feat(stable): BREAKING CHANGE migrate to new common part 5 (#8615)

**Description**
<!--
Please include a summary of the change and which issue is fixed. Please
also include relevant motivation and context. List any dependencies that
are required for this change.
-->
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Kjeld Schouten-Lebbing
2023-04-30 21:15:20 +02:00
committed by GitHub
parent a761da70fd
commit cc4a7edb53
81 changed files with 1867 additions and 1694 deletions
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "1.0.1"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
description: ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
home: https://truecharts.org/charts/stable/clamav
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clamav.png
@@ -21,9 +21,8 @@ sources:
- https://github.com/Cisco-Talos/clamav
- https://docs.clamav.net/
type: application
version: 5.0.16
version: 6.0.0
annotations:
truecharts.org/catagories: |
- utilities
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+46 -44
View File
@@ -8,46 +8,46 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: CLAMAV_NO_CLAMD
label: "NO CLAMD"
description: "Do not start clamd."
schema:
type: boolean
default: false
- variable: CLAMAV_NO_FRESHCLAMD
label: "NO FRESHCLAMD"
description: "Do not start the freshclam daemon."
schema:
type: boolean
default: false
- variable: CLAMAV_NO_MILTERD
label: "NO MILTERD"
description: "Do not start the clamav-milter daemon."
schema:
type: boolean
default: true
- variable: CLAMD_STARTUP_TIMEOUT
label: "STARTUP TIMEOUT"
description: "Seconds to wait for clamd to start."
schema:
type: int
default: 1800
- variable: FRESHCLAM_CHECKS
label: "FRESHCLAM CHECKS "
description: "Freshclam daily update frequency."
schema:
type: int
default: 1
# Include{containerBasic}
# Include{containerAdvanced}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: CLAMAV_NO_CLAMD
label: "NO CLAMD"
description: "Do not start clamd."
schema:
type: boolean
default: false
- variable: CLAMAV_NO_FRESHCLAMD
label: "NO FRESHCLAMD"
description: "Do not start the freshclam daemon."
schema:
type: boolean
default: false
- variable: CLAMAV_NO_MILTERD
label: "NO MILTERD"
description: "Do not start the clamav-milter daemon."
schema:
type: boolean
default: true
- variable: CLAMD_STARTUP_TIMEOUT
label: "STARTUP TIMEOUT"
description: "Seconds to wait for clamd to start."
schema:
type: int
default: 1800
- variable: FRESHCLAM_CHECKS
label: "FRESHCLAM CHECKS "
description: "Freshclam daily update frequency."
schema:
type: int
default: 1
- variable: clamav
group: "App Configuration"
label: "ClamAV Cron Configuration"
@@ -99,7 +99,9 @@ questions:
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -194,12 +196,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
+1
View File
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+57 -82
View File
@@ -1,85 +1,60 @@
{{/* Define the cronjob */}}
{{- define "clamav.cronjob" -}}
{{- $jobName := include "tc.common.names.fullname" . }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ printf "%s-cronjob" $jobName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
schedule: "{{ .Values.clamav.cron_schedule }}"
concurrencyPolicy: Forbid
{{- with .Values.cronjob.failedJobsHistoryLimit }}
failedJobsHistoryLimit: {{ . }}
{{- end }}
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
successfulJobsHistoryLimit: {{ . }}
{{- end }}
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
restartPolicy: Never
{{- with (include "tc.common.controller.volumes" . | trim) }}
volumes:
{{- nindent 12 . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
- name: date_format
value: {{ .Values.clamav.date_format }}
- name: log_file_name
value: {{ .Values.clamav.log_file_name }}
- name: report_path
value: {{ .Values.clamav.report_path | trimSuffix "/" }}
- name: extra_args
value: {{ .Values.clamav.extra_args }}
command: ["sh", "-c"]
args:
- >
export databasePath=/var/lib/clamav;
if [ "$(ls -A $databasePath)" ];
then
echo "Virus database exists...";
else
echo "Virus database does not exist yet...";
echo "Exiting...";
exit 1;
fi;
export status=99;
export now=$(date ${date_format});
export log_file=$report_path/${log_file_name}_${now};
touch $log_file;
echo "Starting scan of \"/scandir\"";
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
status=$?;
if [ $status -eq 0 ];
then
echo "Exit Status: $status";
echo "No Virus found!";
elif [ $status -eq 1 ];
then
echo "Exit Status: $status.";
echo "Virus(es) found. Check \"${log_file}\".";
elif [ $status -eq 2 ];
then
echo "Exit Status: $status.";
echo "Some error(s) occured.";
else
echo "Exit Status: $status.";
fi;
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
volumeMounts:
{{ nindent 16 . }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 16 }}
enabled: true
type: "CronJob"
schedule: "0 8 * * *"
podSpec:
restartPolicy: Never
containers:
cron:
enabled: true
primary: true
imageSelector: "image"
env:
date_format: {{ .Values.clamav.date_format }}
log_file_name: {{ .Values.clamav.log_file_name }}
report_path: {{ .Values.clamav.report_path | trimSuffix "/" }}
extra_args: {{ .Values.clamav.extra_args }}
command: ["sh", "-c"]
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
args:
- >
export databasePath=/var/lib/clamav;
if [ "$(ls -A $databasePath)" ];
then
echo "Virus database exists...";
else
echo "Virus database does not exist yet...";
echo "Exiting...";
exit 1;
fi;
export status=99;
export now=$(date ${date_format});
export log_file=$report_path/${log_file_name}_${now};
touch $log_file;
echo "Starting scan of \"/scandir\"";
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
status=$?;
if [ $status -eq 0 ];
then
echo "Exit Status: $status";
echo "No Virus found!";
elif [ $status -eq 1 ];
then
echo "Exit Status: $status.";
echo "Virus(es) found. Check \"${log_file}\".";
elif [ $status -eq 2 ];
then
echo "Exit Status: $status.";
echo "Some error(s) occured.";
else
echo "Exit Status: $status.";
fi;
{{- end -}}
+6 -3
View File
@@ -1,10 +1,13 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- include "tc.v1.common.loader.init" . }}
{{- if and .Values.clamav.cron_enabled .Values.clamav.cron_schedule}}
{{/* Render cronjob for clamav */}}
{{- include "clamav.cronjob" . }}
{{- $cronjob := include "clamav.cronjob" . | fromYaml -}}
{{- if $cronjob -}}
{{- $_ := set .Values.workload "cron" $cronjob -}}
{{- end -}}
{{- end -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{ include "tc.v1.common.loader.apply" . }}
+44 -40
View File
@@ -3,58 +3,29 @@ image:
pullPolicy: IfNotPresent
tag: 1.0.1@sha256:6f09199cb0e4ef83356dfe08c5d19d6af65513c3e73792312068036925acda75
podSecurityContext:
runAsUser: 0
runAsGroup: 0
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
env:
CLAMAV_NO_CLAMD: false
CLAMAV_NO_FRESHCLAMD: false
CLAMAV_NO_MILTERD: true
CLAMD_STARTUP_TIMEOUT: 1800
FRESHCLAM_CHECKS: 1
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
clamav:
report_path: "/logs"
# User Defined
cron_enabled: true
cron_schedule: "* * * * *"
date_format: "+%m-%d-%Y_%H.%M.%S"
log_file_name: "clamscan_report"
extra_args: ""
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- clamdcheck.sh
readiness:
enabled: true
custom: true
spec:
exec:
command:
- clamdcheck.sh
startup:
enabled: true
custom: true
spec:
exec:
command:
- clamdcheck.sh
service:
main:
ports:
main:
port: 3310
protocol: http
targetPort: 3310
milter:
enabled: true
@@ -62,6 +33,7 @@ service:
milter:
enabled: true
port: 7357
protocol: http
targetPort: 7357
cronjob:
@@ -69,17 +41,49 @@ cronjob:
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
enabled: true
type: exec
command:
- clamdcheck.sh
readiness:
enabled: true
type: exec
command:
- clamdcheck.sh
startup:
enabled: true
type: exec
command:
- clamdcheck.sh
env:
CLAMAV_NO_CLAMD: false
CLAMAV_NO_FRESHCLAMD: false
CLAMAV_NO_MILTERD: true
CLAMD_STARTUP_TIMEOUT: 1800
FRESHCLAM_CHECKS: 1
persistence:
sigdatabase:
enabled: true
mountPath: "/var/lib/clamav"
mountPath: /var/lib/clamav
targetSelectAll: true
scandir:
enabled: true
mountPath: "/scandir"
mountPath: /scandir
readOnly: true
targetSelectAll: true
logs:
enabled: true
mountPath: "/logs"
mountPath: /logs
targetSelectAll: true
portal:
enabled: false
open:
enabled: false
+3 -7
View File
@@ -3,11 +3,8 @@ appVersion: "1.8.7"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: postgresql.enabled
name: postgresql
repository: https://deps.truecharts.org/
version: 11.0.31
version: 12.6.1
description: Commento++ is a free, open source, fast & lightweight comments box that you can embed in your static website instead of Disqus.
home: https://truecharts.org/charts/stable/commento-plusplus
icon: https://truecharts.org/img/hotlink-ok/chart-icons/commento-plusplus.png
@@ -22,9 +19,8 @@ name: commento-plusplus
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/commento-plusplus
- https://github.com/souramoo/commentoplusplus
version: 6.0.23
version: 7.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+88 -87
View File
@@ -10,90 +10,91 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: COMMENTO_ORIGIN
label: "COMMENTO_ORIGIN"
description: "This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS."
schema:
type: string
default: ""
- variable: COMMENTO_FORBID_NEW_OWNERS
label: "COMMENTO_FORBID_NEW_OWNERS"
description: "Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers."
schema:
type: boolean
default: false
- variable: COMMENTO_GZIP_STATIC
label: "COMMENTO_GZIP_STATIC"
schema:
type: boolean
default: true
- variable: COMMENTO_ENABLE_WILDCARDS
label: "COMMENTO_ENABLE_WILDCARDS"
description: "Allows use of wildcards in domain names in the admin dashboard. (e.g. if you share your commento instance with more than one admin/allow new registrations)"
schema:
type: boolean
default: true
- variable: COMMENTO_ENABLE_LOGGING
label: "COMMENTO_ENABLE_LOGGING"
description: "Should we log every page view? This will allow you to see stats but will fill up your free postgres database quite quickly."
schema:
type: boolean
default: false
- variable: smpt_config
label: "Enable SMTP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: SMTP_SKIP_HOST_VERIFY
label: "SMTP_SKIP_HOST_VERIFY"
description: "Allows skipping of host verification for SMTP email sending."
schema:
type: boolean
default: false
- variable: COMMENTO_SMTP_USERNAME
label: "COMMENTO_SMTP_USERNAME"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_PASSWORD
label: "COMMENTO_SMTP_PASSWORD"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
private: true
default: ""
- variable: COMMENTO_SMTP_HOST
label: "COMMENTO_SMTP_HOST"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_FROM_ADDRESS
label: "COMMENTO_SMTP_FROM_ADDRESS"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_PORT
label: "COMMENTO_SMTP_PORT"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: int
default: 587
# Include{containerBasic}
# Include{containerAdvanced}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: COMMENTO_ORIGIN
label: "COMMENTO_ORIGIN"
description: "This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS."
schema:
type: string
default: ""
- variable: COMMENTO_FORBID_NEW_OWNERS
label: "COMMENTO_FORBID_NEW_OWNERS"
description: "Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers."
schema:
type: boolean
default: false
- variable: COMMENTO_GZIP_STATIC
label: "COMMENTO_GZIP_STATIC"
schema:
type: boolean
default: true
- variable: COMMENTO_ENABLE_WILDCARDS
label: "COMMENTO_ENABLE_WILDCARDS"
description: "Allows use of wildcards in domain names in the admin dashboard. (e.g. if you share your commento instance with more than one admin/allow new registrations)"
schema:
type: boolean
default: true
- variable: COMMENTO_ENABLE_LOGGING
label: "COMMENTO_ENABLE_LOGGING"
description: "Should we log every page view? This will allow you to see stats but will fill up your free postgres database quite quickly."
schema:
type: boolean
default: false
- variable: smpt_config
label: "Enable SMTP"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: SMTP_SKIP_HOST_VERIFY
label: "SMTP_SKIP_HOST_VERIFY"
description: "Allows skipping of host verification for SMTP email sending."
schema:
type: boolean
default: false
- variable: COMMENTO_SMTP_USERNAME
label: "COMMENTO_SMTP_USERNAME"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_PASSWORD
label: "COMMENTO_SMTP_PASSWORD"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
private: true
default: ""
- variable: COMMENTO_SMTP_HOST
label: "COMMENTO_SMTP_HOST"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_FROM_ADDRESS
label: "COMMENTO_SMTP_FROM_ADDRESS"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: string
default: ""
- variable: COMMENTO_SMTP_PORT
label: "COMMENTO_SMTP_PORT"
description: "SMTP credentials and configuration the server should use to send emails."
schema:
type: int
default: 587
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -141,12 +142,12 @@ questions:
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+40 -25
View File
@@ -3,36 +3,51 @@ image:
tag: v1.8.7@sha256:9e64c97771e6d875c465fd047bc98978c7ffc4ff6c0841a878c790753a8cfca1
pullPolicy: IfNotPresent
env:
COMMENTO_PORT: "{{ .Values.service.main.ports.main.port }}"
# User Defined
COMMENTO_FORBID_NEW_OWNERS: false
COMMENTO_GZIP_STATIC: true
COMMENTO_ORIGIN: "http://localhost:8080"
COMMENTO_ENABLE_WILDCARDS: true
COMMENTO_ENABLE_LOGGING: false
SMTP_SKIP_HOST_VERIFY: false
COMMENTO_SMTP_USERNAME: ""
COMMENTO_SMTP_PASSWORD: ""
COMMENTO_SMTP_HOST: ""
COMMENTO_SMTP_FROM_ADDRESS: ""
COMMENTO_SMTP_PORT: 587
COMMENTO_POSTGRES:
secretKeyRef:
name: dbcreds
key: urlnossl
service:
main:
ports:
main:
port: 10240
protocol: http
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: comment-plusplus
postgresqlDatabase: comment-plusplus
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
COMMENTO_PORT: "{{ .Values.service.main.ports.main.port }}"
# User Defined
COMMENTO_FORBID_NEW_OWNERS: false
COMMENTO_GZIP_STATIC: true
COMMENTO_ORIGIN: "http://localhost:8080"
COMMENTO_ENABLE_WILDCARDS: true
COMMENTO_ENABLE_LOGGING: false
SMTP_SKIP_HOST_VERIFY: false
COMMENTO_SMTP_USERNAME: ""
COMMENTO_SMTP_PASSWORD: ""
COMMENTO_SMTP_HOST: ""
COMMENTO_SMTP_FROM_ADDRESS: ""
COMMENTO_SMTP_PORT: 587
COMMENTO_POSTGRES:
secretKeyRef:
name: cnpg-main-urls
key: std
cnpg:
main:
enabled: true
user: comment-plusplus
database: comment-plusplus
portal:
enabled: true
open:
enabled: true
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "0.20.2297"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: Advanced tool to create your own TrueCharts-based App
home: https://truecharts.org/charts/stable/custom-app
@@ -19,9 +19,8 @@ name: custom-app
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/custom-app
type: application
version: 7.0.23
version: 8.0.0
annotations:
truecharts.org/catagories: |
- custom
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
@@ -28,10 +28,6 @@ serviceList:
port: 9119
targetPort: 9119
env:
{}
# PUID: 1001
persistence:
config:
enabled: true
+10 -8
View File
@@ -41,11 +41,13 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{controllerExpertCommand}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{containerConfig}
# Include{podOptions}
- variable: probes
group: "App Configuration"
label: "Healthcheck Probes"
@@ -276,12 +278,12 @@ questions:
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+15 -1
View File
@@ -4,4 +4,18 @@ image:
tag: 0.20.2297@sha256:4de1541011cb56935ba5a8e28a58f6cbcf62a903393dc94581eda0b6e2aa117c
portal:
enabled: true
open:
enabled: false
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.0.1"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: Dedicated App for using Docker-Compose on TrueNAS SCALE
home: https://truecharts.org/charts/stable/docker-compose
@@ -20,9 +20,8 @@ name: docker-compose
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/docker-compose
type: application
version: 5.0.26
version: 6.0.0
annotations:
truecharts.org/catagories: |
- docker
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+33 -33
View File
@@ -8,23 +8,24 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: COMPOSE_FILE
label: Docker Compose File
description: Path on the host of the compose file you want to load. You MUST mount the storage yourself
schema:
type: string
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: env
group: App Configuration
label: Image Environment
schema:
additional_attrs: true
type: dict
attrs:
- variable: COMPOSE_FILE
label: Docker Compose File
description: Path on the host of the compose file you want to load. You MUST mount the storage yourself
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceExpertRoot}
default: true
# Include{serviceExpert}
@@ -32,28 +33,27 @@ questions:
# Include{persistenceList}
# Include{securityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 0
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 0
# Include{ingressList}
# Include{resources}
# Include{advanced}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+35 -49
View File
@@ -2,53 +2,27 @@ image:
repository: tccr.io/truecharts/docker-in-docker
pullPolicy: IfNotPresent
tag: 23.0.1@sha256:118421527d72dd07061e074781b8fee99bb6dc50c5f76e0453e69a1095c25bc2
controller:
# -- Set the controller type.
# Valid options are deployment, daemonset or statefulset
type: statefulset
# -- Number of desired pods
replicas: 1
# -- Set the controller upgrade strategy
# For Deployments, valid values are Recreate (default) and RollingUpdate.
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
# DaemonSets ignore this.
strategy: RollingUpdate
rollingUpdate:
# -- Set deployment RollingUpdate max unavailable
unavailable: 1
# -- Set deployment RollingUpdate max surge
surge:
# -- Set statefulset RollingUpdate partition
partition:
# -- ReplicaSet revision history limit
revisionHistoryLimit: 3
hostNetwork: true
securityContext:
privileged: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
hostNetwork: true
container:
privileged: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
fsGroup: 0
service:
main:
enabled: true
type: ClusterIP
ports:
main:
port: 2376
type: HTTPS
env:
DOCKER_TLS_CERTDIR: /certs
COMPOSE_FILE: ""
lifecycle:
postStart:
exec:
@@ -67,20 +41,31 @@ lifecycle:
else
echo "COMPOSE_FILE not set, not auto-loading compose-file" >> /proc/1/fd/1;
fi
probes:
liveness:
spec:
initialDelaySeconds: 30
readiness:
spec:
initialDelaySeconds: 30
startup:
spec:
initialDelaySeconds: 30
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
initialDelaySeconds: 30
type: tcp
readiness:
initialDelaySeconds: 30
type: tcp
startup:
initialDelaySeconds: 30
type: tcp
env:
DOCKER_TLS_CERTDIR: /certs
COMPOSE_FILE: ""
type: StatefulSet
replicas: 1
strategy: RollingUpdate
persistence:
varrun:
enabled: false
docker-certs-ca:
enabled: true
mountPath: /config
@@ -94,4 +79,5 @@ volumeClaimTemplates:
mountPath: /var/lib/docker
portal:
enabled: false
open:
enabled: false
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: FileBot is the ultimate tool for organizing and renaming your movies, tv shows or anime, and music well as downloading subtitles and artwork. It's smart and just works.
home: https://truecharts.org/charts/stable/filebot
@@ -21,9 +21,8 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/filebot
- https://github.com/jlesage/docker-filebot
type: application
version: 3.0.13
version: 4.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+23 -21
View File
@@ -11,23 +11,23 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
- variable: filebot
group: "App Configuration"
label: "FileBot Configuration"
@@ -232,7 +232,9 @@ questions:
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -335,12 +337,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+34 -18
View File
@@ -4,12 +4,11 @@ image:
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
service:
main:
@@ -25,13 +24,6 @@ service:
port: 10269
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-filebot'
secretEnv:
VNC_PASSWORD: ""
filebot:
KEEP_APP_RUNNING: false
DISPLAY_WIDTH: 1280
@@ -87,19 +79,43 @@ configmap:
AMC_INSTALL_PKGS: "{{ .Values.filebot.AMC_INSTALL_PKGS }}"
USE_FILEBOT_BETA: '{{ ternary "1" "0" .Values.filebot.USE_FILEBOT_BETA }}'
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "filebot"
persistence:
config:
enabled: true
mountPath: "/config"
mountPath: /config
storage:
enabled: true
mountPath: "/storage"
mountPath: /storage
watch:
enabled: true
mountPath: "/watch"
mountPath: /watch
output:
enabled: true
mountPath: "/output"
mountPath: /output
portal:
enabled: true
open:
enabled: true
+4 -8
View File
@@ -3,15 +3,12 @@ appVersion: "1.18.5"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: postgresql.enabled
name: postgresql
repository: https://deps.truecharts.org/
version: 11.0.31
version: 12.6.1
- condition: memcached.enabled
name: memcached
repository: https://deps.truecharts.org/
version: 5.0.31
version: 6.0.15
deprecated: false
description: Self hosted GIT repositories
home: https://truecharts.org/charts/stable/gitea
@@ -34,9 +31,8 @@ sources:
- https://gitea.com/gitea/helm-chart
- https://github.com/go-gitea/gitea
type: application
version: 12.0.31
version: 13.0.0
annotations:
truecharts.org/catagories: |
- GIT
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+106
View File
@@ -0,0 +1,106 @@
Business Source License 1.1
Parameters
Licensor: The TrueCharts Project, it's owner and it's contributors
Licensed Work: The TrueCharts "Blocky" Helm Chart
Additional Use Grant: You may use the licensed work in production, as long
as it is directly sourced from a TrueCharts provided
official repository, catalog or source. You may also make private
modification to the directly sourced licenced work,
when used in production.
The following cases are, due to their nature, also
defined as 'production use' and explicitly prohibited:
- Bundling, including or displaying the licensed work
with(in) another work intended for production use,
with the apparent intend of facilitating and/or
promoting production use by third parties in
violation of this license.
Change Date: 2050-01-01
Change License: 3-clause BSD license
For information about alternative licensing arrangements for the Software,
please contact: legal@truecharts.org
Notice
The Business Source License (this document, or the “License”) is not an Open
Source license. However, the Licensed Work will eventually be made available
under an Open Source License, as stated in this License.
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
“Business Source License” is a trademark of MariaDB Corporation Ab.
-----------------------------------------------------------------------------
Business Source License 1.1
Terms
The Licensor hereby grants you the right to copy, modify, create derivative
works, redistribute, and make non-production use of the Licensed Work. The
Licensor may make an Additional Use Grant, above, permitting limited
production use.
Effective on the Change Date, or the fourth anniversary of the first publicly
available distribution of a specific version of the Licensed Work under this
License, whichever comes first, the Licensor hereby grants you rights under
the terms of the Change License, and the rights granted in the paragraph
above terminate.
If your use of the Licensed Work does not comply with the requirements
currently in effect as described in this License, you must purchase a
commercial license from the Licensor, its affiliated entities, or authorized
resellers, or you must refrain from using the Licensed Work.
All copies of the original and modified Licensed Work, and derivative works
of the Licensed Work, are subject to this License. This License applies
separately for each version of the Licensed Work and the Change Date may vary
for each version of the Licensed Work released by Licensor.
You must conspicuously display this License on each original or modified copy
of the Licensed Work. If you receive the Licensed Work in original or
modified form from a third party, the terms and conditions set forth in this
License apply to your use of that work.
Any use of the Licensed Work in violation of this License will automatically
terminate your rights under this License for the current and all other
versions of the Licensed Work.
This License does not grant you any right in any trademark or logo of
Licensor or its affiliates (provided that you may use a trademark or logo of
Licensor as expressly required by this License).
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
TITLE.
MariaDB hereby grants you permission to use this Licenses text to license
your works, and to refer to it using the trademark “Business Source License”,
as long as you comply with the Covenants of Licensor below.
Covenants of Licensor
In consideration of the right to use this Licenses text and the “Business
Source License” name and trademark, Licensor covenants to MariaDB, and to all
other recipients of the licensed work to be provided by Licensor:
1. To specify as the Change License the GPL Version 2.0 or any later version,
or a license that is compatible with GPL Version 2.0 or a later version,
where “compatible” means that software provided under the Change License can
be included in a program with software provided under GPL Version 2.0 or a
later version. Licensor may specify additional Change Licenses without
limitation.
2. To either: (a) specify an additional grant of rights to use that does not
impose any additional restriction on the right granted in this License, as
the Additional Use Grant; or (b) insert the text “None”.
3. To specify a Change Date.
4. Not to modify this License in any other way.
+9 -7
View File
@@ -10,10 +10,12 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{containerConfig}
# Include{podOptions}
- variable: admin
group: "App Configuration"
label: "Admin Credentials"
@@ -195,12 +197,12 @@ questions:
schema:
type: int
default: 1000
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 1000
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 1000
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
+1
View File
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -6
View File
@@ -1,10 +1,6 @@
{{/* Define the configmap */}}
{{- define "gitea.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-env
enabled: true
data:
GITEA_APP_INI: "/data/gitea/conf/app.ini"
GITEA_CUSTOM: "/data/gitea"
@@ -16,5 +12,4 @@ data:
SSH_LISTEN_PORT: {{ .Values.service.ssh.ports.ssh.targetPort | quote }}
TMPDIR: "/tmp/gitea"
GNUPGHOME: "/data/git/.gnupg"
{{- end -}}
+183 -196
View File
@@ -1,246 +1,233 @@
{{/* Define the secrets */}}
{{- define "gitea.secrets" -}}
---
{{ $DOMAIN := .Values.config.nodeIP | quote -}}
{{ $URL := (printf "http://%s/" .Values.config.nodeIP) }}
{{- $pgHost := printf "%v-cnpg-main-rw" (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- if and (.Values.ingress.main.enabled) (gt (len .Values.ingress.main.hosts) 0) -}}
{{- $DOMAIN = (index .Values.ingress.main.hosts 0).host -}}
{{- $URL = (printf "https://%s/" (index .Values.ingress.main.hosts 0).host) -}}
{{- end -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tc.common.names.fullname" . }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
type: Opaque
stringData:
app.ini: |-
APP_NAME = {{ .Values.config.APP_NAME }}
RUN_MODE = {{ .Values.config.RUN_MODE }}
secret:
enabled: true
data:
app.ini: |-
APP_NAME = {{ .Values.config.APP_NAME }}
RUN_MODE = {{ .Values.config.RUN_MODE }}
[cache]
ADAPTER = memcache
ENABLED = true
HOST = {{ printf "%v-%v:%v" .Release.Name "memcached" "11211" }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "cache" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[cache]
ADAPTER = memcache
ENABLED = true
HOST = {{ printf "%v-%v:%v" .Release.Name "memcached" "11211" }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "cache" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[database]
DB_TYPE = postgres
HOST = {{ printf "%v-%v:%v" .Release.Name "postgresql" "5432" }}
NAME = {{ .Values.postgresql.postgresqlDatabase }}
PASSWD = {{ .Values.postgresql.postgresqlPassword }}
USER = {{ .Values.postgresql.postgresqlUsername }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "database" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[database]
DB_TYPE = postgres
HOST = {{ printf "%v:5432" $pgHost }}
NAME = {{ .Values.cnpg.main.database }}
PASSWD = {{ .Values.cnpg.main.creds.password }}
USER = {{ .Values.cnpg.main.user }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "database" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[metrics]
ENABLED = {{ .Values.metrics.enabled }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "metrics" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[metrics]
ENABLED = {{ .Values.metrics.enabled }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "metrics" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[repository]
ROOT = /data/git/gitea-repositories
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "repository" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[repository]
ROOT = /data/git/gitea-repositories
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "repository" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[security]
INSTALL_LOCK = true
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "security" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[security]
INSTALL_LOCK = true
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "security" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[webhook]
ALLOWED_HOST_LIST = {{ .Values.config.ALLOWED_HOST_LIST }}
[webhook]
ALLOWED_HOST_LIST = {{ .Values.config.ALLOWED_HOST_LIST }}
[server]
APP_DATA_PATH = /data
DOMAIN = {{ $DOMAIN }}
ENABLE_PPROF = false
HTTP_PORT = {{ .Values.service.main.ports.main.targetPort }}
PROTOCOL = http
ROOT_URL = {{ $URL }}
SSH_DOMAIN = {{ $DOMAIN }}
SSH_LISTEN_PORT = {{ .Values.service.ssh.ports.ssh.targetPort }}
SSH_PORT = {{ .Values.service.ssh.ports.ssh.port }}
START_SSH_SERVER = true
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "server" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
[server]
APP_DATA_PATH = /data
DOMAIN = {{ $DOMAIN }}
ENABLE_PPROF = false
HTTP_PORT = {{ .Values.service.main.ports.main.targetPort }}
PROTOCOL = http
ROOT_URL = {{ $URL }}
SSH_DOMAIN = {{ $DOMAIN }}
SSH_LISTEN_PORT = {{ .Values.service.ssh.ports.ssh.targetPort }}
SSH_PORT = {{ .Values.service.ssh.ports.ssh.port }}
START_SSH_SERVER = true
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if eq $catvalue.name "server" }}
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if not ( or ( eq $catvalue.name "server" ) ( eq $catvalue.name "server" ) ( eq $catvalue.name "security" ) ( eq $catvalue.name "repository" ) ( eq $catvalue.name "metrics" ) ( eq $catvalue.name "database" ) ( eq $catvalue.name "cache" ) ) }}
[{{ $catvalue.name }}]
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
{{- range $catindex, $catvalue := .Values.customConfig }}
{{- if not ( or ( eq $catvalue.name "server" ) ( eq $catvalue.name "server" ) ( eq $catvalue.name "security" ) ( eq $catvalue.name "repository" ) ( eq $catvalue.name "metrics" ) ( eq $catvalue.name "database" ) ( eq $catvalue.name "cache" ) ) }}
[{{ $catvalue.name }}]
{{- range $index, $value := $catvalue.keys }}
{{ $value.name }} = {{ $value.value }}
{{- end }}
{{- end }}
{{- end }}
---
init:
enabled: true
data:
init_directory_structure.sh: |-
#!/usr/bin/env bash
apiVersion: v1
kind: Secret
metadata:
name: {{ include "tc.common.names.fullname" . }}-init
labels:
{{- include "tc.common.labels" . | nindent 4 }}
type: Opaque
stringData:
init_directory_structure.sh: |-
#!/usr/bin/env bash
set -euo pipefail
set -euo pipefail
{{- if .Values.initPreScript }}
# BEGIN: initPreScript
{{- with .Values.initPreScript -}}
{{ . | nindent 4}}
{{- end -}}
# END: initPreScript
{{- end }}
{{- if .Values.initPreScript }}
# BEGIN: initPreScript
{{- with .Values.initPreScript -}}
{{ . | nindent 4}}
{{- end -}}
# END: initPreScript
{{- end }}
set -x
set -x
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
# Copy config file to writable volume
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "/data"
chmod a+rwx /data/gitea/conf/app.ini
# Copy config file to writable volume
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/data"
chmod a+rwx /data/gitea/conf/app.ini
# Patch dockercontainer for dynamic users
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "/var/lib/gitea"
# Patch dockercontainer for dynamic users
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/var/lib/gitea"
configure_gitea.sh: |-
#!/usr/bin/env bash
configure_gitea.sh: |-
#!/usr/bin/env bash
set -euo pipefail
set -euo pipefail
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
function test_db_connection() {
local RETRY=0
local MAX=30
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
function test_db_connection() {
local RETRY=0
local MAX=30
echo 'Wait for database to become avialable...'
until [ "${RETRY}" -ge "${MAX}" ]; do
nc -vz -w2 {{ printf "%v-%v" .Release.Name "postgresql" }} 5432 && break
RETRY=$[${RETRY}+1]
echo "...not ready yet (${RETRY}/${MAX})"
done
echo 'Wait for database to become avialable...'
until [ "${RETRY}" -ge "${MAX}" ]; do
nc -vz -w2 {{ $pgHost }} 5432 && break
RETRY=$[${RETRY}+1]
echo "...not ready yet (${RETRY}/${MAX})"
done
if [ "${RETRY}" -ge "${MAX}" ]; then
echo "Database not reachable after '${MAX}' attempts!"
exit 1
fi
}
if [ "${RETRY}" -ge "${MAX}" ]; then
echo "Database not reachable after '${MAX}' attempts!"
exit 1
fi
}
test_db_connection
test_db_connection
echo '==== BEGIN GITEA MIGRATION ===='
echo '==== BEGIN GITEA MIGRATION ===='
gitea migrate
gitea migrate
echo '==== BEGIN GITEA CONFIGURATION ===='
echo '==== BEGIN GITEA CONFIGURATION ===='
{{- if or .Values.admin.existingSecret (and .Values.admin.username .Values.admin.password) }}
function configure_admin_user() {
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\|{{ .Values.admin.email }}\s\+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then
echo "No admin user '${GITEA_ADMIN_USERNAME}' found, neither email '{{ .Values.admin.email }}' is assigned to an admin. Creating now..."
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.admin.email | quote }} --must-change-password=false
echo '...created.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' or email {{ .Values.admin.email }} already exist. Running update to sync password..."
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
echo '...password sync done.'
fi
}
{{- if or .Values.admin.existingSecret (and .Values.admin.username .Values.admin.password) }}
function configure_admin_user() {
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\|{{ .Values.admin.email }}\s\+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then
echo "No admin user '${GITEA_ADMIN_USERNAME}' found, neither email '{{ .Values.admin.email }}' is assigned to an admin. Creating now..."
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.admin.email | quote }} --must-change-password=false
echo '...created.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' or email {{ .Values.admin.email }} already exist. Running update to sync password..."
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
echo '...password sync done.'
fi
}
configure_admin_user
{{- end }}
configure_admin_user
{{- end }}
{{- if .Values.ldap.enabled }}
function configure_ldap() {
local LDAP_NAME={{ (printf "%s" .Values.ldap.name) | squote }}
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
{{- if .Values.ldap.enabled }}
function configure_ldap() {
local LDAP_NAME={{ (printf "%s" .Values.ldap.name) | squote }}
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${GITEA_AUTH_ID}" ]]; then
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }}
echo '...installed.'
else
echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..."
gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }}
echo '...sync settings done.'
fi
}
if [[ -z "${GITEA_AUTH_ID}" ]]; then
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }}
echo '...installed.'
else
echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..."
gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }}
echo '...sync settings done.'
fi
}
configure_ldap
{{- end }}
configure_ldap
{{- end }}
{{- if .Values.oauth.enabled }}
function configure_oauth() {
local OAUTH_NAME={{ (printf "%s" .Values.oauth.name) | squote }}
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
{{- if .Values.oauth.enabled }}
function configure_oauth() {
local OAUTH_NAME={{ (printf "%s" .Values.oauth.name) | squote }}
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }}
echo '...installed.'
else
echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..."
gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }}
echo '...sync settings done.'
fi
}
if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }}
echo '...installed.'
else
echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..."
gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }}
echo '...sync settings done.'
fi
}
configure_oauth
{{- end }}
echo '==== END GITEA CONFIGURATION ===='
configure_oauth
{{- end }}
echo '==== END GITEA CONFIGURATION ===='
{{- end -}}
+31 -17
View File
@@ -1,33 +1,47 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- include "tc.v1.common.loader.init" . }}
{{/* Render secrets for gitea */}}
{{- include "gitea.secrets" . }}
{{- $secrets := include "gitea.secrets" . | fromYaml -}}
{{- if $secrets -}}
{{- $_ := mustMergeOverwrite .Values.secret $secrets -}}
{{- end -}}
{{/* Render configmap for gitea */}}
{{- include "gitea.configmap" . }}
{{- $configmap := include "gitea.configmap" . | fromYaml -}}
{{- if $configmap -}}
{{- $_ := set .Values.configmap "gitea-env" $configmap -}}
{{- end -}}
{{/* Append the general secret volumes to the volumes */}}
{{- define "gitea.initvolume" -}}
enabled: "true"
mountPath: "/secrets/ini"
enabled: true
readOnly: true
type: "custom"
volumeSpec:
secret:
secretName: {{ include "tc.common.names.fullname" . }}-init
defaultMode: 0777
type: secret
objectName: init
defaultMode: "0777"
targetSelector:
main:
main:
mountPath: /secrets/ini
1-init-directories:
mountPath: "/usr/sbin"
2-configure-gitea:
mountPath: "/usr/sbin"
{{- end -}}
{{/* Append the general secret volumes to the volumes */}}
{{- define "gitea.configvolume" -}}
enabled: "true"
mountPath: "/secrets/config"
enabled: true
readOnly: true
type: "custom"
volumeSpec:
secret:
secretName: {{ include "tc.common.names.fullname" . }}
type: secret
objectName: secret
targetSelector:
main:
main:
mountPath: /secrets/config
1-init-directories:
mountPath: /etc/gitea/conf
{{- end -}}
{{- $_ := set .Values.persistence "init" (include "gitea.initvolume" . | fromYaml) -}}
@@ -35,4 +49,4 @@ volumeSpec:
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{ include "tc.v1.common.loader.apply" . }}
+56 -72
View File
@@ -2,12 +2,6 @@ image:
repository: tccr.io/truecharts/gitea
tag: 1.18.5@sha256:722c1aa3d962d7cdbec55a8016b33197468ea59a08e89650b33d6410973df944
pullPolicy: IfNotPresent
podSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
service:
main:
ports:
@@ -22,73 +16,27 @@ service:
port: 2222
targetPort: 2222
envFrom:
- configMapRef:
name: gitea-env
initContainers:
1-init-directories:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["/usr/sbin/init_directory_structure.sh"]
securityContext:
runAsUser: 0
runAsNonRoot: false
envFrom:
- configMapRef:
name: gitea-env
volumeMounts:
- name: init
mountPath: "/usr/sbin"
- name: temp
mountPath: "/tmp"
- name: config
mountPath: "/etc/gitea/conf"
- name: data
mountPath: "/data"
2-configure-gitea:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["/usr/sbin/configure_gitea.sh"]
envFrom:
- configMapRef:
name: gitea-env
volumeMounts:
- name: init
mountPath: "/usr/sbin"
- name: temp
mountPath: "/tmp"
- name: data
mountPath: "/data"
persistence:
data:
enabled: true
mountPath: "/data"
temp:
enabled: true
mountPath: "/tmp"
type: emptyDir
targetSelectAll: true
varlib:
enabled: true
mountPath: "/var/lib/gitea"
type: emptyDir
# Configure commit/action signing prerequisites
signing:
enabled: true
gpgHome: /data/git/.gnupg
admin:
username: giteaadmin
password: r8sA8CPHD9!bt6d
email: "gitea@local.domain"
metrics:
enabled: false
serviceMonitor:
enabled: false
# additionalLabels:
# prometheus-release: prom1
main:
enabled: true
type: "servicemonitor"
ldap:
enabled: false
# name:
@@ -103,7 +51,6 @@ ldap:
# bindPassword:
# usernameAttribute:
# sshPublicKeyAttribute:
oauth:
enabled: false
# name:
@@ -116,30 +63,67 @@ oauth:
# customTokenUrl:
# customProfileUrl:
# customEmailUrl:
config:
APP_NAME: "Gitea: Git with a cup of tea"
RUN_MODE: dev
ALLOWED_HOST_LIST: "127.0.0.1"
nodeIP: 127.0.0.1
customConfig:
[]
# - name: test
# keys:
# - name: testkey
# value: testvalue
customConfig: []
# - name: test
# keys:
# - name: testkey
# value: testvalue
# Enabled postgres
postgresql:
enabled: true
existingSecret: "dbcreds"
postgresqlUsername: gitea
postgresqlDatabase: gitea
cnpg:
main:
enabled: true
user: gitea
database: gitea
# -- memcached dependency settings
memcached:
enabled: true
portal:
enabled: true
open:
enabled: true
securityContext:
container:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
workload:
main:
podSpec:
initContainers:
1-init-directories:
enabled: true
imageSelector: image
type: init
command: ["/usr/sbin/init_directory_structure.sh"]
securityContext:
runAsUser: 0
runAsNonRoot: false
envFrom:
- configMapRef:
name: gitea-env
2-configure-gitea:
enabled: true
imageSelector: image
type: init
command: ["/usr/sbin/configure_gitea.sh"]
envFrom:
- configMapRef:
name: gitea-env
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
envFrom:
- configMapRef:
name: gitea-env
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.1"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs.
home: https://truecharts.org/charts/stable/handbrake
@@ -23,9 +23,8 @@ sources:
- https://github.com/jlesage/docker-handbrake
- https://handbrake.fr/
type: application
version: 15.0.10
version: 16.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+23 -21
View File
@@ -11,23 +11,23 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
- variable: handbrake
group: "App Configuration"
label: "HandBrake Configuration"
@@ -110,7 +110,9 @@ questions:
type: string
default: "ignore"
required: true
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -205,12 +207,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+30 -21
View File
@@ -2,15 +2,6 @@ image:
repository: tccr.io/truecharts/handbrake
tag: 23.02.1@sha256:6c3b2acce5d7750fe4831d181ff9fc3dbf1c5663944778193477d51f9725f060
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
@@ -24,14 +15,6 @@ service:
enabled: true
port: 10055
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-handbrake'
secretEnv:
VNC_PASSWORD: ""
handbrake:
KEEP_APP_RUNNING: false
DISPLAY_WIDTH: 1280
@@ -42,7 +25,6 @@ handbrake:
AUTOMATED_CONVERSION_FORMAT: "mp4"
AUTOMATED_CONVERSION_KEEP_SOURCE: true
AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION: "ignore"
configmap:
handbrake:
enabled: true
@@ -56,7 +38,6 @@ configmap:
AUTOMATED_CONVERSION_PRESET: "{{ .Values.handbrake.AUTOMATED_CONVERSION_PRESET }}"
AUTOMATED_CONVERSION_FORMAT: "{{ .Values.handbrake.AUTOMATED_CONVERSION_FORMAT }}"
AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION: "{{ .Values.handbrake.AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION }}"
persistence:
config:
enabled: true
@@ -67,6 +48,34 @@ persistence:
output:
enabled: true
mountPath: "/output"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "handbrake"
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: JDownloader is a free, open-source download management tool with a huge community of developers that makes downloading as easy and fast as it should be.
home: https://truecharts.org/charts/stable/jdownloader2
@@ -22,9 +22,8 @@ sources:
- https://github.com/jlesage/docker-jdownloader-2
- https://jdownloader.org/
type: application
version: 10.0.15
version: 11.0.0
annotations:
truecharts.org/catagories: |
- downloads
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+23 -21
View File
@@ -11,23 +11,23 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: "REPLACETHIS"
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: "REPLACETHIS"
- variable: jdownloader
group: "App Configuration"
label: "jDownloader2 Configuration"
@@ -75,7 +75,9 @@ questions:
schema:
type: boolean
default: false
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -184,12 +186,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+30 -21
View File
@@ -2,15 +2,6 @@ image:
repository: tccr.io/truecharts/jdownloader-2
pullPolicy: IfNotPresent
tag: 23.02.2@sha256:67a8592a99de8921bdaca4d4c6660ad2c44d599ee5156d7da93d93668928d05d
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
@@ -31,14 +22,6 @@ service:
enabled: true
port: 10056
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-jdownloader'
secretEnv:
VNC_PASSWORD: ""
jdownloader:
# General Settings
KEEP_APP_RUNNING: false
@@ -47,7 +30,6 @@ jdownloader:
DISPLAY_HEIGHT: 768
SECURE_CONNECTION: false
ENABLE_CJK_FONT: false
configmap:
jdownloader:
enabled: true
@@ -57,7 +39,6 @@ configmap:
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.jdownloader.SECURE_CONNECTION }}'
DISPLAY_WIDTH: "{{ .Values.jdownloader.DISPLAY_WIDTH }}"
DISPLAY_HEIGHT: "{{ .Values.jdownloader.DISPLAY_HEIGHT }}"
persistence:
config:
enabled: true
@@ -65,6 +46,34 @@ persistence:
output:
enabled: true
mountPath: "/output"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "jdownloader"
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "2.1.0"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
description: ntfy is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer.
home: https://truecharts.org/charts/stable/ntfy
icon: https://truecharts.org/img/hotlink-ok/chart-icons/ntfy.png
@@ -18,9 +18,8 @@ name: ntfy
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/ntfy
- https://github.com/binwiederhier/ntfy/
version: 4.0.14
version: 5.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+238 -236
View File
@@ -11,239 +11,241 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: NTFY_BASE_URL
label: "Base URL"
description: "Public facing base URL of the service (e.g. https://ntfy.sh)"
schema:
type: string
required: true
default: ""
- variable: NTFY_BEHIND_PROXY
label: "Behind Proxy"
description: "If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection."
schema:
type: boolean
default: false
- variable: ENABLE_CACHE_FILE
label: "Enable Firebase File"
description: "If set to true, it enables the firebase file by setting the NTFY_FIREBASE_KEY_FILE to \"/etc/ntfy/firebase-key.json\""
schema:
type: boolean
default: false
- variable: ENABLE_CACHE_FILE
label: "Enable Cache File"
description: "If set to true, it enables the cache file by setting the NTFY_CACHE_FILE to \"/var/cache/ntfy/cache.db\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_CACHE_DURATION
label: "Cache Duration"
description: "Duration for which messages will be buffered before they are deleted. This is required to support the since=... and poll=1 parameter. Set this to 0 to disable the cache entirely."
schema:
type: string
required: true
default: "12h"
- variable: NTFY_KEEPALIVE_INTERVAL
label: "Keepalive interval"
description: "Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that."
schema:
type: string
required: true
default: "45s"
- variable: NTFY_MANAGER_INTERVAL
label: "Manager Interval"
description: "Interval in which the manager prunes old messages, deletes topics and prints the stats."
schema:
type: string
required: true
default: "1m"
- variable: NTFY_GLOBAL_TOPIC_LIMIT
label: "Global Topic Limit"
description: "Rate limiting: Total number of topics before the server rejects new topics."
schema:
type: int
required: true
default: 15000
- variable: ENABLE_VISITOR_SETTINGS
label: "Enable Visitor Settings"
description: "If set to true, it enables the visitor settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_VISITOR_SUBSCRIPTION_LIMIT
label: "Visitor Ssubscription Limit"
description: "Rate limiting: Number of subscriptions per visitor (IP address)"
schema:
type: int
required: true
default: 30
- variable: NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT
label: "Visitor Attachment Total Size Limit"
description: "Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See NTFY_ATTACHMENT_EXPIRY_DURATION"
schema:
type: string
required: true
default: "100M"
- variable: NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT
label: "Visitor Attachment Daily Bandwidth Limit"
description: "Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding."
schema:
type: string
required: true
default: "500M"
- variable: NTFY_VISITOR_REQUEST_LIMIT_BURST
label: "Visitor Request Limit Burst"
description: "Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has"
schema:
type: int
required: true
default: 60
- variable: NTFY_VISITOR_REQUEST_LIMIT_REPLENISH
label: "Visitor Request Limit Replenish"
description: "Rate limiting: Strongly related to NTFY_VISITOR_REQUEST_LIMIT_BURST: The rate at which the bucket is refilled."
schema:
type: string
required: true
default: "5s"
- variable: NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS
label: "Visitor Request Limit Exempt Hosts"
description: "Rate limiting: List of hostnames and IPs to be exempt from request rate limiting."
schema:
type: string
default: ""
- variable: NTFY_VISITOR_EMAIL_LIMIT_BURST
label: "Visitor Email Limit Burst"
description: "Rate limiting:Initial limit of e-mails per visitor"
schema:
type: int
required: true
default: 16
- variable: NTFY_VISITOR_EMAIL_LIMIT_REPLENISH
label: "Visitor Email Limit Replenish"
description: "Rate limiting: Strongly related to NTFY_VISITOR_EMAIL_LIMIT_BURST: The rate at which the bucket is refilled."
schema:
type: string
required: true
default: "1h"
- variable: ENABLE_ATTACHMENT_CACHE_DIR
label: "Enable Attachment Cache Directory"
description: "If set to true, it enables the attachment dir by setting the NTFY_ATTACHMENT_CACHE_DIR to \"/var/cache/ntfy/attachments\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
label: "Attachment Total Size Limit"
description: "Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected."
schema:
type: string
required: true
default: "5G"
- variable: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
label: "Attachment File Size Limit"
description: "Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected."
schema:
type: string
required: true
default: "15M"
- variable: NTFY_ATTACHMENT_EXPIRY_DURATION
label: "Attachment Expiry Duration"
description: "Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT."
schema:
type: string
required: true
default: "3h"
- variable: ENABLE_AUTH_FILE
label: "Enable Auth File"
description: "If set to true, it enables the auth file by setting the NTFY_AUTH_FILE to \"/etc/ntfy/user.db\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_AUTH_DEFAULT_ACCESS
label: "Auth Default Access"
description: "Default permissions if no matching entries in the auth database are found."
schema:
type: string
required: true
default: "read-write"
enum:
- value: "read-write"
description: "read-write"
- value: "read-only"
description: "read-only"
- value: "write-only"
description: "write-only"
- value: "deny-all"
description: "deny-all"
- variable: ENABLE_SMTP_SETTINGS
label: "Enable SMTP Settings"
description: "If set to true, it enables the SMTP settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_SMTP_SENDER_ADDR
label: "SMTP Sender Address"
description: "SMTP server address to allow email sending"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SENDER_USER
label: "SMTP Sender User"
description: "SMTP user. Only used if e-mail sending is enabled"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SENDER_PASS
label: "SMTP Sender Password"
description: SMTP password. Only used if e-mail sending is enabled"
schema:
type: string
private: true
default: ""
- variable: NTFY_SMTP_SENDER_FROM
label: "SMTP Sender From Address"
description: "SMTP sender e-mail address. Only used if e-mail sending is enabled"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_LISTEN
label: "SMTP Server Listen"
description: "Defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_DOMAIN
label: "SMTP Server Domain"
description: "SMTP server e-mail domain, e.g. ntfy.sh"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_ADDR_PREFIX
label: "SMTP Server Address Prefix"
description: "Optional prefix for the e-mail addresses to prevent spam, e.g. ntfy-"
schema:
type: string
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: NTFY_BASE_URL
label: "Base URL"
description: "Public facing base URL of the service (e.g. https://ntfy.sh)"
schema:
type: string
required: true
default: ""
- variable: NTFY_BEHIND_PROXY
label: "Behind Proxy"
description: "If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection."
schema:
type: boolean
default: false
- variable: ENABLE_CACHE_FILE
label: "Enable Firebase File"
description: "If set to true, it enables the firebase file by setting the NTFY_FIREBASE_KEY_FILE to \"/etc/ntfy/firebase-key.json\""
schema:
type: boolean
default: false
- variable: ENABLE_CACHE_FILE
label: "Enable Cache File"
description: "If set to true, it enables the cache file by setting the NTFY_CACHE_FILE to \"/var/cache/ntfy/cache.db\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_CACHE_DURATION
label: "Cache Duration"
description: "Duration for which messages will be buffered before they are deleted. This is required to support the since=... and poll=1 parameter. Set this to 0 to disable the cache entirely."
schema:
type: string
required: true
default: "12h"
- variable: NTFY_KEEPALIVE_INTERVAL
label: "Keepalive interval"
description: "Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that."
schema:
type: string
required: true
default: "45s"
- variable: NTFY_MANAGER_INTERVAL
label: "Manager Interval"
description: "Interval in which the manager prunes old messages, deletes topics and prints the stats."
schema:
type: string
required: true
default: "1m"
- variable: NTFY_GLOBAL_TOPIC_LIMIT
label: "Global Topic Limit"
description: "Rate limiting: Total number of topics before the server rejects new topics."
schema:
type: int
required: true
default: 15000
- variable: ENABLE_VISITOR_SETTINGS
label: "Enable Visitor Settings"
description: "If set to true, it enables the visitor settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_VISITOR_SUBSCRIPTION_LIMIT
label: "Visitor Ssubscription Limit"
description: "Rate limiting: Number of subscriptions per visitor (IP address)"
schema:
type: int
required: true
default: 30
- variable: NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT
label: "Visitor Attachment Total Size Limit"
description: "Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See NTFY_ATTACHMENT_EXPIRY_DURATION"
schema:
type: string
required: true
default: "100M"
- variable: NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT
label: "Visitor Attachment Daily Bandwidth Limit"
description: "Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding."
schema:
type: string
required: true
default: "500M"
- variable: NTFY_VISITOR_REQUEST_LIMIT_BURST
label: "Visitor Request Limit Burst"
description: "Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has"
schema:
type: int
required: true
default: 60
- variable: NTFY_VISITOR_REQUEST_LIMIT_REPLENISH
label: "Visitor Request Limit Replenish"
description: "Rate limiting: Strongly related to NTFY_VISITOR_REQUEST_LIMIT_BURST: The rate at which the bucket is refilled."
schema:
type: string
required: true
default: "5s"
- variable: NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS
label: "Visitor Request Limit Exempt Hosts"
description: "Rate limiting: List of hostnames and IPs to be exempt from request rate limiting."
schema:
type: string
default: ""
- variable: NTFY_VISITOR_EMAIL_LIMIT_BURST
label: "Visitor Email Limit Burst"
description: "Rate limiting:Initial limit of e-mails per visitor"
schema:
type: int
required: true
default: 16
- variable: NTFY_VISITOR_EMAIL_LIMIT_REPLENISH
label: "Visitor Email Limit Replenish"
description: "Rate limiting: Strongly related to NTFY_VISITOR_EMAIL_LIMIT_BURST: The rate at which the bucket is refilled."
schema:
type: string
required: true
default: "1h"
- variable: ENABLE_ATTACHMENT_CACHE_DIR
label: "Enable Attachment Cache Directory"
description: "If set to true, it enables the attachment dir by setting the NTFY_ATTACHMENT_CACHE_DIR to \"/var/cache/ntfy/attachments\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
label: "Attachment Total Size Limit"
description: "Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected."
schema:
type: string
required: true
default: "5G"
- variable: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
label: "Attachment File Size Limit"
description: "Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected."
schema:
type: string
required: true
default: "15M"
- variable: NTFY_ATTACHMENT_EXPIRY_DURATION
label: "Attachment Expiry Duration"
description: "Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT."
schema:
type: string
required: true
default: "3h"
- variable: ENABLE_AUTH_FILE
label: "Enable Auth File"
description: "If set to true, it enables the auth file by setting the NTFY_AUTH_FILE to \"/etc/ntfy/user.db\""
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_AUTH_DEFAULT_ACCESS
label: "Auth Default Access"
description: "Default permissions if no matching entries in the auth database are found."
schema:
type: string
required: true
default: "read-write"
enum:
- value: "read-write"
description: "read-write"
- value: "read-only"
description: "read-only"
- value: "write-only"
description: "write-only"
- value: "deny-all"
description: "deny-all"
- variable: ENABLE_SMTP_SETTINGS
label: "Enable SMTP Settings"
description: "If set to true, it enables the SMTP settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: NTFY_SMTP_SENDER_ADDR
label: "SMTP Sender Address"
description: "SMTP server address to allow email sending"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SENDER_USER
label: "SMTP Sender User"
description: "SMTP user. Only used if e-mail sending is enabled"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SENDER_PASS
label: "SMTP Sender Password"
description: SMTP password. Only used if e-mail sending is enabled"
schema:
type: string
private: true
default: ""
- variable: NTFY_SMTP_SENDER_FROM
label: "SMTP Sender From Address"
description: "SMTP sender e-mail address. Only used if e-mail sending is enabled"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_LISTEN
label: "SMTP Server Listen"
description: "Defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_DOMAIN
label: "SMTP Server Domain"
description: "SMTP server e-mail domain, e.g. ntfy.sh"
schema:
type: string
default: ""
- variable: NTFY_SMTP_SERVER_ADDR_PREFIX
label: "SMTP Server Address Prefix"
description: "Optional prefix for the e-mail addresses to prevent spam, e.g. ntfy-"
schema:
type: string
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -308,12 +310,12 @@ questions:
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 568
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
+1
View File
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+56 -49
View File
@@ -2,52 +2,11 @@ image:
repository: tccr.io/truecharts/ntfy
tag: 2.1.0@sha256:ccbaacb4ca95fd61ea5b4ac18615a80ccc5ebae7f0a46115d020879e1fdb929e
pullPolicy: IfNotPresent
extraArgs: ["serve"]
env:
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
# User Defined
NTFY_BASE_URL: "http://localhost:10222"
NTFY_BEHIND_PROXY: false
ENABLE_FIREBASE_FILE: false
ENABLE_CACHE_FILE: false
ENABLE_ATTACHMENT_CACHE_DIR: false
ENABLE_AUTH_FILE: false
# NTFY_CACHE_DURATION: "12h"
# NTFY_KEEPALIVE_INTERVAL: "45s"
# NTFY_MANAGER_INTERVAL: "1m"
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
# NTFY_SMTP_SENDER_ADDR: ""
# NTFY_SMTP_SENDER_USER: ""
# NTFY_SMTP_SENDER_PASS: ""
# NTFY_SMTP_SENDER_FROM: ""
# NTFY_SMTP_SERVER_LISTEN: ""
# NTFY_SMTP_SERVER_DOMAIN: ""
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-ntfy'
service:
main:
ports:
main:
port: 10222
persistence:
config:
enabled: true
@@ -55,16 +14,64 @@ persistence:
cache:
enabled: true
mountPath: "/var/cache/ntfy"
configmap:
ntfy:
enabled: true
data:
# If a path is set, it enables this options. To disable set to emtpy path
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.env.ENABLE_CACHE_FILE }}'
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.env.ENABLE_AUTH_FILE }}'
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.env.ENABLE_FIREBASE_FILE }}'
# If a path is set, it enables this options. To disable set to empty path
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_CACHE_FILE }}'
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_AUTH_FILE }}'
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_FIREBASE_FILE }}'
portal:
enabled: true
open:
enabled: true
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
args: ["serve"]
env:
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
# User Defined
NTFY_BASE_URL: "http://localhost:10222"
NTFY_BEHIND_PROXY: false
ENABLE_FIREBASE_FILE: false
ENABLE_CACHE_FILE: false
ENABLE_ATTACHMENT_CACHE_DIR: false
ENABLE_AUTH_FILE: false
# NTFY_CACHE_DURATION: "12h"
# NTFY_KEEPALIVE_INTERVAL: "45s"
# NTFY_MANAGER_INTERVAL: "1m"
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
# NTFY_SMTP_SENDER_ADDR: ""
# NTFY_SMTP_SENDER_USER: ""
# NTFY_SMTP_SENDER_PASS: ""
# NTFY_SMTP_SENDER_FROM: ""
# NTFY_SMTP_SERVER_LISTEN: ""
# NTFY_SMTP_SERVER_DOMAIN: ""
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
envFrom:
- configMapRef:
name: "ntfy"
+3 -4
View File
@@ -1,9 +1,9 @@
apiVersion: v2
appVersion: "3.4.3"
appVersion: "3.4.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: OpenHab is a home-automation application
home: https://truecharts.org/charts/stable/openhab
@@ -19,10 +19,9 @@ name: openhab
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/openhab
type: application
version: 4.0.13
version: 5.0.0
annotations:
truecharts.org/catagories: |
- media
- test
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+9 -7
View File
@@ -10,10 +10,12 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
# Include{containerBasic}
# Include{containerAdvanced}
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -108,12 +110,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+2 -2
View File
@@ -1,5 +1,5 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- include "tc.v1.common.loader.init" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}
{{ include "tc.v1.common.loader.apply" . }}
+28 -24
View File
@@ -1,22 +1,20 @@
image:
repository: tccr.io/truecharts/openhab
pullPolicy: IfNotPresent
tag: 3.4.3@sha256:d0aa6f705e7491678210ce7819b1ca0a9a77555c94bcf7ad931e0b70f5ac6e90
tag: 3.4.2@sha256:bb3fdf98084426d18ff82b3e576a93c88570e9b037066db5b25fd9d661aaf3d1
service:
main:
ports:
main:
protocol: HTTP
protocol: http
port: 10169
https:
enabled: true
ports:
https:
protocol: HTTPS
protocol: https
enabled: true
port: 10170
configmap:
init:
enabled: true
@@ -24,19 +22,6 @@ configmap:
enable-console-logging.sh: |
echo 'Enabling console logging.'
sed -i -E 's|(<AppenderRef ref="OSGI"/>).*|\1<AppenderRef ref="STDOUT"/>|' /openhab/userdata/etc/log4j2.xml
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
env:
OPENHAB_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
OPENHAB_HTTPS_PORT: "{{ .Values.service.https.ports.https.port }}"
persistence:
config:
enabled: true
@@ -51,10 +36,29 @@ persistence:
enabled: true
mountPath: /etc/cont-init.d/enable-console-logging.sh
subPath: enable-console-logging.sh
type: custom
volumeSpec:
configMap:
name: '{{ printf "%v-init" (include "tc.common.names.fullname" .) }}'
type: configmap
objectName: init
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
OPENHAB_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
OPENHAB_HTTPS_PORT: "{{ .Values.service.https.ports.https.port }}"
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: PuTTY is a free and open-source terminal emulator, serial console and network file transfer application.
home: https://truecharts.org/charts/stable/putty
@@ -21,9 +21,8 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/putty
- https://github.com/jlesage/docker-putty
type: application
version: 3.0.12
version: 4.0.0
annotations:
truecharts.org/catagories: |
- utilities
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+24 -21
View File
@@ -11,23 +11,24 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
- variable: putty
group: "App Configuration"
label: "PuTTY Configuration"
@@ -81,7 +82,9 @@ questions:
schema:
type: boolean
default: false
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -160,12 +163,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
+1
View File
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+30 -21
View File
@@ -2,15 +2,6 @@ image:
repository: tccr.io/truecharts/putty
tag: 23.02.2@sha256:4bec4d770722ee284dcb7db8250768a62d72a5f29c54ed547458c2450f0676a5
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
@@ -24,14 +15,6 @@ service:
enabled: true
port: 10267
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-putty'
secretEnv:
VNC_PASSWORD: ""
putty:
KEEP_APP_RUNNING: false
DISPLAY_WIDTH: 1280
@@ -39,7 +22,6 @@ putty:
SECURE_CONNECTION: false
DISABLE_RESTART_SESSION_DIALOG_WINDOW: false
ENABLE_CJK_FONT: false
configmap:
putty:
enabled: true
@@ -50,11 +32,38 @@ configmap:
DISABLE_RESTART_SESSION_DIALOG_WINDOW: '{{ ternary "1" "0" .Values.putty.DISABLE_RESTART_SESSION_DIALOG_WINDOW }}'
DISPLAY_WIDTH: "{{ .Values.putty.DISPLAY_WIDTH }}"
DISPLAY_HEIGHT: "{{ .Values.putty.DISPLAY_HEIGHT }}"
persistence:
config:
enabled: true
mountPath: "/config"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "putty"
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: QDirStat is a graphical application to show where your disk space has gone and to help you to clean it up.
home: https://truecharts.org/charts/stable/qdirstat
@@ -21,9 +21,8 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/qdirstat
- https://github.com/jlesage/docker-qdirstat
type: application
version: 3.0.13
version: 4.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+24 -21
View File
@@ -11,23 +11,24 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
- variable: qdirstat
group: "App Configuration"
label: "QDirStat Configuration"
@@ -75,7 +76,9 @@ questions:
schema:
type: boolean
default: false
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -162,12 +165,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+30 -21
View File
@@ -2,15 +2,6 @@ image:
repository: tccr.io/truecharts/qdirstat
tag: 23.02.2@sha256:acb8020059c185a9f5888ee59090d8663cfb483c76be9f93cb0771f637834019
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
@@ -24,21 +15,12 @@ service:
enabled: true
port: 10263
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-qdirstat'
secretEnv:
VNC_PASSWORD: ""
qdirstat:
KEEP_APP_RUNNING: false
DISPLAY_WIDTH: 1280
DISPLAY_HEIGHT: 768
SECURE_CONNECTION: false
ENABLE_CJK_FONT: false
configmap:
qdirstat:
enabled: true
@@ -48,7 +30,6 @@ configmap:
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.qdirstat.SECURE_CONNECTION }}'
DISPLAY_WIDTH: "{{ .Values.qdirstat.DISPLAY_WIDTH }}"
DISPLAY_HEIGHT: "{{ .Values.qdirstat.DISPLAY_HEIGHT }}"
persistence:
config:
enabled: true
@@ -56,6 +37,34 @@ persistence:
storage:
enabled: true
mountPath: "/storage"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "qdirstat"
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "23.02.3"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: tsMuxer is a Transport Stream muxer.
home: https://truecharts.org/charts/stable/tsmuxer
@@ -21,9 +21,8 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/tsmuxer
- https://github.com/jlesage/docker-tsmuxer
type: application
version: 3.0.14
version: 4.0.0
annotations:
truecharts.org/catagories: |
- media
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+24 -21
View File
@@ -11,23 +11,24 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: VNC_PASSWORD
label: "VNC_PASSWORD"
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
schema:
type: string
private: true
default: ""
- variable: tsmuxer
group: "App Configuration"
label: "tsMuxeR Configuration"
@@ -75,7 +76,9 @@ questions:
schema:
type: boolean
default: false
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -162,12 +165,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+30 -21
View File
@@ -2,15 +2,6 @@ image:
repository: tccr.io/truecharts/tsmuxer
tag: 23.02.3@sha256:9b419b4806415d38b9455e0c4513df2234daee5d0696d8b8fb91bb5f54ac2174
pullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
ports:
@@ -24,21 +15,12 @@ service:
enabled: true
port: 10275
targetPort: 5900
envFrom:
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-tsmuxer'
secretEnv:
VNC_PASSWORD: ""
tsmuxer:
KEEP_APP_RUNNING: false
DISPLAY_WIDTH: 1280
DISPLAY_HEIGHT: 768
SECURE_CONNECTION: false
ENABLE_CJK_FONT: false
configmap:
tsmuxer:
enabled: true
@@ -48,7 +30,6 @@ configmap:
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.tsmuxer.SECURE_CONNECTION }}'
DISPLAY_WIDTH: "{{ .Values.tsmuxer.DISPLAY_WIDTH }}"
DISPLAY_HEIGHT: "{{ .Values.tsmuxer.DISPLAY_HEIGHT }}"
persistence:
config:
enabled: true
@@ -56,6 +37,34 @@ persistence:
storage:
enabled: true
mountPath: "/storage"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
workload:
main:
podSpec:
containers:
main:
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
- KILL
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
VNC_PASSWORD: ""
envFrom:
- configMapRef:
name: "tsmuxer"
+4 -8
View File
@@ -3,15 +3,12 @@ appVersion: "0.20.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: postgresql.enabled
name: postgresql
repository: https://deps.truecharts.org/
version: 11.0.31
version: 12.6.1
- condition: redis.enabled
name: redis
repository: https://deps.truecharts.org
version: 5.0.33
version: 6.0.21
description: The to-do app to organize your life.
home: https://truecharts.org/charts/stable/vikunja
icon: https://truecharts.org/img/hotlink-ok/chart-icons/vikunja.png
@@ -26,9 +23,8 @@ name: vikunja
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/vikunja
- https://vikunja.io/docs
version: 7.0.1
version: 8.0.0
annotations:
truecharts.org/catagories: |
- productivity
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+22 -19
View File
@@ -838,7 +838,9 @@ questions:
type: string
required: true
default: <frontend url>/migrate/microsoft-todo
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: Main Service
@@ -888,31 +890,32 @@ questions:
# Include{ingressTraefik}
# Include{ingressList}
# Include{podSecurityContextRoot}
- variable: runAsUser
label: runAsUser
description: The UserID of the user running the application
schema:
type: int
default: 0
- variable: runAsGroup
label: runAsGroup
description: The groupID this App of the user running the application
schema:
type: int
default: 0
# Include{securityContextRoot}
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
- variable: fsGroup
label: fsGroup
description: The group that should own ALL storage.
schema:
type: int
default: 568
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{resources}
# Include{metrics}
# Include{prometheusRule}
# Include{advanced}
# Include{addons}
# Include{codeserver}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+178 -171
View File
@@ -1,189 +1,196 @@
{{/* Define the secrets */}}
{{- define "vikunja.secrets" -}}
{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) -}}
{{- $secretStorage := printf "%s-storage-secret" (include "tc.common.names.fullname" .) -}}
{{- $secretStorage := printf "%s-storage-secret" (include "tc.v1.common.lib.chart.names.fullname" .) -}}
{{- $pgHost := printf "%v-cnpg-main-rw" (include "tc.v1.common.lib.chart.names.fullname" $) -}}
{{- $jwtSecret := randAlphaNum 32 -}}
{{- with lookup "v1" "Secret" .Release.Namespace $secretStorage -}}
{{- $jwtSecret = index .data "JWT_SECRET" | b64dec -}}
{{- end }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $secretStorage }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
JWT_SECRET: {{ $jwtSecret | b64enc }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $secretName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
stringData:
config.yml: |
database:
type: postgres
user: {{ .Values.postgresql.postgresqlUsername }}
password: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
host: {{ printf "%v-%v" .Release.Name "postgres" }}
secret:
secret-storage:
enabled: true
data:
JWT_SECRET: {{ $jwtSecret }}
cache:
enabled: true
type: redis
config:
enabled: true
data:
config.yaml: |
database:
type: postgres
user: {{ .Values.cnpg.main.user }}
password: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
host: {{ $pgHost }}
redis:
enabled: true
host: {{ printf "%v-%v:%v" .Release.Name "redis" "6379" }}
password: {{ .Values.redis.redisPassword | trimAll "\""}}
db: 0
cache:
enabled: true
type: redis
keyvalue:
type: redis
redis:
enabled: true
host: {{ printf "%v-%v:%v" .Release.Name "redis" "6379" }}
password: {{ .Values.redis.creds.redisPassword | trimAll "\""}}
db: 0
service:
interface: ":3456"
JWTSecret: {{ $jwtSecret }}
timezone: {{ .Values.TZ | quote }}
jwtttl: {{ .Values.vikunja.service.jwtttl | int }}
jwtttllong: {{ .Values.vikunja.service.jwtttllong | int }}
frontendurl: {{ .Values.vikunja.service.frontendurl | quote }}
maxitemsperpage: {{ .Values.vikunja.service.maxitemsperpage }}
enablecaldav: {{ .Values.vikunja.service.enablecaldav }}
motd: {{ .Values.vikunja.service.motd | quote }}
enablelinksharing: {{ .Values.vikunja.service.enablelinksharing }}
enableregistration: {{ .Values.vikunja.service.enableregistration }}
enabletaskattachments: {{ .Values.vikunja.service.enabletaskattachments }}
enabletaskcomments: {{ .Values.vikunja.service.enabletaskcomments }}
enabletotp: {{ .Values.vikunja.service.enabletotp }}
enableemailreminders: {{ .Values.vikunja.service.enableemailreminders }}
enableuserdeletion: {{ .Values.vikunja.service.enableuserdeletion }}
maxavatarsize: {{ .Values.vikunja.service.maxavatarsize }}
keyvalue:
type: redis
metrics:
enabled: {{ .Values.metrics.enabled }}
service:
interface: ":3456"
JWTSecret: {{ $jwtSecret }}
timezone: {{ .Values.TZ | quote }}
{{- /* Multiply by 1, so large integers are not rendered in scientific notation
See: https://github.com/helm/helm/issues/1707#issuecomment-1167860346 */}}
jwtttl: {{ mul .Values.vikunja.service.jwtttl 1 }}
jwtttllong: {{ mul .Values.vikunja.service.jwtttllong 1 }}
frontendurl: {{ .Values.vikunja.service.frontendurl | quote }}
maxitemsperpage: {{ .Values.vikunja.service.maxitemsperpage }}
enablecaldav: {{ .Values.vikunja.service.enablecaldav }}
motd: {{ .Values.vikunja.service.motd | quote }}
enablelinksharing: {{ .Values.vikunja.service.enablelinksharing }}
enableregistration: {{ .Values.vikunja.service.enableregistration }}
enabletaskattachments: {{ .Values.vikunja.service.enabletaskattachments }}
enabletaskcomments: {{ .Values.vikunja.service.enabletaskcomments }}
enabletotp: {{ .Values.vikunja.service.enabletotp }}
enableemailreminders: {{ .Values.vikunja.service.enableemailreminders }}
enableuserdeletion: {{ .Values.vikunja.service.enableuserdeletion }}
maxavatarsize: {{ .Values.vikunja.service.maxavatarsize }}
cors:
enabled: {{ .Values.vikunja.cors.enabled }}
{{- with .Values.vikunja.cors.origins }}
origins:
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- else }}
origins: []
{{- end }}
maxage: {{ .Values.vikunja.cors.maxage }}
metrics:
enabled: {{ .Values.metrics.enabled }}
mailer:
enabled: {{ .Values.vikunja.mailer.enabled }}
host: {{ .Values.vikunja.mailer.host | quote }}
port: {{ .Values.vikunja.mailer.port }}
authtype: {{ .Values.vikunja.mailer.authtype | quote }}
username: {{ .Values.vikunja.mailer.username | quote }}
password: {{ .Values.vikunja.mailer.password | quote }}
skiptlsverify: {{ .Values.vikunja.mailer.skiptlsverify }}
fromemail: {{ .Values.vikunja.mailer.fromemail | quote }}
queuelength: {{ .Values.vikunja.mailer.queuelength }}
queuetimeout: {{ .Values.vikunja.mailer.queuetimeout }}
forcessl: {{ .Values.vikunja.mailer.forcessl }}
log:
enabled: {{ .Values.vikunja.log.enabled }}
path: {{ .Values.vikunja.log.path | quote }}
standard: {{ .Values.vikunja.log.standard | quote }}
level: {{ .Values.vikunja.log.level | quote }}
database: {{ .Values.vikunja.log.database | quote }}}
databaselevel: {{ .Values.vikunja.log.databaselevel | quote }}
http: {{ .Values.vikunja.log.http | quote }}
echo: {{ .Values.vikunja.log.echo | quote }}}
events: {{ .Values.vikunja.log.events | quote }}
eventslevel: {{ .Values.vikunja.log.eventslevel | quote }}
ratelimit:
enabled: {{ .Values.vikunja.ratelimit.enabled }}}
kind: {{ .Values.vikunja.ratelimit.kind | quote }}
period: {{ .Values.vikunja.ratelimit.period }}
limit: {{ .Values.vikunja.ratelimit.limit }}
store: redis
files:
maxsize: {{ .Values.vikunja.files.maxsize }}
avatar:
gravatarexpiration: {{ .Values.vikunja.avatar.gravatarexpiration }}
legal:
imprinturl: {{ .Values.vikunja.legal.imprinturl | quote }}
privacyurl: {{ .Values.vikunja.legal.privacyurl | quote }}
backgrounds:
enabled: {{ .Values.vikunja.backgrounds.enabled }}
providers:
upload:
enabled: {{ .Values.vikunja.backgrounds.providers.upload.enabled }}
unsplash:
enabled: {{ .Values.vikunja.backgrounds.providers.unsplash.enabled }}
accesstoken: {{ .Values.vikunja.backgrounds.providers.unsplash.accesstoken | quote }}
applicationid: {{ .Values.vikunja.backgrounds.providers.unsplash.applicationid | quote }}
migration:
todoist:
enable: {{ .Values.vikunja.migration.todoist.enable }}
clientid: {{ .Values.vikunja.migration.todoist.clientid | quote }}
clientsecret: {{ .Values.vikunja.migration.todoist.clientsecret | quote }}
redirecturl: {{ .Values.vikunja.migration.todoist.redirecturl | quote }}
trello:
enable: {{ .Values.vikunja.migration.trello.enable }}
key: {{ .Values.vikunja.migration.trello.key | quote }}
redirecturl: {{ .Values.vikunja.migration.trello.redirecturl | quote }}
microsofttodo:
enable: {{ .Values.vikunja.migration.microsofttodo.enable }}
clientid: {{ .Values.vikunja.migration.microsofttodo.clientid | quote }}
clientsecret: {{ .Values.vikunja.migration.microsofttodo.clientsecret | quote }}
redirecturl: {{ .Values.vikunja.migration.microsofttodo.redirecturl | quote }}
auth:
local:
enabled: {{ .Values.vikunja.auth.local.enabled }}
openid:
enabled: {{ .Values.vikunja.auth.openid.enabled }}
{{- with .Values.vikunja.auth.openid.redirecturl }}
redirecturl: {{ . | quote }}
{{- end }}
{{- with .Values.vikunja.auth.openid.providers }}
providers:
{{- range . }}
- name: {{ .name | quote }}
authurl: {{ .authurl | quote }}
{{- with .logouturl }}
logouturl: {{ . | quote }}
cors:
enabled: {{ .Values.vikunja.cors.enabled }}
{{- with .Values.vikunja.cors.origins }}
origins:
{{- range . }}
- {{ . | quote }}
{{- end }}
clientid: {{ .clientid | quote }}
clientsecret: {{ .clientsecret | quote }}
{{- else }}
origins: []
{{- end }}
{{- end }}
maxage: {{ .Values.vikunja.cors.maxage }}
defaultsettings:
avatar_provider: {{ .Values.vikunja.defaultsettings.avatar_provider | quote }}
avatar_file_id: {{ .Values.vikunja.defaultsettings.avatar_file_id }}
email_reminders_enabled: {{ .Values.vikunja.defaultsettings.email_reminders_enabled }}
discoverable_by_name: {{ .Values.vikunja.defaultsettings.discoverable_by_name }}
discoverable_by_email: {{ .Values.vikunja.defaultsettings.discoverable_by_email }}
overdue_tasks_reminders_enabled: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_enabled }}
overdue_tasks_reminders_time: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_time | quote }}
default_list_id: {{ .Values.vikunja.defaultsettings.default_list_id }}
week_start: {{ .Values.vikunja.defaultsettings.week_start }}
{{- with .Values.vikunja.defaultsettings.language }}
language: {{ . | quote }}
{{- end }}
{{- with .Values.vikunja.defaultsettings.timezone }}
timezone: {{ . | quote }}
{{- end }}
mailer:
enabled: {{ .Values.vikunja.mailer.enabled }}
host: {{ .Values.vikunja.mailer.host | quote }}
port: {{ .Values.vikunja.mailer.port }}
authtype: {{ .Values.vikunja.mailer.authtype | quote }}
username: {{ .Values.vikunja.mailer.username | quote }}
password: {{ .Values.vikunja.mailer.password | quote }}
skiptlsverify: {{ .Values.vikunja.mailer.skiptlsverify }}
fromemail: {{ .Values.vikunja.mailer.fromemail | quote }}
queuelength: {{ .Values.vikunja.mailer.queuelength }}
queuetimeout: {{ .Values.vikunja.mailer.queuetimeout }}
forcessl: {{ .Values.vikunja.mailer.forcessl }}
log:
enabled: {{ .Values.vikunja.log.enabled }}
path: {{ .Values.vikunja.log.path | quote }}
standard: {{ .Values.vikunja.log.standard | quote }}
level: {{ .Values.vikunja.log.level | quote }}
database: {{ .Values.vikunja.log.database | quote }}
databaselevel: {{ .Values.vikunja.log.databaselevel | quote }}
http: {{ .Values.vikunja.log.http | quote }}
echo: {{ .Values.vikunja.log.echo | quote }}
events: {{ .Values.vikunja.log.events | quote }}
eventslevel: {{ .Values.vikunja.log.eventslevel | quote }}
ratelimit:
enabled: {{ .Values.vikunja.ratelimit.enabled }}
kind: {{ .Values.vikunja.ratelimit.kind | quote }}
period: {{ .Values.vikunja.ratelimit.period }}
limit: {{ .Values.vikunja.ratelimit.limit }}
store: redis
files:
maxsize: {{ .Values.vikunja.files.maxsize }}
avatar:
gravatarexpiration: {{ .Values.vikunja.avatar.gravatarexpiration }}
legal:
imprinturl: {{ .Values.vikunja.legal.imprinturl | quote }}
privacyurl: {{ .Values.vikunja.legal.privacyurl | quote }}
backgrounds:
enabled: {{ .Values.vikunja.backgrounds.enabled }}
providers:
upload:
enabled: {{ .Values.vikunja.backgrounds.providers.upload.enabled }}
unsplash:
enabled: {{ .Values.vikunja.backgrounds.providers.unsplash.enabled }}
accesstoken: {{ .Values.vikunja.backgrounds.providers.unsplash.accesstoken | quote }}
applicationid: {{ .Values.vikunja.backgrounds.providers.unsplash.applicationid | quote }}
migration:
todoist:
enable: {{ .Values.vikunja.migration.todoist.enable }}
clientid: {{ .Values.vikunja.migration.todoist.clientid | quote }}
clientsecret: {{ .Values.vikunja.migration.todoist.clientsecret | quote }}
redirecturl: {{ .Values.vikunja.migration.todoist.redirecturl | quote }}
trello:
enable: {{ .Values.vikunja.migration.trello.enable }}
key: {{ .Values.vikunja.migration.trello.key | quote }}
redirecturl: {{ .Values.vikunja.migration.trello.redirecturl | quote }}
microsofttodo:
enable: {{ .Values.vikunja.migration.microsofttodo.enable }}
clientid: {{ .Values.vikunja.migration.microsofttodo.clientid | quote }}
clientsecret: {{ .Values.vikunja.migration.microsofttodo.clientsecret | quote }}
redirecturl: {{ .Values.vikunja.migration.microsofttodo.redirecturl | quote }}
auth:
local:
enabled: {{ .Values.vikunja.auth.local.enabled }}
openid:
enabled: {{ .Values.vikunja.auth.openid.enabled }}
{{- with .Values.vikunja.auth.openid.redirecturl }}
redirecturl: {{ . | quote }}
{{- end }}
{{- with .Values.vikunja.auth.openid.providers }}
providers:
{{- range . }}
- name: {{ .name | quote }}
authurl: {{ .authurl | quote }}
{{- with .logouturl }}
logouturl: {{ . | quote }}
{{- end }}
clientid: {{ .clientid | quote }}
clientsecret: {{ .clientsecret | quote }}
{{- end }}
{{- end }}
defaultsettings:
avatar_provider: {{ .Values.vikunja.defaultsettings.avatar_provider | quote }}
avatar_file_id: {{ .Values.vikunja.defaultsettings.avatar_file_id }}
email_reminders_enabled: {{ .Values.vikunja.defaultsettings.email_reminders_enabled }}
discoverable_by_name: {{ .Values.vikunja.defaultsettings.discoverable_by_name }}
discoverable_by_email: {{ .Values.vikunja.defaultsettings.discoverable_by_email }}
overdue_tasks_reminders_enabled: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_enabled }}
overdue_tasks_reminders_time: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_time | quote }}
default_list_id: {{ .Values.vikunja.defaultsettings.default_list_id }}
week_start: {{ .Values.vikunja.defaultsettings.week_start }}
{{- with .Values.vikunja.defaultsettings.language }}
language: {{ . | quote }}
{{- end }}
{{- with .Values.vikunja.defaultsettings.timezone }}
timezone: {{ . | quote }}
{{- end }}
configmap:
nginx-config:
enabled: true
data:
nginx-config: |
server {
listen {{ .Values.service.main.ports.main.port }};
location / {
proxy_pass http://localhost:80;
}
location ~* ^/(api|dav|\.well-known)/ {
proxy_pass http://localhost:3456;
client_max_body_size {{ .Values.vikunja.files.maxsize | upper | trimSuffix "B" }};
}
}
{{- end -}}
+6 -3
View File
@@ -1,5 +1,8 @@
{{- include "tc.common.loader.init" . }}
{{- include "tc.v1.common.loader.init" . }}
{{ include "vikunja.secrets" . }}
{{- $secrets := include "vikunja.secrets" . | fromYaml -}}
{{- if $secrets -}}
{{- $_ := mustMergeOverwrite .Values $secrets -}}
{{- end -}}
{{ include "tc.common.loader.apply" . }}
{{ include "tc.v1.common.loader.apply" . }}
+86 -93
View File
@@ -2,39 +2,58 @@ image:
repository: tccr.io/truecharts/vikunja-api
tag: 0.20.2@sha256:408c9e649901a27bf7f9b6f009de0e90e6c898413b1bc95f49c5ee9051f82dc0
pullPolicy: IfNotPresent
frontendImage:
repository: tccr.io/truecharts/vikunja-frontend
tag: 0.20.3@sha256:f8b46f3e31991656d2a774f48118a2affa9a9df8454ab41bac8f318d17cde6c9
pullPolicy: IfNotPresent
nginxImage:
repository: tccr.io/truecharts/nginx
tag: 1.23.4@sha256:7e6b4bc511d01b48171cb3c345a67802297c77143c1411e22c5cf7e8acbf1915
tag: 1.23.3@sha256:0d92357c536291f04dad45f9af95dbdad46fb7a6e940f981a3a332f9d5279665
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
configmap:
nginx-config:
enabled: true
data:
nginx-config: |
server {
listen {{ .Values.service.main.ports.main.port }};
location / {
proxy_pass http://localhost:80;
}
location ~* ^/(api|dav|\.well-known)/ {
proxy_pass http://localhost:3456;
client_max_body_size {{ .Values.vikunja.files.maxsize | upper | trimSuffix "B" }};
}
}
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: http
port: 3456
path: /health
readiness:
type: http
port: 3456
path: /health
startup:
type: http
port: 3456
path: /health
frontend:
enabled: true
imageSelector: frontendImage
probes:
liveness:
type: http
port: 80
readiness:
type: http
port: 80
startup:
type: http
port: 80
proxy:
enabled: true
imageSelector: nginxImage
probes:
liveness:
type: http
port: "{{ .Values.service.main.ports.main.port }}"
readiness:
type: http
port: "{{ .Values.service.main.ports.main.port }}"
startup:
type: http
port: "{{ .Values.service.main.ports.main.port }}"
vikunja:
service:
@@ -118,13 +137,12 @@ vikunja:
openid:
enabled: false
redirecturl: ""
providers:
[]
# - name: ""
# authurl: ""
# logouturl: ""
# clientid: ""
# clientsecret: ""
providers: []
# - name: ""
# authurl: ""
# logouturl: ""
# clientid: ""
# clientsecret: ""
migration:
todoist:
enable: false
@@ -147,25 +165,6 @@ service:
main:
port: 10220
additionalContainers:
frontend:
name: frontend
image: "{{ .Values.frontendImage.repository }}:{{ .Values.frontendImage.tag }}"
ports:
- containerPort: 80
name: http
proxy:
name: proxy
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
ports:
- containerPort: 8080
name: main
volumeMounts:
- name: vikunja-nginx
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx-config
readOnly: true
persistence:
files:
enabled: true
@@ -173,53 +172,47 @@ persistence:
vikunja-nginx:
enabled: true
noMount: true
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx-config
type: configMap
objectName: '{{ template "tc.common.names.fullname" . }}-nginx-config'
type: configmap
objectName: nginx-config
targetSelector:
main:
proxy:
mountPath: /etc/nginx/conf.d/default.conf
subPath: nginx-config
vikunja-config:
enabled: true
mountPath: /etc/vikunja
subPath: config.yml
type: secret
objectName: '{{ template "tc.common.names.fullname" . }}-secret'
objectName: config
targetSelector:
main:
main:
subPath: config.yaml
mountPath: /etc/vikunja/config.yaml
metrics:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: true
serviceMonitor:
interval: 1m
scrapeTimeout: 30s
labels: {}
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
postgresql:
enabled: true
existingSecret: dbcreds
postgresqlUsername: vikunja
postgresqlDatabase: vikunja
main:
enabled: true
type: "servicemonitor"
prometheusRule:
enabled: false
cnpg:
main:
enabled: true
user: vikunja
database: vikunja
redis:
enabled: true
existingSecret: rediscreds
portal:
enabled: true
open:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_BIND_SERVICE
+2 -3
View File
@@ -3,7 +3,7 @@ appVersion: "latest"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.6.1
deprecated: false
description: The easiest way to run WireGuard VPN + Web-based Admin UI.
home: https://truecharts.org/charts/stable/wg-easy
@@ -22,9 +22,8 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/wg-easy
- https://github.com/WeeJeWel/wg-easy
type: application
version: 3.0.8
version: 4.0.0
annotations:
truecharts.org/catagories: |
- networking
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U
+60 -65
View File
@@ -10,68 +10,63 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: WG_HOST
label: "WG_HOST"
description: "The public hostname of your VPN server."
schema:
type: string
required: true
default: ""
- variable: WG_MTU
label: "WG_MTU"
description: "The MTU the clients will use. Server uses default WG MTU."
schema:
type: int
default: 1420
- variable: WG_PERSISTENT_KEEPALIVE
label: "WG_PERSISTENT_KEEPALIVE"
description: "Value in seconds to keep the connection open."
schema:
type: int
default: 0
- variable: WG_DEFAULT_ADDRESS
label: "WG_DEFAULT_ADDRESS"
description: "Clients IP address range."
schema:
type: string
default: "10.8.0.x"
- variable: WG_DEFAULT_DNS
label: "WG_DEFAULT_DNS"
description: "Clients default DNS IP"
schema:
type: string
default: "1.1.1.1"
- variable: WG_ALLOWED_IPS
label: "WG_ALLOWED_IPS"
description: "Allowed IPs clients will use."
schema:
type: string
default: "0.0.0.0/0, ::/0"
- variable: PASSWORD
label: "ADMIN_PASSWORD"
schema:
type: string
private: true
required: true
default: ""
# Include{containerBasic}
# Include{containerAdvanced}
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: WG_HOST
label: "WG_HOST"
description: "The public hostname of your VPN server."
schema:
type: string
required: true
default: ""
- variable: WG_MTU
label: "WG_MTU"
description: "The MTU the clients will use. Server uses default WG MTU."
schema:
type: int
default: 1420
- variable: WG_PERSISTENT_KEEPALIVE
label: "WG_PERSISTENT_KEEPALIVE"
description: "Value in seconds to keep the connection open."
schema:
type: int
default: 0
- variable: WG_DEFAULT_ADDRESS
label: "WG_DEFAULT_ADDRESS"
description: "Clients IP address range."
schema:
type: string
default: "10.8.0.x"
- variable: WG_DEFAULT_DNS
label: "WG_DEFAULT_DNS"
description: "Clients default DNS IP"
schema:
type: string
default: "1.1.1.1"
- variable: WG_ALLOWED_IPS
label: "WG_ALLOWED_IPS"
description: "Allowed IPs clients will use."
schema:
type: string
default: "0.0.0.0/0, ::/0"
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: PASSWORD
label: "ADMIN_PASSWORD"
schema:
type: string
private: true
required: true
default: ""
# Include{containerConfig}
# Include{podOptions}
# Include{serviceRoot}
- variable: main
label: "Main Service"
@@ -151,12 +146,12 @@ questions:
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID of the user running the application"
schema:
type: int
default: 0
# Include{securityContextContainer}
# Include{securityContextAdvanced}
# Include{securityContextPod}
@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}
+1 -1
View File
@@ -1 +1 @@
{{ include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}
+35 -31
View File
@@ -2,33 +2,6 @@ image:
repository: tccr.io/truecharts/wg-easy
pullPolicy: IfNotPresent
tag: latest@sha256:5cc96ad86c87fb2ebc7dab65fc5b190ff0dcce370d0b9afa4aa4b5b2580a5000
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
security:
PUID: 0
podSecurityContext:
runAsUser: 0
runAsGroup: 0
secretEnv:
PASSWORD: "secretpass"
env:
WG_HOST: "localhost"
WG_MTU: 1420
WG_PERSISTENT_KEEPALIVE: 0
WG_DEFAULT_ADDRESS: "10.8.0.x"
WG_DEFAULT_DNS: "1.1.1.1"
WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
service:
main:
ports:
@@ -40,14 +13,45 @@ service:
ports:
vpn:
enabled: true
protocol: UDP
protocol: udp
port: 51820
targetPort: 51820
persistence:
config:
enabled: true
mountPath: "/etc/wireguard"
portal:
enabled: true
open:
enabled: true
securityContext:
container:
PUID: 0
runAsUser: 0
runAsGroup: 0
readOnlyRootFilesystem: false
runAsNonRoot: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
env:
WG_HOST: "localhost"
WG_MTU: 1420
WG_PERSISTENT_KEEPALIVE: 0
WG_DEFAULT_ADDRESS: "10.8.0.x"
WG_DEFAULT_DNS: "1.1.1.1"
WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
PASSWORD: "secretpass"