From 97d03fcdfdf49906eb12b71be98ff81b76d6288d Mon Sep 17 00:00:00 2001
From: Manuel Bovo <manuel.bovo@gmail.com>
Date: Sun, 26 May 2024 22:35:16 +0200
Subject: [PATCH] adding clusterissuser

---
 high/apps/monica/gitrepository.yml            |  15 ++
 high/apps/monica/helmrelease.yml              |  24 +++
 high/apps/monica/kustomization.yaml           |  12 ++
 high/apps/monica/kustomizeconfig.yaml         |   7 +
 high/apps/monica/values.yaml                  | 173 ++++++++++++++++++
 high/envs/astrid/certs.yaml                   |  17 ++
 .../certs/overlays/astrid/ClusterIssuer.yaml  |  16 ++
 .../certs/overlays/astrid/kustomization.yaml  |   4 +
 8 files changed, 268 insertions(+)
 create mode 100644 high/apps/monica/gitrepository.yml
 create mode 100644 high/apps/monica/helmrelease.yml
 create mode 100644 high/apps/monica/kustomization.yaml
 create mode 100644 high/apps/monica/kustomizeconfig.yaml
 create mode 100644 high/apps/monica/values.yaml
 create mode 100644 high/envs/astrid/certs.yaml
 create mode 100644 high/infra/certs/overlays/astrid/ClusterIssuer.yaml
 create mode 100644 high/infra/certs/overlays/astrid/kustomization.yaml

diff --git a/high/apps/monica/gitrepository.yml b/high/apps/monica/gitrepository.yml
new file mode 100644
index 0000000..7a6bb5b
--- /dev/null
+++ b/high/apps/monica/gitrepository.yml
@@ -0,0 +1,15 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: monicahq
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://github.com/monicahq/helm
+  ref:
+    tag: monica-1.0.6
+  ignore: |
+    # exclude all
+    /*
+    # include charts directory
+    !/charts/
diff --git a/high/apps/monica/helmrelease.yml b/high/apps/monica/helmrelease.yml
new file mode 100644
index 0000000..470d485
--- /dev/null
+++ b/high/apps/monica/helmrelease.yml
@@ -0,0 +1,24 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: monicahq
+  namespace: flux-system
+spec:
+  interval: 10m
+  releaseName: monicahq
+  targetNamespace: monicahq
+  chart:
+    spec:
+      chart: monica
+      sourceRef:
+        kind: GitRepository
+        name: monicahq
+        namespace: flux-system
+      interval: 10m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  valuesFrom:
+    - kind: ConfigMap
+      name: monicahq-values
\ No newline at end of file
diff --git a/high/apps/monica/kustomization.yaml b/high/apps/monica/kustomization.yaml
new file mode 100644
index 0000000..e72e105
--- /dev/null
+++ b/high/apps/monica/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - gitrepository.yaml
+  - helmrelease.yaml
+configMapGenerator:
+  - name: monicahq-values
+    namespace: flux-system
+    files:
+      - values.yaml=values.yaml
+configurations:
+  - kustomizeconfig.yaml
diff --git a/high/apps/monica/kustomizeconfig.yaml b/high/apps/monica/kustomizeconfig.yaml
new file mode 100644
index 0000000..dc33d85
--- /dev/null
+++ b/high/apps/monica/kustomizeconfig.yaml
@@ -0,0 +1,7 @@
+# Inject Configmap/Secrets generate by Kustomize into HelmRelease object
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease
diff --git a/high/apps/monica/values.yaml b/high/apps/monica/values.yaml
new file mode 100644
index 0000000..3f8c603
--- /dev/null
+++ b/high/apps/monica/values.yaml
@@ -0,0 +1,173 @@
+image:
+  repository: ghcr.io/monicahq/monica-next
+  tag: main
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+ingress:
+  enabled: true
+  # className: nginx
+  annotations:
+  #  nginx.ingress.kubernetes.io/proxy-body-size: 4G
+    kubernetes.io/tls-acme: "true"
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  labels: {}
+  path: /
+  pathType: Prefix
+
+monica:
+  host: monica.k.zroot.org
+  existingSecret:
+    enabled: false
+  storagedir: /var/www/html/storage
+  mail:
+    enabled: false
+    fromAddress: user
+    replyToAddress: user
+    smtp:
+      host: domain.com
+      encryption: tls
+      port: 465
+      username: user
+      password: pass
+
+##
+## Internal database configuration (SQLite)
+##
+internalDatabase:
+  enabled: false
+  ## Database fullpath file
+  name: /var/www/html/database/monica.sqlite
+
+
+##
+## External database configuration
+##
+externalDatabase:
+  enabled: false
+
+##
+## MariaDB chart configuration
+##
+mariadb:
+  ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
+  enabled: true
+
+  auth:
+    database: monica
+    username: monica-XSAc6uTM2tJQdy
+    password: iHXkP5qM7MRVMR
+
+  architecture: standalone
+
+  ## Enable persistence using Persistent Volume Claims
+  ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  ##
+  primary:
+    persistence:
+      enabled: true
+      # storageClass: ""
+      accessMode: ReadWriteOnce
+      size: 8Gi
+
+##
+## Redis chart configuration
+## for more options see https://github.com/bitnami/charts/tree/master/bitnami/redis
+##
+redis:
+  enabled: true
+  auth:
+    enabled: true
+    password: iHXkP5qM7MRVMR
+    # existingSecret
+    # existingSecretPasswordKey
+
+##
+## Meilisearch chart configuration
+## for more options see https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
+##
+meilisearch:
+  enabled: false
+  environment:
+    MEILI_ENV: production
+    # MEILI_MASTER_KEY
+  auth:
+    # existingMasterKeySecret
+
+## Cronjob to execute monica scheduled tasks
+cronjob:
+  enabled: true
+
+  # Allow configuration of lifecycle hooks
+  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
+  lifecycle: {}
+    # postStartCommand: []
+    # preStopCommand: []
+
+service:
+  type: ClusterIP
+  port: 8080
+  loadBalancerIP: nil
+  nodePort: nil
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+  # monica storage (/var/www/html/storage)
+  enabled: true
+  annotations: {}
+  ## monica storage Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner. (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+
+  ## A manually managed Persistent Volume and Claim
+  ## Requires persistence.enabled: true
+  ## If defined, PVC must be created manually before volume will be bound
+  # existingClaim:
+
+  accessMode: ReadWriteOnce
+  size: 4Gi
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+tests:
+  unitTests:
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 200m
+        memory: 256Mi
\ No newline at end of file
diff --git a/high/envs/astrid/certs.yaml b/high/envs/astrid/certs.yaml
new file mode 100644
index 0000000..db0b304
--- /dev/null
+++ b/high/envs/astrid/certs.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: certs
+  namespace: flux-system
+  labels:
+    org.zroot.gitops: infra
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./high/infra/certs/overlays/astrid
+  prune: true
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system
\ No newline at end of file
diff --git a/high/infra/certs/overlays/astrid/ClusterIssuer.yaml b/high/infra/certs/overlays/astrid/ClusterIssuer.yaml
new file mode 100644
index 0000000..c9c29d3
--- /dev/null
+++ b/high/infra/certs/overlays/astrid/ClusterIssuer.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: root@zroot.org
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-prod-secret
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+    - http01:
+        ingress:
+          ingressClassName: treafik
\ No newline at end of file
diff --git a/high/infra/certs/overlays/astrid/kustomization.yaml b/high/infra/certs/overlays/astrid/kustomization.yaml
new file mode 100644
index 0000000..8dc9e4d
--- /dev/null
+++ b/high/infra/certs/overlays/astrid/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ClusterIssuer.yaml