Add tandoor

Serubin · Mar 22, 2024 · 7ef6e2d · 7ef6e2d
1 parent 51d5e66
commit 7ef6e2d
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 4 deletions.
diff --git a/apps/prod/kustomization.yaml b/apps/prod/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
   - kutt
   - lemonhope
   - serubin-net
+  - tandoor
   - vaultwarden
   - weave-gitops
   - whoami
diff --git a/apps/prod/tandoor/kustomization.yaml b/apps/prod/tandoor/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base/tandoor
+  - tandoor.sops.yaml
+patches:
+  - path: postgres.hr.yaml
+    target:
+      kind: HelmRelease
+  - path: tandoor.hr.yaml
+    target:
+      kind: HelmRelease
diff --git a/apps/prod/tandoor/postgres.hr.yaml b/apps/prod/tandoor/postgres.hr.yaml
@@ -0,0 +1,14 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: tandoor-postgresql
+  namespace: default
+spec:
+  values:
+    auth:
+      username: tandoor-receipes
+      database: tandoor-receipes
+      existingSecret: tandoor-secrets
+      secretKeys:
+        adminPasswordKey: "POSTGRES_ROOT_PASSWORD"
+        userPasswordKey: "POSTGRES_PASSWORD"
diff --git a/apps/prod/tandoor/tandoor.hr.yaml b/apps/prod/tandoor/tandoor.hr.yaml
@@ -0,0 +1,36 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: tandoor-receipes
+  namespace: default
+spec:
+  values:
+    controllers:
+      main:
+        containers:
+          main:
+            env:
+              SECRET_KEY:
+                valueFrom:
+                  secretKeyRef:
+                    name: tandoor-secrets
+                    key: SECRET_KEY
+              POSTGRES_PASSWORD:
+                valueFrom:
+                  secretKeyRef:
+                    name: tandoor-secrets
+                    key: POSTGRES_PASSWORD
+              ENABLE_SIGNUP: 0
+              EMAIL_HOST_USER: ${NOREPLY_AUTH_EMAIL}
+              EMAIL_HOST_PASSWORD: ${NOREPLY_PASSWORD}
+              DEFAULT_FROM_EMAIL: ${NOREPLY_SEND_EMAIL}
+    ingress:
+      main:
+        enabled: true
+        hosts:
+          - host: recipes.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  name: main
+                  port: http
diff --git a/apps/prod/tandoor/tandoor.sops.yaml b/apps/prod/tandoor/tandoor.sops.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: tandoor-secrets
+    namespace: default
+stringData:
+    SECRET_KEY: ENC[AES256_GCM,data:5W33sSX4Ie8/6k3wDYyiaeJdc/GbJ5PMugEbeNojHUlMowFsSKUEcb5zaEp1YXMJ49UxLfiyzw9YqAmArv2hBA==,iv:TKuKW6rRbkAV4CCyf81kmgMlG2QXDX7lV0MITWf9TQI=,tag:EuDXG8bmOucOL55NBom/Ag==,type:str]
+    POSTGRES_PASSWORD: ENC[AES256_GCM,data:Cvzo4G4nTp5dU9JDMsPHhOQt7x7r+xWFowwIEXCrC18r73g6hl0KuiZSyIzqO3W2nrJBBZJH4SGYS0KaY9G5PA==,iv:dLZWlSggSeLDbtZr9fi1YQZ6A09xYh15nErWlAP7Q6M=,tag:sEg8wyDzsbnBCETTskbbBA==,type:str]
+    POSTGRES_ROOT_PASSWORD: ENC[AES256_GCM,data:Z8Kotn/uAA70d8QPt5y8Q/fjMnYTzaY7avsrpmRkcKhELy5G8ertGxhy6+WTiUktIWNagF3AVrA6WU1DyRV6ig==,iv:1TmlPXFexWNGFFlfKBYqlEcbciGuZ3Es571Bf8uyn78=,tag:xpkb+tc2R3VCSuPJotX3Fg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-03-22T17:05:38Z"
+    mac: ENC[AES256_GCM,data:PiS4noWWt7KXooWiMevJILxJSpYrcJ9boJzRj54vyVkIJw8r46N3bIw6T3GIQYEqmOVwnMoSV2sdzAdWWP+1dTZMgynuc7OCymEWbpwMQhyvMRCwJOcFnGLLSsupMBXuhKdV9wALqfQkgwctTBnz/fLhTa5p0T7EhfNKyWBN0XY=,iv:4yzoge3ZOdu8JbBsqmBSZvecW5DfRRcmapQdIzKAnvo=,tag:31ohcyYd5UWrumNPtwyObw==,type:str]
+    pgp:
+        - created_at: "2024-03-11T15:25:14Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA1aihG1drcqCAQ//WRgFvDkpOnMGo32NlQDGtOqjFNTxOecKJBpLcHPcG9c2
+            cc0Nq3nVUuzSq1djo4+ZyJo7fKjYzSbWwi2j2Rw6IrOgu3oDQtoTh7gY/LJvLn/L
+            ebFviPxeD/Uir+2TNUGIY75R7/NO5Qf0VGDXz289Lpj/DrIbT18nBMuBZ+Wt0rEW
+            WqMm4o+hO76PJiL5bK7GzRG0rZyWUecquowbSp8NZsoAiGkIiJYNNIBjHb4/NV1/
+            QPkeCe8naWE+lxUbL/BC3ac9zp20MC3cNvxog4F5JE0ISrboeS7YQscfR/c/IZf2
+            wFZwpuP0QJX6Tsi74tlVzTKG4e8dhxyeIOexK2k8dGRzXlOXespjxiPLFbdqRe1g
+            kKQVuW5c2fLUlsIGM80DeJKoyqwDq567TjvKo4JC+XJGk0TrkmrT9Qy2+9ljhCMC
+            kgfYeSVhIhZTtbqpav8+ApFMeaUyPLNMHp031yCwKu8Ud2NiPD/wt1nRtfneZSth
+            pnI0K2E6b6DowKH/Sl9NfbJymp2Ks/O1lRCk5uIiMlodBdklkt+149c9VHWlc/fo
+            MbGKQTSpCbHFfKZKtzsgpXogn7WFr5BIztxYn+kftE4WKHvQUk322YpmIN9rFqSn
+            N51rs/hRZn+CZto8hFoZhP6BqVBWZ4u95zzc3kTEs2L/78AT2SICqpygDuuds/jS
+            XgEYsEqoGnk56p/n2sWBZliAtHfMc7bx8CkgQimdtsA4aqx1yhfiuGBkUe8JRebf
+            7lW4eQ0P5y3IW6MgOjJc0I99ZjS5gj+v7g/O1xue9hKoCwLnX46xsT2sRYnGHzE=
+            =7uFL
+            -----END PGP MESSAGE-----
+          fp: DE531CB90D5130B090569D4A3EAE9A3DA4F76EBD
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1
diff --git a/configs/prod/cluster-secrets.sops.yaml b/configs/prod/cluster-secrets.sops.yaml
@@ -18,8 +18,6 @@ stringData:
     #ENC[AES256_GCM,data:lHdlXZZIQxt8DCG0,iv:+D8mm7/a7CrhAUVNQUOMHrAdj86eHnxch0EutY41r1w=,tag:jv+2698XXumh0d7gqC35dA==,type:comment]
     YUBICO_CLIENT_ID: ENC[AES256_GCM,data:QvXyBhc=,iv:N6kVwY/p4YKo7pA9rWjHgq9ZZxp0pl66ArUo7p7DBVc=,tag:Iw1S7piFh++MDHQcvGNJPQ==,type:str]
     YUBICO_SECRET_KEY: ENC[AES256_GCM,data:3qiPlKEL22vxYLCQEQsDzXDK0k5NQ2Ood8ks2A==,iv:BYqbhvx1L2wZhiJRO0AsNc1y/d9KjMGIJWwazAxXScg=,tag:1t53GLC1BPiwI3YEpFVFCw==,type:str]
-    #ENC[AES256_GCM,data:s2puD11GehsXgw==,iv:w1PuGjogQO5Zkbl6y2H/rV7Bxz1Ie/zDuifmXNux7h0=,tag:6hKCWiDJiRtKgvPWTpjZzg==,type:comment]
-    TANDOOR_DB_PASSWORD: ENC[AES256_GCM,data:fNMaDuBv1n/p5DlLw2lPsKDACL3R3Tr9VYuUJUGFxy1IcZoTfSbKmMUg7AWROB2DxS/6ePpYcxCReTyMYzeokw==,iv:JGX1hJHGyUzBNiDdhCegDOJgKYRfeWWfodev/AbeMb4=,tag:43MZjQPimehZtaGfZ5fKaQ==,type:str]
     #ENC[AES256_GCM,data:PU/ZZts=,iv:MgDAo48hEJbvo2YeQdjahF7h7PUL2QGm8Uowuvif9CI=,tag:aE2pkoO8ZE/PWnoU+nSrOg==,type:comment]
     KUTT_REDIS_PASSWORD: ENC[AES256_GCM,data:g6ykAdLnYx0lw+xHs8GdprsJGrvVIVeaRrlxqyioabO17YTmnmSblKwH52kMfKPQj+Rgzy375hL7h3vg3ccBWA==,iv:891bLQtiP6/so/GD5MwiAF2BX0Ah//VHhS11P5MkRRE=,tag:3lw/WIsTVLtJb9vmZEyLZQ==,type:str]
     #ENC[AES256_GCM,data:8uW2ap7OC4Slpmfx4w==,iv:i9E6DaZXhKgjfXw4yY7uxS8nxc1tFhI9e9KID4QIjnA=,tag:qM0jWRffuk7PwSOVZ6AdoQ==,type:comment]
@@ -31,8 +29,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-03-22T15:46:50Z"
-    mac: ENC[AES256_GCM,data:zPMwFEPX7TJh3sdKDXdzvcPB9jUZeAVwAuHRO9yUFFNBdMs/NB805Z/aK4nBv0A/kWOIL4Y5nwd9b2+V4/kdZP+1f+xhzPnNMzAnRM0/RF7H+4nb9WQm39KsYYowHcXmvBBq8LmYa5QAHLLRPzLwxaPyxmm2qHAe+sOBQDgKNrg=,iv:7oK+6YU8Tdj3nsZwAnKQ+4BS3skjhGYumtgSUbP6OD4=,tag:/hsCOhBO7HonmWreK7/AYg==,type:str]
+    lastmodified: "2024-03-22T17:07:52Z"
+    mac: ENC[AES256_GCM,data:+1JuVIB3bMvGsDbeBNWokPng/kNh0jZjqRxDM6QPNsEriRN6xd2rxmOOLVbk917Cnej6yxX/QTUxX1PL630B7Zmex/LFP/xk7Dj8UmdgEh1Bvu0PCjV9c3UqBDoSi+q08T/cEMQJa1Al1ET7DhllHgmRLhrDIth0wewEYv3/SRA=,iv:mvPW4y8+QIcnMi4taR93Ak8avYSF1GWGDZxNIE6BxOA=,tag:VB2XSpC5oH5s09HB1ou8qQ==,type:str]
     pgp:
         - created_at: "2024-02-26T23:49:52Z"
           enc: |-