feat(mycloud-coder): add coder

2024-03-08 14:39:56 +01:00 · 2024-03-08 14:39:56 +01:00 · f5a26b3652
commit f5a26b3652
parent d4650334e2
8 changed files with 452 additions and 0 deletions
--- a/mycloud-coder/.helmignore
+++ b/mycloud-coder/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/mycloud-coder/Chart.yaml
+++ b/mycloud-coder/Chart.yaml
@ -0,0 +1,9 @@
+apiVersion: v2
+name: mycloud-coder
+description: myCloud component to setup coder
+type: application
+maintainers:
+  - name: WrenIX
+    url: https://wrenix.eu
+
+version: 0.1.0
--- a/mycloud-coder/README.adoc
+++ b/mycloud-coder/README.adoc
@ -0,0 +1,215 @@
+
+
+= mycloud-gotosocial
+
+image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0]
+image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
+== Maintainers
+
+.Maintainers
+|===
+| Name | Email | Url
+
+| WrenIX
+|
+| <https://wrenix.eu>
+|===
+
+== Values
+
+.Values
+|===
+| Key | Type | Default | Description
+
+| auth.clientID
+| string
+| `nil`
+| generated by .Values.commons.masterPassword
+
+| auth.clientSecret
+| string
+| `nil`
+| generated by .Values.commons.masterPassword
+
+| commons.auth.host
+| string
+| `nil`
+| default auth.(.Values.commons.ingress.domain)
+
+| commons.helm.release.driftDetection
+| object
+| `{}`
+|
+
+| commons.helm.release.install
+| object
+| `{}`
+|
+
+| commons.helm.release.test
+| object
+| `{}`
+|
+
+| commons.helm.release.upgrade
+| object
+| `{}`
+|
+
+| commons.ingress.annotations."cert-manager.io/cluster-issuer"
+| string
+| `"letsencrypt-prod"`
+|
+
+| commons.ingress.domain
+| string
+| `"wrenix.eu"`
+|
+
+| commons.ingress.tls.enabled
+| bool
+| `true`
+| tls on every ingress
+
+| commons.ingress.tls.override
+| string
+| `nil`
+| use own definition of tls (e.g. for own or wildcard certificate)
+
+| commons.mail.from
+| string
+| `nil`
+|
+
+| commons.mail.host
+| string
+| `nil`
+|
+
+| commons.mail.password
+| string
+| `nil`
+|
+
+| commons.mail.use_ssl
+| bool
+| `false`
+|
+
+| commons.mail.use_tls
+| bool
+| `false`
+|
+
+| commons.mail.username
+| string
+| `nil`
+|
+
+| commons.masterPassword
+| string
+| `"CHANGEME"`
+|
+
+| commons.persistence.hostPath.enabled
+| bool
+| `false`
+|
+
+| commons.persistence.hostPath.prefix
+| string
+| `"/var/lib/mycloud"`
+|
+
+| commons.persistence.storageClass
+| string
+| `nil`
+|
+
+| commons.prometheus.monitor.labels
+| object
+| `{}`
+|
+
+| commons.prometheus.rules.labels
+| object
+| `{}`
+|
+
+| commons.theme.favicon
+| string
+| `"/static/dist/assets/icons/icon.png"`
+|
+
+| commons.theme.logo
+| string
+| `"/static/dist/assets/icons/icon_left_brand.svg"`
+|
+
+| commons.theme.title
+| string
+| `"myCloud"`
+|
+
+| database.host
+| string
+| `"mycloud-services-postgresql"`
+| default is from mysql-services
+
+| database.name
+| string
+| `"gotosocial"`
+|
+
+| database.password
+| string
+| `nil`
+| generated by .Values.commons.masterPassword (equal to mycloud-services)
+
+| database.username
+| string
+| `"gotosocial"`
+|
+
+| ingress.annotations
+| string
+| `nil`
+|
+
+| ingress.host
+| string
+| `nil`
+| default: social.(Values.commons.ingress.domain)
+
+| init.namespace
+| string
+| `"bases"`
+|
+
+| init.version
+| int
+| `0`
+|
+
+| mail.from
+| string
+| `nil`
+| generade by Values.commons.mail.from
+
+| mail.host
+| string
+| `nil`
+| default Values.commons.mail.host
+
+| persistence.size
+| string
+| `"16Gi"`
+|
+
+| persistence.storageClass
+| string
+| `nil`
+|
+|===
+
+Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]
--- a/mycloud-coder/templates/authentik-application.yaml
+++ b/mycloud-coder/templates/authentik-application.yaml
@ -0,0 +1,56 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-auth
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: GitRepository
+        name: "wrenix-helm-charts"
+        namespace: "flux-system"
+      chart: "./authentik-application"
+      reconcileStrategy: "Revision"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  values:
+    {{- $host := .Values.ingress.host | default (printf "coder.%s" .Values.commons.ingress.domain) }}
+    blueprint:
+      authentik:
+        domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
+      provider:
+        type: "oidc"
+        name: "GoToSocial"
+        oidc:
+          clientType: "confidential"
+          redirectURL: "https://{{ $host }}/external-auth/primary/callback"
+          clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "coder" "auth.clientID") | quote }}
+          clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "coder" "auth.clientSecret") | quote }}
+          signingKey: "authentik Self-signed Certificate"
+          scopes:
+            - name: "authentik default OAuth Mapping: OpenID 'openid'"
+            - name: "authentik default OAuth Mapping: OpenID 'email'"
+            - name: "authentik default OAuth Mapping: OpenID 'profile'"
+
+      groups:
+        - slug: "mycloud - users"
+          bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"
+
+      application:
+        policyEngineMode: "any"
+        openInNewTab: true
+        publisher: "WrenIX's myCloud"
+        slug: "mycloud-coder"
+        group: "Developing"
+        name: "Coder"
+        launchURL: "https://{{ $host }}/settings"
+        icon: "https://{{ $host }}/assets/logo.png"
+        description: "Deliver Real Developer Productivity - Code More. Build Fast. Spend Less."
--- a/mycloud-coder/templates/configmap_init_crd.yaml
+++ b/mycloud-coder/templates/configmap_init_crd.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-init
+  namespace: "{{ .Values.init.namespace }}"
+data:
+  {{- if and
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+  }}
+  init: "-1"
+  {{- else }}
+  init: "{{ add1 .Values.init.version }}"
+  {{- end }}
--- a/mycloud-coder/templates/release.yaml
+++ b/mycloud-coder/templates/release.yaml
@ -0,0 +1,70 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: "{{ .Release.Name }}-hr"
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: "{{ .Release.Name }}"
+      chart: "coder"
+      reconcileStrategy: "Revision"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  values:
+    {{- $host := .Values.ingress.host | default (printf "coder.%s" .Values.commons.ingress.domain) }}
+    {{- $wildcardHost := .Values.ingress.wildcardhost | default (printf "*-ide.%s" .Values.commons.ingress.domain) }}
+    coder:
+      env:
+        - name: CODER_ACCESS_URL
+          value: "https://{{ $host }}"
+        - name: CODER_WILDCARDACCESS_URL
+          value: "{{ $wildcardHost }}"
+      envFrom:
+        - secretRef:
+            name: 
+      applicationName: {{ .Values.commons.theme.title | quote }}
+      database:
+        type: postgres
+        address: {{ .Values.database.host | quote }}
+        username: {{ .Values.database.username | quote }}
+        password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "database_password" | b64enc) | quote }}
+        database: {{ .Values.database.name | quote }}
+      oidc:
+        enabled: true
+        idpName: {{ .Values.commons.theme.title | quote }}
+        issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-gotosocial/"
+        clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }}
+        clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }}
+        adminGroups:
+          - "authentik Admins"
+
+    service:
+      type: ClusterIP
+
+    ingress:
+      enabled: true
+      annotations:
+        {{- with .Values.commons.ingress.annotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.ingress.annotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      host: {{ $host | quote }}
+      wildcardHost: {{ $wildcardHost | quote }}
+      {{- if .Values.commons.ingress.tls.enabled }}
+      tls:
+        enabled: true
+        secretName: "mycloud-coder-cert"
+        wildcardSecretName: "mycloud-coder-cert"
+      {{- end }}
--- a/mycloud-coder/templates/repo.yaml
+++ b/mycloud-coder/templates/repo.yaml
@ -0,0 +1,6 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  url: https://helm.coder.com/v2
--- a/mycloud-coder/values.yaml
+++ b/mycloud-coder/values.yaml
@ -0,0 +1,59 @@
+init:
+  version: 0
+  namespace: "bases"
+
+commons:
+  masterPassword: "CHANGEME"
+
+  auth:
+    # -- default auth.(.Values.commons.ingress.domain)
+    host:
+
+  theme:
+    title: myCloud
+    logo: /static/dist/assets/icons/icon_left_brand.svg
+    favicon: /static/dist/assets/icons/icon.png
+
+  helm:
+    release:
+      install: {}
+      test: {}
+      upgrade: {}
+      driftDetection: {}
+
+  ingress:
+    domain: "wrenix.eu"
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    tls:
+      # -- tls on every ingress
+      enabled: true
+      # -- use own definition of tls (e.g. for own or wildcard certificate)
+      override:
+
+  prometheus:
+    monitor:
+      labels: {}
+    rules:
+      labels: {}
+
+auth:
+  # -- generated by .Values.commons.masterPassword
+  clientID:
+  # -- generated by .Values.commons.masterPassword
+  clientSecret:
+
+ingress:
+  # -- default: coder.(Values.commons.ingress.domain)
+  host:
+  # -- default: *-ide.(Values.commons.ingress.domain)
+  wildcardHost:
+  annotations:
+
+database:
+  # -- default is from mysql-services
+  host: mycloud-services-postgresql
+  name: coder
+  username: coder
+  # -- generated by .Values.commons.masterPassword (equal to mycloud-services)
+  password: