diff --git a/README.md b/README.md index d91d3e9..b053984 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server. - [SSO](#sso) - [Deploy](#deploy) - - [Continuous Deploy](#continuous-deploy) - - [App](#app) - [Backups](#backups) ## SSO @@ -46,29 +44,6 @@ sops -e deploy/app/helm-values.private.dec.yaml > deploy/app/helm-values.private sops -e deploy/backups/secrets.dec.yaml > deploy/backups/secrets.yaml ``` -### Continuous Deploy - -Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-continous-deploy.yaml). - -### App - -**Environment files:** - -- ./deploy/backups/cronjobs/.env.d/secrets [Example](./deploy/backups/.env.d/secrets.example) -- ./deploy/backups/cronjobs/.env.d/borg_key [Example](./deploy/backups/.env.d/borg_key.example) -- ./deploy/backups/cronjobs/.env.d/id_rsa [Example](./deploy/backups/.env.d/id_rsa.example) -- ./deploy/app/.env [Example](./deploy/app/.env.example) - -Deploy App - -```bash -./ops-scripts/apply-app.sh -``` - -- [backups-kustomization](/deploy/app/kustomization.yaml) - - - ## Backups for more information [check readme](./docs/backups.md). diff --git a/deploy/app/.env.d/.env.example b/deploy/app/.env.d/.env.example deleted file mode 100644 index ec75a0f..0000000 --- a/deploy/app/.env.d/.env.example +++ /dev/null @@ -1,15 +0,0 @@ -APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD="????" -APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD="????" -APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD="????" -APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE="????" -APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME="????" -APP_HELM_VALUE_GITEA_ADMIN_USERNAME="????" -APP_HELM_VALUE_GITEA_ADMIN_PASSWORD="????" -APP_HELM_VALUE_GITEA_ADMIN_EMAIL="????" -APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET="????" -APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET="????" -APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY="????" -APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES="????" -APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN="????" -APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO="????" -APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET="????" diff --git a/deploy/backups/.env.d/.gitignore b/deploy/backups/.env.d/.gitignore deleted file mode 100644 index b727b26..0000000 --- a/deploy/backups/.env.d/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -** -!.gitignore -!*.example \ No newline at end of file diff --git a/deploy/backups/.env.d/borg_key.example b/deploy/backups/.env.d/borg_key.example deleted file mode 100644 index 3301bf5..0000000 --- a/deploy/backups/.env.d/borg_key.example +++ /dev/null @@ -1 +0,0 @@ -BORG_KEY an valid borg key \ No newline at end of file diff --git a/deploy/backups/.env.d/id_rsa.example b/deploy/backups/.env.d/id_rsa.example deleted file mode 100644 index c48d30d..0000000 --- a/deploy/backups/.env.d/id_rsa.example +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -AND VALID PRIVATE SSH KEY WITH ACCESS TO SSH SERVER ------END OPENSSH PRIVATE KEY----- diff --git a/deploy/backups/.env.d/secrets.example b/deploy/backups/.env.d/secrets.example deleted file mode 100644 index f4bee35..0000000 --- a/deploy/backups/.env.d/secrets.example +++ /dev/null @@ -1,7 +0,0 @@ -PBS_REPOSITORY=xxx@pbs@server_address:collection -PBS_PASSWORD=pbs access password -PBS_FINGERPRINT=00:00:00:00:00 # pbs server fingerprint -BORG_REPO="ssh://user@server/path" # required by offsite backup -BORG_PASSPHRASE="borg passphrase" # required by offsite backup -OFFSITE_TARGET_FOLDER="test:target_path" # follow rclone naming convention - diff --git a/deploy/flux/backups-sync.yaml b/deploy/flux/backups-sync.yaml index 37d1c88..ebdecc7 100644 --- a/deploy/flux/backups-sync.yaml +++ b/deploy/flux/backups-sync.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: - name: vaultwarden-app + name: backups namespace: vault-limbosolutions-com spec: interval: 1m diff --git a/deploy/flux/kustomization.yaml b/deploy/flux/kustomization.yaml index 840e23d..9bce96e 100644 --- a/deploy/flux/kustomization.yaml +++ b/deploy/flux/kustomization.yaml @@ -4,6 +4,7 @@ resources: - git-repo.yaml - infra-sync.yaml - gitea-sync.yaml + - backups-sync.yaml secretGenerator: - name: flux-repo-ssh-credentials files: diff --git a/ops-scripts/apply-app.sh b/ops-scripts/apply-app.sh deleted file mode 100755 index 5ea9ab0..0000000 --- a/ops-scripts/apply-app.sh +++ /dev/null @@ -1,40 +0,0 @@ -#/bin/bash - -# load environment variables from file - -if [ -f "deploy/app/.env.d/.env" ]; then - # Export all variables from the file - echo "export variables from file deploy/app/.env.d/.env" - set -a - . deploy/app/.env.d/.env - set +a -fi - -if [ -n "${APP_HELM_VALUE_GITEA_ADMIN_USERNAME:-}" ]; then - - echo "Executing helm deploy." - - helm repo add gitea-charts https://dl.gitea.com/charts/ --force-update - - helm upgrade --install gitea gitea-charts/gitea --version 12.5.3 \ - --values deploy/app/helm-values.yaml \ - --set valkey.global.valkey.password=${APP_HELM_VALUE_VALKEY_GLOBAL_PASSWORD} \ - --set postgresql.global.postgresql.auth.postgresPassword=${APP_HELM_VALUE_POSTGRESQL_AUTH_POSTGRESPASSWORD} \ - --set postgresql.global.postgresql.auth.password=${APP_HELM_VALUE_POSTGRESQL_AUTH_PASSWORD} \ - --set postgresql.global.postgresql.auth.database=${APP_HELM_VALUE_POSTGRESQL_AUTH_DATABASE} \ - --set postgresql.global.postgresql.auth.username=${APP_HELM_VALUE_POSTGRESQL_AUTH_USERNAME} \ - --set gitea.admin.username=${APP_HELM_VALUE_GITEA_ADMIN_USERNAME} \ - --set gitea.admin.password=${APP_HELM_VALUE_GITEA_ADMIN_PASSWORD} \ - --set gitea.admin.email=${APP_HELM_VALUE_GITEA_ADMIN_EMAIL} \ - --set gitea.config.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_OAUTH2_JWT_SECRET} \ - --set gitea.config.server.LFS_JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVER_LFS_JWT_SECRET} \ - --set gitea.config.security.SECRET_KEY=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_SECRET_KEY} \ - --set gitea.config.security.REVERSE_PROXY_TRUSTED_PROXIES=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_REVERSE_PROXY_TRUSTED_PROXIES} \ - --set gitea.config.security.INTERNAL_TOKEN=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_INTERNAL_TOKEN} \ - --set gitea.config.security.PASSWORD_HASH_ALGO=${APP_HELM_VALUE_GITEA_CONFIG_SECURITY_PASSWORD_HASH_ALGO} \ - --set gitea.config.service.oauth2.JWT_SECRET=${APP_HELM_VALUE_GITEA_CONFIG_SERVICE_OAUTH2_JWT_SECRET} \ - --namespace=git-limbosolutions-com - - echo "executing deploy of backups jobs." - kubectl kustomize deploy/backups | kubectl -n git-limbosolutions-com apply -f - -fi \ No newline at end of file