Adding monicahq

high/apps/monica/.sops.yaml

@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: .*.yaml
+    encrypted_regex: ^(data|stringData|consumerKey|email|groupName|applicationKey|host|hosts|addresses|server|configLogicalBackup|channel|monica|mariadb|redis)$
+    pgp: 46FAA8106554E4BAC648A9C8DAC3C1A5974CE5A1

high/apps/monica/helmrelease.yml → high/apps/monica/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   targetNamespace: monicahq
   chart:
     spec:
-      chart: monica
+      chart: charts/monica
       sourceRef:
         kind: GitRepository
         name: monicahq
@@ -21,4 +21,6 @@ spec:
       retries: 3
   valuesFrom:
     - kind: ConfigMap
-      name: monicahq-values
+      name: monicahq-values
+    - kind: Secret
+      name: monicahq-secrets

high/apps/monica/kustomization.yaml

@@ -8,5 +8,10 @@ configMapGenerator:
     namespace: flux-system
     files:
       - values.yaml=values.yaml
+secretGenerator:
+  - name: monicahq-secrets
+    namespace: flux-system
+    files:
+      - values.yaml=secrets.yaml
 configurations:
   - kustomizeconfig.yaml

high/apps/monica/kustomizeconfig.yaml

@@ -5,3 +5,8 @@ nameReference:
   fieldSpecs:
   - path: spec/valuesFrom/name
     kind: HelmRelease
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease

high/apps/monica/secrets.yaml

@@ -0,0 +1,50 @@
+monica:
+    host: ENC[AES256_GCM,data:fJ1bLuGGb5naFkbXOX/3irtK,iv:2OebH62oZMmViy8PCZV1vvqw1ZCY7RQNDwJX9jW8Kno=,tag:rf4NDNS6xGA6iiBJdTF64Q==,type:str]
+    mail:
+        fromAddress: ENC[AES256_GCM,data:Q1L5rg==,iv:iKZQD2H/GvdJNP23z6e1k7r8TguDJNMhJCYQGnhTIVA=,tag:mdmyySLeMG4BFAn2mkqQxg==,type:str]
+        replyToAddress: ENC[AES256_GCM,data:mpylKA==,iv:dgheOtFObz3IMCAWFJfid30t5jTRTPhZzVgbvbv2R9E=,tag:niWFgRhoz426Wg5B2Igk0w==,type:str]
+        smtp:
+            host: ENC[AES256_GCM,data:P1xmFu77aQmatg==,iv:uTH+QV7dOXL8zHs7PKD3U2qHFZYHD92iVZm4GuKavsc=,tag:MMWOhPqEseRXLkbovd9j6w==,type:str]
+            username: ENC[AES256_GCM,data:357cGQ==,iv:CmzF5moUqDGUZy5sQnshhltSXeFVYVlTJdwK/FGtD4g=,tag:rLreI2Fm50PCW0655QFuIw==,type:str]
+            password: ENC[AES256_GCM,data:cqM5MA==,iv:VOHbIf5jOlTA8jLwgQfRDnmMWA33oEE809wCyJ0GmKs=,tag:tdOXsdXKWlLgHDsYOKo92A==,type:str]
+mariadb:
+    auth:
+        database: ENC[AES256_GCM,data:5cqnVwrt,iv:vfYsJMXTbX7zTRsWnf5zh9Qql5dKgE6sLycECT5G1wU=,tag:Z+8TvPCC3eEg06IqfrH8RQ==,type:str]
+        username: ENC[AES256_GCM,data:ZmKlnE9qtdJejb7CzXqxM8LvrJQM,iv:ul6M4hKMyLRGMkvm2/jibwyXHjDDLN5tvV5oPhbr2Yk=,tag:kB/UsABshtplYEjn4b8KtQ==,type:str]
+        password: ENC[AES256_GCM,data:mQBim2XIrmIIsGpqRqk=,iv:7esUYfD+Smjw6Mh9VyRWlrPoRyeNjPSXPLJVnDIXZ6I=,tag:m42iVrXeciioZ5Eg3i1p5g==,type:str]
+redis:
+    auth:
+        enabled: ENC[AES256_GCM,data:xvKgOw==,iv:RkSWsMg+c/HlpQKAJJIHHOoTTD2jiqLXc9YccY7w0ZU=,tag:RbRwZIksS3DHNpbyPoONGw==,type:bool]
+        password: ENC[AES256_GCM,data:MNYb/yXFPGdjcVCVZAE=,iv:PylhKS0vklPCwf3wTCYnMY04b6sXnkQjIXdtjYSTHaM=,tag:5baKRHSI7xk36UDc8eZCmw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-05-30T09:57:56Z"
+    mac: ENC[AES256_GCM,data:2xi703zPYqw0kDNNbEaFXRqzLxtTCDE8lhg39IrfLSKhXa+LJSts5NsVKIvA/3PbHx/07CsyUhz1FIAcFbXZ5/+FN8pVVrDtgiKJbuDi/shheY5I7kiuZaP4OUPQhjPGAQFuRa3t+KCRvdk6h+N8B9EBxt9l3u/r4Xf/XChw8DE=,iv:KmwuzHoF/mgS0tfbexVhgAPkvdmRgNNMFSHD5JRcxhg=,tag:C9hI7vNaLBQk8DkP8Hkvuw==,type:str]
+    pgp:
+        - created_at: "2024-05-30T09:57:56Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAz4Gf+0qjwzrAQ/7Bsd2akF+FEUMQeOWMm/t80P22X2tsrAeGnwwrGSpaFLx
+            uuVOKgN+CxFUuw1VZN0zjZHO95T9zVMVxlGXERUkJ+YbnrWeochAVW2nWF+xSe0A
+            UFFTihQ22ESNWLTpxHZGiXIcNUUl813spOpki7vbU+o3VRI/vb6+f5DKJ13ZaK0H
+            Z5wCS36izW58Dupj2bLNP9I9PH4HGe1S4ODl14x3OBPaZ9XDbZ7/3ZsdAp7yCZgq
+            y2ItKhC2Uqz3ZlXxlLSTilcMw1hPqn91JpHGgqK4AYvs9rBof6BgrQ8CNghDxEnC
+            mp6m1Rhp9zQl5NhvQ1raKjCJcL5SxV8AGPQ+G1cYvqZ2iwplfWEfRH4ZIexjUqH/
+            8MkI9NmSlIhSuRivn7C0f82hXKl0ZqcjxC+of5FCgzxHRnM/LAY2SSaqKTHgoynp
+            ZpvxrSao3jrdzqAkDGiXjaxdmnelePf4ckynlsnJLjsEH+M4zjnoTR2BdMcuo6Lt
+            /MTSB3jxR7tNaR+5SOf19zomXtHqT6wnhjFuoJU+r6QhSbmOQdVT/m6vLVlHGCy7
+            EiWnDVzhQh/JYM0OUaLkAmP0kEHGp5HSCCfOeY7CYfqxdrCHAkE8JR5wjoxqBb2n
+            C3B51Afy56/lMR1r3+Gl9cHmt8/QtVyyY2ZKgDXl/xPohjXI0DLlF8Dm+fTsO2PU
+            aAEJAhA0NP06Yh9Q/li6f0sOEHG40tkt49vMxAb4FVo0juJ5mOECauY68+HKTVNu
+            0f/DdNOFWAkXlyixt0S2fscERSH9suAs8UAG8UwM2XeZWo+tQMotd7zQiCUz3u1r
+            fsIMjT8O9HTR
+            =TUy/
+            -----END PGP MESSAGE-----
+          fp: 46FAA8106554E4BAC648A9C8DAC3C1A5974CE5A1
+    encrypted_regex: ^(data|stringData|consumerKey|email|groupName|applicationKey|host|hosts|addresses|server|configLogicalBackup|channel|monica|mariadb|redis)$
+    version: 3.8.1

high/apps/monica/values.yaml

@@ -6,8 +6,8 @@ image:
 replicaCount: 1
 
 ingress:
-  enabled: true
-  # className: nginx
+  enabled: false
+  className: treafik
   annotations:
   #  nginx.ingress.kubernetes.io/proxy-body-size: 4G
     kubernetes.io/tls-acme: "true"
@@ -17,28 +17,20 @@ ingress:
   pathType: Prefix
 
 monica:
-  host: monica.k.zroot.org
   existingSecret:
     enabled: false
   storagedir: /var/www/html/storage
   mail:
     enabled: false
-    fromAddress: user
-    replyToAddress: user
     smtp:
-      host: domain.com
       encryption: tls
       port: 465
-      username: user
-      password: pass
 
 ##
 ## Internal database configuration (SQLite)
 ##
 internalDatabase:
   enabled: false
-  ## Database fullpath file
-  name: /var/www/html/database/monica.sqlite
 
 
 ##
@@ -54,11 +46,6 @@ mariadb:
   ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
   enabled: true
 
-  auth:
-    database: monica
-    username: monica-XSAc6uTM2tJQdy
-    password: iHXkP5qM7MRVMR
-
   architecture: standalone
 
   ## Enable persistence using Persistent Volume Claims
@@ -77,11 +64,6 @@ mariadb:
 ##
 redis:
   enabled: true
-  auth:
-    enabled: true
-    password: iHXkP5qM7MRVMR
-    # existingSecret
-    # existingSecretPasswordKey
 
 ##
 ## Meilisearch chart configuration

high/envs/astrid/monicahq.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: monicahq
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./high/apps/monica
+  prune: true

high/keys/astrid/sops.pub.asc

@@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGZYTEsBEADi1FgOGiWslb0IBNy3eaEgytNTjFATMXSGDs19xKhi8x/BUyXd
+bKQ2fCsAZYx9MhSBhqdz11TT/WcLeqhjxGfq5+4FpYehf3D0jNfQYA21l+idjGpa
+P/IkBxpzgrtpkrDXdMgkMwwWjMFpRhvmPsjySqAt0JnRVPTjClN2rLRGiyPffpSW
+eILdqw7gLD1Igp5qPAvQIacjgg0/pXCk4PPSR0RGBqAeIZOdszCmZvx+LyY9vqfC
+2iY/163Y9D3gSk7OXGk4CIBsRzff4aLStNilReJZtrHh2rRrUX7bp0DzsbPuP+x1
+Mnlnc/kqj5OpteV3UDk2GAiifzB7w7YQAIlCorVjk5bC9m9gshJ72LktZZ3kulGP
+z3bGl78nG2s01Sa7IVQ0ERKwgXYwgCNVOL5VDHe9MFVmG0I7lkbif9r2pYshldic
+BpKv4xJzL3yxEdQP9TaNvGXBG18bmHNimLY2VwOOCH1F4gezmQP3ColXUmNLF0KB
+AAA9jwJnmFiVFQieowSRUxpcLwjqAuqXy3OVfZJVCQlJX4Td4NPLuicBpewNMdAF
+ql5SQdaV9cdu9SDXS/Dg1/s69818XprJaABeAod8b55CD/lgmSXfEZLXlJnqc3aL
+mp9jsUB0omiUXaZD/OMX35Z9V0bkE5hky2DQlJ8P4G38t5D2NvO+eHF96wARAQAB
+tBlhc3RyaWQgPGFzdHJpZEB6cm9vdC5vcmc+iQJRBBMBCAA7FiEERvqoEGVU5LrG
+SKnI2sPBpZdM5aEFAmZYTEsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
+CgkQ2sPBpZdM5aH0LQ/+L5P1RRTgXgUwXq82jNnkoVla0T1sDKgZld7z3PWBT1QC
+HknJa80lf7CTNMXrzVVXMXvYNSknyZDR2NPNTlWj67WW7SwIqI8eJ/5Dr0i2N3vk
+50MjU7QeyVSL2HmHzOZJEt7jC90VoyB+LMa3vjMC5f6OAzKNPvp6Oq8rkwuqW+V5
+neEx8KgbNUMfqPh6oO6hT3XvrH+c1481KC+yNoY+SNphtuJYZxorE15v9Vtedzvs
+5NpYRXJvEZT1/R9RsaNmMENarGIm+KcPgtODZSEIUtQOQG3tmFnCJKgRSudJKvvz
+OF16GhfVxo0wVFNKVVQYlMTz1K9175aql/fYeif0EP0Lu8uBDeP2m3FsF66mCcTA
+TI6QcQufM5TZ/UVisxeYvixUClFXtiXetV/mgtvrFuetKKUnl4XZGB8Xhkd5SrPV
+dxo4sHJ6sOrc3Mho9vXkK0ao95NbtqYvWBMNrcEMOj1aArgVkzuhfnYLAXEwlMAf
+ZuSkjOB10TbjD2fxDHOYfl1KQxjYA/Htdyn8tSi0MuOVfACOH89y26CgI18ySCB3
+SHvCj+zRQAh9stHfCmuXAITer2DJ9XXr4ZnT0pya5/CSMqx2vOPndOE4T9/IhJcI
+XGUe15dd1KrJwIjaXSCgH5J7E2YUxsKrameRv7FctoReogXKU1tqsNmcToX3wGi5
+Ag0EZlhMSwEQAKVGhyXBZRVOv9DFXCGeiwpuLgUyrlm6bLRswE1PwRlsrWLpDJJX
+zL4CJhUqd5iaiXg7PPX3PyHlzpxyQlrQaOg9fi/buBIxQyA2AdHXtvd+gvrizRIt
+qpK2WF6ZtIN4s/l0+X7XG7jV1RGLGABzWuisokv/qC83FQZXQortVbxuUoze7rXq
+KjLw2UFWMGe26GqolN3VCaKilsvv59wMIUY7Ibl1pcQxSFlPf2nHGf+lOs79Ggh/
+xKO66XBVYJFRpKn9mYd3/VihikLVpuokSXFuzYg5xZQlecV52Av2mNiu4wBCIb4z
+KbfWd6+VjXYEjQCmdxwQgjmUDqPiiX66nimBHgRebmbEX29jNojtRtKgBNJuAqX8
+pGrdw9GPG+qydKI+PuPvQosw9ZV0m677U3iKLfrlgn1LPf7IiKxhgmsUmWbZV4QS
+ZWkdngw/45gRc6zKYUpQUYhoAgHqTx14t6mh4QYiWK2qVU7oQYYGnZNjTYzAfVAK
+ISHSIhEAPdWv4qGr6XalRGfaS8ii9joon3EOG6G5YmKQ58T8nMZxeQTjcxhgQyaS
+/lyqx0zi0foikoZHvsBXGUMRnvvAAwCQ1zxH0FzRMTO2orDJzhKT0jqQBAipyNgH
+gQzZIVWkBQblmXS6x5/Hv3xRb6M1ipYSTAFSEIPjNsaHcT57hRFcssYlABEBAAGJ
+AjYEGAEIACAWIQRG+qgQZVTkusZIqcjaw8Gll0zloQUCZlhMSwIbDAAKCRDaw8Gl
+l0zloeT+D/wNTb+jOMMJ5mPv55VdCjVNCP8a1O/WrN70zJdKw761KwzM9nOyqbJ7
+oVDCoJH0cIDu3M2qkjqHmkZGY09Pj9Hwm1ai6+JCiisynFD1sgo49V3vFT+lgYAI
+iLoPQo9m4KR6UnBP8dD4XGXS38ckgUZ6WN6BgVd8RW3Vk3NnygCF1Gwq1UVV4jC2
+0bAECt+0cWlvECOE/5CTc8AIcfjMbzXNoSq7A9hpsARblzlfuF1bva3TVl4u3rkm
+rXwWqi88zxzRGCR3AznEUNo94KTnjq2AnmpHRx0tgKCLDYulem3IJcxXOZfrvrQf
+5sOTMew1EwDDTchYV8GmlKlbyF5TH2C4ygBr8o48Yeuo72fCh+rhxQoXWMX4OPme
+qJaJhTKX7iBN2zDAHWnnY6bXnL3QEu9kBYRuVt5jkpNnu+I2BJs5vR5rEC9Jd6Hc
+BSJP93I64cFcDIOwo6aWCrDdNhVBW6/4nNWlgzCzSbjkNA6//E0K2+2/TfV64wIU
+AdcB7K4Xyp4872L0mSs/veBVx6oSAfUZ6mu2fww3EX6jURBnmykew7PNSzKZUiON
+BiReSlj2X7aNdRA4nDv3gQ7GbcBV2okgK8g6H8qZWo3C6+4AHz8XhodDngYaqPgW
+I8LT74XsdlMWAL0ztLg7GAQty3h0OOoPuxRIQbqRaTz9Dkp2nSEw7Q==
+=CPM/
+-----END PGP PUBLIC KEY BLOCK-----