diff --git a/1password/secrets.yaml b/1password/secrets.yaml new file mode 100644 index 0000000..ea1c5a0 --- /dev/null +++ b/1password/secrets.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: gitea-admin + namespace: gitea-system + annotations: + operator.1password.io/auto-restart: "true" +spec: + itemPath: "vaults/Lab/items/gitea-admin" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: gitea-postgres + namespace: gitea-system + annotations: + operator.1password.io/auto-restart: "true" +spec: + itemPath: "vaults/Lab/items/gitea-postgres" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: pihole-admin + namespace: pihole-system + annotations: + operator.1password.io/auto-restart: "true" +spec: + itemPath: "vaults/Lab/items/pihole" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: postgres-password + namespace: postgres-system + annotations: + operator.1password.io/auto-restart: "true" +spec: + itemPath: "vaults/Lab/items/Postgres" diff --git a/helm/helmfile.yaml b/helm/helmfile.yaml index e2c5d24..6c723be 100644 --- a/helm/helmfile.yaml +++ b/helm/helmfile.yaml @@ -11,6 +11,8 @@ repositories: url: https://charts.bitnami.com/bitnami - name: postgres url: https://cloudnative-pg.github.io/charts + - name: gitea + url: https://dl.gitea.com/charts/ --- releases: # Distributed Storage @@ -54,3 +56,17 @@ releases: namespace: postgres-system chart: cnpg/cloudnative-pg version: 0.21.6 + + # Memcached + - name: memcached + namespace: memcached-system + chart: bitnami/memcached + version: 7.4.11 + + # Gitea + - name: gitea + namespace: gitea-system + chart: gitea/gitea + version: 10.4.0 + values: + - ./values/gitea.values.yaml diff --git a/helm/values/externaldns.values.yaml b/helm/values/externaldns.values.yaml index 5749258..77de82c 100644 --- a/helm/values/externaldns.values.yaml +++ b/helm/values/externaldns.values.yaml @@ -7,7 +7,7 @@ extraEnvVars: - name: EXTERNAL_DNS_PIHOLE_PASSWORD valueFrom: secretKeyRef: - name: pihole-password + name: pihole-admin key: password serviceAccount: create: true diff --git a/helm/values/gitea.values.yaml b/helm/values/gitea.values.yaml new file mode 100644 index 0000000..21d9984 --- /dev/null +++ b/helm/values/gitea.values.yaml @@ -0,0 +1,45 @@ +service: + http: + annotations: + external-dns.alpha.kubernetes.io/hostname: gitea.home + ssh: + annotations: + external-dns.alpha.kubernetes.io/hostname: gitea.home +ingress: + enabled: true + className: nginx-internal + hosts: + - host: gitea.home + paths: + - path: / + pathType: Prefix + tls: [] +gitea: + admin: + existingSecret: gitea-admin + config: + database: + DB_TYPE: postgres + HOST: postgres-cluster-rw.postgres-system.svc.cluster.local:5432 + NAME: giteadb + USER: gitea + cache: + ADAPTER: memcache + HOST: memcached.memcached-system.svc.cluster.local:11211 + session: + PROVIDER: db + PROVIDER_CONFIG: "" + lfs: + STORAGE_TYPE: local + additionalConfigFromEnvs: + - name: GITEA__DATABASE__PASSWD + valueFrom: + secretKeyRef: + name: gitea-postgres + key: password + - name: GITEA__SERVER__LFS_START_SERVER + value: "true" +postgresql-ha: + enabled: false +redis-cluster: + enabled: false diff --git a/helm/values/pihole.values.yaml b/helm/values/pihole.values.yaml index c20e89c..1b784c0 100644 --- a/helm/values/pihole.values.yaml +++ b/helm/values/pihole.values.yaml @@ -1,6 +1,12 @@ --- DNS1: 192.168.0.1 +DNS2: + 1.1.1.1 +admin: + enabled: true + existingSecret: pihole-admin + passwordKey: password persistentVolumeClaim: enabled: true ingress: diff --git a/postgres/cluster.yaml b/postgres/cluster.yaml index 58b6cfe..0d8598c 100644 --- a/postgres/cluster.yaml +++ b/postgres/cluster.yaml @@ -1,12 +1,3 @@ ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: postgres-password - namespace: postgres-system -spec: - itemPath: "vaults/Lab/items/Postgres" ---- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: @@ -22,7 +13,9 @@ spec: pg_hba: - host all all all md5 - enableSuperuserAccess: false + enableSuperuserAccess: true + superuserSecret: + name: postgres-password bootstrap: initdb: