From 21262705a7f2309083ffb9ba5b42b444392fad34 Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Wed, 3 Sep 2025 23:06:59 +0200 Subject: [PATCH] fixes --- charts/apps/gitea/Chart.yaml | 3 + charts/apps/gitea/templates/client.yaml | 10 ++ charts/apps/gitea/templates/database.yaml | 6 ++ charts/apps/gitea/templates/deployment.yaml | 96 +++++++++++++++++++ .../templates/external-http-service.yaml | 11 +++ charts/apps/gitea/templates/pvc.yaml | 11 +++ charts/apps/gitea/templates/service.yaml | 15 +++ charts/apps/gitea/values.yaml | 8 ++ charts/apps/metamcp/Chart.yaml | 3 + charts/apps/metamcp/templates/database.yaml | 6 ++ charts/apps/metamcp/templates/deployment.yaml | 79 +++++++++++++++ .../templates/external-http-service.yaml | 11 +++ charts/apps/metamcp/templates/pvc.yaml | 11 +++ charts/apps/metamcp/templates/secret.yaml | 9 ++ charts/apps/metamcp/templates/service.yaml | 15 +++ charts/apps/metamcp/values.yaml | 8 ++ .../generate-secret/generate-secret.ts | 2 +- .../postgres-database/postgres-database.ts | 24 +++-- 18 files changed, 319 insertions(+), 9 deletions(-) create mode 100644 charts/apps/gitea/Chart.yaml create mode 100644 charts/apps/gitea/templates/client.yaml create mode 100644 charts/apps/gitea/templates/database.yaml create mode 100644 charts/apps/gitea/templates/deployment.yaml create mode 100644 charts/apps/gitea/templates/external-http-service.yaml create mode 100644 charts/apps/gitea/templates/pvc.yaml create mode 100644 charts/apps/gitea/templates/service.yaml create mode 100644 charts/apps/gitea/values.yaml create mode 100644 charts/apps/metamcp/Chart.yaml create mode 100644 charts/apps/metamcp/templates/database.yaml create mode 100644 charts/apps/metamcp/templates/deployment.yaml create mode 100644 charts/apps/metamcp/templates/external-http-service.yaml create mode 100644 charts/apps/metamcp/templates/pvc.yaml create mode 100644 charts/apps/metamcp/templates/secret.yaml create mode 100644 charts/apps/metamcp/templates/service.yaml create mode 100644 charts/apps/metamcp/values.yaml diff --git a/charts/apps/gitea/Chart.yaml b/charts/apps/gitea/Chart.yaml new file mode 100644 index 0000000..2027869 --- /dev/null +++ b/charts/apps/gitea/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: gitea diff --git a/charts/apps/gitea/templates/client.yaml b/charts/apps/gitea/templates/client.yaml new file mode 100644 index 0000000..3f4410c --- /dev/null +++ b/charts/apps/gitea/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /user/oauth2/Authentik/callback + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict diff --git a/charts/apps/gitea/templates/database.yaml b/charts/apps/gitea/templates/database.yaml new file mode 100644 index 0000000..6a30b53 --- /dev/null +++ b/charts/apps/gitea/templates/database.yaml @@ -0,0 +1,6 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: PostgresDatabase +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' diff --git a/charts/apps/gitea/templates/deployment.yaml b/charts/apps/gitea/templates/deployment.yaml new file mode 100644 index 0000000..bf65af1 --- /dev/null +++ b/charts/apps/gitea/templates/deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 3000 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /data + name: data + env: + - name: TZ + value: '{{ .Values.globals.timezone }}' + - name: USER_UID + value: '1000' + - name: USER_GID + value: '1000' + - name: GITEA__service__REQUIRE_EXTERNAL_REGISTRATION_PASSWORD + value: 'true' + - name: GITEA__service__ENABLE_BASIC_AUTHENTICATION + value: 'true' + - name: GITEA__service__ENABLE_PASSWORD_SIGNIN_FORM + value: 'false' + - name: GITEA__service__DEFAULT_KEEP_EMAIL_PRIVATE + value: 'true' + - name: GITEA__service__DEFAULT_USER_IS_RESTRICTED + value: 'true' + - name: GITEA__service__DEFAULT_USER_VISIBILITY + value: 'private' + - name: GITEA__service__DEFAULT_ORG_VISIBILITY + value: 'private' + - name: GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION + value: 'true' + - name: GITEA__other__SHOW_FOOTER_POWERED_BY + value: 'false' + - name: GITEA__other__SHOW_FOOTER_TEMPLATE_LOAD_TIME + value: 'false' + - name: GITEA__other__SHOW_FOOTER_VERSION + value: 'false' + - name: GITEA__repository__ENABLE_PUSH_CREATE_USER + value: 'true' + - name: GITEA__repository__ENABLE_PUSH_CREATE_ORG + value: 'true' + - name: GITEA__openid__ENABLE_OPENID_SIGNIN + value: 'false' + - name: GITEA__openid__ENABLE_OPENID_SIGNUP + value: 'false' + - name: GITEA__database__DB_TYPE + value: postgres + - name: GITEA__database__NAME + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: database + - name: GITEA__database__HOST + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: host + - name: GITEA__database__USER + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: user + - name: GITEA__database__PASSWD + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: password + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/gitea/templates/external-http-service.yaml b/charts/apps/gitea/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/gitea/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/gitea/templates/pvc.yaml b/charts/apps/gitea/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/gitea/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/gitea/templates/service.yaml b/charts/apps/gitea/templates/service.yaml new file mode 100644 index 0000000..f1ca183 --- /dev/null +++ b/charts/apps/gitea/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 3000 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/gitea/values.yaml b/charts/apps/gitea/values.yaml new file mode 100644 index 0000000..c49f7ad --- /dev/null +++ b/charts/apps/gitea/values.yaml @@ -0,0 +1,8 @@ +globals: + environment: prod + timezone: Europe/Amsterdam +image: + repository: docker.gitea.com/gitea + tag: latest + pullPolicy: IfNotPresent +subdomain: gitea diff --git a/charts/apps/metamcp/Chart.yaml b/charts/apps/metamcp/Chart.yaml new file mode 100644 index 0000000..886d45c --- /dev/null +++ b/charts/apps/metamcp/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: metamcp diff --git a/charts/apps/metamcp/templates/database.yaml b/charts/apps/metamcp/templates/database.yaml new file mode 100644 index 0000000..6a30b53 --- /dev/null +++ b/charts/apps/metamcp/templates/database.yaml @@ -0,0 +1,6 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: PostgresDatabase +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' diff --git a/charts/apps/metamcp/templates/deployment.yaml b/charts/apps/metamcp/templates/deployment.yaml new file mode 100644 index 0000000..45f58d2 --- /dev/null +++ b/charts/apps/metamcp/templates/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ .Release.Name }}' +spec: + strategy: + type: Recreate + replicas: 1 + selector: + matchLabels: + app: '{{ .Release.Name }}' + template: + metadata: + labels: + app: '{{ .Release.Name }}' + spec: + containers: + - name: '{{ .Release.Name }}' + image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + ports: + - name: http + containerPort: 12008 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + readinessProbe: + tcpSocket: + port: http + volumeMounts: + - mountPath: /data + name: data + env: + - name: TZ + value: '{{ .Values.globals.timezone }}' + - name: APP_URL + value: https://metamcp.olsen.cloud # TODO: Change + - name: NEXT_PUBLIC_APP_URL + value: https://metamcp.olsen.cloud # TODO: Change + - name: BETTER_AUTH_SECRET + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-secrets' + key: betterauth + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: url + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: database + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: host + - name: POSTGRES_PORT + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: port + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: '{{ .Release.Name }}-pg-connection' + key: password + volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ .Release.Name }}-data' diff --git a/charts/apps/metamcp/templates/external-http-service.yaml b/charts/apps/metamcp/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/metamcp/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/metamcp/templates/pvc.yaml b/charts/apps/metamcp/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/metamcp/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/metamcp/templates/secret.yaml b/charts/apps/metamcp/templates/secret.yaml new file mode 100644 index 0000000..9157356 --- /dev/null +++ b/charts/apps/metamcp/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: GenerateSecret +metadata: + name: '{{ .Release.Name }}-secrets' +spec: + fields: + - name: betterauth + encoding: base64 + length: 64 diff --git a/charts/apps/metamcp/templates/service.yaml b/charts/apps/metamcp/templates/service.yaml new file mode 100644 index 0000000..d730592 --- /dev/null +++ b/charts/apps/metamcp/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: '{{ .Release.Name }}' + labels: + app: '{{ .Release.Name }}' +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 12008 + protocol: TCP + name: http + selector: + app: '{{ .Release.Name }}' diff --git a/charts/apps/metamcp/values.yaml b/charts/apps/metamcp/values.yaml new file mode 100644 index 0000000..6852c62 --- /dev/null +++ b/charts/apps/metamcp/values.yaml @@ -0,0 +1,8 @@ +globals: + environment: prod + timezone: Europe/Amsterdam +image: + repository: ghcr.io/metatool-ai/metamcp + tag: latest + pullPolicy: IfNotPresent +subdomain: metamcp diff --git a/src/resources/homelab/generate-secret/generate-secret.ts b/src/resources/homelab/generate-secret/generate-secret.ts index b47b5a8..46e63e4 100644 --- a/src/resources/homelab/generate-secret/generate-secret.ts +++ b/src/resources/homelab/generate-secret/generate-secret.ts @@ -40,7 +40,7 @@ class GenerateSecret extends CustomResource { ...current, }; - await this.#secret.ensure(expected); + await this.#secret.set(expected); }; } diff --git a/src/resources/homelab/postgres-database/postgres-database.ts b/src/resources/homelab/postgres-database/postgres-database.ts index 7afe6ea..eb1f005 100644 --- a/src/resources/homelab/postgres-database/postgres-database.ts +++ b/src/resources/homelab/postgres-database/postgres-database.ts @@ -26,6 +26,7 @@ type SecretData = { database: string; host: string; port: string; + url: string; }; const sanitizeName = (input: string) => { @@ -87,15 +88,22 @@ class PostgresDatabase extends CustomResource { throw new NotReadyError('MissingClusterSecret'); } + const expected = { + password: generateRandomHexPass(), + user: this.username, + database: this.database, + ...this.#secret.value, + host: clusterSecret.host, + port: clusterSecret.port, + }; + + const url = `postgresql://${expected.user}:${expected.password}@${expected.host}:${expected.port}/${expected.database}`; + await this.#secret.set( - (current) => ({ - password: generateRandomHexPass(), - user: this.username, - database: this.database, - ...current, - host: clusterSecret.host, - port: clusterSecret.port, - }), + { + ...expected, + url, + }, { metadata: { ownerReferences: [this.ref],