- $currentMiddleware := get $annotations "traefik.ingress.kubernetes.io/router.middlewares" }} + {{- if $currentMiddleware }} + {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s,%s-mycloud-authentik-outpost@kubernetescrd" $currentMiddleware .Release.Namespace) }} + {{- else }} + {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s-mycloud-authentik-outpost@kubernetescrd" .Release.Namespace) }} + {{- end }} + {{- toYaml $annotations | nindent 8 }} + hosts: + - {{ $host | quote }} + {{- if .Values.commons.ingress.tls.enabled }} + tls: + {{- with .Values.commons.ingress.tls.override }} + {{- toYaml . | nindent 8 }} + {{- else }} + - secretName: "{{ .Release.Name }}-cert" + hosts: + - "{{ $host }}" + {{- end }} + {{- end }} diff --git a/mycloud-firefly-iii/templates/repo.yaml b/mycloud-firefly-iii/templates/repo.yaml new file mode 100644 index 0000000..b7f32d1 --- /dev/null +++ b/mycloud-firefly-iii/templates/repo.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: {{ .Release.Name }}-repo +spec: + url: https://firefly-iii.github.io/kubernetes/ + interval: 10m diff --git a/mycloud-firefly-iii/templates/secret.yaml b/mycloud-firefly-iii/templates/secret.yaml new file mode 100644 index 0000000..4deac76 --- /dev/null +++ b/mycloud-firefly-iii/templates/secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }} +data: + APP_KEY: {{ derivePassword 1 "long" .Values.commons.masterPassword "firefly" "app_key" | sha256sum | trunc 32 | b64enc }} + STATIC_CRON_TOKEN: {{ derivePassword 1 "long" .Values.commons.masterPassword "firefly" "cron_token" | sha256sum | trunc 32 | b64enc }} + DB_PASSWORD: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "firefly" "database_password" | b64enc) | b64enc }} + {{- with .Values.commons.mail.password }} + MAIL_PASSWORD: {{ . | b64enc }} + {{- end }} diff --git a/mycloud-firefly-iii/values.yaml b/mycloud-firefly-iii/values.yaml new file mode 100644 index 0000000..d36794b --- /dev/null +++ b/mycloud-firefly-iii/values.yaml @@ -0,0 +1,112 @@ +init: + version: 0 + namespace: "bases" + +commons: + # -- masterPassword to generate secrets + # @section -- Commons + masterPassword: "CHANGEME" + + auth: + # -- default auth.(.Values.commons.ingress.domain) + # @section -- Commons + host: + authentik: + backend: "mycloud-authentik-hr-server" + + theme: + # -- title everywhere + # @section -- Commons theme + title: myCloud + # -- logo everywhere + # @section -- Commons theme + logo: /static/dist/assets/icons/icon_left_brand.svg + # -- favicon everywhere + # @section -- Commons theme + favicon: /static/dist/assets/icons/icon.png + + mail: + # -- smtp server + # @section -- Commons mail + host: + # -- smtp username + # @section -- Commons mail + username: + # -- smtp password + # @section -- Commons mail + password: + # -- send from address + # @section -- Commons mail + from: + # -- smtp server use start tls + # @section -- Commons mail + use_tls: false + # -- smtp server use ssl + # @section -- Commons mail + use_ssl: false + + persistence: + # -- storageClass of PVC + # @section -- Commons Persistence + storageClass: + hostPath: + # -- use hostPath instatt of PVC + # @section -- Commons Persistence + enabled: false + # -- use hostPath under the following path + # @section -- Commons Persistence + prefix: "/var/lib/mycloud" + + helm: + release: + # -- install of FluxCD HelmRelease + # @section -- Commons helm release + install: {} + # -- test of FluxCD HelmRelease + # @section -- Commons helm release + test: {} + # -- upgrade of FluxCD HelmRelease + # @section -- Commons helm release + upgrade: {} + # -- driftDetection of FluxCD HelmRelease + # @section -- Commons helm release + driftDetection: {} + + ingress: + # -- top domain for all services + # @section -- Commons Ingress + domain: "wrenix.eu" + # -- annotations for all ingress objects + # @section -- Commons Ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + # -- tls on every ingress + # @section -- Commons Ingress + enabled: true + # -- use own definition of tls (e.g. for own or wildcard certificate) + # @section -- Commons Ingress + override: [] + +ingress: + # -- default: social.(Values.commons.ingress.domain) + host: + annotations: {} + +database: + # -- default is from mysql-services + host: mycloud-services-postgresql + name: firefly + username: firefly + # -- generated by .Values.commons.masterPassword (equal to mycloud-services) + password: + +mail: + # -- generade by Values.commons.mail.from + from: + # -- default Values.commons.mail.host + host: + +persistence: + storageClass: + size: 16Gi