vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-28 10:00:47 +01:00
parent ccb828c881
commit 0961759af7
173 changed files with 449 additions and 8800 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/infisical/configs.tf Normal file
View File

@@ -0,0 +1,21 @@
resource "kubectl_manifest" "config" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data:
INVITE_ONLY_SIGNUP: ""
REDIS_URL: "${module.redis.url}"
SITE_URL: "https://${local.dns_name}"
SMTP_FROM_ADDRESS: ""
SMTP_FROM_NAME: "Infisical"
SMTP_HOST: ""
SMTP_PASSWORD: ""
SMTP_PORT: "587"
SMTP_SECURE: ""
SMTP_USERNAME: ""
EOF
}

26
apps/infisical/datas.tf Normal file
View File

@@ -0,0 +1,26 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kubernetes_secret_v1" "authentik" {
metadata {
name = "authentik"
namespace = "${var.domain}-auth"
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common-labels
resources = []
}

40
apps/infisical/deploy.tf Normal file
View File

@@ -0,0 +1,40 @@
resource "kubectl_manifest" "deploy" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
annotations:
configmap.reloader.stakater.com/reload: "${kubectl_manifest.config.name}"
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}"
spec:
replicas: ${var.replicas}
selector:
matchLabels: ${jsonencode(local.common-labels)}
template:
metadata:
labels: ${jsonencode(local.common-labels)}
spec:
containers:
- name: infisical-backend
image: "${var.images.infiscal.registry}/${var.images.infiscal.repository}:${var.images.infiscal.tag}"
imagePullPolicy: "${var.images.infiscal.pullPolicy}"
readinessProbe:
httpGet:
path: /api/status
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
ports:
- containerPort: 8080
name: http
protocol: TCP
envFrom:
- configMapRef:
name: "${kubectl_manifest.config.name}"
- secretRef:
name: "${kubectl_manifest.secret.name}"
EOF
}

185
apps/infisical/index.yaml Normal file
View File

@@ -0,0 +1,185 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: apps
metadata:
name: infisical
description: null
options:
language:
default: fr_FR
examples:
- fr_FR
type: string
sub_domain:
default: to-be-set
examples:
- to-be-set
type: string
replicas:
default: 1
examples:
- 1
type: integer
images:
default:
infisical:
pullPolicy: IfNotPresent
registry: docker.io
repository: infisical/infisical
tag: v1.0.0
redis:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
redis_exporter:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
examples:
- infisical:
pullPolicy: IfNotPresent
registry: docker.io
repository: infisical/infisical
tag: v1.0.0
redis:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
redis_exporter:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
properties:
infisical:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: infisical/infisical
tag: v1.0.0
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: infisical/infisical
type: string
tag:
default: v1.0.0
type: string
type: object
redis:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis
tag: v7.0.12
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: opstree/redis
type: string
tag:
default: v7.0.12
type: string
type: object
redis_exporter:
default:
pullPolicy: IfNotPresent
registry: quay.io
repository: opstree/redis-exporter
tag: v1.44.0
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: quay.io
type: string
repository:
default: opstree/redis-exporter
type: string
tag:
default: v1.44.0
type: string
type: object
type: object
sso_vynil:
default: true
examples:
- true
type: boolean
timezone:
default: Europe/Paris
examples:
- Europe/Paris
type: string
domain_name:
default: your-company.com
examples:
- your-company.com
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress_class:
default: traefik
examples:
- traefik
type: string
app_group:
default: apps
examples:
- apps
type: string
dependencies:
- dist: null
category: core
component: secret-generator
- dist: null
category: dbo
component: mongo
- dist: null
category: dbo
component: redis
providers:
kubernetes: true
authentik: true
kubectl: true
postgresql: null
mysql: null
restapi: true
http: true
gitea: null
tfaddtype: null

80
apps/infisical/presentation.tf Normal file
View File

@@ -0,0 +1,80 @@
locals {
dns_name = "${var.sub_domain}.${var.domain_name}"
dns_names = [local.dns_name]
icon = "icon.svg"
request_headers = {
"Content-Type" = "application/json"
Authorization = "Bearer ${data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]}"
}
}
module "service" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//service"
component = var.component
instance = var.instance
namespace = var.namespace
labels = local.common-labels
targets = ["http"]
providers = {
kubectl = kubectl
}
}
module "ingress" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress"
component = ""
instance = var.instance
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common-labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [module.service.default_definition]
providers = {
kubectl = kubectl
}
}
module "application" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
component = var.component
instance = var.instance
app_group = var.app_group
dns_name = local.dns_name
icon = local.icon
protocol_provider = module.forward.provider-id
providers = {
authentik = authentik
}
}
provider "restapi" {
uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
headers = local.request_headers
create_method = "PATCH"
update_method = "PATCH"
destroy_method = "PATCH"
write_returns_object = true
id_attribute = "name"
}
module "forward" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//forward"
component = var.component
instance = var.instance
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
labels = local.common-labels
dns_names = local.dns_names
service = module.service.default_definition
icon = local.icon
request_headers = local.request_headers
providers = {
restapi = restapi
http = http
kubectl = kubectl
authentik = authentik
}
}

31
apps/infisical/secret.tf Normal file
View File

@@ -0,0 +1,31 @@
resource "kubectl_manifest" "secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
forceRegenerate: false
data:
MONGO_URL: "${module.mongo.url}"
fields:
- fieldName: "JWT_SIGNUP_SECRET"
length: "32"
- fieldName: "JWT_SERVICE_SECRET"
length: "32"
- fieldName: "JWT_REFRESH_SECRET"
length: "32"
- fieldName: "JWT_PROVIDER_AUTH_SECRET"
length: "32"
- fieldName: "JWT_MFA_SECRET"
length: "32"
- fieldName: "JWT_AUTH_SECRET"
length: "32"
- fieldName: "ENCRYPTION_KEY"
length: "32"
EOF
}

21
apps/infisical/storage.tf Normal file
View File

@@ -0,0 +1,21 @@
module "redis" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//redis"
component = var.component
instance = var.instance
namespace = var.namespace
labels = local.common-labels
images = var.images
providers = {
kubectl = kubectl
}
}
module "mongo" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//mongo"
component = var.component
instance = var.instance
namespace = var.namespace
labels = local.common-labels
providers = {
kubectl = kubectl
}
}

415
apps/nextcloud/index.yaml
View File

@@ -6,21 +6,175 @@ metadata:
name: nextcloud
description: null
options:
ingress_class:
default: traefik
issuer:
default: letsencrypt-prod
examples:
- traefik
- letsencrypt-prod
type: string
app_group:
default: ''
postgres:
default:
replicas: 1
examples:
- ''
type: string
openid-name:
default: vynil
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
apps:
default:
audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
examples:
- vynil
type: string
- audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
properties:
audioplayer:
default: false
type: boolean
bookmarks:
default: false
type: boolean
bpm:
default: false
type: boolean
calendar:
default: false
type: boolean
collabora:
default: false
type: boolean
contacts:
default: false
type: boolean
deck:
default: false
type: boolean
groupfolders:
default: true
type: boolean
mindmap:
default: false
type: boolean
music:
default: false
type: boolean
notes:
default: false
type: boolean
onlyoffice:
default: false
type: boolean
passman:
default: false
type: boolean
spreed:
default: false
type: boolean
tables:
default: false
type: boolean
tasks:
default: false
type: boolean
texteditor:
default: true
type: boolean
type: object
storage:
default:
postgres:
size: 5Gi
redis:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
description: Configure this app storage
examples:
- postgres:
size: 5Gi
redis:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
properties:
postgres:
default:
size: 5Gi
properties:
size:
default: 5Gi
type: string
type: object
redis:
default:
size: 2Gi
properties:
size:
default: 2Gi
type: string
type: object
volume:
default:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
class:
default: ''
type: string
size:
default: 10Gi
type: string
type:
default: Filesystem
type: string
type: object
type: object
backups:
default:
enable: false
@@ -127,182 +281,6 @@ options:
default: false
type: boolean
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
storage:
default:
postgres:
size: 5Gi
redis:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
description: Configure this app storage
examples:
- postgres:
size: 5Gi
redis:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
properties:
postgres:
default:
size: 5Gi
properties:
size:
default: 5Gi
type: string
type: object
redis:
default:
size: 2Gi
properties:
size:
default: 2Gi
type: string
type: object
volume:
default:
accessMode: ReadWriteOnce
class: ''
size: 10Gi
type: Filesystem
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
class:
default: ''
type: string
size:
default: 10Gi
type: string
type:
default: Filesystem
type: string
type: object
type: object
apps:
default:
audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
examples:
- audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
properties:
audioplayer:
default: false
type: boolean
bookmarks:
default: false
type: boolean
bpm:
default: false
type: boolean
calendar:
default: false
type: boolean
collabora:
default: false
type: boolean
contacts:
default: false
type: boolean
deck:
default: false
type: boolean
groupfolders:
default: true
type: boolean
mindmap:
default: false
type: boolean
music:
default: false
type: boolean
notes:
default: false
type: boolean
onlyoffice:
default: false
type: boolean
passman:
default: false
type: boolean
spreed:
default: false
type: boolean
tables:
default: false
type: boolean
tasks:
default: false
type: boolean
texteditor:
default: true
type: boolean
type: object
redis:
default:
exporter:
enabled: true
examples:
- exporter:
enabled: true
properties:
exporter:
default:
enabled: true
properties:
enabled:
default: true
type: boolean
type: object
type: object
images:
default:
collabora:
@@ -558,6 +536,38 @@ options:
type: string
type: object
type: object
redis:
default:
exporter:
enabled: true
examples:
- exporter:
enabled: true
properties:
exporter:
default:
enabled: true
properties:
enabled:
default: true
type: boolean
type: object
type: object
admin:
default:
name: nextcloud_admin
examples:
- name: nextcloud_admin
properties:
name:
default: nextcloud_admin
type: string
type: object
app_group:
default: ''
examples:
- ''
type: string
domain_name:
default: your_company.com
examples:
@@ -583,31 +593,21 @@ options:
default: 1
type: integer
type: object
admin:
default:
name: nextcloud_admin
ingress_class:
default: traefik
examples:
- name: nextcloud_admin
properties:
name:
default: nextcloud_admin
type: string
type: object
postgres:
default:
replicas: 1
examples:
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
- traefik
type: string
domain:
default: your-company
examples:
- your-company
type: string
openid-name:
default: vynil
examples:
- vynil
type: string
sub_domain:
default: files
examples:
@@ -628,7 +628,8 @@ providers:
authentik: true
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null
tfaddtype: true