diff --git a/base-values/mycloud-core.yaml b/base-values/mycloud-core.yaml index ba2123f..4976690 100644 --- a/base-values/mycloud-core.yaml +++ b/base-values/mycloud-core.yaml @@ -3,7 +3,7 @@ commons: # masterPassword: theme: - title: + title: myCloud logo: favicon: diff --git a/base-values/mycloud-gotosocial.yaml b/base-values/mycloud-gotosocial.yaml new file mode 100644 index 0000000..e547c42 --- /dev/null +++ b/base-values/mycloud-gotosocial.yaml @@ -0,0 +1,17 @@ +## +# commons are from mycloud-core +## + +components: + mycloud-services: + # patch mycloud-core to get another database + values: + databases: + gotosocial: + type: postgresql + + mycloud-gotosocial: + enabled: true + namespace: + # current namespace + name: diff --git a/docs/modules/components/nav.adoc b/docs/modules/components/nav.adoc index 40c4ad5..058a894 100644 --- a/docs/modules/components/nav.adoc +++ b/docs/modules/components/nav.adoc @@ -7,5 +7,6 @@ ** xref:infra-trivy.adoc[infra-trivy] ** xref:mycloud-authentik.adoc[mycloud-authentik] ** xref:mycloud-collabora.adoc[mycloud-collabora] +** xref:mycloud-gotosocial.adoc[mycloud-gotosocial] ** xref:mycloud-nextcloud.adoc[mycloud-nextcloud] ** xref:mycloud-services.adoc[mycloud-services] diff --git a/docs/modules/components/pages/mycloud-gotosocial.adoc b/docs/modules/components/pages/mycloud-gotosocial.adoc new file mode 120000 index 0000000..91fd1e8 --- /dev/null +++ b/docs/modules/components/pages/mycloud-gotosocial.adoc @@ -0,0 +1 @@ +../../../../mycloud-gotosocial/README.adoc \ No newline at end of file diff --git a/docs/modules/mycloud/pages/partial-list-components.adoc b/docs/modules/mycloud/pages/partial-list-components.adoc index ece861b..c5d80fe 100644 --- a/docs/modules/mycloud/pages/partial-list-components.adoc +++ b/docs/modules/mycloud/pages/partial-list-components.adoc @@ -1,5 +1,6 @@ * xref:components:mycloud-authentik.adoc[mycloud-authentik] * xref:components:mycloud-collabora.adoc[mycloud-collabora] +* xref:components:mycloud-gotosocial.adoc[mycloud-gotosocial] * xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] * xref:components:mycloud-services.adoc[mycloud-services] diff --git a/mycloud-gotosocial/.helmignore b/mycloud-gotosocial/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/mycloud-gotosocial/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/mycloud-gotosocial/Chart.yaml b/mycloud-gotosocial/Chart.yaml new file mode 100644 index 0000000..6b975ce --- /dev/null +++ b/mycloud-gotosocial/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: mycloud-gotosocial +description: myCloud component to setup gotosocial +type: application +maintainers: + - name: WrenIX + url: https://wrenix.eu + +version: 0.1.0 diff --git a/mycloud-gotosocial/README.adoc b/mycloud-gotosocial/README.adoc new file mode 100644 index 0000000..4f529e1 --- /dev/null +++ b/mycloud-gotosocial/README.adoc @@ -0,0 +1,215 @@ + + += mycloud-gotosocial + +image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| auth.clientID +| string +| `nil` +| generated by .Values.commons.masterPassword + +| auth.clientSecret +| string +| `nil` +| generated by .Values.commons.masterPassword + +| commons.auth.host +| string +| `nil` +| default auth.(.Values.commons.ingress.domain) + +| commons.helm.release.driftDetection +| object +| `{}` +| + +| commons.helm.release.install +| object +| `{}` +| + +| commons.helm.release.test +| object +| `{}` +| + +| commons.helm.release.upgrade +| object +| `{}` +| + +| commons.ingress.annotations."cert-manager.io/cluster-issuer" +| string +| `"letsencrypt-prod"` +| + +| commons.ingress.domain +| string +| `"wrenix.eu"` +| + +| commons.ingress.tls.enabled +| bool +| `true` +| tls on every ingress + +| commons.ingress.tls.override +| string +| `nil` +| use own definition of tls (e.g. for own or wildcard certificate) + +| commons.mail.from +| string +| `nil` +| + +| commons.mail.host +| string +| `nil` +| + +| commons.mail.password +| string +| `nil` +| + +| commons.mail.use_ssl +| bool +| `false` +| + +| commons.mail.use_tls +| bool +| `false` +| + +| commons.mail.username +| string +| `nil` +| + +| commons.masterPassword +| string +| `"CHANGEME"` +| + +| commons.persistence.hostPath.enabled +| bool +| `false` +| + +| commons.persistence.hostPath.prefix +| string +| `"/var/lib/mycloud"` +| + +| commons.persistence.storageClass +| string +| `nil` +| + +| commons.prometheus.monitor.labels +| object +| `{}` +| + +| commons.prometheus.rules.labels +| object +| `{}` +| + +| commons.theme.favicon +| string +| `"/static/dist/assets/icons/icon.png"` +| + +| commons.theme.logo +| string +| `"/static/dist/assets/icons/icon_left_brand.svg"` +| + +| commons.theme.title +| string +| `"myCloud"` +| + +| database.host +| string +| `"mycloud-services-postgresql"` +| default is from mysql-services + +| database.name +| string +| `"gotosocial"` +| + +| database.password +| string +| `nil` +| generated by .Values.commons.masterPassword (equal to mycloud-services) + +| database.username +| string +| `"gotosocial"` +| + +| ingress.annotations +| string +| `nil` +| + +| ingress.host +| string +| `nil` +| default: social.(Values.commons.ingress.domain) + +| init.namespace +| string +| `"bases"` +| + +| init.version +| int +| `0` +| + +| mail.from +| string +| `nil` +| generade by Values.commons.mail.from + +| mail.host +| string +| `nil` +| default Values.commons.mail.host + +| persistence.size +| string +| `"16Gi"` +| + +| persistence.storageClass +| string +| `nil` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/mycloud-gotosocial/templates/authentik-application.yaml b/mycloud-gotosocial/templates/authentik-application.yaml new file mode 100644 index 0000000..c02410c --- /dev/null +++ b/mycloud-gotosocial/templates/authentik-application.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-auth +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: "wrenix-helm-charts" + namespace: "flux-system" + chart: "./authentik-application" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + {{- $host := .Values.ingress.host | default (printf "social.%s" .Values.commons.ingress.domain) }} + blueprint: + authentik: + domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}" + provider: + type: "oidc" + name: "GoToSocial" + oidc: + clientType: "confidential" + redirectURL: "https://{{ $host }}/auth/callback" + clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }} + clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }} + signingKey: "authentik Self-signed Certificate" + scopes: + - name: "authentik default OAuth Mapping: OpenID 'openid'" + - name: "authentik default OAuth Mapping: OpenID 'email'" + - name: "authentik default OAuth Mapping: OpenID 'profile'" + + groups: + - slug: "mycloud - users" + bindID: "cefc0c13-49fa-4374-a909-e201a88a473b" + + application: + policyEngineMode: "any" + openInNewTab: true + publisher: "WrenIX's myCloud" + slug: "mycloud-gotosocial" + group: "Social" + name: "GoToSocial" + launchURL: "https://{{ $host }}/settings" + icon: "https://{{ $host }}/assets/logo.png" + description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!" diff --git a/mycloud-gotosocial/templates/configmap_init_crd.yaml b/mycloud-gotosocial/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..f82bbe4 --- /dev/null +++ b/mycloud-gotosocial/templates/configmap_init_crd.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} diff --git a/mycloud-gotosocial/templates/release.yaml b/mycloud-gotosocial/templates/release.yaml new file mode 100644 index 0000000..dcf9e33 --- /dev/null +++ b/mycloud-gotosocial/templates/release.yaml @@ -0,0 +1,109 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: "{{ .Release.Name }}-hr" +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: "wrenix-helm-charts" + namespace: "flux-system" + chart: "./gotosocial" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + {{- $host := .Values.ingress.host | default (printf "social.%s" .Values.commons.ingress.domain) }} + gotosocial: + applicationName: {{ .Values.commons.theme.title | quote }} + host: "{{ $host }}" + accountDomain: "{{ .Values.commons.ingress.domain }}" + database: + type: postgres + address: {{ .Values.database.host | quote }} + username: {{ .Values.database.username | quote }} + password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "database_password") | quote }} + database: {{ .Values.database.name | quote }} + accounts: + registrationOpen: false + approvalRequired: false + oidc: + enabled: true + idpName: {{ .Values.commons.theme.title | quote }} + issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-gotosocial/" + clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }} + clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }} + adminGroups: + - "authentik Admins" + smtp: + host: {{ .Values.mail.host | default .Values.commons.mail.host | quote }} + port: 587 + username: {{ .Values.commons.mail.username | quote }} + password: {{ .Values.commons.mail.password | quote }} + from: {{ .Values.mail.from | default (printf "[%s] %s <%s>" .Values.commons.theme.title "gotosocial" .Values.commons.mail.from) | quote }} + + metrics: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + auth: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + username: {{ derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "metrics.username" | quote }} + password: {{ derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "metrics.password" | quote }} + + prometheus: + servicemonitor: + enabled: {{ (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }} + labels: + {{- toYaml .Values.commons.prometheus.monitor.labels | nindent 10 }} + + ingress: + enabled: true + annotations: + {{- with .Values.commons.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + hosts: + - host: "{{ .Values.commons.ingress.domain }}" + paths: + - path: /.well-known/webfinger + pathType: Prefix + - path: /.well-known/host-meta + pathType: Prefix + - path: /.well-known/nodeinfo + pathType: Prefix + - host: "{{ $host }}" + paths: + - path: / + pathType: Prefix + {{- if .Values.commons.ingress.tls.enabled }} + tls: + {{- with .Values.commons.ingress.tls.override }} + {{- toYaml . | nindent 8 }} + {{- else }} + - secretName: "mycloud-gotosocial-cert" + hosts: + - "{{ .Values.commons.ingress.domain }}" + - "{{ $host }}" + {{- end }} + {{- end }} + + persistence: + enabled: true + size: {{ .Values.persistence.size }} + {{- with .Values.persistence.storageClass | default .Values.commons.persistence.storageClass }} + storageClass: {{ . }} + {{- end }} + {{- if .Values.commons.persistence.hostPath.enabled }} + hostPath: "{{ .Values.commons.persistence.hostPath.prefix }}/gotosocial" + {{- end }} diff --git a/mycloud-gotosocial/values.yaml b/mycloud-gotosocial/values.yaml new file mode 100644 index 0000000..ba3f31f --- /dev/null +++ b/mycloud-gotosocial/values.yaml @@ -0,0 +1,81 @@ +init: + version: 0 + namespace: "bases" + +commons: + masterPassword: "CHANGEME" + + auth: + # -- default auth.(.Values.commons.ingress.domain) + host: + + theme: + title: myCloud + logo: /static/dist/assets/icons/icon_left_brand.svg + favicon: /static/dist/assets/icons/icon.png + + mail: + host: + username: + password: + from: + use_tls: false + use_ssl: false + + persistence: + storageClass: + hostPath: + enabled: false + prefix: "/var/lib/mycloud" + + helm: + release: + install: {} + test: {} + upgrade: {} + driftDetection: {} + + ingress: + domain: "wrenix.eu" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + # -- tls on every ingress + enabled: true + # -- use own definition of tls (e.g. for own or wildcard certificate) + override: + + prometheus: + monitor: + labels: {} + rules: + labels: {} + +auth: + # -- generated by .Values.commons.masterPassword + clientID: + # -- generated by .Values.commons.masterPassword + clientSecret: + +ingress: + # -- default: social.(Values.commons.ingress.domain) + host: + annotations: + +database: + # -- default is from mysql-services + host: mycloud-services-postgresql + name: gotosocial + username: gotosocial + # -- generated by .Values.commons.masterPassword (equal to mycloud-services) + password: + +mail: + # -- generade by Values.commons.mail.from + from: + # -- default Values.commons.mail.host + host: + +persistence: + storageClass: + size: 16Gi