From cf974b5974b33570a8886cb6ef438922b12919d8 Mon Sep 17 00:00:00 2001
From: ytshih <ytshih@konchin.com>
Date: Sat, 4 Oct 2025 19:53:50 +0800
Subject: [PATCH] Feat(miniflux): add miniflux

---
 flux-applications/miniflux.yaml | 18 +++++++++++++
 miniflux/.sops.yaml             |  4 +++
 miniflux/configmap.env          |  1 +
 miniflux/deploy.yaml            | 46 +++++++++++++++++++++++++++++++++
 miniflux/kustomization.yaml     | 17 ++++++++++++
 miniflux/namespace.yaml         |  5 ++++
 miniflux/secret.yaml            | 32 +++++++++++++++++++++++
 7 files changed, 123 insertions(+)
 create mode 100644 flux-applications/miniflux.yaml
 create mode 100644 miniflux/.sops.yaml
 create mode 100644 miniflux/configmap.env
 create mode 100644 miniflux/deploy.yaml
 create mode 100644 miniflux/kustomization.yaml
 create mode 100644 miniflux/namespace.yaml
 create mode 100644 miniflux/secret.yaml

diff --git a/flux-applications/miniflux.yaml b/flux-applications/miniflux.yaml
new file mode 100644
index 0000000..8494cf4
--- /dev/null
+++ b/flux-applications/miniflux.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: miniflux
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  path: ./miniflux/
+  prune: true
+  force: false
+  sourceRef:
+    kind: GitRepository
+    name: applications
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
diff --git a/miniflux/.sops.yaml b/miniflux/.sops.yaml
new file mode 100644
index 0000000..2fc872c
--- /dev/null
+++ b/miniflux/.sops.yaml
@@ -0,0 +1,4 @@
+creation_rules:
+  - path_regex: '.*.yaml'
+    encrypted_regex: '^(data|stringData)$'
+    pgp: A638A6B54530D54E868F9D3238736C662F799E0D
diff --git a/miniflux/configmap.env b/miniflux/configmap.env
new file mode 100644
index 0000000..b005c04
--- /dev/null
+++ b/miniflux/configmap.env
@@ -0,0 +1 @@
+CREATE_ADMIN=1
diff --git a/miniflux/deploy.yaml b/miniflux/deploy.yaml
new file mode 100644
index 0000000..e5d8868
--- /dev/null
+++ b/miniflux/deploy.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: miniflux
+  labels:
+    app: miniflux
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: miniflux
+  template:
+    metadata:
+      labels:
+        app: miniflux
+    spec:
+      containers:
+        - name: miniflux
+          image: docker.io/miniflux/miniflux:2.2.13
+          ports:
+            - name: http
+              containerPort: 8080
+          env:
+            - name: RUN_MIGRATIONS
+              value: '1'
+            - name: CREATE_ADMIN
+              valueFrom:
+                configMapKeyRef:
+                  name: miniflux-config
+                  key: CREATE_ADMIN
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-secret
+                  key: DATABASE_URL
+            - name: ADMIN_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-secret
+                  key: ADMIN_USERNAME
+            - name: ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-secret
+                  key: ADMIN_PASSWORD
diff --git a/miniflux/kustomization.yaml b/miniflux/kustomization.yaml
new file mode 100644
index 0000000..4f54919
--- /dev/null
+++ b/miniflux/kustomization.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: miniflux
+generatorOptions:
+  disableNameSuffixHash: true
+
+resources:
+  - namespace.yaml
+  - deploy.yaml
+  - secret.yaml
+
+configMapGenerator:
+  - name: miniflux-config
+    envs:
+      - configmap.env
diff --git a/miniflux/namespace.yaml b/miniflux/namespace.yaml
new file mode 100644
index 0000000..d1b9441
--- /dev/null
+++ b/miniflux/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: miniflux
diff --git a/miniflux/secret.yaml b/miniflux/secret.yaml
new file mode 100644
index 0000000..67b2ac2
--- /dev/null
+++ b/miniflux/secret.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: miniflux-secret
+data:
+    DATABASE_URL: ENC[AES256_GCM,data:Xy1/eIqIlHWy+Dj5mY4fyaymcd6EKX60CPb/M9yxOZ0U39Erb3vwyNmjjTA8P+Y2OXgzudqqeue6uBGOIzkdZmkvlmk3z91S43R4nafdLRLFpZNUt4qc5NyMKaoYTg4dkd5K8FTlkguTX+DQ,iv:lTc77eKV5oPcSpEpBSL4zRsl3pzLTkLZVvA3H/4mjzI=,tag:RuT6xciBJNsrJrlx0krBYw==,type:str]
+sops:
+    lastmodified: "2025-10-04T11:51:58Z"
+    mac: ENC[AES256_GCM,data:L4gVe1KDME7GOF2Lu2PfaQR4IuQRh3pSCsBJuoS4JrlljR5WYzLUTxHLxQ6ZdPYPehONWEVZtD8aK7iDBgmsl6SIH+/lWgXhEqBQgTCTIZLTVQxcF+X6I+8co/pjIm4XabqHGyx40dicwmSvSMBgkjgteFFQzD6Sa+nrxeJOGOk=,iv:hZfuRQ42B5Kgr32y6ahyyq85F9jMt6lrbS7lPrntLkg=,tag:9OzpxGLxMCMqD9rcemsLhg==,type:str]
+    pgp:
+        - created_at: "2025-10-04T11:51:58Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA+nT7MSlwYOAAQ/+IFdQrXjpt0xMjlT9kK/rWSNUN2Lsf8nqKJ34RqThRqmp
+            oy1kS+VDOE0R1H2Lj8DMqqURoOSr4YGdwpyMLFQxGJvaAP2sTiX7sdXvBZK8ltUf
+            udXRqd2VOdsN8vyB9RmBgKQoCAH6IplaU6XHivOeqicDCLyy3V9k727VNcDIcGzL
+            2iLIOiRE3KK9MTaTkswLS1sKbGop5FPYOm3jVepq87KvWMxYyS3/GhvM4IVgUKdp
+            XwkQmJWSB9IZFE2auSInjqnLeRQ0MGV3THIphbVTWsH9CEBik7eg6ufwG6boK0Kb
+            5DyBtlisF7DtRYJDPmhmX6IHNPtCoYRbbCj2zWIug9C5i0+kNvxgGOmzQ94DPW0S
+            dEJ8/7yAY7Ea4svK1vgRKLyjmDiIFbgAEg4KjX96CawfYbA00B/MciB5guCeedL8
+            aHJWJneqgTI8gDHHZ2fCkJTkD+TuMyUc3qncDI4B/f9Jbyp8xXmU3W1u4/8qMKC5
+            h9pAkaCJH19ZRqEOWFlOIU6LWBr4wNHodErLDmof9csV++FnX1FabOYkJBaB0fns
+            hEWrR2kY5Zmh0tFUxs6/6i2Zyjdzk20rvYX/HaAQ5Xq3o/tcjyCYLe3tn/ddC0nO
+            skuu/Ro0UGLDBrTNpfaQUvER2mhuVvMFoxU7scJeXKTfhIVbkiiBJujgl++kqBnS
+            XgFef06ELjmkYKxczk9nP+/tA5XY4puCz3DSivZHwPO7oL01eTlYUaMvFACSYYDn
+            shAWR3bKzx1FJ/CXV3HWmGm8NQOxM7iMrIyk5Xs63dQuYYuaMKA5GHZczZCgDTs=
+            =I+NT
+            -----END PGP MESSAGE-----
+          fp: A638A6B54530D54E868F9D3238736C662F799E0D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2