fix(mycloud-firefly-iii): init

base-values/mycloud-firefly-iii.yaml

@@ -0,0 +1,17 @@
+##
+# commons are from mycloud-core
+##
+
+components:
+  mycloud-services:
+    # patch mycloud-core to get another database
+    values:
+      databases:
+        firefly:
+          type: postgresql
+
+  mycloud-firefly-iii:
+    enabled: true
+    namespace:
+      # current namespace
+      name:

mycloud-firefly-iii/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

mycloud-firefly-iii/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+name: mycloud-firefly-iii
+description: A Helm chart for Kubernetes
+type: application
+maintainers:
+  - name: WrenIX
+    url: https://wrenix.eu
+
+version: 0.1.0

mycloud-firefly-iii/templates/authentik-application.yaml

@@ -0,0 +1,71 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-auth
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: GitRepository
+        name: "wrenix-helm-charts"
+        namespace: "flux-system"
+      chart: "./authentik-application"
+      reconcileStrategy: "Revision"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  values:
+    {{- $domain := .Values.ingress.host | default (printf "money.%s" .Values.commons.ingress.domain) }}
+    {{- $url := printf "https://%s" $domain }}
+    blueprint:
+      authentik:
+        domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
+      provider:
+        name: "Firefly III"
+        type: "proxy"
+        proxy:
+          externalHost: {{ $url | quote }}
+          skipPathRegex: |
+            /favicon.ico
+            /v3-local/logo/logo-session.png
+            /api/.*
+          ingress:
+            enabled: true
+            domain: {{ $domain | quote }}
+            backend: {{ .Values.commons.auth.authentik.backend }}
+            {{- with $.Values.commons.ingress.annotations }}
+            annotations:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.commons.ingress.tls.enabled }}
+            tls:
+              {{- with $.Values.commons.ingress.tls.override }}
+              {{- toYaml . | nindent 14 }}
+              {{- else }}
+              - secretName: "{{ .Release.Name }}-cert"
+                hosts:
+                  - {{ $domain | quote }}
+              {{- end }}
+            {{- end }}
+
+      groups:
+        - slug: "mycloud - users"
+          bindID: "06415890-7d9e-4f54-9749-f6eebc3008a9"
+
+      application:
+        policyEngineMode: "any"
+        openInNewTab: true
+        publisher: "WrenIX's myCloud"
+        slug: "mycloud-firefly-iii"
+        group: "Office"
+        name: "FireFly III"
+        launchURL: {{ $url | quote }}
+        icon: "{{ $url }}/v3-local/logo/logo-session.png"
+        description: "A free and open source personal finance manager."

mycloud-firefly-iii/templates/configmap_init_crd.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-init
+  namespace: "{{ .Values.init.namespace }}"
+data:
+  {{- if and
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+  }}
+  init: "-1"
+  {{- else }}
+  init: "{{ add1 .Values.init.version }}"
+  {{- end }}

mycloud-firefly-iii/templates/release.yaml

@@ -0,0 +1,99 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: "{{ .Release.Name }}-hr"
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: "{{ .Release.Name }}-repo"
+      chart: "firefly-iii"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  valuesFrom:
+    - name: {{ .Release.Name }}
+      kind: Secret
+      valuesKey: "APP_KEY"
+      targetPath: "secrets.appKey"
+  values:
+    podAnnotations:
+      config-hash: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+    config:
+      existingSecret: {{ .Release.Name }}
+      env:
+        DB_CONNECTION: pgsql
+        DB_HOST: {{ .Values.database.host | quote }}
+        DB_PORT: "5432"
+        DB_USERNAME: {{ .Values.database.username | quote }}
+        DB_DATABASE: {{ .Values.database.name | quote }}
+
+        AUTHENTICATION_GUARD: "remote_user_guard"
+        AUTHENTICATION_GUARD_HEADER: HTTP_X_AUTHENTIK_UID
+        AUTHENTICATION_GUARD_EMAIL: HTTP_X_AUTHENTIK_EMAIL
+
+        MAIL_MAILER: smtp
+        MAIL_HOST: {{ .Values.mail.host | default .Values.commons.mail.host | quote }}
+        MAIL_PORT: "587"
+        MAIL_FROM: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "firefly-iii" .Values.commons.mail.from) | quote }}
+        MAIL_USERNAME: {{ .Values.commons.mail.username | quote }}
+        MAIL_ENCRYPTION: tls
+
+    cronjob:
+      enabled: true
+      auth:
+        existingSecret: {{ .Release.Name }}
+        secretKey: "STATIC_CRON_TOKEN"
+
+    {{- if .Values.commons.persistence.hostPath.enabled }}
+    persistence:
+      enabled: false
+    extraVolumes:
+      - name: upload
+        hostPath:
+          type: Directory
+          path: "{{ .Values.commons.persistence.hostPath.prefix }}/firefly/upload"
+    extraVolumeMounts:
+      - name: upload
+        mountPath: "/var/www/html/storage/upload"
+    {{- else }}
+    persistence:
+      enabled: true
+      {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }}
+      storageClassName: {{ . }}
+      {{- end }}
+      storage: {{ .Values.persistence.size }}
+    {{- end }}
+
+    {{- $host := .Values.ingress.host | default (printf "money.%s" .Values.commons.ingress.domain) }}
+    ingress:
+      enabled: true
+      annotations:
+        {{- $annotations := mergeOverwrite (dict) .Values.commons.ingress.annotations .Values.ingress.annotations }}
+        {{- $currentMiddleware := get $annotations "traefik.ingress.kubernetes.io/router.middlewares" }}
+        {{- if $currentMiddleware }}
+        {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s,%s-mycloud-authentik-outpost@kubernetescrd" $currentMiddleware .Release.Namespace) }}
+        {{- else }}
+        {{- $_ := set $annotations "traefik.ingress.kubernetes.io/router.middlewares" (printf "%s-mycloud-authentik-outpost@kubernetescrd" .Release.Namespace) }}
+        {{- end }}
+        {{- toYaml $annotations | nindent 8 }}
+      hosts:
+        - {{ $host | quote }}
+      {{- if .Values.commons.ingress.tls.enabled }}
+      tls:
+        {{- with .Values.commons.ingress.tls.override }}
+        {{- toYaml . | nindent 8 }}
+        {{- else }}
+        - secretName: "{{ .Release.Name }}-cert"
+          hosts:
+            - "{{ $host }}"
+        {{- end }}
+      {{- end }}

mycloud-firefly-iii/templates/repo.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: {{ .Release.Name }}-repo
+spec:
+  url: https://firefly-iii.github.io/kubernetes/
+  interval: 10m

mycloud-firefly-iii/templates/secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}
+data:
+  APP_KEY: {{ derivePassword 1 "long" .Values.commons.masterPassword "firefly" "app_key" | sha256sum | trunc 32 | b64enc }}
+  STATIC_CRON_TOKEN: {{ derivePassword 1 "long" .Values.commons.masterPassword "firefly" "cron_token" | sha256sum | trunc 32 | b64enc }}
+  DB_PASSWORD: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "firefly" "database_password" | b64enc) | b64enc }}
+  {{- with .Values.commons.mail.password }}
+  MAIL_PASSWORD: {{ . | b64enc }}
+  {{- end }}

mycloud-firefly-iii/values.yaml

@@ -0,0 +1,112 @@
+init:
+  version: 0
+  namespace: "bases"
+
+commons:
+  # -- masterPassword to generate secrets
+  # @section -- Commons
+  masterPassword: "CHANGEME"
+
+  auth:
+    # -- default auth.(.Values.commons.ingress.domain)
+    # @section -- Commons
+    host:
+    authentik:
+      backend: "mycloud-authentik-hr-server"
+
+  theme:
+    # -- title everywhere
+    # @section -- Commons theme
+    title: myCloud
+    # -- logo everywhere
+    # @section -- Commons theme
+    logo: /static/dist/assets/icons/icon_left_brand.svg
+    # -- favicon everywhere
+    # @section -- Commons theme
+    favicon: /static/dist/assets/icons/icon.png
+
+  mail:
+    # -- smtp server
+    # @section -- Commons mail
+    host:
+    # -- smtp username
+    # @section -- Commons mail
+    username:
+    # -- smtp password
+    # @section -- Commons mail
+    password:
+    # -- send from address
+    # @section -- Commons mail
+    from:
+    # -- smtp server use start tls
+    # @section -- Commons mail
+    use_tls: false
+    # -- smtp server use ssl
+    # @section -- Commons mail
+    use_ssl: false
+
+  persistence:
+    # -- storageClass of PVC
+    # @section -- Commons Persistence
+    storageClass:
+    hostPath:
+      # -- use hostPath instatt of PVC
+      # @section -- Commons Persistence
+      enabled: false
+      # -- use hostPath under the following path
+      # @section -- Commons Persistence
+      prefix: "/var/lib/mycloud"
+
+  helm:
+    release:
+      # -- install of FluxCD HelmRelease
+      # @section -- Commons helm release
+      install: {}
+      # -- test of FluxCD HelmRelease
+      # @section -- Commons helm release
+      test: {}
+      # -- upgrade of FluxCD HelmRelease
+      # @section -- Commons helm release
+      upgrade: {}
+      # -- driftDetection of FluxCD HelmRelease
+      # @section -- Commons helm release
+      driftDetection: {}
+
+  ingress:
+    # -- top domain for all services
+    # @section -- Commons Ingress
+    domain: "wrenix.eu"
+    # -- annotations for all ingress objects
+    # @section -- Commons Ingress
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    tls:
+      # -- tls on every ingress
+      # @section -- Commons Ingress
+      enabled: true
+      # -- use own definition of tls (e.g. for own or wildcard certificate)
+      # @section -- Commons Ingress
+      override: []
+
+ingress:
+  # -- default: social.(Values.commons.ingress.domain)
+  host:
+  annotations: {}
+
+database:
+  # -- default is from mysql-services
+  host: mycloud-services-postgresql
+  name: firefly
+  username: firefly
+  # -- generated by .Values.commons.masterPassword (equal to mycloud-services)
+  password:
+
+mail:
+  # -- generade by Values.commons.mail.from
+  from:
+  # -- default Values.commons.mail.host
+  host:
+
+persistence:
+  storageClass:
+  size: 16Gi