From 23ec9001ef74f38f97ce14188c795d9cb6cb3a24 Mon Sep 17 00:00:00 2001
From: ytshih <ytshih@konchin.com>
Date: Wed, 4 Dec 2024 20:27:41 +0000
Subject: [PATCH] Feat(hedgedoc): add hedgedoc

---
 flux-applications/hedgedoc.yaml | 14 ++++++++++
 hedgedoc/config.json            | 49 +++++++++++++++++++++++++++++++++
 hedgedoc/deploy.yaml            | 48 ++++++++++++++++++++++++++++++++
 hedgedoc/ingress.yaml           | 17 ++++++++++++
 hedgedoc/kustomization.yaml     | 22 +++++++++++++++
 hedgedoc/namespace.yaml         |  5 ++++
 hedgedoc/rootca.pem             | 29 +++++++++++++++++++
 hedgedoc/service.yaml           | 13 +++++++++
 8 files changed, 197 insertions(+)
 create mode 100644 flux-applications/hedgedoc.yaml
 create mode 100644 hedgedoc/config.json
 create mode 100644 hedgedoc/deploy.yaml
 create mode 100644 hedgedoc/ingress.yaml
 create mode 100644 hedgedoc/kustomization.yaml
 create mode 100644 hedgedoc/namespace.yaml
 create mode 100644 hedgedoc/rootca.pem
 create mode 100644 hedgedoc/service.yaml

diff --git a/flux-applications/hedgedoc.yaml b/flux-applications/hedgedoc.yaml
new file mode 100644
index 0000000..12856e4
--- /dev/null
+++ b/flux-applications/hedgedoc.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: hedgedoc
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./hedgedoc/
+  prune: true
+  force: false
+  sourceRef:
+    kind: GitRepository
+    name: applications
diff --git a/hedgedoc/config.json b/hedgedoc/config.json
new file mode 100644
index 0000000..e14d076
--- /dev/null
+++ b/hedgedoc/config.json
@@ -0,0 +1,49 @@
+{
+    "production": {
+        "domain": "md.konchin.com",
+        "port": 8000,
+        "allowOrigin": ["md.konchin.com", "localhost"],
+        "protocolUseSSL": true,
+        "loglevel": "debug",
+        "debug": true,
+        "email": true,
+        "allowAnonymous": false,
+        "hsts": {
+            "enable": true,
+            "maxAgeSeconds": 31536000,
+            "includeSubdomains": true,
+            "preload": true
+        },
+        "csp": {
+            "enable": true,
+            "upgradeInsecureRequests": "auto",
+            "addDefaults": true
+        },
+        "cookiePolicy": "lax",
+        "db": {
+            "username": "hedgedoc",
+            "password": "hedgedoc1145141919810poop",
+            "database": "hedgedoc",
+            "host": "pg.konchin.com",
+            "port": "5432",
+            "dialect": "postgres"
+        },
+        "ldap": {
+            "providerName": "konchin.com",
+            "url": "ldaps://ldap.konchin.com",
+            "searchBase": "ou=people,dc=konchin,dc=com",
+            "searchFilter": "(&(uid={{username}})(objectClass=person))",
+            "useridField": "uid",
+            "tlsca": "/etc/hedgedoc/rootca.pem"
+        },
+        "s3": {
+            "accessKeyId": "********",
+            "secretAccessKey": "********",
+            "region": "us-west-1"
+        },
+        "s3bucket": {
+            "bucket": "hedgedoc",
+            "endpointenv": "minio.konchin.com"
+        }
+    }
+}
diff --git a/hedgedoc/deploy.yaml b/hedgedoc/deploy.yaml
new file mode 100644
index 0000000..153fbd9
--- /dev/null
+++ b/hedgedoc/deploy.yaml
@@ -0,0 +1,48 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hedgedoc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: hedgedoc
+  template:
+    metadata:
+      labels:
+        app: hedgedoc
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: hedgedoc
+      containers:
+        - name: hedgedoc
+          image: quay.io/hedgedoc/hedgedoc:1.9.9
+          ports:
+            - name: http
+              containerPort: 8000
+          volumeMounts:
+            - name: config
+              mountPath: /etc/hedgedoc/
+          env:
+            - name: CMD_CONFIG_FILE
+              value: /etc/hedgedoc/config.json
+            - name: CMD_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc
+                  key: CMD_DB_PASSWORD
+
+            - name: CMD_S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc
+                  key: CMD_S3_ACCESS_KEY_ID
+            - name: CMD_S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: hedgedoc
+                  key: CMD_S3_SECRET_ACCESS_KEY
+          imagePullPolicy: Always
diff --git a/hedgedoc/ingress.yaml b/hedgedoc/ingress.yaml
new file mode 100644
index 0000000..645e579
--- /dev/null
+++ b/hedgedoc/ingress.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hedgedoc
+spec:
+  rules:
+    - host: "md.konchin.com"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: hedgedoc
+                port:
+                  number: 8000
diff --git a/hedgedoc/kustomization.yaml b/hedgedoc/kustomization.yaml
new file mode 100644
index 0000000..4344a53
--- /dev/null
+++ b/hedgedoc/kustomization.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: hedgedoc
+labels:
+  - pairs:
+      app: hedgedoc
+generatorOptions:
+  disableNameSuffixHash: true
+
+resources:
+  - namespace.yaml
+  - deploy.yaml
+  - service.yaml
+  - ingress.yaml
+
+configMapGenerator:
+  - name: hedgedoc
+    files:
+      - config.json
+      - rootca.pem
diff --git a/hedgedoc/namespace.yaml b/hedgedoc/namespace.yaml
new file mode 100644
index 0000000..8c2334c
--- /dev/null
+++ b/hedgedoc/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hedgedoc
diff --git a/hedgedoc/rootca.pem b/hedgedoc/rootca.pem
new file mode 100644
index 0000000..2f7ceaf
--- /dev/null
+++ b/hedgedoc/rootca.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAjCCAuqgAwIBAgIUQGFtCLSyk55KvnESvDfNJqGWX4EwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOS29uY2hpbi5jb20gQ0EwHhcNMjQwOTEzMTcyMzMyWhcN
+MzQwOTExMTcyMzMyWjAZMRcwFQYDVQQDDA5Lb25jaGluLmNvbSBDQTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJDrd5hz7FZdNxGCUQt7gv+KDO/GRIbN
+Lg31AD0AOY2CdSKUoHoDa6RRI0jZrZr7HqvDKXnfz4FAfydCFggVzLSY7dxhr571
+FcjezP1Y5Ft2ColAVbmUuftRf0mMV0pRgI+4evQTLIKJh35aw/ggarbhKn1Hf/6b
+OoV05OmmHc1tUghOrafW7Qp2HSgdMRlyQPr+6j791aCEFSU19h7JKCOhcHbtGWDV
+xsA0gWO+hGyiAhtvWYF1dgLZ7odKrV7gcm5r0+dDv8deBnfxZKaPDgGHT+ED4AeY
+kRncWIhqILYNiD/xLwLAj3zeUi+REUiPcMaAGLxuriXmrUxRYeP4EaTxbjtLEKjI
+OV3uOxOmHFpMHUqBC9IAuFdwdTEmPwvikSTgxfTjjcQr4Lq6maZqOynZK5Cfhxkw
+slS1FhJw/wHe1z2kjykgV4Erp3oNOV5bdQYu1f4bz2R37sI4XEGRlPDVBr1KgCFB
+jUcwCy/zFk4xdnayZD7MRMo3IOetDspuntkpOkwBrJTV9fJPhgikPUrFujMfojQs
+aMttHLBFQN7ssDYVnw3FWJnpxD1eIbW1/2EG/18j/qpVi+N5QiFKoKLMiQcSltHi
+Sg+BvEZXu6wlJI62LGzEwcdqv8b3XJJDObECI7NTj5RSW6EnLNKr9ryf/au9Aank
+Y6/bjCB5peMvAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBRkNAxKfd3zytl/MIxhaPUIlfsolzANBgkqhkiG9w0BAQsF
+AAOCAgEAD/S2hQok24RAsbu6FVIC1j9C+I+l9aQKljcLmdO8vCE4umSAPWiGXzro
+HKGiR5rfghg4G0k5x8y3FDv475l4YodbZ1QGOZMWicLl9lA9KjO5BE/5FGZG6gCO
+fHp1um/CdfoSsIRnzXQ46Alt/jo1il5flv3vnA3C4Zy+YmQ3EsOea+pezz31/a8I
+XFDhjGZN4+viIE04EmcpQWGa46zeOkcweN23m92jnPN+Yi85Z+YnPXssyJTZKgvz
+eA3Ww5wlGArph+w8qNOJAo/wibDElwks80/p744IhW0nNfRkPj3erphmGHnlcAjL
+EMl3X9zglLjtV27WXXYhHp8luilcBsdZWOGN+OUX3uP+rcOowP93wW9yBiD68rF3
+0oG9zq0WLWOfPDSmM6mHDjI3Hwmx+VEL9cNMlm3h9UOQtJKnbUxbrrTkUzv4y9zE
+fgOUvICOWRvdz0HnF5Dg4XyGQhMq+cqj0fD18Fl/KKTtU5CUXI66fmdNFdjePPcm
+/FUI+7DFjum+WWOTdlJsYIPiH0MTDWrAdduzcEuQHo4Z9+FimgPBpyBQIhivF2WO
+ACzQLzK++utdy7fp92WV1hyF14DTyVC/KwvF3vI0BycLXBoYhwubIRb5fCQxDm7q
+UxhDKxf83XaYEu0LjfORZodfM4dQDdwsX4wHlHsLLdRWni6SwGw=
+-----END CERTIFICATE-----
diff --git a/hedgedoc/service.yaml b/hedgedoc/service.yaml
new file mode 100644
index 0000000..7b57033
--- /dev/null
+++ b/hedgedoc/service.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hedgedoc
+spec:
+  type: ClusterIP
+  selector:
+    app: hedgedoc
+  ports:
+    - name: http
+      port: 8000
+      targetPort: 8000