From 5b7fd5117ede2df8e7a606b23926d7fe4b1f2c6c Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@badhouseplants.net>
Date: Sat, 6 Jan 2024 21:16:12 +0100
Subject: [PATCH] Install Tandoor

---
 badhouseplants/helmfile.yaml               |  5 ++
 badhouseplants/values/secrets.tandoor.yaml | 22 +++++++++
 badhouseplants/values/values.tandoor.yaml  | 55 ++++++++++++++++++++++
 releases.yaml                              | 10 ++++
 repositories.yaml                          |  2 +
 5 files changed, 94 insertions(+)
 create mode 100644 badhouseplants/values/secrets.tandoor.yaml
 create mode 100644 badhouseplants/values/values.tandoor.yaml

diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml
index ebb0e1f..92e05f1 100644
--- a/badhouseplants/helmfile.yaml
+++ b/badhouseplants/helmfile.yaml
@@ -112,6 +112,11 @@ releases:
     namespace: openvpn-service
     createNamespace: false
 
+  - <<: *tandoor
+    installed: true
+    namespace: tandoor-application
+    createNamespace: true
+
 bases:
   - ../environments.yaml
   - ../repositories.yaml
diff --git a/badhouseplants/values/secrets.tandoor.yaml b/badhouseplants/values/secrets.tandoor.yaml
new file mode 100644
index 0000000..65d3703
--- /dev/null
+++ b/badhouseplants/values/secrets.tandoor.yaml
@@ -0,0 +1,22 @@
+env:
+    SECRET_KEY: ENC[AES256_GCM,data:vIzxdLGoKHEIGt451pZKwyFFQ7+g3ViryUHkhmzU,iv:JuSUmrUUgVL07y4mQ+z3lNRLpe0io4uDKndWpEgIVDU=,tag:6nsOuHbtgyGFJebOHChKxQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYmNkcjVyR2o5R0dJTXZB
+            d2NBczgrTllrM3hWdHVIcmhmb1dlY1FzN2pjCndTSS83Wi9WcytrT04xY1dyNXVV
+            YzlxWmwxNkpnMk1oK25wcDJTUFQyYk0KLS0tIHR3R3did2hlMThOUEV1QjNma2pM
+            NnNxMC9vNStLQ1dadE13RmhLWExqeG8KpSUTbfxuZX+7L6SK55BJvY8KIfqt2ykz
+            qNmUpeC7YHzDfoXGF6+jklMCVcUJDRI5UeZejZ7KXnI9OR8VncIiqw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-01-06T15:16:21Z"
+    mac: ENC[AES256_GCM,data:qVocy+iBsjj45hLObpoxxo0ZyzxCITXR52NLfo5NZvJutRLs5SfKjmecYVth4j1t15qUJ3GIYG2t2lGxqptMyPK7SG4ln0G8p02LP4XdboKYeZNdWlHYf3cMZtnST4WdrpTCNWhLs3+8ittBb3AsR3QBtwoqzalC+VatAOJ2IDc=,iv:y3TspYIFS/eVJE8x+fAlPhFrWcH9PM0Rajgt8yUJLSc=,tag:nUt0xWqdjfoeemTk4xhr8w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/badhouseplants/values/values.tandoor.yaml b/badhouseplants/values/values.tandoor.yaml
new file mode 100644
index 0000000..c30f79e
--- /dev/null
+++ b/badhouseplants/values/values.tandoor.yaml
@@ -0,0 +1,55 @@
+istio:
+  enabled: true
+  istio:
+    - name: tandoor-http
+      gateway: istio-system/badhouseplants-net
+      kind: http
+      hostname: tandoor.badhouseplants.net
+      service: tandoor
+      port: 8080
+
+ext-database:
+  enabled: true
+  name: tandoor-postgres16
+  instance: postgres16
+  credentials:
+    POSTGRES_HOST: |-
+      "{{ .Hostname }}"
+    POSTGRES_PORT: |-
+      "{{ .Port }}"
+
+envFrom:
+  - secretRef:
+      name: tandoor-postgres16-creds
+env:
+  TZ: UTC
+  DB_ENGINE: django.db.backends.postgresql
+  EMAIL_HOST: badhouseplants.net
+  EMAIL_PORT: 587
+  EMAIL_HOST_USER: overlord@badhouseplants.net
+  EMAIL_HOST_PASSWORD: nxVa8Xcf4jNvzNeE$JzBL&H8g
+  EMAIL_USE_TLS: 1
+  EMAIL_USE_SSL: 0
+  DEFAULT_FROM_EMAIL: tandoor@badhouseplants.net
+persistence:
+  config:
+    enabled: true
+    retain: true
+    storageClass: longhorn
+    accessMode: ReadWriteOnce
+    size: 1Gi
+  media:
+    enabled: true
+    mountPath: /opt/recipes/mediafiles
+    retain: true
+    storageClass: longhorn
+    accessMode: ReadWriteOnce
+    size: 1Gi
+  static:
+    enabled: true
+    type: emptyDir
+    mountPath: /opt/recipes/staticfiles
+  django-js-reverse:
+    enabled: true
+    type: emptyDir
+    mountPath: /opt/recipes/cookbook/static/django_js_reverse
diff --git a/releases.yaml b/releases.yaml
index b13dd22..cc62771 100644
--- a/releases.yaml
+++ b/releases.yaml
@@ -365,3 +365,13 @@ templates:
     name: reflector
     chart: emberstack/reflector
     version: 7.1.238
+
+  tandoor: &tandoor
+    name: tandoor
+    chart: gabe565/tandoor
+    version: 0.8.11
+    inherit:
+      - template: default-env-values
+      - template: default-env-secrets
+      - template: ext-istio-resource
+      - template: ext-database
diff --git a/repositories.yaml b/repositories.yaml
index 6c63ec0..1026e58 100644
--- a/repositories.yaml
+++ b/repositories.yaml
@@ -43,3 +43,5 @@ repositories:
     url: https://firefly-iii.github.io/kubernetes/
   - name: emberstack
     url: https://emberstack.github.io/helm-charts
+  - name: gabe565
+    url: https://charts.gabe565.com