add miniflux

disable ssl on pg
2026-02-08 01:36:28 +01:00 · 2025-09-08 11:31:41 +02:00 · 2025-09-08 11:24:32 +02:00
12 changed files with 99 additions and 68 deletions
--- a/charts/apps/miniflux.disable/templates/deployment.yaml
+++ b/charts/apps/miniflux.disable/templates/deployment.yaml
@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: '{{ .Release.Name }}'
-  labels:
-    app: '{{ .Release.Name }}'
-spec:
-  serviceName: '{{ .Release.Name }}-headless'
-  replicas: 1
-  selector:
-    matchLabels:
-      app: '{{ .Release.Name }}'
-  template:
-    metadata:
-      labels:
-        app: '{{ .Release.Name }}'
-    spec:
-      containers:
-        - name: '{{ .Release.Name }}'
-          image: ghcr.io/miniflux/miniflux:latest
-          ports:
-            - containerPort: 8080
-              name: http
-          env:
-            - name: ALLOW_NEW_ACCOUNTS
-              value: 'true'
-            - name: DISABLE_INTERNAL_ACCOUNTS
-              value: 'true'
-            - name: OIDC_ENABLED
-              value: 'true'
-            - name: OIDC_DISPLAY_NAME
-              value: OIDC
-            - name: OIDC_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: '{{ .Release.Name }}-client'
-                  key: clientId
-            - name: OIDC_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: '{{ .Release.Name }}-client'
-                  key: clientSecret
-            - name: OIDC_ISSUER_URL
-              valueFrom:
-                secretKeyRef:
-                  name: '{{ .Release.Name }}-client'
-                  key: configuration
-
-          volumeMounts:
-            - mountPath: /data/snippets
-              name: data
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: '{{ .Release.Name }}-data'
--- a/charts/apps/miniflux.disable/values.yaml
+++ b/charts/apps/miniflux.disable/values.yaml
@@ -1,3 +0,0 @@
-globals:
-  environment: prod
-subdomain: miniflux
--- a/charts/apps/miniflux.disable/Chart.yaml
+++ b/charts/apps/miniflux.disable/Chart.yaml
@@ -1,3 +1,3 @@
 apiVersion: v2
 version: 1.0.0
-name: ByteStash
+name: miniflux
--- a/charts/apps/miniflux/templates/client.yaml
+++ b/charts/apps/miniflux/templates/client.yaml
@@ -0,0 +1,10 @@
+apiVersion: homelab.mortenolsen.pro/v1
+kind: OidcClient
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  environment: "{{ .Values.globals.environment }}"
+  redirectUris:
+    - path: oauth2/oidc/callback
+      subdomain: "{{ .Values.subdomain }}"
+      matchingMode: strict
--- a/charts/apps/miniflux.disable/templates/client.yaml
+++ b/charts/apps/miniflux.disable/templates/client.yaml
@@ -1,10 +1,6 @@
 apiVersion: homelab.mortenolsen.pro/v1
-kind: OidcClient
+kind: PostgresDatabase
 metadata:
  name: '{{ .Release.Name }}'
 spec:
  environment: '{{ .Values.globals.environment }}'
-  redirectUris:
-    - path: /api/auth/oidc/callback
-      subdomain: bytestash
-      matchingMode: strict
--- a/charts/apps/miniflux/templates/deployment.yaml
+++ b/charts/apps/miniflux/templates/deployment.yaml
@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Release.Name }}"
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Release.Name }}"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Release.Name }}"
+    spec:
+      containers:
+        - name: "{{ .Release.Name }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+          readinessProbe:
+            tcpSocket:
+              port: http
+          volumeMounts:
+            - mountPath: /data
+              name: data
+          env:
+            - name: TZ
+              value: "{{ .Values.globals.timezone }}"
+            - name: BASE_URL
+              value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
+            - name: RUN_MIGRATIONS
+              value: "1"
+            - name: DISABLE_LOCAL_AUTH
+              value: "1"
+            - name: OAUTH2_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-client"
+                  key: clientId
+            - name: OAUTH2_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-client"
+                  key: clientSecret
+            - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-client"
+                  key: configurationIssuer
+            - name: OAUTH2_OIDC_PROVIDER_NAME
+              value: Authentik
+            - name: OAUTH2_PROVIDER
+              value: oidc
+            - name: OAUTH2_REDIRECT_URL
+              value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}/oauth2/oidc/callback
+            - name: OAUTH2_USER_CREATION
+              value: "1"
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-pg-connection"
+                  key: url
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: "{{ .Release.Name }}-data"
--- a/charts/apps/miniflux.disable/templates/external-http-service.yaml
+++ b/charts/apps/miniflux.disable/templates/external-http-service.yaml
--- a/charts/apps/miniflux.disable/templates/pvc.yaml
+++ b/charts/apps/miniflux.disable/templates/pvc.yaml
--- a/charts/apps/miniflux.disable/templates/service.yaml
+++ b/charts/apps/miniflux.disable/templates/service.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: '{{ .Release.Name }}'
+  name: "{{ .Release.Name }}"
  labels:
-    app: '{{ .Release.Name }}'
+    app: "{{ .Release.Name }}"
 spec:
  type: ClusterIP
  ports:
@@ -12,4 +12,4 @@ spec:
      protocol: TCP
      name: http
  selector:
-    app: '{{ .Release.Name }}'
+    app: "{{ .Release.Name }}"
--- a/charts/apps/miniflux/values.yaml
+++ b/charts/apps/miniflux/values.yaml
@@ -0,0 +1,9 @@
+globals:
+  environment: prod
+  timezone: Europe/Amsterdam
+  domain: olsen.cloud
+image:
+  repository: ghcr.io/miniflux/miniflux
+  tag: latest
+  pullPolicy: IfNotPresent
+subdomain: miniflux
--- a/images/operator/patches/@kubernetesclient-node.patch
+++ b/images/operator/patches/@kubernetesclient-node.patch
--- a/images/operator/src/resources/homelab/postgres-database/postgres-database.ts
+++ b/images/operator/src/resources/homelab/postgres-database/postgres-database.ts
@@ -97,7 +97,7 @@ class PostgresDatabase extends CustomResource<typeof specSchema> {
      port: clusterSecret.port,
    };

-    const url = `postgresql://${expected.user}:${expected.password}@${expected.host}:${expected.port}/${expected.database}`;
+    const url = `postgresql://${expected.user}:${expected.password}@${expected.host}:${expected.port}/${expected.database}?sslmode=disable`;

    await this.#secret.set(
      {
Author	SHA1	Message	Date
Morten Olsen	032a940815	add miniflux	2025-09-08 11:31:41 +02:00
Morten Olsen	5707e2124c	disable ssl on pg	2025-09-08 11:24:32 +02:00