From f604c1a1f5ac02d551333c6d26c6e5c31c2cbae2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Mon, 2 Dec 2024 14:24:13 +0100 Subject: [PATCH] update to latest ocelot-staging version --- .env | 1 + .env.dist | 22 -- .env.enc | Bin 627 -> 0 bytes .github/workflows/publish.yml | 324 +++++----------------- .gitignore | 4 - .sops.yaml | 15 + branding/locales/{ => tmp}/de.json | 0 branding/locales/{ => tmp}/en.json | 0 docker-compose.yml | 58 ++++ docker/backend.Dockerfile | 6 + docker/maintenance.Dockerfile | 7 + docker/webapp.Dockerfile | 6 + helmfile/environments/default.yaml.gotmpl | 7 + helmfile/helmfile.yaml.gotmpl | 26 ++ helmfile/scripts/branded_image_tag.sh | 2 + helmfile/scripts/ocelot_image_tag.sh | 6 + helmfile/secrets/kubeconfig | 40 +++ helmfile/secrets/ocelot.yaml | 94 +++++++ helmfile/values/ocelot.yaml.gotmpl | 36 +++ kubeconfig.yaml.enc | Bin 1514 -> 0 bytes kubernetes/dns.values.yaml.enc | Bin 348 -> 0 bytes kubernetes/dns.values.yaml.template | 12 - kubernetes/values.yaml.enc | Bin 1639 -> 0 bytes kubernetes/values.yaml.template | 124 --------- 24 files changed, 375 insertions(+), 415 deletions(-) create mode 100644 .env delete mode 100644 .env.dist delete mode 100644 .env.enc delete mode 100644 .gitignore create mode 100644 .sops.yaml rename branding/locales/{ => tmp}/de.json (100%) rename branding/locales/{ => tmp}/en.json (100%) create mode 100644 docker-compose.yml create mode 100644 docker/backend.Dockerfile create mode 100644 docker/maintenance.Dockerfile create mode 100644 docker/webapp.Dockerfile create mode 100644 helmfile/environments/default.yaml.gotmpl create mode 100644 helmfile/helmfile.yaml.gotmpl create mode 100755 helmfile/scripts/branded_image_tag.sh create mode 100755 helmfile/scripts/ocelot_image_tag.sh create mode 100644 helmfile/secrets/kubeconfig create mode 100644 helmfile/secrets/ocelot.yaml create mode 100644 helmfile/values/ocelot.yaml.gotmpl delete mode 100644 kubeconfig.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.template delete mode 100644 kubernetes/values.yaml.enc delete mode 100644 kubernetes/values.yaml.template diff --git a/.env b/.env new file mode 100644 index 0000000..76a9ce4 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +OCELOT_VERSION=sha-80ff4ef diff --git a/.env.dist b/.env.dist deleted file mode 100644 index 80ef9ad..0000000 --- a/.env.dist +++ /dev/null @@ -1,22 +0,0 @@ -# GITHUB_OCELOT_REF affects the publish workflow -# GITHUB_OCELOT_REF is a ref (branch, tag, hash) of the ocelot repository -# if this value is not set the github ref just built in the triggering workflow is used. -# if this workflow is triggered by push to master instead of a build-trigger, -# the `master` branch of the ocelot repo is used. -# if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. -# It is recommended to not set it rather then to set it to `master` -#GITHUB_OCELOT_REF=b2.4.0-351 - -# DOCKERHUB_OCELOT_TAG applies to the deploy workflow -# DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images -# if this value is not set the version just built in the triggering workflow is used. -# using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, -# but its inaccurate if two workflows are running at the same time. -# It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 - -# DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. -DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social - -# DOCKERHUB_ORGANISATION defines which dockerhub organisation images will be uploaded to -# DOCKERHUB_ORGANISATION=ocelotsocialnetwork \ No newline at end of file diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 8557a051c3478181a6a740ca39e35aa95413cfcd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 627 zcmV-(0*w8P4Fm}T0R0L0dn)BtTV{S1HUA*)KHflk{a$OyVR@I#e_65 zsP6M$ts14~lnV}!qfnr-a%B4Uk#tW$CTr(ZZKk8E| z4e~cTLdF^r#LZj}+fEYKSt2^-+W|&Ct(+la^K2^qb7UF--O&|qRqxk9GoLAW9u`ac zQ)47MF)!t@pDuIBFH+-?)8^%MmJK)8`WTsi9F_C63((1)_j%ueafk`kmw=3|Sj@l$ zR-ef>az7duykCFb$s?8Kdurhhr+Cd=g_Sa~dKA)uf9Yi~i*LGcR z20nG3<4_J$!Z@eZk90UefkkbcA)cqKq8c*HE+HFXxFa#m2bUMHCEQ91HFU|a&GNwp zKY!C}juHO_PXE19kQu~Vuno^o<>;ho_r-UGj$HuqLp~Pi-mQ> $GITHUB_ENV - fi - shell: bash - - name: Set DOCKERHUB_ORGANISATION - run: | - if [ -z ${DOCKERHUB_ORGANISATION} ]; then - echo "DOCKERHUB_ORGANISATION=ocelotsocialnetwork" >> $GITHUB_ENV - fi - - name: Checkout Ocelot code - uses: actions/checkout@v3 + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Branded Repo code - uses: actions/checkout@v3 + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Read $OCELOT_VERSION from file + run: cat .env >> $GITHUB_ENV + - name: Build and push Docker images + id: push + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 with: - ref: 'master' - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - fetch-depth: 0 - - name: Build branded images - run: | - ocelot/deployment/scripts/branded-images.build.sh - docker save "${DOCKERHUB_ORGANISATION}/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar + file: ${{ matrix.app.file }} + context: . + push: true + build-args: | + OCELOT_VERSION=${{ env.OCELOT_VERSION }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} - - name: Upload Artifact (Backend) - uses: actions/upload-artifact@v2 - with: - name: docker-backend-branded - path: /tmp/backend-branded.tar - - - name: Upload Artifact (Webapp) - uses: actions/upload-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp/webapp-branded.tar - - - name: Upload Artifact (Maintenance) - uses: actions/upload-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp/maintenance-branded.tar - - upload_to_dockerhub: - name: Upload to Dockerhub + deploy-to-kubernetes: runs-on: ubuntu-latest - needs: [build_branded] - env: - SECRET: ${{ secrets.SECRET }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} + if: ${{ startsWith(github.ref, 'refs/tags/') }} + needs: build-and-push-images steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - - name: Download Docker Image (Backend) - uses: actions/download-artifact@v2 - with: - name: docker-backend-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/backend-branded.tar - - - name: Download Docker Image (Webapp) - uses: actions/download-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/webapp-branded.tar - - - name: Download Docker Image (Maintenance) - uses: actions/download-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/maintenance-branded.tar - - - name: Upload to dockerhub - run: ocelot/deployment/scripts/branded-images.upload.sh - - github_tag: - name: Tag latest version on Github - runs-on: ubuntu-latest - needs: [upload_to_dockerhub] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: package-version-to-git-tag + build number - uses: pkgdeps/git-tag-action@v2 - with: - github_token: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} - github_repo: ${{ github.repository }} - version: ${{ env.BUILD_VERSION }} - git_commit_sha: ${{ github.sha }} - git_tag_prefix: "b" - #- name: Generate changelog - # run: | - # yarn install - # yarn auto-changelog --latest-version ${{ env.VERSION }} --unreleased-only - - name: package-version-to-git-release - continue-on-error: true # Will fail if tag exists - id: create_release - uses: actions/create-release@v1 + - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - run: | + mkdir -p ~/.config/sops/age + echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt env: - GITHUB_TOKEN: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + SOPS_KEY: ${{ secrets.SOPS_KEY }} + - run: | + mkdir -p ~/.kube + sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config + chmod 600 ~/.kube/config + - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 with: - tag_name: ${{ env.BUILD_VERSION }} - release_name: ${{ env.BUILD_VERSION }} - #body_path: ./CHANGELOG.md - draft: false - prerelease: false - -# TODO correct version - build_trigger: - name: Trigger successful brand build - runs-on: ubuntu-latest - needs: [github_tag] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v2 - with: - token: ${{ github.token }} - event-type: trigger-ocelot-brand-build-success - repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "ref_ocelot": "${{ github.event.client_payload.ref }}", "sha_ocelot": "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file + helmfile-args: apply + helmfile-workdirectory: ./helmfile + helm-plugins: > + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f780ba0..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.yaml -SECRET -.env -/backup \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..eec3468 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,15 @@ +creation_rules: + - age: >- + age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00, + age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw, + age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, + age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, + age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + +# age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret +# age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer +# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula +# age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn +# age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt +# age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk diff --git a/branding/locales/de.json b/branding/locales/tmp/de.json similarity index 100% rename from branding/locales/de.json rename to branding/locales/tmp/de.json diff --git a/branding/locales/en.json b/branding/locales/tmp/en.json similarity index 100% rename from branding/locales/en.json rename to branding/locales/tmp/en.json diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..74436e7 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,58 @@ +services: + webapp: + image: ghcr.io/wir-social/wir.social/webapp + build: + context: . + dockerfile: ./docker/webapp.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + HOST: 0.0.0.0 + WEBSOCKETS_URI: ws://localhost:3000/api/graphql + GRAPHQL_URI: http://backend:4000/ + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + ports: + - 3000:3000 + depends_on: + - backend + + backend: + image: ghcr.io/wir-social/wir-social/backend + build: + context: . + dockerfile: ./docker/backend.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + environment: + CLIENT_URI: http://localhost:3000 + GRAPHQL_URI: http://backend:4000 + NEO4J_URI: bolt://neo4j:7687 + MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" + JWT_SECRET: "b/&&7b78BF&fv/Vd" + PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" + ports: + - 4000:4000 + depends_on: + - neo4j + + maintenance: + image: ghcr.io/wir-social/wir.social/maintenance + build: + context: . + dockerfile: ./docker/maintenance.Dockerfile + target: branded + args: + OCELOT_VERSION: ${OCELOT_VERSION:-master} + ports: + - 3001:80 + + neo4j: + image: ghcr.io/ocelot-social-community/ocelot-social/neo4j:master + environment: + NEO4J_AUTH: none + NEO4J_dbms_allow__format__migration: "true" + NEO4J_dbms_allow__upgrade: "true" + NEO4J_dbms_security_procedures_unrestricted: algo.*,apoc.* + diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile new file mode 100644 index 0000000..5e5fbda --- /dev/null +++ b/docker/backend.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-build:${OCELOT_VERSION} AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend-base:${OCELOT_VERSION} AS branded +COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile new file mode 100644 index 0000000..b471bbd --- /dev/null +++ b/docker/maintenance.Dockerfile @@ -0,0 +1,7 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-build:${OCELOT_VERSION} AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance-base:${OCELOT_VERSION} AS branded +COPY --from=build ./app/dist/ /usr/share/nginx/html/ +COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile new file mode 100644 index 0000000..1a6b024 --- /dev/null +++ b/docker/webapp.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-build:${OCELOT_VERSION} AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp-base:${OCELOT_VERSION} AS branded +COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl new file mode 100644 index 0000000..04934f7 --- /dev/null +++ b/helmfile/environments/default.yaml.gotmpl @@ -0,0 +1,7 @@ +{{ $branded_image_tag:= env "BRANDED_IMAGE_TAG" | default (exec "../scripts/branded_image_tag.sh" (list) | trim) }} +{{ $ocelot_image_tag := env "OCELOT_IMAGE_TAG" | default (exec "../scripts/ocelot_image_tag.sh" (list) | trim) }} + +domain: wir-social.roschaefer.de +namespace: wir-social-ocelot +image_tag: {{ env "IMAGE_TAG" | default (printf "ocelot-%s--branded-%s" $ocelot_image_tag $branded_image_tag) }} +github_repository: wir-social/wir.social diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl new file mode 100644 index 0000000..02ac5a0 --- /dev/null +++ b/helmfile/helmfile.yaml.gotmpl @@ -0,0 +1,26 @@ +--- +environments: + default: + values: + - ./environments/default.yaml.gotmpl +--- +repositories: + - name: ocelot-social + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/helm/charts?ref=hetzner + +releases: + - name: ocelot-social + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml + + - name: ocelot-neo4j + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/scripts/branded_image_tag.sh b/helmfile/scripts/branded_image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/branded_image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" diff --git a/helmfile/scripts/ocelot_image_tag.sh b/helmfile/scripts/ocelot_image_tag.sh new file mode 100755 index 0000000..6cc9baa --- /dev/null +++ b/helmfile/scripts/ocelot_image_tag.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +SCRIPT_PATH=$(realpath $0) +SCRIPT_DIR=$(dirname $SCRIPT_PATH) + +set -a; . ${SCRIPT_DIR}/../../.env; set +a; +echo $OCELOT_VERSION diff --git a/helmfile/secrets/kubeconfig b/helmfile/secrets/kubeconfig new file mode 100644 index 0000000..6c73d85 --- /dev/null +++ b/helmfile/secrets/kubeconfig @@ -0,0 +1,40 @@ +{ + "data": "ENC[AES256_GCM,data:ulO3Nr7Lpa7sbOnql79JuBSxrNagh1hQct9xTWDFM+9TzsR3g9LKP9f79wQCmNeV6i+lT0mao7RolV59ic5cFN6VhA+yT/D1OCKVoEtMF4T2hDXxJxycybSe21qiA8mFrA/xVM2iD0VS5geM0jIMR+08CkO3yhxe2XeSORG6e782pyoxNlU5JtltU5PX66LmvtdTHblDUix727Oc7YnBHxGkStI77hyqjR9nRELxBJSbBd1dhx5YoTV6lCX2mZF5ZZTmx64EhLio56VSzgFeECgWu5g9vb3iGOXe45jNXg5puwlPQeHyLf6HJqPhKMmLjy8KWVzQ3kJKjiE/y+A4MyBPVD28mSvhEDxFXAipDSfqn+q3ho3ir0/kbcY+cKBAQMxOpEmG5bWHW6UogBTZt14RqfyXEx3c2Y84ce7xZCnSZuOMZzM1FulzuBfoGOKMX7qiDrJw5ITyMGEcFPB1m4niOid7DQm8MCCvD8KPek/ojvIE3iquBEeAn0Wyjp+lOE2llF6D/wy/jx8M8X/9HrvhOqfXY5UyoQH8lglfCRExZriRO0+MOoHYDVVoZQjZsaYND9a7Txb1Gm5Pux6IpMgU8D+lpzvF3iT6Ynec+Lsh1eebD3PG4BUMAWry2Vsopg32MGdnkQoJVjINbo3BuDj8rlPGhDsruhPHGzZ4ZsB340zxq4FZDB3iC1D25YWrewDnrt7AqBL0twJvElIFFTdvDqFlcDsTtcsHyhZtOpSYcCDCMHCSNjBJhdlCGgyxZ4nQ74MxMCYcn9dfeM9JdVTuTAOboI2OYJSD2roi+hsqroNf2rw+gOS/hcwchI3xZvc2tHf4JaWx70uLh0DiNRHcHvegbIBrV2psrKnB6mhXIvnxVrsONXbCLggb2+xCA9mz4HNJczxYB74juSy2Zil3eNAXNkeLUYN3lww+xKF/YBA5eVOFdvjGBV5MT4ImrM6p4ZYkByECAWUhv7jhat0SVgEXRo9zEgzkt6NJTYcSongLIjzNrNrdD/acfIiYDB15vfZ4gj5r82FF3YV59PtXBZHfqi+Gd8XhW8YqPgxL8hp96S83Z77/lQ2V7p4bbi9R7Hr/4e/QhPpjwglyo5eaDxBsgPv6KhPFE4pQO3+aJeiqAH/tulsqpS5gVaGK1iUs/AJzQLd651/JgBaEcZDHo07mfZxwdc8U7OICgjMmBdMZCJ6Rph0BcN+nSHmpJ5peO0zG/CEQXYllL7Zh3Q05TqSBA0MgSi1u8pRSKoTDIW+Vd0C5IzqHwVrFmlNtYGmAdR4c7rzQoMfQmdFAnUyM4TSGOIHiqJievvo759PY0KmW5NfhVUrXHorjQQ66R8j+6vPDW26hwiqM90PtZeRcqbaRDobCM+sZ8bwY5xoyYCmcuq6qz9ijB2TuIU9CSYcBWmtBp0nDO1kURhT4358eSksUXGmoytiwFboPFXmZp6+MHwDeM8IaoFuMVs+bZntOghiU5TbToFPeZC8Yg30icnyw6ZcalyNOcSXYRFUc8JvazFGk08ZRKqNxGw+XjdPqcCyA9L3YShfb3t5Oc4AqkDCvZ0b3lDCZBCtxchIZSPU00PEfsStGCwwX2L/BRtygUdmT//k8Sm6eH1i6/nnKN9Z3+YA+Of7w3jTXSXXcc2wVv5qF7Lv0+0dj0Ts0QAzqCMlmQN568bA0s72WibRnfqdHupRmrdXc/aTZjkiRSKE9jY0CZjQkRBdkJ2Ojnjmi764j1iewWpfH0LY/dA6kwQDTE3IZR1GlS/M/d5makQk04R6kIfm+d9rK/4/GXVJMO8EcQ3n1Arq7/i/G7Yss8DhzGu3tqNhUT3T/x4K0vptoNEX7boxxW4XPXWfWpP/FY+IpUrw+CkXOK6fHPBQvc9EXuWJa0/GGQ2Stsq+Qtgj2pLlVBDiPXUL7tXuHfaKnCUEt1wi3LW3xBZJDtu1Y7Zw97jY3FkVvu2Md47Ze5usRVcykqG3I2KUxFQlFl6ZYWBS+lck03rcjF3a6M1trfueqUQxiW+0cYVSr88bhrB3p85fotIwDALUASq6BXPrF32yWLo0TBz+YITMvouVMFqinXXMS8YkCFuit3AYfEDh/fSpwNl/cMDsCim0KdT+ulnTF/+/crPV0du9E3HvHjQMsk9zFyNXaJPs+prwU3AhorGvOwK8c0yYrgZWdC3SH3VgiUWlfi5+1DxEcm1qP86vUFVtAdy5SeMgIMlds0UK8ejFsMWobcRrynJvHnDFbh6IZoMenwKLqpc7mzuzPUehkpS9HAthHorLs1J7qF69uOkoJBO6i6Qc1/g5ZTYjNcKj9ggusq/mb1hbfelCvxnRxAansf8hfV7GG7AZREhKKN/GPdPMOo8Il+hZeK7Wvk/jMDyReznzi7cSfbCNDypzfVWiHbtuePdbjYHMiWj6xiXD5s/Wp/umZ8mZhhWkesDfY7VSL0CTtHITOm5fARNGYXtAjM4xHYm/C/Z+iaVLl6Y6g4pWvTjzP/l3VqlmOTM/ylG/Ae/zHvCX+c3TNsPqwllT062H/i2yyJexSZHSYin39cwCEyg9YxHMe8yk02ND2zo00w4DOGdWBk1OxUIS2GNRQGN6k21tcqFqnqGz1DDrxOskRkVfy4MZUbw/cKIGLQH9pwtoonFZNr5jioyMDgZCuvXnoLYlXBtWROazpttP1m4sNygjCqZkTPfyQfPOfqnozjMnKq+2zY69zOFP8oWOBE7R0JxrOGqP5FACU7JYweyiNbuFANd2K4sNQUlWswuptwimNDaJ+zYzgQpm9pZsR2OCVlKKkaxo603nLyipM9J+C6OIWWUsxI46ZuYzp1xZAXaouyQycYq1nmc+vLo7chVpLujPtVaaHLGGdELguUnQZVnnXAFvQ4b7tmKd4wA1MT2MVF7dEB3O/E1FTeVheM6e6NYQB6qZHf0ZpOfENri7H3lrTKjFxIcLYl0bedSyjT1nyfXjTkYm7v+UskZjkfRDX7xeVQm8lV2kuDAiOk7xQ5OH1RrNaRf3Xgv4cysWSTb1wWu5iYS6xJzZv0aqL2/wfh/RBfpT/Fr5YKvgZPea/DkA23zs+epdWoMLDlk8LZwGmkmK7oGOAutOTVI2qGzCvT0weE4TC/hCTui8GSc5I6BE/G5QIomFDd2qXGYUjakB2iYzEUVs3/gfkYAylQp7GlAkwyyjjrgxLxtNQxOGWH3D2TCO8KKyND+Z8crxJXAA+3vUjWmjL9FHVx0MXdA2TGOLNbaFST327tIDA6ahlV8dE5+n+iEEFOHGg55F8Dty28W7F/rolXbjrRph60flb3NAK3V4gJmk699Q9wARQ5ZhKdNxLcQx3CezrbLG3AFv5TqzSfES39MNr4KZooBJ2Bvzvubx3K8uS8VjDr5sxx5XhQOVkkKP1cYMpjquwigfbe5Im8gSDH/rdIEg88dZh2jAoC1VP27Yz4Yf5xxtx7v2LyigjD6eLJ4kacVF+qjrWrGqrGPjd7/F5xAsT7F7LNQjI70z25efgUeelupyiNxONnLsYXvK1PNuxJxOY4gO7o83GetKKpTbfD2EDTR4PNYa5Rh6DTp/iu42pvI/pdGKcDVGpiP5hL/NwCaK0dT2FWOfFnntH/nlDDbRkWH0oM3DtKeX44Jd1OBI+LBfkuxpf1eqM0PlgVmg8PlQxMjT/1h4fPdEjcT/xXKhLMHHWj5NWEZBavKDgdqwWEBrKib2htI5wjPkAdqZwEjGEgrLyUINivxP/sDqJIYTCv27n2tc8LLPnfPwkaK6X9QQ0aTJc3ieJ6rbs7GNHfuo0oLZch4kJ9vMojMYucHGY6mdIGOMyN6VazaS/efc7DOElY+qVh3NhsnlRN9c6ZkFrFa5VQfP1HAxlgSRZ9UwH+7fcCfCWGCQB5aP509DgADhiwYe3uOmrwvKbLsvA+gGv9ukc5+a1hj81YOhNMh8B51Tq4s8eslxSfvSA8uBRw4KE+FIX3/JltB3t7GNWh3pY4Lf7wN1a4OMC6qhpUxE=,iv:rrXDWj2gjPcT5sretXzTAmPrlZI39KIttRBtPjhQihE=,tag:u+OmHH6EsbQ6DBla5XBT1A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c2RaejgzYmo1U0pTNFI5\nZlRkUlZYUmova2FDdDdISEhwdkIrcVNDMlhnCjE0eUZHZGNobzYvUFRUbGI0YUFO\nT0JNcXpFVGRhRWE2RHd3cEtnK0doLzgKLS0tIC9nbGp5Ry9acVAzUDRUQUxrcGhF\nZVIxV2dkY1ZFY3pWZGdBLzJ1Ym9oVG8KX0++YnBMRArWAoX+ewtBRjkmNIUlr2Qh\nG1/htUWMAyUy9dGEGx3XXqcnj9h7r8Zwpe5wWF7ug+PAIAc9DZMzUg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5a2I1a1BmeDBtN3Y5aWNw\nN09ka0RaNHJka256RDFlb2pJT1FzSEVxemhnCkRYNFZVMUkvaFFWNDJ4eUliRGxC\nUURGZDV3azFMNzBBczRDNU1Wa1MyWE0KLS0tIFpNZXBDSTY1VzhkdkFENGp4aTVl\nSXFwa1QzUGc2SWFQQU1CaTREL2JGMkUKuzIqWZo9cuiFuZzexACH+QF9CeDmqfb7\nNx9KVa5/0X3mIA0FO0Teb477rs1HKDMuwwra1cPJDg/IjSCfbtKmAw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bUVQTVJuYVFJbzFYR0ZF\nL1lJNS9NcnR4eE10RnQwc3hwWUtSL1FJaGxFCkh4dFI1VklTV3cra1dZelZ3NG5m\nTDZleUlmTGFESG84Wm5LZkU0R1JXSUkKLS0tIGxHSmJFZWlwM1lna1lFYlZqQUNz\nZVpSSjhUS1Y0U2tLS0hNL3ZSejlwUEkKFURJ37P1vCq0U1VM1X8dU/8kgzgb3dzx\n0fPUhoxSXIlCXDbCx5wahzRXXzWX93TLFSfVyU6KjNOJ5EnK83bpIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVVMvRm83M2ozd3BrcHZw\nTG8yRU9yNnloWUVLZ2xvMzlVdXFUc2ErMm04Ck9hYnhBdi96eTRKNmxvbUtkZWdh\nbzRYSnlBRkpOOG4renVFYkozR1ZtczQKLS0tIGR3Q0h0Yy91d202OUVPbFlYc29h\nUGFTN281YloreFFvUEhtZmYxWkx6NWcKawED4SC91t2HSqdL/9du45jU8LLLKfyD\nYRXxIxTg6+PEPPDQ+0ay51MLJjTQ8ei2tBecDD8Qr6AbN4nFhjzbYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOL1BEZ1JtYi9HSzBXUEQ3\nVFg2eUszWGN1eXdVcXZ1UWxndUphRW9iV25JCmNsZnRkQ3B4eHJNK0QyUlE4dHBw\nV3krZGZBaFhGendVYWdxaGhjeWcyTEkKLS0tIEx5cG1LM2dXazViVFNqb0d2Wndu\nZ09xa3RIR3ZmL2w5SEJUckREUk1OQUEKekt3BpgyY1JFYe7FZ8TNWK/01ZAtalG0\n/jOawllVz/Cy58KyoVFb0E94rVQC+3XUFYsZb1uq1JBc/vpfHo+E3w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd0hBMUQxRDZOT2FnMnJG\nSjZFNTZrTjlKMEx4U1krL3NVUnlUYk5xTW5FCjlxN0tTZjh4bW4vbnp3QUt2ajB2\naEhaR05EbkNhUndieWpibEdkWnZuUUUKLS0tIG5FSUtlbDBHZFNOQUR5K1lPbFhz\nZmxpVlJ0YmJGOU1YVllKL3g5ODJYTnMKDAhwI7rRIjn0Wbdywd3xJsll8n707JQ2\n+O0lMPMSFm+3kbl6DMx4HiRbw3dmf7cBuPPZftRguM+xlE6ZS3PC/w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-10-26T13:06:56Z", + "mac": "ENC[AES256_GCM,data:NogQqIBG02rimzrpZ/TTO9T4u+B3F1xVqdl1JvvhCjrqLEZQ53tYcwMDRQV8vK3oan/8cb2AohjqJIRxkgPZA4jkaiIDvFrH/H2uxdDfpzOGqh+SZAUliixN/YdKhtkO1la+r3h982NPh0H9sgP4mCjKQGhqtSwU53of4mzR8ek=,iv:LBzyR44L6VBk03sBG7AptdG7JOPB5XjCR/IqyZpE3pM=,tag:AjxHSa7nKlMKxIs5420PGA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml new file mode 100644 index 0000000..8a6d669 --- /dev/null +++ b/helmfile/secrets/ocelot.yaml @@ -0,0 +1,94 @@ +secrets: + acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] + webapp: + env: + MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] + backend: + env: + JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] + MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] + PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] + #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:lZ05DvSu,iv:Tyu7poao1shqKGd/sjTCgGNHU1xgRpjwjMRd+ArGf6o=,tag:dKms4G683JvFzja7YOwYKg==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:c9rnPIaKHIh2LNIJON3ib1IsA09OWGchDxRPRpvrtJw=,iv:08Acxl74lJbYtEEU6crVIYRXwkER8t1XPrhBA2PwEio=,tag:F0xrrt2PkBUMEyp7a81ssw==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:MGmv,iv:IFg6oEncN0ICEmw96XL4EuPKqEZ6KLwU5FJYkveMSpY=,tag:kIVXlt0o5TfhOtRVqU/c4w==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:ORAIWtg=,iv:6X4V3RDeYHrFdBTjsb3Ji0KWsZ2meL8ilqHNGQbcV/M=,tag:R87FgoQwqpes+0ejcOlrPg==,type:str] + #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:PowbGhU=,iv:a1dK5AVySu749vPQvX9OLfMuD+tZkLNtXTMr17+4KuA=,tag:fuJQ7c4RBl25If01MSAmug==,type:str] + SMTP_DKIM_PRIVATKEY: null + SMTP_DKIM_DOMAINNAME: null + SMTP_DKIM_KEYSELECTOR: null + NEO4J_USERNAME: null + NEO4J_PASSWORD: null + REDIS_PASSWORD: null + neo4j: + env: + NEO4J_USERNAME: "" + NEO4J_PASSWORD: "" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs + ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk + VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK + eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ + Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 + ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 + YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw + d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c + w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m + TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr + SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr + Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No + To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 + MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz + SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs + bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL + 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j + Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq + ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw + Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y + lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz + cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y + SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl + Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY + pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-29T14:27:59Z" + mac: ENC[AES256_GCM,data:FlVMBkKZGPkY90XhLifKdQoPPBNr/Qk1UTUjgGM8BzRQ8bFqikxTtXWukAE7JW4bhB+FK7AEwenrGzurMaLoNPQZBCELQQApxwHrTCNlIGPbEHL3jZFFV2hh1cP05r1caGncw2wqYi0G0ozR0PUaDHiw3tqbTV5D8yfa6tumB1I=,iv:zbdnPH/1eLRq7br+DIqHtsSp+eI+TGoR7XZSdD7Cxtc=,tag:JqPaVZSQvBnV/B9BV7pIiQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl new file mode 100644 index 0000000..95c8bc9 --- /dev/null +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -0,0 +1,36 @@ +domain: {{ .StateValues.domain }} + +cert_manager: + issuer: {{ .Release.Name }}-letsencrypt-prod + +underMaintenance: false + +global: + image: + tag: {{ .StateValues.image_tag }} + pullPolicy: Always + +backend: + image: + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/backend + storage: "10Gi" + env: + PRODUCTION_DB_CLEAN_ALLOW: "true" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: + +webapp: + image: + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/webapp + +maintenance: + image: + repository: ghcr.io/{{ .StateValues.github_repository | lower }}/maintenance + +neo4j: + image: + repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j + tag: hetzner + storage: "5Gi" + storageBackups: "10Gi" diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc deleted file mode 100644 index 3794bb5cd01b27fb01e4398183a4445b5e7d4d2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1514 zcmV?4Fm}T0@|(H!D{H(!}`+d0jwubQ-OSZqeBwB8mDd$>D820+$n0Cv>B^b z$S{;rY~LB!wiD?+cwRJEPqD@~H|aJVrSZY@hj78L{?R#+UT@mqAFC~)9TyiKPDvekvY3#!v{2AYIqBWg z8~4snb}1gNBnRqoI}~pGx34|7wlYWDM|r1WszZ{w7~Rd1Liv+E*7+r)yqz2^(#Sc% zGCah+Mw(AHOd#uLHrxZ#%DzrI>m&rwNHo)3CX5XM{GH_r>0fI<0G(;!`R}zh!hq?~ z=av?x@Y!qTL(nW1L8ojCdo%?#zDfKHzJNpL#9-i6bOx^@dVYAU7_di?@R(c>@0xcu zYzS%qm9R|o^VxuP1XA3KF;!6xX4r_S0!HQF^t+z)pIZ}M^?~L%a5_G^(ff|Cw~hJB zBl%I+QMog3-Pq&sB5L#~+J)k#BD~>$>JkZ45X6&mBkP|8O-DmljQW|vw z(`EO618>aegC7i*pATQ;F|?!7zg%cC>U<}GSPlB3#g+(SA6QSYW)a$tDNlLN8r0lD#k(H%jmv*XP0-c7;nDlSS20GkRyHXx~|#juq;(Y zYss5;6RiTfd^?Hdr`Ao9CihU3Lgrp>n1u*A2GYt02a4=UeWgtn4iWJaQ0wZAKc#`O z3|*i?v(%;G7Oy~Hsxyq}+)cfkVy&F&AH4y97DN4vh#9s&=^~VlMQ{bUs#S;6`snOJ zXI*-HQCdVqd(gv{DyIr;3e6k)4ST&@K?v_@8*Zk9U21_=vTbLWme7pQYN^YSs|l}j zKG_rU0Us2^JHUi5V8^5-dlqM?WFPJjGdIEjk`0Wvo&6qS9!~&iXvZMB>lO{ z-A#44CneZ_$1V*{={ss8N>Z1;^mRs*i5Z$?k>uhF!58!SDW7H=uX~L%QqWL5A(gu@ zoXj$q%r?qS;Y2kjN&}h*jd?GRJ2p24!P1tN(F{5n=MACf<&+mW`@w$G0-)lor!7>C zO5p=u2%dsR(9_p2by9pzcwEJIjO06qzHC}3x&xw3%>A~<)M5MY2g_B;jdZro26O}5 zxHC@`Yf?_)!58KVr-n&+czGdN#7Sp`JRiXy_%fF6j@o|NCus@m#`<{FkEHK>Vq2B^ zU0c?L);LCG{u}U?=4*6_J5%w_fj9nTGGw1*)W}vBA_8>s5v2IFp(aA=d40n#9N=7C zr+{P|1xt+cm^SZ`y=K92@vj93jH%kLM;uK2o=qVj&GSG|SXOGY@c^U2Z{O{u`$Np; zR#L$;vW>CJrcd|b8!G)r4mPiIFUqE$ix!T~4^C<&-!mHoQ@sJzKPI>pg96h^4ESaQ z)g~TCV2W4Wk80JSXCG(Z06;}%E@27w9d`I^X3_{*#4q3uEA2<3J{Kf6_x8ONdZwqE ziIcvXkzBp+Fxflt!kK{&_aY$5$f*%hs2(5sS|)l^cSqt)I@HYWqG{XRao5dZp1P+A za&ahVh_GvJ0}^C5f0*qj`H6__{Ivle(x2GA>Vm%7&`y+zHiZasXu|ZY%ai6z8ZhPL zKcbOnM0qsMjR!4hHOzqa`~R5xfYOXZVC3O!OrBbPPoSZ41p=GzC1Q7JDOGQy?3`EP z-92j58f8E{)YJqUH?~rM4VCRx^GjD$Mw3XG-r=_BF>pYgjt&%QB`co=7M8Wb220#z QjCw;+E!|3%k)L{>;*}})umAu6 diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc deleted file mode 100644 index 7055e962b87a721c7e0754a2df8ce420d9118f84..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 348 zcmV-i0i*tm4Fm}T0{19R%4aV;Px{ipiUBnUK7e|c^%;<~tn&xvo5&VdLBwE9X$cAu zQOSDKU4KjHoGVv9MtP~l0CZ1161y+YOK9Zr9UMbx;C7w*oZ*xK%<*bj>t*jb-Oo@6?ehd(w3`4l2 z1MJHL8!S@w?O2^8lEf7H1Ex%qw4R)mO`#5(<%9G(kz9jH28C diff --git a/kubernetes/dns.values.yaml.template b/kubernetes/dns.values.yaml.template deleted file mode 100644 index 09539e3..0000000 --- a/kubernetes/dns.values.yaml.template +++ /dev/null @@ -1,12 +0,0 @@ -# please duplicate template file and rename to "dns.values.yaml" and fill in your value - -provider: digitalocean -digitalocean: - # create the API token at https://cloud.digitalocean.com/account/api/tokens - # needs read + write - apiToken: "TODO" -domainFilters: - # domains you want external-dns to be able to edit - - TODO.TODO -rbac: - create: true \ No newline at end of file diff --git a/kubernetes/values.yaml.enc b/kubernetes/values.yaml.enc deleted file mode 100644 index eaa98bbd1b3d550ddbec94f7dfe9e6e93f20a3fa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1639 zcmV-t2AKJb4Fm}T0vvCp?EtvGi~7>)0rfK@35WIu@c%8B>yu#gz<~@cFS20?aCR?! zSsX8pJyywqKWXKh4h*tVI4jSy9q0<+*0e8mp)u0s0u_13b#o8_reDz33%>V9FvIC{ z^>B=e@lQq|{B5CGjArWUT%AhrGCq+Tyxp z<~12g!Qj$?q|xz(W98pFA}$Sch2As_Jkt^J%D|xSgW`E>gZR|h?Hp_RV~-%g&2=hK zNILrrZ%36vV>l(OR3SQ!2^EyP@arGqCf5xxZsas`3pWzR8-QDxxyY&zR*OEC$>oVv z5bhW_nRyXewPEl+x-D&O4y<7_lV@Fvl7#3`h%I%Ta@Ysp*6ftCPyyo<_Oz-Sv#g7L zAru5QHC^R9B>KH~DgV$RNsaWO&-v|1WBGLyI(d2QbJo;wOYY`J8$x2ILo~`iG)JYQX|_zyrF3b;c7Z_qHQfoLVX!I<>&BnoE@PySUdQSW{E~ zzFvOaY?;P>kZ3LB-I3~=Whp4fnK)v2w z59#Sd8LtFV%gmp;Nv5)+fj|jEzw??_yDhGS71w_hfye)QaBOUb9QPdvYHYK1U_F?g zG0aVQToPNI!<5V=W`WE@+MC#~`&<03nv8IycxOZ-*GhFDm0B~uk1_P_t-q-nvAL?l zO$fxj*8tNk#ZHHLztN;Trk|r_%@eVhVA9|PeEqcu{J5nkE$JwyWTdVNxw2HZX&OTl zaGUQ*!2AwBtab_0nNZQBN&AD6)DZO7_p=@)QNUh~1>UvM?kx#fZakMaDmhcGXhw>B zY);bcA*ast3AV;>7EO*NZ?c5$!_3Ie7ig-foTeu1A9=#AAj`XV!mU|t>`nTUJKMME zAaZ9vYg&#JHr*W{6xpR`{G)2yNUTD4C0SiwH?z+Gq(9{@Kg@*D2))my7L+^mrMPV; znFKWTR!GVD>#`5_Zu!YNJ^o>Y)l!i>0)q-o?tj*x859J#9%35sVCoegrr?~7+z z#Z->F6=k7j>CFm{K=Z#)Fb5DTJap`-aGDTd@V3dJ#>)vx{*IUIO(QAm?jQ4ecW_kW zOWseej9-2Hn$M(Oly8pwxoJd0ddqCJOJRaZdzNMm#YNH)vx#51?;(Sub5Q3N zB&$)p_~|AhQ7IxT-`*48QOzOM?=*%Ie+sFW;bZ&zv!5l#B(79>Z2KMCqAt;ee)UeS zJ>FW$Fs}T!5JPf0#aNFhnX`481d~=pl}jFJb4fx&ohkN>KU3Yk5rVuu=)XLdEK1Qn zgK;Bv2ntO;#S#31KwR0Il?GXXLB!%=Cj%U}KsZ!cU=6DPqax1v+LuXV75OhV0d6jM6!FZZm)!iqnu9Z-zFjDB^;ixIsok0aQ`qAP zk}NO!Ib15b