From 44eddce1ca352784b7140eca8a9e195cb577fde6 Mon Sep 17 00:00:00 2001
From: Florian Herrengt <contact@florianherrengt.com>
Date: Fri, 26 Jul 2024 15:08:50 +0100
Subject: [PATCH] add http-auth to prometheus

---
 README.md                           |   2 +-
 apps/minio.yaml                     | 135 ++++++++++++++++++++++++++++
 apps/tooljet.yaml                   |   8 +-
 databases/redis.yaml                |  63 +++++++++++++
 dependencies/02-storage.yaml        |  17 ++++
 secrets                             |   2 +-
 sysadmin/prometheus-deployment.yaml |   6 ++
 7 files changed, 229 insertions(+), 4 deletions(-)
 create mode 100644 apps/minio.yaml
 create mode 100644 databases/redis.yaml
 create mode 100644 dependencies/02-storage.yaml

diff --git a/README.md b/README.md
index 73c93d5..173770b 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
 
 - install docker
 - install k3s
-- apt-get install tmate
+- apt-get install tmate cifs-utils
 
 ## Backups
 
diff --git a/apps/minio.yaml b/apps/minio.yaml
new file mode 100644
index 0000000..b074a90
--- /dev/null
+++ b/apps/minio.yaml
@@ -0,0 +1,135 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+  namespace: apps
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi
+    limits:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  type: NodePort
+  ports:
+    - port: 3000
+      name: frontend
+      targetPort: 3000
+  selector:
+    app: gitea
+---
+# apiVersion: v1
+# kind: Pod
+# metadata:
+#   name: gitea-debug
+#   namespace: apps
+# spec:
+#   containers:
+#     - name: gitea-debug
+#       image: busybox
+#       command: ["/bin/sh"]
+#       args: ["-c", "while true; do sleep 30; done;"]
+#       volumeMounts:
+#         - mountPath: /data
+#           name: gitea-data
+#   volumes:
+#     - name: gitea-data
+#       persistentVolumeClaim:
+#         claimName: gitea-pvc
+# ---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+        - name: gitea
+          image: gitea/gitea:1.21.1
+          env:
+            - name: USER_UID
+              value: "1000"
+            - name: USER_GID
+              value: "1000"
+            - name: DISABLE_REGISTRATION
+              value: "true"
+            - name: START_SSH_SERVER
+              value: "true"
+            - name: SSH_PORT
+              value: "30022"
+            - name: SSH_LISTEN_PORT
+              value: "30022"
+            - name: GITEA__database__DB_TYPE
+              value: "postgres"
+            - name: GITEA__database__HOST
+              value: "postgres.databases:5432"
+            - name: GITEA__database__NAME
+              value: "gitea"
+            - name: GITEA__database__USER
+              value: "postgres"
+            - name: GITEA__database__PASSWD
+              valueFrom:
+                secretKeyRef:
+                  name: secrets
+                  key: POSTGRES_PASSWORD
+          ports:
+            - containerPort: 3000
+            - containerPort: 30022
+          volumeMounts:
+            - mountPath: /data
+              name: gitea-data
+            - mountPath: /etc/timezone
+              name: timezone
+              readOnly: true
+            - mountPath: /etc/localtime
+              name: localtime
+              readOnly: true
+      volumes:
+        - name: gitea-data
+          persistentVolumeClaim:
+            claimName: gitea-pvc
+        - name: timezone
+          hostPath:
+            path: /etc/timezone
+            type: File
+        - name: localtime
+          hostPath:
+            path: /etc/localtime
+            type: File
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea
+  namespace: apps
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.nocodelytics.com`)
+      kind: Rule
+      services:
+        - name: gitea
+          port: 3000
+  tls:
+    certResolver: letsencrypt
+    domains:
+      - main: gitea.nocodelytics.com
diff --git a/apps/tooljet.yaml b/apps/tooljet.yaml
index eb4bebf..d055c0e 100644
--- a/apps/tooljet.yaml
+++ b/apps/tooljet.yaml
@@ -27,8 +27,12 @@ spec:
     spec:
       containers:
         - name: tooljet
-          image: tooljet/tooljet:2
+          image: tooljet/tooljet:latest
           env:
+            - name: SERVE_CLIENT
+              value: "true"
+            - name: ENABLE_TOOLJET_DB
+              value: "false"
             - name: TOOLJET_HOST
               value: https://tooljet.nocodelytics.com
             - name: LOCKBOX_MASTER_KEY
@@ -47,7 +51,7 @@ spec:
                   name: secrets
                   key: POSTGRES_PASSWORD
             - name: DATABASE_URL
-              value: postgres://postgres:$(POSTGRES_PASSWORD)@databases.postgres:5432/tooljet?sslmode=disable
+              value: postgres://postgres:$(POSTGRES_PASSWORD)@postgres.databases:5432/tooljet?sslmode=disable
           ports:
             - containerPort: 80
 ---
diff --git a/databases/redis.yaml b/databases/redis.yaml
new file mode 100644
index 0000000..2236183
--- /dev/null
+++ b/databases/redis.yaml
@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-pvc
+  namespace: databases
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis
+  namespace: databases
+spec:
+  serviceName: "redis"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: redis
+          image: redis:7.2.4
+          ports:
+            - containerPort: 6379
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: secret
+                  key: REDIS_PASSWORD
+
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: redis-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: databases
+spec:
+  type: NodePort
+  ports:
+    - port: 6379
+      targetPort: 6379
+  selector:
+    app: redis
diff --git a/dependencies/02-storage.yaml b/dependencies/02-storage.yaml
new file mode 100644
index 0000000..4195cdd
--- /dev/null
+++ b/dependencies/02-storage.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-storagebox
+spec:
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  csi:
+    driver: cifs.csi.k8s.io
+    volumeHandle: "storagebox-pv"
+    volumeAttributes:
+      source: "//u414460.your-storagebox.de/backup"
+      mountOptions: "iocharset=utf8,rw,credentials=/etc/backup-credentials.txt,uid=root,gid=root,file_mode=0660,dir_mode=0770"
+  storageClassName: cifs
diff --git a/secrets b/secrets
index 1ee014d..4ab80d3 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit 1ee014d3868536e98f086d8b92047eb4fcafc404
+Subproject commit 4ab80d3aa85b86bd9e8389bf5719b7d8fa079879
diff --git a/sysadmin/prometheus-deployment.yaml b/sysadmin/prometheus-deployment.yaml
index 0f930fc..6d94047 100644
--- a/sysadmin/prometheus-deployment.yaml
+++ b/sysadmin/prometheus-deployment.yaml
@@ -169,6 +169,12 @@ spec:
       services:
         - name: prometheus
           port: 9090
+      middlewares:
+        - name: https-redirect
+          namespace: default
+        - name: http-auth
+          namespace: default
+
   tls:
     certResolver: letsencrypt
     domains: