From 637e1c43c544d70f8ba4c9716d72d19600f6c6de Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Mon, 8 Sep 2025 10:16:11 +0200 Subject: [PATCH] add mealie --- .gitignore | 1 + .../apps/home-assistant/templates/client.yaml | 10 +++ .../templates/external-http-service.yaml | 11 +++ charts/apps/mealie/Chart.yaml | 3 + charts/apps/mealie/templates/client.yaml | 10 +++ charts/apps/mealie/templates/deployment.yaml | 72 +++++++++++++++++++ .../templates/external-http-service.yaml | 11 +++ .../apps/mealie/templates/http-service.yaml | 11 +++ charts/apps/mealie/templates/pvc.yaml | 11 +++ charts/apps/mealie/templates/service.yaml | 15 ++++ charts/apps/mealie/values.yaml | 8 +++ cloudflare.yaml | 32 +++++++++ 12 files changed, 195 insertions(+) create mode 100644 charts/apps/home-assistant/templates/client.yaml create mode 100644 charts/apps/home-assistant/templates/external-http-service.yaml create mode 100644 charts/apps/mealie/Chart.yaml create mode 100644 charts/apps/mealie/templates/client.yaml create mode 100644 charts/apps/mealie/templates/deployment.yaml create mode 100644 charts/apps/mealie/templates/external-http-service.yaml create mode 100644 charts/apps/mealie/templates/http-service.yaml create mode 100644 charts/apps/mealie/templates/pvc.yaml create mode 100644 charts/apps/mealie/templates/service.yaml create mode 100644 charts/apps/mealie/values.yaml create mode 100644 cloudflare.yaml diff --git a/.gitignore b/.gitignore index fe0ad9c..fa730f7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /secret.*.yaml /data/ +*.DS_Store \ No newline at end of file diff --git a/charts/apps/home-assistant/templates/client.yaml b/charts/apps/home-assistant/templates/client.yaml new file mode 100644 index 0000000..6b913fd --- /dev/null +++ b/charts/apps/home-assistant/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + redirectUris: + - path: /auth/openid/callback + subdomain: "{{ .Values.subdomain }}" + matchingMode: strict diff --git a/charts/apps/home-assistant/templates/external-http-service.yaml b/charts/apps/home-assistant/templates/external-http-service.yaml new file mode 100644 index 0000000..f865728 --- /dev/null +++ b/charts/apps/home-assistant/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local" + port: + number: 80 diff --git a/charts/apps/mealie/Chart.yaml b/charts/apps/mealie/Chart.yaml new file mode 100644 index 0000000..054a083 --- /dev/null +++ b/charts/apps/mealie/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +version: 1.0.0 +name: mealie diff --git a/charts/apps/mealie/templates/client.yaml b/charts/apps/mealie/templates/client.yaml new file mode 100644 index 0000000..d693063 --- /dev/null +++ b/charts/apps/mealie/templates/client.yaml @@ -0,0 +1,10 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: OidcClient +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + redirectUris: + - path: /login + subdomain: "{{ .Values.subdomain }}" + matchingMode: strict diff --git a/charts/apps/mealie/templates/deployment.yaml b/charts/apps/mealie/templates/deployment.yaml new file mode 100644 index 0000000..0f576f8 --- /dev/null +++ b/charts/apps/mealie/templates/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}" + template: + metadata: + labels: + app: "{{ .Release.Name }}" + spec: + containers: + - name: "{{ .Release.Name }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 9000 + name: http + env: + - name: TZ + value: "{{ .Values.globals.timezone }}" + - name: BASE_URL + value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }} + - name: ALLOW_SIGNUP + value: "false" + - name: PUID + value: "1000" + - name: PGID + value: "1000" + - name: OIDC_AUTH_ENABLED + value: "true" + - name: OIDC_SIGNUP_ENABLED + value: "true" + - name: OIDC_USER_GROUP + value: "mealie-users" + - name: OIDC_ADMIN_GROUP + value: "admin" + - name: OIDC_AUTO_REDIRECT + value: "true" + - name: OIDC_PROVIDER_NAME + value: Authentik + - name: OIDC_REMEMBER_ME + value: "true" + - name: OIDC_SIGNING_ALGORITHM + value: RS256 + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientId + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: clientSecret + - name: OIDC_CONFIGURATION_URL + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-client" + key: configuration + + volumeMounts: + - mountPath: /app/data + name: data + volumes: + - name: data + persistentVolumeClaim: + claimName: "{{ .Release.Name }}-data" diff --git a/charts/apps/mealie/templates/external-http-service.yaml b/charts/apps/mealie/templates/external-http-service.yaml new file mode 100644 index 0000000..e28916d --- /dev/null +++ b/charts/apps/mealie/templates/external-http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: ExternalHttpService +metadata: + name: '{{ .Release.Name }}' +spec: + environment: '{{ .Values.globals.environment }}' + subdomain: '{{ .Values.subdomain }}' + destination: + host: '{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local' + port: + number: 80 diff --git a/charts/apps/mealie/templates/http-service.yaml b/charts/apps/mealie/templates/http-service.yaml new file mode 100644 index 0000000..15b1989 --- /dev/null +++ b/charts/apps/mealie/templates/http-service.yaml @@ -0,0 +1,11 @@ +apiVersion: homelab.mortenolsen.pro/v1 +kind: HttpService +metadata: + name: "{{ .Release.Name }}" +spec: + environment: "{{ .Values.globals.environment }}" + subdomain: "{{ .Values.subdomain }}" + destination: + host: "{{ .Release.Name }}" + port: + number: 80 diff --git a/charts/apps/mealie/templates/pvc.yaml b/charts/apps/mealie/templates/pvc.yaml new file mode 100644 index 0000000..bc1d0a6 --- /dev/null +++ b/charts/apps/mealie/templates/pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: '{{ .Release.Name }}-data' +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: '1Gi' + storageClassName: '{{ .Values.globals.environment }}' diff --git a/charts/apps/mealie/templates/service.yaml b/charts/apps/mealie/templates/service.yaml new file mode 100644 index 0000000..8ad8f42 --- /dev/null +++ b/charts/apps/mealie/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}" + labels: + app: "{{ .Release.Name }}" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 9000 + protocol: TCP + name: http + selector: + app: "{{ .Release.Name }}" diff --git a/charts/apps/mealie/values.yaml b/charts/apps/mealie/values.yaml new file mode 100644 index 0000000..1c53d26 --- /dev/null +++ b/charts/apps/mealie/values.yaml @@ -0,0 +1,8 @@ +globals: + environment: prod + domain: olsen.cloud + timezone: Europe/Amsterdam +subdomain: mealie +image: + repository: ghcr.io/mealie-recipes/mealie + tag: latest \ No newline at end of file diff --git a/cloudflare.yaml b/cloudflare.yaml new file mode 100644 index 0000000..9871cc3 --- /dev/null +++ b/cloudflare.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare + namespace: homelab +data: + token: WDhqQ1Z2WGtHUVh4XzIzb0d2WmNUcWZkWm8zZGpsMXE0dGIxU0J3Zg== + account: ZThkZDYwMDQ5MTI2NDM3MDhhNGZlMDI4YjNkNWEzMzM= + tunnelName: aG9tZWxhYg== + tunnelId: YTI1ZTI1MDEtNzNiNi00MDc1LWI3MjYtZDc1YWViZmE4ZmNk + secret: UWgvRWtGNkY2MUNxSnFwMGlCQXJ3MUxyd245ZldtcTd1RDNrZk1VUEVBVT0= + +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: lets-encrypt-prod + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: alice@alice.com + privateKeySecretRef: + name: letsencrypt-prod-account-key + solvers: + - dns01: + cloudflare: + email: alice@alice.com + apiTokenSecretRef: + name: cloudflare + key: token