diff --git a/charts/apps/data/Chart.yaml b/charts/apps/data/Chart.yaml new file mode 100644 index 0000000..339c647 --- /dev/null +++ b/charts/apps/data/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: data diff --git a/charts/apps/data/templates/database.yaml b/charts/apps/data/templates/database.yaml new file mode 100644 index 0000000..6a30b53 --- /dev/null +++ b/charts/apps/data/templates/database.yaml @@ -0,0 +1,6 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: PostgresDatabase +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' diff --git a/charts/apps/data/values.yaml b/charts/apps/data/values.yaml new file mode 100644 index 0000000..d005bde --- /dev/null +++ b/charts/apps/data/values.yaml @@ -0,0 +1,2 @@ +globals: + environment: prod diff --git a/charts/apps/linkwarden/Chart.yaml b/charts/apps/linkwarden/Chart.yaml new file mode 100644 index 0000000..bf40913 --- /dev/null +++ b/charts/apps/linkwarden/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: Linkwarden diff --git a/charts/apps/linkwarden/templates/client.yaml b/charts/apps/linkwarden/templates/client.yaml new file mode 100644 index 0000000..7fbff6e --- /dev/null +++ b/charts/apps/linkwarden/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + redirectUris: + - path: /api/v1/auth/callback/authentik + subdomain: "{{ .Values.subdomain }}" + matchingMode: strict diff --git a/charts/apps/linkwarden/templates/database.yaml b/charts/apps/linkwarden/templates/database.yaml new file mode 100644 index 0000000..6a30b53 --- /dev/null +++ b/charts/apps/linkwarden/templates/database.yaml @@ -0,0 +1,6 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: PostgresDatabase +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' diff --git a/charts/apps/linkwarden/templates/deployment.yaml b/charts/apps/linkwarden/templates/deployment.yaml new file mode 100644 index 0000000..79f72f6 --- /dev/null +++ b/charts/apps/linkwarden/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + ports: + - containerPort: 3000 + name: http + env: + - name: TZ + value: "{{ .Values.globals.timezone }}" + - name: NEXTAUTH_URL + value: "https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}/api/v1/auth" + - name: NEXT_PUBLIC_OLLAMA_ENDPOINT_URL + value: "http://ollama:80" + - name: OLLAMA_MODEL + value: phi3:mini-4k + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-pg-connection" + key: url + - name: NEXTAUTH_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-secrets" + key: nextauth + - name: NEXT_PUBLIC_DISABLE_REGISTRATION + value: "true" + - name: NEXT_PUBLIC_CREDENTIALS_ENABLED + value: "false" + - name: DISABLE_NEW_SSO_USERS + value: "false" + - name: NEXT_PUBLIC_AUTHENTIK_ENABLED + value: "true" + - name: AUTHENTIK_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientId + - name: AUTHENTIK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientSecret + - name: AUTHENTIK_ISSUER + value: "https://authentik.{{ .Values.globals.domain }}/application/o/linkwarden" + # TODO: + # - name: AUTHENTIK_ISSUER + # valueFrom: + # secretKeyRef: + # name: "{{ .Release.Name }}-client" + # key: configurationIssuer + volumeMounts: + - mountPath: /data/data + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/linkwarden/templates/external-http-service.yaml b/charts/apps/linkwarden/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/linkwarden/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/linkwarden/templates/http-service.yaml b/charts/apps/linkwarden/templates/http-service.yaml new file mode 100644 index 0000000..15b1989 --- /dev/null +++ b/charts/apps/linkwarden/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}" + port: + number: 80 diff --git a/charts/apps/linkwarden/templates/pvc.yaml b/charts/apps/linkwarden/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/linkwarden/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/linkwarden/templates/secret.yaml b/charts/apps/linkwarden/templates/secret.yaml new file mode 100644 index 0000000..cd7bee9 --- /dev/null +++ b/charts/apps/linkwarden/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: GenerateSecret +metadata: + name: "{{ .Release.Name }}-secrets" +spec: + fields: + - name: nextauth + encoding: hex + length: 64 diff --git a/charts/apps/linkwarden/templates/service.yaml b/charts/apps/linkwarden/templates/service.yaml new file mode 100644 index 0000000..b759568 --- /dev/null +++ b/charts/apps/linkwarden/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 3000 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/linkwarden/values.yaml b/charts/apps/linkwarden/values.yaml new file mode 100644 index 0000000..1cc8666 --- /dev/null +++ b/charts/apps/linkwarden/values.yaml @@ -0,0 +1,9 @@ +globals: + environment: prod + domain: olsen.cloud + timezone: Europe/Amsterdam +image: + repository: ghcr.io/linkwarden/linkwarden + tag: latest + pullPolicy: IfNotPresent +subdomain: linkwarden diff --git a/charts/apps/metamcp/templates/client.yaml b/charts/apps/metamcp/templates/client.yaml new file mode 100644 index 0000000..60befa2 --- /dev/null +++ b/charts/apps/metamcp/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + redirectUris: + - path: /api/auth/oidc/callback + subdomain: '{{ .Values.subdomain }}' + matchingMode: strict diff --git a/charts/apps/metamcp/templates/deployment.yaml b/charts/apps/metamcp/templates/deployment.yaml index 45f58d2..0dfcaf5 100644 --- a/charts/apps/metamcp/templates/deployment.yaml +++ b/charts/apps/metamcp/templates/deployment.yaml @@ -1,23 +1,23 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: '{{ .Release.Name }}' + name: "{{ .Release.Name }}" spec: strategy: type: Recreate replicas: 1 selector: matchLabels: - app: '{{ .Release.Name }}' + app: "{{ .Release.Name }}" template: metadata: labels: - app: '{{ .Release.Name }}' + app: "{{ .Release.Name }}" spec: containers: - - name: '{{ .Release.Name }}' - image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}' - imagePullPolicy: '{{ .Values.image.pullPolicy }}' + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" ports: - name: http containerPort: 12008 @@ -33,47 +33,68 @@ spec: name: data env: - name: TZ - value: '{{ .Values.globals.timezone }}' + value: "{{ .Values.globals.timezone }}" - name: APP_URL - value: https://metamcp.olsen.cloud # TODO: Change + value: "https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - name: NEXT_PUBLIC_APP_URL - value: https://metamcp.olsen.cloud # TODO: Change + value: "https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-secrets' + name: "{{ .Release.Name }}-secrets" key: betterauth - name: DATABASE_URL valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: url - name: POSTGRES_DB valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: database - name: POSTGRES_HOST valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: host - name: POSTGRES_PORT valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: port - name: POSTGRES_USER valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: '{{ .Release.Name }}-pg-connection' + name: "{{ .Release.Name }}-pg-connection" key: password + - name: OIDC_PROVIDER_ID + value: oidc + - name: OIDC_SCOPES + value: openid email profile + - name: OIDC_PKCE + value: "true" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientId + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientSecret + - name: OIDC_DISCOVERY_URL + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: configuration volumes: - name: data persistentVolumeClaim: - claimName: '{{ .Release.Name }}-data' + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/metamcp/values.yaml b/charts/apps/metamcp/values.yaml index 55bd78d..1bf9d32 100644 --- a/charts/apps/metamcp/values.yaml +++ b/charts/apps/metamcp/values.yaml @@ -1,5 +1,6 @@ globals: environment: prod + domain: olsen.cloud timezone: Europe/Amsterdam image: repository: ghcr.io/metatool-ai/metamcp diff --git a/charts/apps/mqtt/templates/config.yaml b/charts/apps/mqtt/templates/config.yaml index e12d57f..a099a66 100644 --- a/charts/apps/mqtt/templates/config.yaml +++ b/charts/apps/mqtt/templates/config.yaml @@ -8,5 +8,5 @@ data: mosquitto.conf: | persistence true persistence_location /mosquitto/data/ - listener 1884 0.0.0.0 + listener 1883 0.0.0.0 allow_anonymous true diff --git a/charts/apps/mqtt/templates/deployment.yaml b/charts/apps/mqtt/templates/deployment.yaml index 08974b4..92fabd5 100644 --- a/charts/apps/mqtt/templates/deployment.yaml +++ b/charts/apps/mqtt/templates/deployment.yaml @@ -27,7 +27,7 @@ spec: command: - sh - -c - - mosquitto_pub -h localhost -p 1884 -t health/ready -m "ready" -q 0 -i readiness_client -V 5 + - mosquitto_pub -h localhost -p 1883 -t health/ready -m "ready" -q 0 -i readiness_client -V 5 initialDelaySeconds: 10 # Give broker time to start periodSeconds: 20 # Check every 20 seconds timeoutSeconds: 5 # Fail if command takes longer than 5 seconds @@ -37,7 +37,7 @@ spec: command: - sh - -c - - mosquitto_pub -h localhost -p 1884 -t health/ready -m "ready" -q 0 -i readiness_client -V 5 + - mosquitto_pub -h localhost -p 1883 -t health/ready -m "ready" -q 0 -i readiness_client -V 5 initialDelaySeconds: 15 periodSeconds: 20 timeoutSeconds: 5 diff --git a/charts/apps/mqtt/templates/http-service.yaml b/charts/apps/mqtt/templates/http-service.yaml new file mode 100644 index 0000000..52a7cc3 --- /dev/null +++ b/charts/apps/mqtt/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}" + port: + number: 1883 diff --git a/charts/apps/mqtt/templates/service.yaml b/charts/apps/mqtt/templates/service.yaml index b382d29..ca1209d 100644 --- a/charts/apps/mqtt/templates/service.yaml +++ b/charts/apps/mqtt/templates/service.yaml @@ -5,7 +5,7 @@ metadata: labels: app: "{{ .Release.Name }}" spec: - type: ClusterIP + type: LoadBalancer ports: - port: 1883 targetPort: 1883 diff --git a/charts/apps/nocodb/Chart.yaml b/charts/apps/nocodb/Chart.yaml new file mode 100644 index 0000000..4fcb6db --- /dev/null +++ b/charts/apps/nocodb/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: nocodb diff --git a/charts/apps/nocodb/templates/deployment.yaml b/charts/apps/nocodb/templates/deployment.yaml new file mode 100644 index 0000000..ded3cb8 --- /dev/null +++ b/charts/apps/nocodb/templates/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + ports: + - containerPort: 8080 + name: http + env: + - name: TZ + value: "{{ .Values.globals.timezone }}" + - name: PUID + - mountPath: /usr/app/data/ + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/nocodb/templates/external-http-service.yaml b/charts/apps/nocodb/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/nocodb/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/nocodb/templates/http-service.yaml b/charts/apps/nocodb/templates/http-service.yaml new file mode 100644 index 0000000..15b1989 --- /dev/null +++ b/charts/apps/nocodb/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}" + port: + number: 80 diff --git a/charts/apps/nocodb/templates/pvc.yaml b/charts/apps/nocodb/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/nocodb/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/nocodb/templates/service.yaml b/charts/apps/nocodb/templates/service.yaml new file mode 100644 index 0000000..c2cbc23 --- /dev/null +++ b/charts/apps/nocodb/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/nocodb/values.yaml b/charts/apps/nocodb/values.yaml new file mode 100644 index 0000000..0008628 --- /dev/null +++ b/charts/apps/nocodb/values.yaml @@ -0,0 +1,9 @@ +globals: + environment: prod + domain: olsen.cloud + timezone: Europe/Amsterdam +image: + repository: nocodb/nocodb + tag: latest + pullPolicy: IfNotPresent +subdomain: nocodb diff --git a/notes.md b/notes.md new file mode 100644 index 0000000..83d6c63 --- /dev/null +++ b/notes.md @@ -0,0 +1 @@ +![authentik bg](/static/dist/assets/images/flow_background.jpg)