wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix(mycloud-collabora): init

Browse source
This commit is contained in:
WrenIX 2024-01-04 14:21:59 +01:00
parent 9291a88f04
commit 39eab37213
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
24 changed files with 499 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
base-values/commons.yaml
View file

@ -31,10 +31,12 @@ commons:
dashboards:
labels:
grafana_dashboard: "1"
annotations:
prometheus:
alertmanager:
alertmanager: default
labels:
alertmanager: default
monitor:
labels:
prometheus: default

16
base-values/mycloud-collabora.yaml Normal file
View file

@ -0,0 +1,16 @@
##
# commons are from mycloud-core
##
components:
mycloud-nextcloud:
values:
apps:
richdocuments:
enabled: true
mycloud-collabora:
enabled: true
namespace:
# current namespace
name:

5
base-values/mycloud-core.yaml
View file

@ -21,6 +21,11 @@ commons:
use_tls: false
use_ssl: false
grafana:
dashboards:
annotations:
grafana.mon.local/dashboard-folder: "myCloud"
components:
mycloud-services:
enabled: true

5
base/README.adoc
View file

@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
|===
| Key | Type | Default | Description
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

1
docs/modules/components/nav.adoc
View file

@ -6,5 +6,6 @@
** xref:infra-monitoring.adoc[infra-monitoring]
** xref:infra-trivy.adoc[infra-trivy]
** xref:mycloud-authentik.adoc[mycloud-authentik]
** xref:mycloud-collabora.adoc[mycloud-collabora]
** xref:mycloud-nextcloud.adoc[mycloud-nextcloud]
** xref:mycloud-services.adoc[mycloud-services]

1
docs/modules/components/pages/mycloud-collabora.adoc Symbolic link
View file

@ -0,0 +1 @@
../../../../mycloud-collabora/README.adoc

5
infra-certificates/README.adoc
View file

@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
|===
| Key | Type | Default | Description
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

5
infra-ingress/README.adoc
View file

@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
|===
| Key | Type | Default | Description
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

5
infra-logging/README.adoc
View file

@ -31,6 +31,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"1"`
|
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

78
infra-monitoring/README.adoc
View file

@ -71,70 +71,10 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"@alert:matrix.org"`
|
| alertmanager.receiver.ntfy.config.labels.entries[0].label
| string
| `"severity"`
|
| alertmanager.receiver.ntfy.config.labels.entries[0].priority
| int
| `4`
|
| alertmanager.receiver.ntfy.config.labels.entries[0].tags[0]
| string
| `"rotating_light"`
|
| alertmanager.receiver.ntfy.config.labels.entries[0].value
| string
| `"critical"`
|
| alertmanager.receiver.ntfy.config.labels.entries[1].label
| string
| `"severity"`
|
| alertmanager.receiver.ntfy.config.labels.entries[1].priority
| int
| `3`
|
| alertmanager.receiver.ntfy.config.labels.entries[1].tags[0]
| string
| `"warning"`
|
| alertmanager.receiver.ntfy.config.labels.entries[1].value
| string
| `"warning"`
|
| alertmanager.receiver.ntfy.config.labels.entries[2].label
| string
| `"severity"`
|
| alertmanager.receiver.ntfy.config.labels.entries[2].priority
| int
| `1`
|
| alertmanager.receiver.ntfy.config.labels.entries[2].tags[0]
| string
| `"information_source"`
|
| alertmanager.receiver.ntfy.config.labels.entries[2].value
| string
| `"info"`
|
| alertmanager.receiver.ntfy.config.labels.order[0]
| string
| `"severity"`
|
| alertmanager.receiver.ntfy.config.labels
| object
| `{"entries":[{"label":"severity","priority":4,"tags":["rotating_light"],"value":"critical"},{"label":"severity","priority":3,"tags":["warning"],"value":"warning"},{"label":"severity","priority":1,"tags":["information_source"],"value":"info"}],"order":["severity"]}`
| label of alert to ntfy message config
| alertmanager.receiver.ntfy.config.ntfy.topic
| string
@ -186,6 +126,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `nil`
| would overwrite defaults (like ntfy or matrix)
| commons.auth.authentik.backend
| string
| `"authentik"`
|
| commons.auth.authentik.domain
| string
| `""`
@ -206,6 +151,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"authentik"`
|
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

5
infra-trivy/README.adoc
View file

@ -26,6 +26,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `"1"`
|
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

5
mycloud-authentik/README.adoc
View file

@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
|===
| Key | Type | Default | Description
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`

23
mycloud-collabora/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
mycloud-collabora/Chart.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: v2
name: mycloud-collabora
description: myCloud component to setup collabora
type: application
maintainers:
- name: WrenIX
url: https://wrenix.eu
version: 0.1.0

120
mycloud-collabora/README.adoc Normal file
View file

@ -0,0 +1,120 @@
= mycloud-collabora
image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
== Values
.Values
|===
| Key | Type | Default | Description
| adminPassword
| string
| `nil`
| adminPassword to access collabora admin platform
| allowedHosts
| object
| `{}`
| allowed host to use this collabora instance if not set we allow defaults (like nextcloud) example: main.host.de: [ "alias1.host.de", "alias2.host.de" ]
| commons.grafana.dashboards.annotations
| object
| `{}`
|
| commons.grafana.dashboards.labels
| object
| `{}`
|
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`
|
| commons.helm.release.test
| object
| `{}`
|
| commons.helm.release.upgrade
| object
| `{}`
|
| commons.ingress.annotations."cert-manager.io/cluster-issuer"
| string
| `"letsencrypt-prod"`
|
| commons.ingress.domain
| string
| `"wrenix.eu"`
|
| commons.ingress.tls.enabled
| bool
| `true`
| tls on every ingress
| commons.ingress.tls.override
| string
| `nil`
| use own definition of tls (e.g. for own or wildcard certificate)
| commons.masterPassword
| string
| `"CHANGEME"`
|
| commons.prometheus.monitor.labels
| object
| `{}`
|
| commons.prometheus.rules.labels
| object
| `{}`
|
| ingress.annotations
| string
| `nil`
|
| ingress.host
| string
| `nil`
| default: fs.(Values.commons.ingress.domain)
| init.namespace
| string
| `"bases"`
|
| init.version
| int
| `0`
|
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

14
mycloud-collabora/templates/configmap_init_crd.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- if and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}

80
mycloud-collabora/templates/release.yaml Normal file
View file

@ -0,0 +1,80 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: "{{ .Release.Name }}-hr"
spec:
chart:
spec:
sourceRef:
kind: HelmRepository
name: "{{ .Release.Name }}-repo"
chart: "collabora-online"
install:
{{- toYaml .Values.commons.helm.release.install | nindent 4 }}
test:
{{- toYaml .Values.commons.helm.release.test | nindent 4 }}
upgrade:
{{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
driftDetection:
{{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
interval: 10m
values:
autoscaling:
enabled: false
{{- $host := .Values.ingress.host | default (printf "collabora.%s" .Values.commons.ingress.domain) }}
collabora:
username: collabora-admin
password: {{ .Values.adminPassword | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "admin_password") | quote }}
extra_params: --o:user_interface.mode=tabbed --o:ssl.termination=true --o:ssl.enable=false
server_name: {{ $host | quote }}
aliasgroups:
{{- range $host, $aliases := .Values.allowedHosts }}
- host: "https://{{ $host }}{{ gt (len $aliases) 0 | ternary (printf "|%s" (join "|" $aliases)) "" }}"
{{- else }}
- host: "https://fs.{{ .Values.commons.ingress.domain }}"
{{- end }}
ingress:
enabled: true
annotations:
{{- with .Values.commons.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
hosts:
- host: {{ $host | quote }}
paths:
- path: /
pathType: ImplementationSpecific
{{- if .Values.commons.ingress.tls.enabled }}
tls:
{{- with .Values.commons.ingress.tls.override }}
{{- toYaml . | nindent 8 }}
{{- else }}
- secretName: "mycloud-collabora-cert"
hosts:
- "{{ $host }}"
{{- end }}
{{- end }}
prometheus:
servicemonitor:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
labels:
{{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }}
rules:
enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }}
additionalLabels:
{{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }}
grafana:
dashboards:
enabled: true
labels:
{{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }}
annotations:
{{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }}

8
mycloud-collabora/templates/repo.yaml Normal file
View file

@ -0,0 +1,8 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: {{ .Release.Name }}-repo
spec:
url: https://collaboraonline.github.io/online
interval: 10m

65
mycloud-collabora/values.yaml Normal file
View file

@ -0,0 +1,65 @@
init:
version: 0
namespace: "bases"
commons:
masterPassword: "CHANGEME"
helm:
release:
install: {}
test: {}
upgrade: {}
driftDetection: {}
ingress:
domain: "wrenix.eu"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
tls:
# -- tls on every ingress
enabled: true
# -- use own definition of tls (e.g. for own or wildcard certificate)
override:
prometheus:
monitor:
labels: {}
rules:
labels: {}
grafana:
dashboards:
labels: {}
annotations: {}
ingress:
# -- default: fs.(Values.commons.ingress.domain)
host:
annotations:
# nginx controller
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
nginx.ingress.kubernetes.io/server-snippet: |
location /cool/getMetrics { deny all; return 403; }
location /cool/adminws/ { deny all; return 403; }
location /browser/dist/admin/admin.html { deny all; return 403; }
# haproxy community
haproxy-ingress.github.io/timeout-tunnel: 3600s
haproxy-ingress.github.io/assign-backend-server-id: "true"
haproxy-ingress.github.io/balance-algorithm: url_param WOPISrc
haproxy-ingress.github.io/config-backend:
hash-type consistent
acl admin_url path_beg /cool/getMetrics
acl admin_url path_beg /cool/adminws/
acl admin_url path_beg /browser/dist/admin/admin.html
http-request deny if admin_url
# -- adminPassword to access collabora admin platform
adminPassword:
# -- allowed host to use this collabora instance
# if not set we allow defaults (like nextcloud)
# example:
# main.host.de: [ "alias1.host.de", "alias2.host.de" ]
allowedHosts: {}

65
mycloud-nextcloud/README.adoc
View file

@ -26,6 +26,56 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `nil`
| generated by .Values.commons.masterPassword
| apps.calendar.enabled
| bool
| `true`
|
| apps.checksum.enabled
| bool
| `true`
|
| apps.contacts.enabled
| bool
| `true`
|
| apps.dashboard.enabled
| bool
| `false`
|
| apps.deck.enabled
| bool
| `true`
|
| apps.firstrunwizard.enabled
| bool
| `false`
|
| apps.memories.enabled
| bool
| `false`
|
| apps.notes.enabled
| bool
| `true`
|
| apps.richdocuments.config.wopi_url
| string
| `nil`
|
| apps.richdocuments.enabled
| bool
| `false`
|
| auth.clientID
| string
| `nil`
@ -36,11 +86,21 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| `nil`
| generated by .Values.commons.masterPassword
| auth.idMapping
| string
| `"sub"`
| oidc field which us used as id in nextcloud for username (for security reason it is sub, but could be overwritten by username) https://goauthentik.io/integrations/services/nextcloud/#provider-and-application
| commons.auth.host
| string
| `nil`
| default auth.(.Values.commons.ingress.domain)
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`
@ -225,6 +285,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| string
| `"8Gi"`
|
| quota
| string
| `nil`
| default quota for an user
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

14
mycloud-nextcloud/templates/configmap_init_crd.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- if and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}

26
mycloud-nextcloud/templates/release.yaml
View file

@ -86,11 +86,29 @@ spec:
enabled: true
config:
allow_multiple_user_backends: "0"
##
# collabora
#richdocuments:
# enabled: true
# config: {}
{{- toYaml .Values.apps | nindent 10 }}
##
{{- with .Values.apps.richdocuments }}
{{- if .enabled }}
richdocuments:
enabled: true
{{- with .config }}
config:
{{- with (get . "wopi_url") }}
wopi_url: {{ . }}
{{- else }}
wopi_url: "https://collabora.{{ $.Values.commons.ingress.domain }}"
{{- end }}
{{- with (omit . "wopi_url") }}
{{- toYaml . | nindent 14 }}
{{- end }}
{{- end }}{{/* with .config */}}
{{- end }}{{/* end-if .enabled */}}
{{- end }}{{/* end-with .richdocuments */}}
{{- with (omit .Values.apps "richdocuments") }}
{{- toYaml . | nindent 10 }}
{{- end }}
hooks:
before-starting:

4
mycloud-nextcloud/values.yaml
View file

@ -74,6 +74,10 @@ apps:
enabled: true
deck:
enabled: true
richdocuments:
enabled: false
config:
wopi_url:
# remove unneeded application
firstrunwizard:
enabled: false

5
mycloud-services/README.adoc
View file

@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
|===
| Key | Type | Default | Description
| commons.helm.release.driftDetection
| object
| `{}`
|
| commons.helm.release.install
| object
| `{}`