From 39eab37213017881ea289f3a103b7f750a465582 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Thu, 4 Jan 2024 14:21:59 +0100 Subject: [PATCH] fix(mycloud-collabora): init --- base-values/commons.yaml | 4 +- base-values/mycloud-collabora.yaml | 16 +++ base-values/mycloud-core.yaml | 5 + base/README.adoc | 5 + docs/modules/components/nav.adoc | 1 + .../components/pages/mycloud-collabora.adoc | 1 + infra-certificates/README.adoc | 5 + infra-ingress/README.adoc | 5 + infra-logging/README.adoc | 5 + infra-monitoring/README.adoc | 78 ++---------- infra-trivy/README.adoc | 5 + mycloud-authentik/README.adoc | 5 + mycloud-collabora/.helmignore | 23 ++++ mycloud-collabora/Chart.yaml | 9 ++ mycloud-collabora/README.adoc | 120 ++++++++++++++++++ .../templates/configmap_init_crd.yaml | 14 ++ mycloud-collabora/templates/release.yaml | 80 ++++++++++++ mycloud-collabora/templates/repo.yaml | 8 ++ mycloud-collabora/values.yaml | 65 ++++++++++ mycloud-nextcloud/README.adoc | 65 ++++++++++ .../templates/configmap_init_crd.yaml | 14 ++ mycloud-nextcloud/templates/release.yaml | 26 +++- mycloud-nextcloud/values.yaml | 4 + mycloud-services/README.adoc | 5 + 24 files changed, 499 insertions(+), 69 deletions(-) create mode 100644 base-values/mycloud-collabora.yaml create mode 120000 docs/modules/components/pages/mycloud-collabora.adoc create mode 100644 mycloud-collabora/.helmignore create mode 100644 mycloud-collabora/Chart.yaml create mode 100644 mycloud-collabora/README.adoc create mode 100644 mycloud-collabora/templates/configmap_init_crd.yaml create mode 100644 mycloud-collabora/templates/release.yaml create mode 100644 mycloud-collabora/templates/repo.yaml create mode 100644 mycloud-collabora/values.yaml create mode 100644 mycloud-nextcloud/templates/configmap_init_crd.yaml diff --git a/base-values/commons.yaml b/base-values/commons.yaml index 8f30ee4..d63ed78 100644 --- a/base-values/commons.yaml +++ b/base-values/commons.yaml @@ -31,10 +31,12 @@ commons: dashboards: labels: grafana_dashboard: "1" + annotations: prometheus: alertmanager: - alertmanager: default + labels: + alertmanager: default monitor: labels: prometheus: default diff --git a/base-values/mycloud-collabora.yaml b/base-values/mycloud-collabora.yaml new file mode 100644 index 0000000..643fcec --- /dev/null +++ b/base-values/mycloud-collabora.yaml @@ -0,0 +1,16 @@ +## +# commons are from mycloud-core +## + +components: + mycloud-nextcloud: + values: + apps: + richdocuments: + enabled: true + + mycloud-collabora: + enabled: true + namespace: + # current namespace + name: diff --git a/base-values/mycloud-core.yaml b/base-values/mycloud-core.yaml index cc517ae..ba2123f 100644 --- a/base-values/mycloud-core.yaml +++ b/base-values/mycloud-core.yaml @@ -21,6 +21,11 @@ commons: use_tls: false use_ssl: false + grafana: + dashboards: + annotations: + grafana.mon.local/dashboard-folder: "myCloud" + components: mycloud-services: enabled: true diff --git a/base/README.adoc b/base/README.adoc index 148d26b..e669b91 100644 --- a/base/README.adoc +++ b/base/README.adoc @@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat |=== | Key | Type | Default | Description +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/docs/modules/components/nav.adoc b/docs/modules/components/nav.adoc index 6cecd64..40c4ad5 100644 --- a/docs/modules/components/nav.adoc +++ b/docs/modules/components/nav.adoc @@ -6,5 +6,6 @@ ** xref:infra-monitoring.adoc[infra-monitoring] ** xref:infra-trivy.adoc[infra-trivy] ** xref:mycloud-authentik.adoc[mycloud-authentik] +** xref:mycloud-collabora.adoc[mycloud-collabora] ** xref:mycloud-nextcloud.adoc[mycloud-nextcloud] ** xref:mycloud-services.adoc[mycloud-services] diff --git a/docs/modules/components/pages/mycloud-collabora.adoc b/docs/modules/components/pages/mycloud-collabora.adoc new file mode 120000 index 0000000..289c229 --- /dev/null +++ b/docs/modules/components/pages/mycloud-collabora.adoc @@ -0,0 +1 @@ +../../../../mycloud-collabora/README.adoc \ No newline at end of file diff --git a/infra-certificates/README.adoc b/infra-certificates/README.adoc index 3499a2c..f574831 100644 --- a/infra-certificates/README.adoc +++ b/infra-certificates/README.adoc @@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat |=== | Key | Type | Default | Description +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/infra-ingress/README.adoc b/infra-ingress/README.adoc index bc0d930..a36e6d9 100644 --- a/infra-ingress/README.adoc +++ b/infra-ingress/README.adoc @@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat |=== | Key | Type | Default | Description +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/infra-logging/README.adoc b/infra-logging/README.adoc index 8894697..6217459 100644 --- a/infra-logging/README.adoc +++ b/infra-logging/README.adoc @@ -31,6 +31,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `"1"` | +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/infra-monitoring/README.adoc b/infra-monitoring/README.adoc index 8d41230..dce58f2 100644 --- a/infra-monitoring/README.adoc +++ b/infra-monitoring/README.adoc @@ -71,70 +71,10 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `"@alert:matrix.org"` | -| alertmanager.receiver.ntfy.config.labels.entries[0].label -| string -| `"severity"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[0].priority -| int -| `4` -| - -| alertmanager.receiver.ntfy.config.labels.entries[0].tags[0] -| string -| `"rotating_light"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[0].value -| string -| `"critical"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[1].label -| string -| `"severity"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[1].priority -| int -| `3` -| - -| alertmanager.receiver.ntfy.config.labels.entries[1].tags[0] -| string -| `"warning"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[1].value -| string -| `"warning"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[2].label -| string -| `"severity"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[2].priority -| int -| `1` -| - -| alertmanager.receiver.ntfy.config.labels.entries[2].tags[0] -| string -| `"information_source"` -| - -| alertmanager.receiver.ntfy.config.labels.entries[2].value -| string -| `"info"` -| - -| alertmanager.receiver.ntfy.config.labels.order[0] -| string -| `"severity"` -| +| alertmanager.receiver.ntfy.config.labels +| object +| `{"entries":[{"label":"severity","priority":4,"tags":["rotating_light"],"value":"critical"},{"label":"severity","priority":3,"tags":["warning"],"value":"warning"},{"label":"severity","priority":1,"tags":["information_source"],"value":"info"}],"order":["severity"]}` +| label of alert to ntfy message config | alertmanager.receiver.ntfy.config.ntfy.topic | string @@ -186,6 +126,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | would overwrite defaults (like ntfy or matrix) +| commons.auth.authentik.backend +| string +| `"authentik"` +| + | commons.auth.authentik.domain | string | `""` @@ -206,6 +151,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `"authentik"` | +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/infra-trivy/README.adoc b/infra-trivy/README.adoc index 2b3b4c7..e74c731 100644 --- a/infra-trivy/README.adoc +++ b/infra-trivy/README.adoc @@ -26,6 +26,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `"1"` | +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/mycloud-authentik/README.adoc b/mycloud-authentik/README.adoc index 8e62aba..55cd875 100644 --- a/mycloud-authentik/README.adoc +++ b/mycloud-authentik/README.adoc @@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat |=== | Key | Type | Default | Description +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` diff --git a/mycloud-collabora/.helmignore b/mycloud-collabora/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/mycloud-collabora/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/mycloud-collabora/Chart.yaml b/mycloud-collabora/Chart.yaml new file mode 100644 index 0000000..926d55c --- /dev/null +++ b/mycloud-collabora/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: mycloud-collabora +description: myCloud component to setup collabora +type: application +maintainers: + - name: WrenIX + url: https://wrenix.eu + +version: 0.1.0 diff --git a/mycloud-collabora/README.adoc b/mycloud-collabora/README.adoc new file mode 100644 index 0000000..2ffa28b --- /dev/null +++ b/mycloud-collabora/README.adoc @@ -0,0 +1,120 @@ + + += mycloud-collabora + +image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| adminPassword +| string +| `nil` +| adminPassword to access collabora admin platform + +| allowedHosts +| object +| `{}` +| allowed host to use this collabora instance if not set we allow defaults (like nextcloud) example: main.host.de: [ "alias1.host.de", "alias2.host.de" ] + +| commons.grafana.dashboards.annotations +| object +| `{}` +| + +| commons.grafana.dashboards.labels +| object +| `{}` +| + +| commons.helm.release.driftDetection +| object +| `{}` +| + +| commons.helm.release.install +| object +| `{}` +| + +| commons.helm.release.test +| object +| `{}` +| + +| commons.helm.release.upgrade +| object +| `{}` +| + +| commons.ingress.annotations."cert-manager.io/cluster-issuer" +| string +| `"letsencrypt-prod"` +| + +| commons.ingress.domain +| string +| `"wrenix.eu"` +| + +| commons.ingress.tls.enabled +| bool +| `true` +| tls on every ingress + +| commons.ingress.tls.override +| string +| `nil` +| use own definition of tls (e.g. for own or wildcard certificate) + +| commons.masterPassword +| string +| `"CHANGEME"` +| + +| commons.prometheus.monitor.labels +| object +| `{}` +| + +| commons.prometheus.rules.labels +| object +| `{}` +| + +| ingress.annotations +| string +| `nil` +| + +| ingress.host +| string +| `nil` +| default: fs.(Values.commons.ingress.domain) + +| init.namespace +| string +| `"bases"` +| + +| init.version +| int +| `0` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/mycloud-collabora/templates/configmap_init_crd.yaml b/mycloud-collabora/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..f82bbe4 --- /dev/null +++ b/mycloud-collabora/templates/configmap_init_crd.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} diff --git a/mycloud-collabora/templates/release.yaml b/mycloud-collabora/templates/release.yaml new file mode 100644 index 0000000..1bbe285 --- /dev/null +++ b/mycloud-collabora/templates/release.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: "{{ .Release.Name }}-hr" +spec: + chart: + spec: + sourceRef: + kind: HelmRepository + name: "{{ .Release.Name }}-repo" + chart: "collabora-online" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + autoscaling: + enabled: false + + {{- $host := .Values.ingress.host | default (printf "collabora.%s" .Values.commons.ingress.domain) }} + collabora: + username: collabora-admin + password: {{ .Values.adminPassword | default (derivePassword 1 "long" .Values.commons.masterPassword "nextcloud" "admin_password") | quote }} + extra_params: --o:user_interface.mode=tabbed --o:ssl.termination=true --o:ssl.enable=false + server_name: {{ $host | quote }} + aliasgroups: + {{- range $host, $aliases := .Values.allowedHosts }} + - host: "https://{{ $host }}{{ gt (len $aliases) 0 | ternary (printf "|%s" (join "|" $aliases)) "" }}" + {{- else }} + - host: "https://fs.{{ .Values.commons.ingress.domain }}" + {{- end }} + + ingress: + enabled: true + annotations: + {{- with .Values.commons.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + hosts: + - host: {{ $host | quote }} + paths: + - path: / + pathType: ImplementationSpecific + {{- if .Values.commons.ingress.tls.enabled }} + tls: + {{- with .Values.commons.ingress.tls.override }} + {{- toYaml . | nindent 8 }} + {{- else }} + - secretName: "mycloud-collabora-cert" + hosts: + - "{{ $host }}" + {{- end }} + {{- end }} + + prometheus: + servicemonitor: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + labels: + {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} + rules: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") }} + additionalLabels: + {{- toYaml .Values.commons.prometheus.rules.labels | nindent 10 }} + + grafana: + dashboards: + enabled: true + labels: + {{- toYaml .Values.commons.grafana.dashboards.labels | nindent 10 }} + annotations: + {{- toYaml .Values.commons.grafana.dashboards.annotations | nindent 10 }} diff --git a/mycloud-collabora/templates/repo.yaml b/mycloud-collabora/templates/repo.yaml new file mode 100644 index 0000000..2c6815e --- /dev/null +++ b/mycloud-collabora/templates/repo.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: {{ .Release.Name }}-repo +spec: + url: https://collaboraonline.github.io/online + interval: 10m diff --git a/mycloud-collabora/values.yaml b/mycloud-collabora/values.yaml new file mode 100644 index 0000000..7f920cc --- /dev/null +++ b/mycloud-collabora/values.yaml @@ -0,0 +1,65 @@ +init: + version: 0 + namespace: "bases" + +commons: + masterPassword: "CHANGEME" + + helm: + release: + install: {} + test: {} + upgrade: {} + driftDetection: {} + + ingress: + domain: "wrenix.eu" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + # -- tls on every ingress + enabled: true + # -- use own definition of tls (e.g. for own or wildcard certificate) + override: + + prometheus: + monitor: + labels: {} + rules: + labels: {} + grafana: + dashboards: + labels: {} + annotations: {} + + +ingress: + # -- default: fs.(Values.commons.ingress.domain) + host: + annotations: + # nginx controller + nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc" + nginx.ingress.kubernetes.io/server-snippet: | + location /cool/getMetrics { deny all; return 403; } + location /cool/adminws/ { deny all; return 403; } + location /browser/dist/admin/admin.html { deny all; return 403; } + # haproxy community + haproxy-ingress.github.io/timeout-tunnel: 3600s + haproxy-ingress.github.io/assign-backend-server-id: "true" + haproxy-ingress.github.io/balance-algorithm: url_param WOPISrc + haproxy-ingress.github.io/config-backend: + hash-type consistent + acl admin_url path_beg /cool/getMetrics + acl admin_url path_beg /cool/adminws/ + acl admin_url path_beg /browser/dist/admin/admin.html + http-request deny if admin_url + + +# -- adminPassword to access collabora admin platform +adminPassword: + +# -- allowed host to use this collabora instance +# if not set we allow defaults (like nextcloud) +# example: +# main.host.de: [ "alias1.host.de", "alias2.host.de" ] +allowedHosts: {} diff --git a/mycloud-nextcloud/README.adoc b/mycloud-nextcloud/README.adoc index a6a86c8..e69918a 100644 --- a/mycloud-nextcloud/README.adoc +++ b/mycloud-nextcloud/README.adoc @@ -26,6 +26,56 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | generated by .Values.commons.masterPassword +| apps.calendar.enabled +| bool +| `true` +| + +| apps.checksum.enabled +| bool +| `true` +| + +| apps.contacts.enabled +| bool +| `true` +| + +| apps.dashboard.enabled +| bool +| `false` +| + +| apps.deck.enabled +| bool +| `true` +| + +| apps.firstrunwizard.enabled +| bool +| `false` +| + +| apps.memories.enabled +| bool +| `false` +| + +| apps.notes.enabled +| bool +| `true` +| + +| apps.richdocuments.config.wopi_url +| string +| `nil` +| + +| apps.richdocuments.enabled +| bool +| `false` +| + | auth.clientID | string | `nil` @@ -36,11 +86,21 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | `nil` | generated by .Values.commons.masterPassword +| auth.idMapping +| string +| `"sub"` +| oidc field which us used as id in nextcloud for username (for security reason it is sub, but could be overwritten by username) https://goauthentik.io/integrations/services/nextcloud/#provider-and-application + | commons.auth.host | string | `nil` | default auth.(.Values.commons.ingress.domain) +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}` @@ -225,6 +285,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | string | `"8Gi"` | + +| quota +| string +| `nil` +| default quota for an user |=== Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/mycloud-nextcloud/templates/configmap_init_crd.yaml b/mycloud-nextcloud/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..f82bbe4 --- /dev/null +++ b/mycloud-nextcloud/templates/configmap_init_crd.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} diff --git a/mycloud-nextcloud/templates/release.yaml b/mycloud-nextcloud/templates/release.yaml index 434e401..d2be76f 100644 --- a/mycloud-nextcloud/templates/release.yaml +++ b/mycloud-nextcloud/templates/release.yaml @@ -86,11 +86,29 @@ spec: enabled: true config: allow_multiple_user_backends: "0" + ## # collabora - #richdocuments: - # enabled: true - # config: {} - {{- toYaml .Values.apps | nindent 10 }} + ## + {{- with .Values.apps.richdocuments }} + {{- if .enabled }} + richdocuments: + enabled: true + {{- with .config }} + config: + {{- with (get . "wopi_url") }} + wopi_url: {{ . }} + {{- else }} + wopi_url: "https://collabora.{{ $.Values.commons.ingress.domain }}" + {{- end }} + {{- with (omit . "wopi_url") }} + {{- toYaml . | nindent 14 }} + {{- end }} + {{- end }}{{/* with .config */}} + {{- end }}{{/* end-if .enabled */}} + {{- end }}{{/* end-with .richdocuments */}} + {{- with (omit .Values.apps "richdocuments") }} + {{- toYaml . | nindent 10 }} + {{- end }} hooks: before-starting: diff --git a/mycloud-nextcloud/values.yaml b/mycloud-nextcloud/values.yaml index 9fefb31..d809366 100644 --- a/mycloud-nextcloud/values.yaml +++ b/mycloud-nextcloud/values.yaml @@ -74,6 +74,10 @@ apps: enabled: true deck: enabled: true + richdocuments: + enabled: false + config: + wopi_url: # remove unneeded application firstrunwizard: enabled: false diff --git a/mycloud-services/README.adoc b/mycloud-services/README.adoc index 815b410..a9d9b39 100644 --- a/mycloud-services/README.adoc +++ b/mycloud-services/README.adoc @@ -21,6 +21,11 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat |=== | Key | Type | Default | Description +| commons.helm.release.driftDetection +| object +| `{}` +| + | commons.helm.release.install | object | `{}`