From f581ff32970affa14307aadd0fdafad9b107a994 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Fri, 25 Oct 2024 01:13:46 +0200 Subject: [PATCH] refactor: kubernetes workflows * use Github container registry to remove dependency on dockerhub * use sops for secure encryption of secrets * use ONBUILD in docker images for rebranding * use helmfile for deploying various environments --- .env.dist | 23 -- .env.enc | Bin 625 -> 0 bytes .github/workflows/deploy.yml | 57 ---- .github/workflows/publish.yml | 267 ------------------ .github/workflows/push.yml | 84 ++++++ .gitignore | 4 - .sops.yaml | 15 + .../constants/{donation.ts => donation.js} | 0 branding/constants/{emails.ts => emails.js} | 0 branding/constants/{filter.ts => filter.js} | 0 branding/constants/{groups.ts => groups.js} | 0 .../{headerMenu.ts => headerMenu.js} | 0 branding/constants/{links.ts => links.js} | 0 branding/constants/{logos.ts => logos.js} | 0 .../constants/{metadata.ts => metadata.js} | 0 branding/locales/{ => tmp}/de.json | 0 branding/locales/{ => tmp}/en.json | 0 docker/backend.Dockerfile | 6 + docker/maintenance.Dockerfile | 7 + docker/webapp.Dockerfile | 6 + helmfile/environments/default.yaml.gotmpl | 5 + helmfile/environments/staging.yaml.gotmpl | 5 + helmfile/helmfile.yaml.gotmpl | 33 +++ helmfile/scripts/image_tag.sh | 2 + helmfile/secrets/kubeconfig | 40 +++ helmfile/secrets/ocelot.yaml | 95 +++++++ helmfile/values/ocelot.yaml.gotmpl | 41 +++ kubeconfig.yaml.enc | Bin 1518 -> 0 bytes kubernetes/dns.values.yaml.enc | 2 - kubernetes/dns.values.yaml.template | 12 - kubernetes/values.yaml.enc | Bin 1762 -> 0 bytes kubernetes/values.yaml.template | 129 --------- 32 files changed, 339 insertions(+), 494 deletions(-) delete mode 100644 .env.dist delete mode 100644 .env.enc delete mode 100644 .github/workflows/deploy.yml delete mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/push.yml delete mode 100644 .gitignore create mode 100644 .sops.yaml rename branding/constants/{donation.ts => donation.js} (100%) rename branding/constants/{emails.ts => emails.js} (100%) rename branding/constants/{filter.ts => filter.js} (100%) rename branding/constants/{groups.ts => groups.js} (100%) rename branding/constants/{headerMenu.ts => headerMenu.js} (100%) rename branding/constants/{links.ts => links.js} (100%) rename branding/constants/{logos.ts => logos.js} (100%) rename branding/constants/{metadata.ts => metadata.js} (100%) rename branding/locales/{ => tmp}/de.json (100%) rename branding/locales/{ => tmp}/en.json (100%) create mode 100644 docker/backend.Dockerfile create mode 100644 docker/maintenance.Dockerfile create mode 100644 docker/webapp.Dockerfile create mode 100644 helmfile/environments/default.yaml.gotmpl create mode 100644 helmfile/environments/staging.yaml.gotmpl create mode 100644 helmfile/helmfile.yaml.gotmpl create mode 100755 helmfile/scripts/image_tag.sh create mode 100644 helmfile/secrets/kubeconfig create mode 100644 helmfile/secrets/ocelot.yaml create mode 100644 helmfile/values/ocelot.yaml.gotmpl delete mode 100644 kubeconfig.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.enc delete mode 100644 kubernetes/dns.values.yaml.template delete mode 100644 kubernetes/values.yaml.enc delete mode 100644 kubernetes/values.yaml.template diff --git a/.env.dist b/.env.dist deleted file mode 100644 index d35240e..0000000 --- a/.env.dist +++ /dev/null @@ -1,23 +0,0 @@ -# GITHUB_OCELOT_REF affects the publish workflow -# GITHUB_OCELOT_REF is a ref (branch, tag, hash) of the ocelot repository -# if this value is not set the github ref just built in the triggering workflow is used. -# if this workflow is triggered by push to master instead of a build-trigger, -# the `master` branch of the ocelot repo is used. -# if you set it to `GITHUB_OCELOT_REF=master` unnessecary builds can occur. -# It is recommended to not set it rather then to set it to `master` -#GITHUB_OCELOT_REF=b2.4.0-351 -#OCELOT_VERSION=2.4.0-351 - -# DOCKERHUB_OCELOT_TAG applies to the deploy workflow -# DOCKERHUB_OCELOT_TAG is a dockerhub tag for the configured (values.yaml) docker images -# if this value is not set the version just built in the triggering workflow is used. -# using `DOCKERHUB_OCELOT_TAG=latest` is the default behaviour of the Kubernetes Chart, -# but its inaccurate if two workflows are running at the same time. -# It is recommended to not set it rather then to set it to `latest` -#DOCKERHUB_OCELOT_TAG=12-ocelot.social2.4.0 - -# DOCKERHUB_BRAND_VARRIANT defines the name of the branded image uploaded to dockerhub. -DOCKERHUB_BRAND_VARRIANT=stage-ocelot-social - -# DOCKERHUB_ORGANISATION defines which dockerhub organisation images will be uploaded to -# DOCKERHUB_ORGANISATION=ocelotsocialnetwork \ No newline at end of file diff --git a/.env.enc b/.env.enc deleted file mode 100644 index 41179a10ce4d6ecd3934f4ed59a9da7f60bd0da0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 625 zcmV-%0*?KR4Fm}T0#@!S4HSMRL15 zvBFxQ8Vv64j3dBn{%2M|xv9Yy5zNn_zkq~Q?cn3bAz`0A;~y_*neYj|IJjOXBP@Vf+|A;l z_dR-q@iUlLZcSuxq5sb$^8h-4KmyEvbXvHynSEbyw2Jq#5J`Azb>_5{?w3)s%+Cq+s8 LN7BaSS8~)g9v4R3 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index bda0ca9..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: deploy - -on: - repository_dispatch: - types: [trigger-ocelot-brand-build-success] - -jobs: - deploy: - # see example https://github.com/do-community/example-doctl-action - # see example https://github.com/do-community/example-doctl-action/blob/main/.github/workflows/workflow.yaml - name: Deploy defined version to cluster - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ocelot_ref }} - DOCKERHUB_OCELOT_TAG_JUST_BUILT: ${{ github.event.client_payload.BUILD_VERSION }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Checkout code - uses: actions/checkout@v3 - with: - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - - name: Set DOCKERHUB_OCELOT_TAG - run: | - if [ -z ${DOCKERHUB_OCELOT_TAG} ]; then - echo "DOCKERHUB_OCELOT_TAG=${DOCKERHUB_OCELOT_TAG_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Decrypt all secrets - run: ocelot/deployment/scripts/secrets.decrypt.sh - - name: Upgrade Cluster - run: ocelot/deployment/scripts/cluster.upgrade.sh - - name: Sleep for 4 minutes - run: sleep 240s - - name: Reset and seed Neo4j database - run: ocelot/deployment/scripts/cluster.reseed.sh \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index a8d4865..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,267 +0,0 @@ -name: publish -on: - repository_dispatch: - types: [trigger-ocelot-build-success] - push: - branches: - - master - -jobs: - build_branded: - name: Docker Build Branded - runs-on: ubuntu-latest - env: - SECRET: ${{ secrets.SECRET }} - CONFIGURATION: "this" - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Set DOCKERHUB_ORGANISATION - run: | - if [ -z ${DOCKERHUB_ORGANISATION} ]; then - echo "DOCKERHUB_ORGANISATION=ocelotsocialnetwork" >> $GITHUB_ENV - fi - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Branded Repo code - uses: actions/checkout@v3 - with: - ref: 'master' - path: "ocelot/deployment/configurations/${{ env.CONFIGURATION }}" - fetch-depth: 0 - - name: Build branded images - run: | - ocelot/deployment/scripts/branded-images.build.sh - docker save "${DOCKERHUB_ORGANISATION}/backend-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/backend-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/webapp-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/webapp-branded.tar - docker save "${DOCKERHUB_ORGANISATION}/maintenance-${DOCKERHUB_BRAND_VARRIANT}" > /tmp/maintenance-branded.tar - - - name: Upload Artifact (Backend) - uses: actions/upload-artifact@v2 - with: - name: docker-backend-branded - path: /tmp/backend-branded.tar - - - name: Upload Artifact (Webapp) - uses: actions/upload-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp/webapp-branded.tar - - - name: Upload Artifact (Maintenance) - uses: actions/upload-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp/maintenance-branded.tar - - upload_to_dockerhub: - name: Upload to Dockerhub - runs-on: ubuntu-latest - needs: [build_branded] - env: - SECRET: ${{ secrets.SECRET }} - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - - name: Download Docker Image (Backend) - uses: actions/download-artifact@v2 - with: - name: docker-backend-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/backend-branded.tar - - - name: Download Docker Image (Webapp) - uses: actions/download-artifact@v2 - with: - name: docker-webapp-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/webapp-branded.tar - - - name: Download Docker Image (Maintenance) - uses: actions/download-artifact@v2 - with: - name: docker-maintenance-branded - path: /tmp - - name: Load Docker Image - run: docker load < /tmp/maintenance-branded.tar - - - name: Upload to dockerhub - run: ocelot/deployment/scripts/branded-images.upload.sh - - github_tag: - name: Tag latest version on Github - runs-on: ubuntu-latest - needs: [upload_to_dockerhub] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - OCELOT_GITHUB_RUN_NUMBER: ${{ github.event.client_payload.GITHUB_RUN_NUMBER }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: package-version-to-git-tag + build number - uses: pkgdeps/git-tag-action@v2 - with: - github_token: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} - github_repo: ${{ github.repository }} - version: ${{ env.BUILD_VERSION }} - git_commit_sha: ${{ github.sha }} - git_tag_prefix: "b" - #- name: Generate changelog - # run: | - # yarn install - # yarn auto-changelog --latest-version ${{ env.VERSION }} --unreleased-only - - name: package-version-to-git-release - continue-on-error: true # Will fail if tag exists - id: create_release - uses: actions/create-release@v1 - env: - GITHUB_TOKEN: ${{ github.token }} #${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - with: - tag_name: ${{ env.BUILD_VERSION }} - release_name: ${{ env.BUILD_VERSION }} - #body_path: ./CHANGELOG.md - draft: false - prerelease: false - -# TODO correct version - build_trigger: - name: Trigger successful brand build - runs-on: ubuntu-latest - needs: [github_tag] - env: - SECRET: ${{ secrets.SECRET }} - GITHUB_OCELOT_REF_JUST_BUILT: ${{ github.event.client_payload.ref }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Decrypt .env - run: gpg --quiet --batch --yes --decrypt --passphrase="${{ env.SECRET }}" --output .env .env.enc - - name: Load .env - uses: aarcangeli/load-dotenv@v1.0.0 - with: - quiet: true - - name: Set GITHUB_OCELOT_REF - run: | - if [ -z ${GITHUB_OCELOT_REF} ]; then - echo "GITHUB_OCELOT_REF=${GITHUB_OCELOT_REF_JUST_BUILT}" >> $GITHUB_ENV - fi - shell: bash - - name: Checkout Ocelot code - uses: actions/checkout@v3 - with: - repository: 'Ocelot-Social-Community/Ocelot-Social' - ref: ${{ env.GITHUB_OCELOT_REF }} - path: 'ocelot/' - fetch-depth: 0 - - name: Set OCELOT_GITHUB_RUN_NUMBER - run: | - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=${GITHUB_OCELOT_REF}" >> $GITHUB_ENV - fi - if [ -z ${OCELOT_GITHUB_RUN_NUMBER} ]; then - echo "OCELOT_GITHUB_RUN_NUMBER=master" >> $GITHUB_ENV - fi - shell: bash - - name: Setup env - run: | - echo "OCELOT_VERSION=$(node -p -e "require('./ocelot/package.json').version")" >> $GITHUB_ENV - echo "BRANDED_VERSION=${GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV - echo "BUILD_COMMIT=${GITHUB_SHA}" >> $GITHUB_ENV - - run: echo "BUILD_VERSION=${BRANDED_VERSION}-ocelot.social${OCELOT_VERSION}-${OCELOT_GITHUB_RUN_NUMBER}" >> $GITHUB_ENV - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v2 - with: - token: ${{ github.token }} - event-type: trigger-ocelot-brand-build-success - repository: ${{ github.repository }} - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "ref_ocelot": "${{ github.event.client_payload.ref }}", "sha_ocelot": "${{ github.event.client_payload.sha }}", "OCELOT_VERSION": "${{ env.OCELOT_VERSION }}", "BRANDED_VERSION": "${{ env.BRANDED_VERSION }}", "BUILD_DATE": "${{ env.BUILD_DATE }}", "BUILD_COMMIT": "${{ env.BUILD_COMMIT }}", "BUILD_VERSION": "${{ env.BUILD_VERSION }}"}' \ No newline at end of file diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..20c4576 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,84 @@ +name: publish + +on: push + +jobs: + build-and-push-images: + strategy: + matrix: + app: + - name: backend + file: docker/backend.Dockerfile + - name: webapp + file: docker/webapp.Dockerfile + - name: maintenance + file: docker/maintenance.Dockerfile + runs-on: ubuntu-latest + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}/${{ matrix.app.name }} + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - name: Log in to the Container registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=schedule + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Build and push Docker images + id: push + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + with: + file: ${{ matrix.app.file }} + context: . + push: true + build-args: | + OCELOT_VERSION=hetzner + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + deploy-to-kubernetes: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/staging' + needs: build-and-push-images + steps: + - uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 + - run: | + mkdir -p ~/.config/sops/age + echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt + env: + SOPS_KEY: ${{ secrets.SOPS_KEY }} + - run: | + mkdir -p ~/.kube + sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config + chmod 600 ~/.kube/config + # - run: echo "IMAGE_TAG=sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV + - uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2 + with: + helmfile-args: apply --environment staging + helmfile-workdirectory: ./helmfile + helm-plugins: > + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f780ba0..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.yaml -SECRET -.env -/backup \ No newline at end of file diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..eec3468 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,15 @@ +creation_rules: + - age: >- + age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00, + age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw, + age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp, + age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr, + age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s, + age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + +# age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 SOPS_KEY github secret +# age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw @roschaefer +# age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp @mahula +# age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr @Elweyn +# age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s @ulfgebhardt +# age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 @Tirokk diff --git a/branding/constants/donation.ts b/branding/constants/donation.js similarity index 100% rename from branding/constants/donation.ts rename to branding/constants/donation.js diff --git a/branding/constants/emails.ts b/branding/constants/emails.js similarity index 100% rename from branding/constants/emails.ts rename to branding/constants/emails.js diff --git a/branding/constants/filter.ts b/branding/constants/filter.js similarity index 100% rename from branding/constants/filter.ts rename to branding/constants/filter.js diff --git a/branding/constants/groups.ts b/branding/constants/groups.js similarity index 100% rename from branding/constants/groups.ts rename to branding/constants/groups.js diff --git a/branding/constants/headerMenu.ts b/branding/constants/headerMenu.js similarity index 100% rename from branding/constants/headerMenu.ts rename to branding/constants/headerMenu.js diff --git a/branding/constants/links.ts b/branding/constants/links.js similarity index 100% rename from branding/constants/links.ts rename to branding/constants/links.js diff --git a/branding/constants/logos.ts b/branding/constants/logos.js similarity index 100% rename from branding/constants/logos.ts rename to branding/constants/logos.js diff --git a/branding/constants/metadata.ts b/branding/constants/metadata.js similarity index 100% rename from branding/constants/metadata.ts rename to branding/constants/metadata.js diff --git a/branding/locales/de.json b/branding/locales/tmp/de.json similarity index 100% rename from branding/locales/de.json rename to branding/locales/tmp/de.json diff --git a/branding/locales/en.json b/branding/locales/tmp/en.json similarity index 100% rename from branding/locales/en.json rename to branding/locales/tmp/en.json diff --git a/docker/backend.Dockerfile b/docker/backend.Dockerfile new file mode 100644 index 0000000..e152205 --- /dev/null +++ b/docker/backend.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/backend:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/docker/maintenance.Dockerfile b/docker/maintenance.Dockerfile new file mode 100644 index 0000000..32ae532 --- /dev/null +++ b/docker/maintenance.Dockerfile @@ -0,0 +1,7 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/maintenance:${OCELOT_VERSION}-code AS build + +FROM nginx:alpine AS branded +COPY --from=build ./app/dist/ /usr/share/nginx/html/ +COPY --from=build ./app/maintenance/nginx/custom.conf /etc/nginx/conf.d/default.conf diff --git a/docker/webapp.Dockerfile b/docker/webapp.Dockerfile new file mode 100644 index 0000000..e4abd38 --- /dev/null +++ b/docker/webapp.Dockerfile @@ -0,0 +1,6 @@ +ARG OCELOT_VERSION=master + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-code AS build + +FROM ghcr.io/ocelot-social-community/ocelot-social/webapp:${OCELOT_VERSION}-base AS branded +COPY --from=build /build . diff --git a/helmfile/environments/default.yaml.gotmpl b/helmfile/environments/default.yaml.gotmpl new file mode 100644 index 0000000..86a316d --- /dev/null +++ b/helmfile/environments/default.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: ocelot-social.roschaefer.de +namespace: ocelot-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/environments/staging.yaml.gotmpl b/helmfile/environments/staging.yaml.gotmpl new file mode 100644 index 0000000..856b3b4 --- /dev/null +++ b/helmfile/environments/staging.yaml.gotmpl @@ -0,0 +1,5 @@ +{{ $image_tag:= env "IMAGE_TAG" | default (exec "../scripts/image_tag.sh" (list) | trim) }} + +domain: reformer-network-staging.roschaefer.de +namespace: reformer-network-staging +image_tag: {{ $image_tag }} diff --git a/helmfile/helmfile.yaml.gotmpl b/helmfile/helmfile.yaml.gotmpl new file mode 100644 index 0000000..96e28ca --- /dev/null +++ b/helmfile/helmfile.yaml.gotmpl @@ -0,0 +1,33 @@ +--- +environments: + default: + values: + - ./environments/default.yaml.gotmpl + staging: + values: + - ./environments/staging.yaml.gotmpl + production: + values: + - ./environments/production.yaml.gotmpl +--- +repositories: + - name: prometheus-community + url: https://prometheus-community.github.io/helm-charts + - name: ocelot-social + url: git+https://github.com/Ocelot-Social-Community/Ocelot-Social@deployment/hetzner/helmfile/ocelot-social?ref=hetzner + +apiVersions: + - monitoring.coreos.com/v1 + +releases: + - name: prometheus + namespace: monitoring + chart: prometheus-community/kube-prometheus-stack + + - name: reformer-ocelot + namespace: {{ .StateValues.namespace }} + chart: ocelot-social/ocelot-social + values: + - ./values/ocelot.yaml.gotmpl + secrets: + - ./secrets/ocelot.yaml diff --git a/helmfile/scripts/image_tag.sh b/helmfile/scripts/image_tag.sh new file mode 100755 index 0000000..f921945 --- /dev/null +++ b/helmfile/scripts/image_tag.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo "sha-$(git rev-parse HEAD | cut -c 1-7)" diff --git a/helmfile/secrets/kubeconfig b/helmfile/secrets/kubeconfig new file mode 100644 index 0000000..6c73d85 --- /dev/null +++ b/helmfile/secrets/kubeconfig @@ -0,0 +1,40 @@ +{ + "data": "ENC[AES256_GCM,data:ulO3Nr7Lpa7sbOnql79JuBSxrNagh1hQct9xTWDFM+9TzsR3g9LKP9f79wQCmNeV6i+lT0mao7RolV59ic5cFN6VhA+yT/D1OCKVoEtMF4T2hDXxJxycybSe21qiA8mFrA/xVM2iD0VS5geM0jIMR+08CkO3yhxe2XeSORG6e782pyoxNlU5JtltU5PX66LmvtdTHblDUix727Oc7YnBHxGkStI77hyqjR9nRELxBJSbBd1dhx5YoTV6lCX2mZF5ZZTmx64EhLio56VSzgFeECgWu5g9vb3iGOXe45jNXg5puwlPQeHyLf6HJqPhKMmLjy8KWVzQ3kJKjiE/y+A4MyBPVD28mSvhEDxFXAipDSfqn+q3ho3ir0/kbcY+cKBAQMxOpEmG5bWHW6UogBTZt14RqfyXEx3c2Y84ce7xZCnSZuOMZzM1FulzuBfoGOKMX7qiDrJw5ITyMGEcFPB1m4niOid7DQm8MCCvD8KPek/ojvIE3iquBEeAn0Wyjp+lOE2llF6D/wy/jx8M8X/9HrvhOqfXY5UyoQH8lglfCRExZriRO0+MOoHYDVVoZQjZsaYND9a7Txb1Gm5Pux6IpMgU8D+lpzvF3iT6Ynec+Lsh1eebD3PG4BUMAWry2Vsopg32MGdnkQoJVjINbo3BuDj8rlPGhDsruhPHGzZ4ZsB340zxq4FZDB3iC1D25YWrewDnrt7AqBL0twJvElIFFTdvDqFlcDsTtcsHyhZtOpSYcCDCMHCSNjBJhdlCGgyxZ4nQ74MxMCYcn9dfeM9JdVTuTAOboI2OYJSD2roi+hsqroNf2rw+gOS/hcwchI3xZvc2tHf4JaWx70uLh0DiNRHcHvegbIBrV2psrKnB6mhXIvnxVrsONXbCLggb2+xCA9mz4HNJczxYB74juSy2Zil3eNAXNkeLUYN3lww+xKF/YBA5eVOFdvjGBV5MT4ImrM6p4ZYkByECAWUhv7jhat0SVgEXRo9zEgzkt6NJTYcSongLIjzNrNrdD/acfIiYDB15vfZ4gj5r82FF3YV59PtXBZHfqi+Gd8XhW8YqPgxL8hp96S83Z77/lQ2V7p4bbi9R7Hr/4e/QhPpjwglyo5eaDxBsgPv6KhPFE4pQO3+aJeiqAH/tulsqpS5gVaGK1iUs/AJzQLd651/JgBaEcZDHo07mfZxwdc8U7OICgjMmBdMZCJ6Rph0BcN+nSHmpJ5peO0zG/CEQXYllL7Zh3Q05TqSBA0MgSi1u8pRSKoTDIW+Vd0C5IzqHwVrFmlNtYGmAdR4c7rzQoMfQmdFAnUyM4TSGOIHiqJievvo759PY0KmW5NfhVUrXHorjQQ66R8j+6vPDW26hwiqM90PtZeRcqbaRDobCM+sZ8bwY5xoyYCmcuq6qz9ijB2TuIU9CSYcBWmtBp0nDO1kURhT4358eSksUXGmoytiwFboPFXmZp6+MHwDeM8IaoFuMVs+bZntOghiU5TbToFPeZC8Yg30icnyw6ZcalyNOcSXYRFUc8JvazFGk08ZRKqNxGw+XjdPqcCyA9L3YShfb3t5Oc4AqkDCvZ0b3lDCZBCtxchIZSPU00PEfsStGCwwX2L/BRtygUdmT//k8Sm6eH1i6/nnKN9Z3+YA+Of7w3jTXSXXcc2wVv5qF7Lv0+0dj0Ts0QAzqCMlmQN568bA0s72WibRnfqdHupRmrdXc/aTZjkiRSKE9jY0CZjQkRBdkJ2Ojnjmi764j1iewWpfH0LY/dA6kwQDTE3IZR1GlS/M/d5makQk04R6kIfm+d9rK/4/GXVJMO8EcQ3n1Arq7/i/G7Yss8DhzGu3tqNhUT3T/x4K0vptoNEX7boxxW4XPXWfWpP/FY+IpUrw+CkXOK6fHPBQvc9EXuWJa0/GGQ2Stsq+Qtgj2pLlVBDiPXUL7tXuHfaKnCUEt1wi3LW3xBZJDtu1Y7Zw97jY3FkVvu2Md47Ze5usRVcykqG3I2KUxFQlFl6ZYWBS+lck03rcjF3a6M1trfueqUQxiW+0cYVSr88bhrB3p85fotIwDALUASq6BXPrF32yWLo0TBz+YITMvouVMFqinXXMS8YkCFuit3AYfEDh/fSpwNl/cMDsCim0KdT+ulnTF/+/crPV0du9E3HvHjQMsk9zFyNXaJPs+prwU3AhorGvOwK8c0yYrgZWdC3SH3VgiUWlfi5+1DxEcm1qP86vUFVtAdy5SeMgIMlds0UK8ejFsMWobcRrynJvHnDFbh6IZoMenwKLqpc7mzuzPUehkpS9HAthHorLs1J7qF69uOkoJBO6i6Qc1/g5ZTYjNcKj9ggusq/mb1hbfelCvxnRxAansf8hfV7GG7AZREhKKN/GPdPMOo8Il+hZeK7Wvk/jMDyReznzi7cSfbCNDypzfVWiHbtuePdbjYHMiWj6xiXD5s/Wp/umZ8mZhhWkesDfY7VSL0CTtHITOm5fARNGYXtAjM4xHYm/C/Z+iaVLl6Y6g4pWvTjzP/l3VqlmOTM/ylG/Ae/zHvCX+c3TNsPqwllT062H/i2yyJexSZHSYin39cwCEyg9YxHMe8yk02ND2zo00w4DOGdWBk1OxUIS2GNRQGN6k21tcqFqnqGz1DDrxOskRkVfy4MZUbw/cKIGLQH9pwtoonFZNr5jioyMDgZCuvXnoLYlXBtWROazpttP1m4sNygjCqZkTPfyQfPOfqnozjMnKq+2zY69zOFP8oWOBE7R0JxrOGqP5FACU7JYweyiNbuFANd2K4sNQUlWswuptwimNDaJ+zYzgQpm9pZsR2OCVlKKkaxo603nLyipM9J+C6OIWWUsxI46ZuYzp1xZAXaouyQycYq1nmc+vLo7chVpLujPtVaaHLGGdELguUnQZVnnXAFvQ4b7tmKd4wA1MT2MVF7dEB3O/E1FTeVheM6e6NYQB6qZHf0ZpOfENri7H3lrTKjFxIcLYl0bedSyjT1nyfXjTkYm7v+UskZjkfRDX7xeVQm8lV2kuDAiOk7xQ5OH1RrNaRf3Xgv4cysWSTb1wWu5iYS6xJzZv0aqL2/wfh/RBfpT/Fr5YKvgZPea/DkA23zs+epdWoMLDlk8LZwGmkmK7oGOAutOTVI2qGzCvT0weE4TC/hCTui8GSc5I6BE/G5QIomFDd2qXGYUjakB2iYzEUVs3/gfkYAylQp7GlAkwyyjjrgxLxtNQxOGWH3D2TCO8KKyND+Z8crxJXAA+3vUjWmjL9FHVx0MXdA2TGOLNbaFST327tIDA6ahlV8dE5+n+iEEFOHGg55F8Dty28W7F/rolXbjrRph60flb3NAK3V4gJmk699Q9wARQ5ZhKdNxLcQx3CezrbLG3AFv5TqzSfES39MNr4KZooBJ2Bvzvubx3K8uS8VjDr5sxx5XhQOVkkKP1cYMpjquwigfbe5Im8gSDH/rdIEg88dZh2jAoC1VP27Yz4Yf5xxtx7v2LyigjD6eLJ4kacVF+qjrWrGqrGPjd7/F5xAsT7F7LNQjI70z25efgUeelupyiNxONnLsYXvK1PNuxJxOY4gO7o83GetKKpTbfD2EDTR4PNYa5Rh6DTp/iu42pvI/pdGKcDVGpiP5hL/NwCaK0dT2FWOfFnntH/nlDDbRkWH0oM3DtKeX44Jd1OBI+LBfkuxpf1eqM0PlgVmg8PlQxMjT/1h4fPdEjcT/xXKhLMHHWj5NWEZBavKDgdqwWEBrKib2htI5wjPkAdqZwEjGEgrLyUINivxP/sDqJIYTCv27n2tc8LLPnfPwkaK6X9QQ0aTJc3ieJ6rbs7GNHfuo0oLZch4kJ9vMojMYucHGY6mdIGOMyN6VazaS/efc7DOElY+qVh3NhsnlRN9c6ZkFrFa5VQfP1HAxlgSRZ9UwH+7fcCfCWGCQB5aP509DgADhiwYe3uOmrwvKbLsvA+gGv9ukc5+a1hj81YOhNMh8B51Tq4s8eslxSfvSA8uBRw4KE+FIX3/JltB3t7GNWh3pY4Lf7wN1a4OMC6qhpUxE=,iv:rrXDWj2gjPcT5sretXzTAmPrlZI39KIttRBtPjhQihE=,tag:u+OmHH6EsbQ6DBla5XBT1A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1c2RaejgzYmo1U0pTNFI5\nZlRkUlZYUmova2FDdDdISEhwdkIrcVNDMlhnCjE0eUZHZGNobzYvUFRUbGI0YUFO\nT0JNcXpFVGRhRWE2RHd3cEtnK0doLzgKLS0tIC9nbGp5Ry9acVAzUDRUQUxrcGhF\nZVIxV2dkY1ZFY3pWZGdBLzJ1Ym9oVG8KX0++YnBMRArWAoX+ewtBRjkmNIUlr2Qh\nG1/htUWMAyUy9dGEGx3XXqcnj9h7r8Zwpe5wWF7ug+PAIAc9DZMzUg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5a2I1a1BmeDBtN3Y5aWNw\nN09ka0RaNHJka256RDFlb2pJT1FzSEVxemhnCkRYNFZVMUkvaFFWNDJ4eUliRGxC\nUURGZDV3azFMNzBBczRDNU1Wa1MyWE0KLS0tIFpNZXBDSTY1VzhkdkFENGp4aTVl\nSXFwa1QzUGc2SWFQQU1CaTREL2JGMkUKuzIqWZo9cuiFuZzexACH+QF9CeDmqfb7\nNx9KVa5/0X3mIA0FO0Teb477rs1HKDMuwwra1cPJDg/IjSCfbtKmAw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bUVQTVJuYVFJbzFYR0ZF\nL1lJNS9NcnR4eE10RnQwc3hwWUtSL1FJaGxFCkh4dFI1VklTV3cra1dZelZ3NG5m\nTDZleUlmTGFESG84Wm5LZkU0R1JXSUkKLS0tIGxHSmJFZWlwM1lna1lFYlZqQUNz\nZVpSSjhUS1Y0U2tLS0hNL3ZSejlwUEkKFURJ37P1vCq0U1VM1X8dU/8kgzgb3dzx\n0fPUhoxSXIlCXDbCx5wahzRXXzWX93TLFSfVyU6KjNOJ5EnK83bpIg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVVMvRm83M2ozd3BrcHZw\nTG8yRU9yNnloWUVLZ2xvMzlVdXFUc2ErMm04Ck9hYnhBdi96eTRKNmxvbUtkZWdh\nbzRYSnlBRkpOOG4renVFYkozR1ZtczQKLS0tIGR3Q0h0Yy91d202OUVPbFlYc29h\nUGFTN281YloreFFvUEhtZmYxWkx6NWcKawED4SC91t2HSqdL/9du45jU8LLLKfyD\nYRXxIxTg6+PEPPDQ+0ay51MLJjTQ8ei2tBecDD8Qr6AbN4nFhjzbYQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOL1BEZ1JtYi9HSzBXUEQ3\nVFg2eUszWGN1eXdVcXZ1UWxndUphRW9iV25JCmNsZnRkQ3B4eHJNK0QyUlE4dHBw\nV3krZGZBaFhGendVYWdxaGhjeWcyTEkKLS0tIEx5cG1LM2dXazViVFNqb0d2Wndu\nZ09xa3RIR3ZmL2w5SEJUckREUk1OQUEKekt3BpgyY1JFYe7FZ8TNWK/01ZAtalG0\n/jOawllVz/Cy58KyoVFb0E94rVQC+3XUFYsZb1uq1JBc/vpfHo+E3w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd0hBMUQxRDZOT2FnMnJG\nSjZFNTZrTjlKMEx4U1krL3NVUnlUYk5xTW5FCjlxN0tTZjh4bW4vbnp3QUt2ajB2\naEhaR05EbkNhUndieWpibEdkWnZuUUUKLS0tIG5FSUtlbDBHZFNOQUR5K1lPbFhz\nZmxpVlJ0YmJGOU1YVllKL3g5ODJYTnMKDAhwI7rRIjn0Wbdywd3xJsll8n707JQ2\n+O0lMPMSFm+3kbl6DMx4HiRbw3dmf7cBuPPZftRguM+xlE6ZS3PC/w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-10-26T13:06:56Z", + "mac": "ENC[AES256_GCM,data:NogQqIBG02rimzrpZ/TTO9T4u+B3F1xVqdl1JvvhCjrqLEZQ53tYcwMDRQV8vK3oan/8cb2AohjqJIRxkgPZA4jkaiIDvFrH/H2uxdDfpzOGqh+SZAUliixN/YdKhtkO1la+r3h982NPh0H9sgP4mCjKQGhqtSwU53of4mzR8ek=,iv:LBzyR44L6VBk03sBG7AptdG7JOPB5XjCR/IqyZpE3pM=,tag:AjxHSa7nKlMKxIs5420PGA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.0" + } +} \ No newline at end of file diff --git a/helmfile/secrets/ocelot.yaml b/helmfile/secrets/ocelot.yaml new file mode 100644 index 0000000..c95d91d --- /dev/null +++ b/helmfile/secrets/ocelot.yaml @@ -0,0 +1,95 @@ +secrets: + acme_email: ENC[AES256_GCM,data:o+2HnrEqa/uXJwqUwdYU14FiZYPfLcKqkQ==,iv:1ouUU4ewzRL4ZDnwJm6BTVg3a64iC5+I2v+AWIF8W2Q=,tag:7ytv959cVmgSmXMC7A8zxA==,type:str] + jwt_secret: ENC[AES256_GCM,data:KkTXkAo3Gl75ywq8ZDNQKA==,iv:nvHqdXhH5/+Ggt8CRZcq+1K25vo6cIiY4D1aoqdTpiI=,tag:eZOSl6Il1Ecl0sj/SjcvSw==,type:str] + webapp: + env: + MAPBOX_TOKEN: ENC[AES256_GCM,data:7Ka4BvQh6NDw9NKUcgGjLwxNHOqhVrZEj/DcGnyv1nXQIG/2WWGGHazAFWUCFpCUmCSaTPSkyLHPFyGQtQ7VAON3AG3tHtv5JvcBb4KDYrjAIzxhAAiHMYFtVJs=,iv:X0YL2dW42TUidJdBlRKb4Vq86X1OzHqipNHTBxmE7ds=,tag:KDH9NwDy6ghqdkXeZxuHgg==,type:str] + backend: + env: + JWT_SECRET: ENC[AES256_GCM,data:8qGviTFMOv9QyoNVwnlFNZ2PmvedbKJM,iv:rmZgs8h2QVsokzMzdGdEcInBLv8AX3xFUjkGhTf3sF0=,tag:SUJpMaIGAb14yg8RxCVUtA==,type:str] + MAPBOX_TOKEN: ENC[AES256_GCM,data:qK6iTYKiWfkvXBodm8zVmfr5ACTTz1+7Pt7Q/hwgv3SYERyo5NyqfsvbVKuDAD90kTCNODpSwUApJE6do/Umedg4s8mrnHXCckIDbX5BztoeHJBehsUC54ELcrQ=,iv:b65yqfdoOX366UXt7HS6nhL8hlZn4l5hQfrhI6NXc+I=,tag:vF48V+TRS5g9ezXhzAJnPw==,type:str] + PRIVATE_KEY_PASSPHRASE: ENC[AES256_GCM,data:05WXBFKIk0BtfUYmkWSwAP+/Y7v18LUow4X/,iv:y7VyymcoRLr2CK96BiErXvKP2Gn/QhECBZyeP+wo8LA=,tag:Hg/fIGyIDMY8P3mWfVupCw==,type:str] + #ENC[AES256_GCM,data:llx+JN8fRqwrLd2ahkmPrhPwcGIkn695l3Ox8VEs9YAR+1wpz3yujA==,iv:4Ctez8zMeqo3cpCCUVy6ZP4T1Z/myPw/FTq+++YAYbc=,tag:al/J8DLqNz6CoLl+TgUdOw==,type:comment] + EMAIL_DEFAULT_SENDER: ENC[AES256_GCM,data:z1EyEokf/TNkFLhRzsCbHew/6T8=,iv:Satr1c8aZQE73ZolC6n+PO74r+Gj3un5Mj0DIYb3n14=,tag:iK6l0GXuhLauBtFXTmLyKQ==,type:str] + SMTP_HOST: ENC[AES256_GCM,data:r0qbaUBB3CSUHR76,iv:TJIx71HW1aBB0sCEd1TB/tTgPBxLR1sdGAEf0t7Qilg=,tag:arXYtwVbIXVaUJpyommokQ==,type:str] + SMTP_USERNAME: ENC[AES256_GCM,data:lZ05DvSu,iv:Tyu7poao1shqKGd/sjTCgGNHU1xgRpjwjMRd+ArGf6o=,tag:dKms4G683JvFzja7YOwYKg==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:c9rnPIaKHIh2LNIJON3ib1IsA09OWGchDxRPRpvrtJw=,iv:08Acxl74lJbYtEEU6crVIYRXwkER8t1XPrhBA2PwEio=,tag:F0xrrt2PkBUMEyp7a81ssw==,type:str] + SMTP_PORT: ENC[AES256_GCM,data:MGmv,iv:IFg6oEncN0ICEmw96XL4EuPKqEZ6KLwU5FJYkveMSpY=,tag:kIVXlt0o5TfhOtRVqU/c4w==,type:str] + SMTP_IGNORE_TLS: ENC[AES256_GCM,data:ORAIWtg=,iv:6X4V3RDeYHrFdBTjsb3Ji0KWsZ2meL8ilqHNGQbcV/M=,tag:R87FgoQwqpes+0ejcOlrPg==,type:str] + #ENC[AES256_GCM,data:wEE3/SPsZqy9LATseOZG7LsCbjG5gY4VUT/TzxhHLJqcYP5I,iv:gcOA0XiUGWq15G4zTRPZ0qZ/XYMTjr+9krbOx0dwpeY=,tag:jd8LTiVT7UQShqMR9zZUZA==,type:comment] + SMTP_SECURE: ENC[AES256_GCM,data:PowbGhU=,iv:a1dK5AVySu749vPQvX9OLfMuD+tZkLNtXTMr17+4KuA=,tag:fuJQ7c4RBl25If01MSAmug==,type:str] + SMTP_DKIM_PRIVATKEY: null + SMTP_DKIM_DOMAINNAME: null + SMTP_DKIM_KEYSELECTOR: null + NEO4J_USERNAME: null + NEO4J_PASSWORD: null + REDIS_PASSWORD: null + neo4j: + env: + NEO4J_USERNAME: "" + NEO4J_PASSWORD: "" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1al36hkk8can83zpxq8qyy07gpv83hdw9vchfly5f264kanz405as283a00 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MjZ5RGI0YTFIbDk3MnBs + ODN3RUg3ZVhsS1dEeDdodFJaQzg2RjFpcm1vClNzV1NwdEFwaXJnclRNVTJIbzVk + VEc3YUV4eWJLb04valdNV216SnhtbzQKLS0tIHpuR2JGZWp0WnNUdStuL1ZLU0FK + eGEreGNJTnU1OTgxL2ljVVRjUUxraEkKvkV7G56/GtJLbLVHvrq+rJ8npBckvww/ + Tq7/k/YmGV764d3Zb0Vs6TNJhoOvKF6sK645wrFlSzVNj51UxkhWYw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1llp6k66265q3rzqemxpnq0x3562u20989vcjf65fl9s3hjhgcscq6mhnjw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWTI4M202SmlhbzJnckF3 + ODZrY3ZQQkRLZmQrNmg4Uys2d0JBWWJMWkN3CmNwUi9HT2VYd0paMnJScnFxSXB0 + YThaU2RqWFdHMXczQ1VmdFdJQmJSU00KLS0tIDk4TW5DdUNJY3dnS1JGQUluaTJw + d3ErbWdrZ2I3ZU1ZZGZBZ1JZU0lZMUEKnQHREjKUZ6a2+Es7SlLY46h4NPdeaE8c + w4My+za7IjGSyL6HKqxSBLUS4Q79cI3iBNu8SwikocmEkqQ/DWlC6g== + -----END AGE ENCRYPTED FILE----- + - recipient: age1zycwtk6dkxj6vuqhj9jw7932ythky9p3att6df4z9qasyw8v5dxquejcmp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTmhYKzUyUGJnRHhjTU5m + TVVFOGl5d3ZFYzE4U216a1YvVUlXTGFvYTM4CkZaMTcvRk1CVDJwek9TT0UvOWMr + SWNrb0pvYTZaTHM4aGRpcG9odDhyUm8KLS0tIEkrSmc4V2c0Q0ltWkdRZWQ5NFEr + Y1VWV0JTRjVmWUU4U1pTZkVhbTVLREEKvCxhsCX//e7XawyJG3XeCGLOUqxCx9No + To4JGg10ciWcW0eqyP5lQfwdlECkmPapNz8gaf40DVpPDij5Nja+zA== + -----END AGE ENCRYPTED FILE----- + - recipient: age15arcg8x6ltnsacwalvny0h2d4d4wkdmax328mw3v5vda9zm97uqshtavmr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaHh6b3hpbFJrcHl6eHl6 + MkZmNUJWSTJRUFVNOHJaYld3QWUwSy93aEFNCjZTZnNZRlJRR3VEeXROOFBmY2Qz + SHF2bWMvdm5zNi92SUFlc2FZcFl1Y1kKLS0tIG4wYzdKTWFKaExiTVlFa0tRdzVs + bGFuMlF6bkw2Z1lGNmZTV1R0ZEs2T0EK78at74wFk1B5OgeMSKrGLl3sNiwrzitL + 0kcMVyxfV68mpjb0Cw2WtEUo0jFmKFXi7H5FbJeoPrDG0QFvIvgfsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1khw2eps099audp3uu5s9rk07qznllh5c8a43gv5dtpnq2a7lue6qrehn5s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYXE0V2pFYnU5Slk5Nk5j + Snh2UElZajhMZnlZTjVkcFBSMnF2VFJ6TG40ClBFQzV4SUpUZTZaSWpRdXNIdDBq + ZHFUSG5uUHU0bXhhcEpCejh2elM1M2MKLS0tIEovMDdrUEs5blNvL3R0VGVaMVhw + Q3V1UmU0OUtWRmRuQ1dtMFROUDF6NG8KRJRymV0GaOW7sENEqYogNK2HeArsuY8Y + lVWepYYDoeRWwu7kmzORaEnW6G4m0F3rADfwMrQVTNvZ+1Xn/yFOXg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1f6mzqe0cejajzt0c7nwdjz4xvs4hjct9d8hrgj60e7unzyfd7prsn0npe5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbHhMUElKUWhFMERGVWpz + cFRwTVovOStYNUQ4czIxR25MUzNON2ZzRmc0CjNvOGd4bmdjWHhwdEMzTzJkQU1Y + SHJrZG1pQ3pmZnZxWXh4bjkwN3ZvVFEKLS0tIHRhVDgzUHNsMHYrV0RoWCtmR0Nl + Tkx0VFJpN1pZam4yeTNYU1Jnb1JyR1EKJSQYyAi9ZZr+njaXV/62nshPVLtWIcLY + pwP8ikur4tKrbyg7H+/f3+9jPsr2Jw3xxgkeS4GL+DsTwrGDEwoaiw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-09T15:57:09Z" + mac: ENC[AES256_GCM,data:VL7iP5uJIiwtFaVuZM88Hc9E5bkyO1kN88tAYd5HfGrTlNAKtINJZRL/ZeG+fNEFNyrtkxs5nfXeCSb0yNop66nWOLpupRBxHVt763Akp/YS/l3qH9UYaDUUkgtPg313pG1vNMiBxss0oE0CDEn+xBxuQFrWUPowG71JuBvHs/Q=,iv:8BE0rDKRBCB7CSVNZNE1wKmhYxiJhbCgI8hh5PACjQ0=,tag:4FUes7xDpSp/KF4AIJiM/A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/helmfile/values/ocelot.yaml.gotmpl b/helmfile/values/ocelot.yaml.gotmpl new file mode 100644 index 0000000..3d4e796 --- /dev/null +++ b/helmfile/values/ocelot.yaml.gotmpl @@ -0,0 +1,41 @@ +domain: {{ .StateValues.domain }} + +cert_manager: + issuer: reformer-network-letsencrypt-prod + +cert_manager: + issuer: {{ .Release.Name }}-letsencrypt-prod + +underMaintenance: false + +global: + image: + pullPolicy: Always + +backend: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/backend + tag: {{ .StateValues.image_tag }} + storage: "10Gi" + env: + PRODUCTION_DB_CLEAN_ALLOW: "true" + PUBLIC_REGISTRATION: "true" + INVITE_REGISTRATION: "true" + CATEGORIES_ACTIVE: + +webapp: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/webapp + tag: {{ .StateValues.image_tag }} + +maintenance: + image: + repository: ghcr.io/ocelot-social-community/stage.ocelot.social/maintenance + tag: {{ .StateValues.image_tag }} + +neo4j: + image: + repository: ghcr.io/ocelot-social-community/ocelot-social/neo4j + tag: hetzner + storage: "5Gi" + storageBackups: "10Gi" diff --git a/kubeconfig.yaml.enc b/kubeconfig.yaml.enc deleted file mode 100644 index b12c470b3a60e61a913de1e40c1be76f44d6445a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1518 zcmV1!-lUHG3MH_wES4X3g+0*V+;h zVQAD;IZ|e^IV@*{1SGf^Z!l7b1&T)4*3`Z?rUaWmhFsOY-q1{O#<=(4RTV$im& zF$2ew1X&wiE_aXERHxzLw5dOwk!L3K z_5LBuI2{c(j$e4e4DbVI4h}-4%YBZq*=iUL4?D_ef7v}Bp`W92Yg)NlFs1a40yPCy z4s~y^=CFR+|0VGn=pF(zU~6-UWDC1{dQH-*Ixk^%B$HLe74M}?)tr{Fo(%-^G!G^7v(yyGY>1O z*bk8XjA*svl{i?6W)tw=Gy4$5Kbf+Nz?WLUPmle#MxvJYnM$UeK@5f0)uRIOYBmCm(+oW%LlTS#b0s&ULV0R+w>NXAL=MH#UUU zE~au)?MbpF0Ja*iIx|}|H#n3CS=kZvIih)9#dQ2BClYdMe*!7H#{0099UXuP6fuso z&moyALSAd#L}5|e5gEm1b+jkh1CWrv*l^-7hW+u^&a5@mB|h0vGJ`3cp;kz#oKr^9 zr71~P=G(DM7Q)C&lKCh8Q*|Xi_z`zQZd{iia@Ua^H8TU({wdp7QCq20zF-sUmj#TR zz&8>jXQ|OD7H6@*hIYvKTyILI7Wj1BYlGs5&b| zVd)OB8|^xRp=2XyLQ{^{O0bjm`CGPw6Z@>XWjE9*QxyqR?`Ok#01H{hgLt(f~yO#xDM>{69 zPl`U3BAUc`0oR8Ov6a5G1~f?0L-{XD#YRht3jb-7_9}*k`udAU+NUlh0|!SLUbDRH6uvC4Saa?hg|bo2M_v|Hud@Sj#{mN{bC!!M$Z=Ed zSbBs$!MGi0uc~l?6A|wv=@Dx>eqx$*9F`u|1}EM1U-zy-2lT+@?24ZzI%TV2`>+ed zKV3|ajGu_XgeA`k@W>xRHpyy4IHd00B!~FaI>N1JObjgsY|bTvsXRpFoB1u}fh}Wo zT!SzBkQ;i#PqMRCRBuKs{!Uw1JXHbKZxb85297LfOF%2%s7e%~Cz-OP`}_%YfVD@5 zf(wZzQLUj$`R?vV-f!A{gR+x;5O0;N6f?=@gB!4w_rFqZUfyZTpVlD^2lFgfV2nae z*I~<^#LC=kplu!7oqsqoz)j0!ld4ZRuX(0IQkUl!v_mtV4)$MKt2>c`9 z4`XROTq~?sE$fBW@co00;)8nS7A}PGY*1DLK(5UJu@tRor#Wt)i8I#)$L{8N%K>b{ U?5k#)C3Mc_WkX+YAJIGId-CJlW&i*H diff --git a/kubernetes/dns.values.yaml.enc b/kubernetes/dns.values.yaml.enc deleted file mode 100644 index 09dc5b4..0000000 --- a/kubernetes/dns.values.yaml.enc +++ /dev/null @@ -1,2 +0,0 @@ -Œ  UÃg¯è¬òÒÀeæC]ôå;W>v”,öæ›k0\kôº:Hðb°ˆv‡Á+ÿî2Ò»$“sé/¤RgÝ¢êd\ FPcºSªÉ@mp>h\æTkÈgDÚœ?±;™ùégêKeE5#ÙtÛåóÓ -©ÐQ+W×±ju¶K!P6•Ý `w£¨À¹Å‘"²¢¬%©=Ï/ÄÚw©˱ÕÎ7[@®©omDð® ’ç /‹é2„_f+6EKZ6?#q!eX0XNdb?0kSRRxdJD_+Ze22hgHs1wNMD5|=Q4 zU2@K%^4oZaqo9|}^iNT+7m%MKRurxI27`yGem$rK$2-Dp^rj~Yosz=TM~9B58N{14 z*;`12 z!b>W$Cu)9@Ls2MgLZW`LG7JWZ5lE`W*ucF6Ge}bkqmI-{v!3ZZMDS~(`;suw^6+2y zKj6W!g-+eDj3~J5lE&rR{Dd=M%*UwD40Z-qAwFtAaf67ez1NZ4dqR zovEbVBO2-zq5~k6z;$O4a&CTS6d!(_;cw~k$0Cy6L7oVAV7L5)UE+0vg}${<8mnYn znqcOe*$FGE`Fce|?82r`&YE_C;?S&gxnw0+?)uzhU74-lm=GW%e2(w}d#dpgs_J$W z%LJr9?gOWOdlt2LArai`%oy`Dh;@6xEHwrPG|A_26)(_32l+PS!|<)~nhS}TC=!}r zwZ8|_%B+d(hs#Jn*FTo-|2&)a-ksnj6&Oy{Ri-)n{o6(Uu{ok8*48r3q&z>izDN*B z5<^z`yIKW8UOQ~NOh%-^b9zJ9nz5g;WnADp$$x2lR%+88g}|v2mJtZ9EQ%51v?o^N z`fY1OSKii*tg1WI4Fgb1MgMV}z3E{ZxbMtp)RiJowCW4u*b z+TbVgFV~_eCrUFGL**LB4F&~`wXzJKjafJy7Nj%MD=~UP0XCIQ>vqWJU5m?kO*~rKn`36>5Hhg&Nc#;R?t#vdsZ+)^Rq$Hp7dMlh|0eFvq zL@9OFd9W^61)M#qCLu~IEiRCU%yS$V?xepzQ@Tliw&GOWVsH+l6_o+emEDaWrRwEL z0)uVo3H;^3QDi(FOk=_iNzs`9Y)5#H{_^S}e^VspzlY^<-N5z|Xt}L{pl& z?HNdL74GTqO`(t{;{ksLro+xlHuTfYgtv%* za4Zt-)ll}r8-h@!4M$^aMs8^(L8dd8dtYQ+Um)#YKLWl!dE6-HEA+eULRMS^2J37;c53FpCz8nY7?kI3)`-7x~}Eo2aqO!aKLe z;pPFzQtQ+rYn6oaF(a1Q@)1+r5pgZliOe6STSaFd;Kv>|WF0`U*=g`RTinfz&^YUP=2(M`S#m|QVXTo925y2|EinB8tBeYiDw8)O z$4GCYTEaG~8Kqk7y3Ep5WFN;Ve_5_cC zy1)*FtQ#X>Oyxk%>7x8a!5ML`CCoeNQ2Tn$!03wObaaa>oHd!b*H#+(?1-`|IQH*S zbway`NwRY6%h>EEi$d3O#FORN3B`?yOCz^do@&^oy};*2e_O^sV7@Rr4=S@*&`GPe zW8Pd>I~D~aCy|b}7~pr)V}&gz5|*&$vU0=D!Al~4ZGWn`bV*>d=Bj>_6u-xB=ax@| zxFRLa>(Zu4c>WN!U445bPYd*tc>^`;gv`wP_tUnxwhEd{OCW?o;6h4bgFxV5;+^u4 EL54neFaQ7m diff --git a/kubernetes/values.yaml.template b/kubernetes/values.yaml.template deleted file mode 100644 index 22e69ca..0000000 --- a/kubernetes/values.yaml.template +++ /dev/null @@ -1,129 +0,0 @@ -# please duplicate template file and rename to "values.yaml" and fill in your value - -# change all the below if needed -MAPBOX_TOKEN: "pk.eyJ1IjoiYnVzZmFrdG9yIiwiYSI6ImNraDNiM3JxcDBhaWQydG1uczhpZWtpOW4ifQ.7TNRTO-o9aK1Y6MyW_Nd4g" -PRODUCTION_DB_CLEAN_ALLOW: false # only true for production environments on staging servers -PUBLIC_REGISTRATION: false -INVITE_REGISTRATION: false -COOKIE_EXPIRE_TIME: 730 # days (730 days, two years is the default in main code) -CATEGORIES_ACTIVE: false - -BACKEND: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/backend-branded" - CLIENT_URI: "https://staging.ocelot.social" - # create a new one for your network - JWT_SECRET: "b/&&7b78BF&fv/Vd" - PRIVATE_KEY_PASSPHRASE: "a7dsf78sadg87ad87sfagsadg78" - # ocelot.social mail dummy - EMAIL_DEFAULT_SENDER: "devops@ocelot.social" - SMTP_HOST: "mail.ocelot.social" - SMTP_USERNAME: "devops@ocelot.social" - SMTP_PASSWORD: "devops@ocelot.social" - SMTP_PORT: "587" - SMTP_IGNORE_TLS: 'false' - SMTP_SECURE: 'false' # true for 465, false for other ports - # or - # SMTP_PORT: "465" - # SMTP_IGNORE_TLS: 'true' - # SMTP_SECURE: 'true' # true for 465, false for other ports - # optional - SMTP_DKIM_DOMAINNAME: ocelot.social - SMTP_DKIM_KEYSELECTOR: 2017 - # all newlines in one line with "\\n". multi line doesn't work with Helm - SMTP_DKIM_PRIVATKEY: "-----BEGIN RSA PRIVATE KEY-----\\n\\n-----END RSA PRIVATE KEY-----\\n" - - # most likely you don't need to change this - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - STORAGE_UPLOADS: "25Gi" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -WEBAPP: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/webapp-branded" - WEBSOCKETS_URI: "wss://staging.ocelot.social/api/graphql" - - # Most likely you don't need to change this - REPLICAS: "2" - MIN_READY_SECONDS: "15" - PROGRESS_DEADLINE_SECONDS: "60" - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "1G" - RESOURCE_LIMITS_MEMORY: "2G" - -NEO4J: - # most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/neo4j-community-branded" - DOCKER_IMAGE_PULL_POLICY: "Always" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - STORAGE: "5Gi" - RESOURCE_REQUESTS_MEMORY: "2G" - RESOURCE_LIMITS_MEMORY: "4G" - # required for Neo4j Enterprice version - #ACCEPT_LICENSE_AGREEMENT: "yes" - ACCEPT_LICENSE_AGREEMENT: "no" - AUTH: "none" - #DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "10000" # hc value - DBMS_CONNECTOR_BOLT_THREAD_POOL_MAX_SIZE: "400" # default value - #DBMS_MEMORY_HEAP_INITIAL_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_INITIAL_SIZE: "" # default - #DBMS_MEMORY_HEAP_MAX_SIZE: "500MB" # HC value - DBMS_MEMORY_HEAP_MAX_SIZE: "" # default - #DBMS_MEMORY_PAGECACHE_SIZE: "490M" # HC value - DBMS_MEMORY_PAGECACHE_SIZE: "" # default - #APOC_IMPORT_FILE_ENABLED: "true" # HC value - APOC_IMPORT_FILE_ENABLED: "false" # default - DBMS_SECURITY_PROCEDURES_UNRESTRICTED: "algo.*,apoc.*" - -MAINTENANCE: - # change all the below if needed - # DOCKER_IMAGE_REPO - change that to your branded docker image - # label is appended based on .Chart.appVersion - DOCKER_IMAGE_REPO: "ocelotsocialnetwork/maintenance-branded" - - # Most likely you don't need to change this - REVISIONS_HISTORY_LIMIT: "25" - CONTAINER_RESTART_POLICY: "Always" - CONTAINER_TERMINATION_GRACE_PERIOD_SECONDS: "30" - DOCKER_IMAGE_PULL_POLICY: "Always" - RESOURCE_REQUESTS_MEMORY: "500M" - RESOURCE_LIMITS_MEMORY: "1G" - -LETSENCRYPT: - # change all the below if needed - # ISSUER is used by cert-manager to set up certificates with the given provider. - # change it to "letsencrypt-production" once you are ready to have valid cetrificates. - # Be aware that the is an issuing limit with letsencrypt, so a dry run with staging might be wise - ISSUER: "letsencrypt-staging" - EMAIL: "devops@ocelot.social" - DOMAINS: - - "staging.ocelot.social" - - "www.staging.ocelot.social" - -NGINX: - # most likely you don't need to change this - PROXY_BODY_SIZE: "10m" - -STORAGE: - # change all the below if needed - PROVISIONER: "dobs.csi.digitalocean.com" - - # most likely you don't need to change this - RECLAIM_POLICY: "Retain" - VOLUME_BINDING_MODE: "Immediate" - ALLOW_VOLUME_EXPANSION: true \ No newline at end of file