auto sync and immich

README.md

@@ -1,2 +1,23 @@
 # Kluster setup and IaaC using argoCD
 
+
+
+### Key to authorize against `git.kluster.moll.re` (ssh)
+```
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+4SlRIV9wOKYZbBrPuW18K6GGjnDEviCYQvGQuKOm0 remy@ArchSpectre
+```
+
+### Initial setup
+On a running (but otherwise bare) k3s instance run:
+```
+kubectl apply -k infrastructure/argocd
+```
+This will install argocd and CRDs in a dedicated namespace along with the app-of-apps configured under `kluster-deployments/`.
+
+The app-of-apps will bootstrap a fully featured cluster with the following components
+- postgres instance
+- backup of all nfs PVCs using restic
+- traefik along with metallb as a publicly accessible reverse proxy
+- an nfs-provisioner creating PVCs on-demand
+- the bitnami sealedsecrets-operator
+- a range of selfhosted apps

infrastructure/argocd/argo-apps.application.yaml

@@ -12,3 +12,7 @@ spec:
   destination:
     server: https://kubernetes.default.svc
     namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

kluster-deployments/immich/application.yaml

@@ -0,0 +1,120 @@
+# apiVersion: source.toolkit.fluxcd.io/v1beta2
+# kind: HelmRepository
+# metadata:
+#   name: immich-helmrepo
+#   namespace: flux-system
+# spec:
+#   interval: 60m0s
+#   url: https://immich-app.github.io/immich-charts
+# ---
+# apiVersion: helm.toolkit.fluxcd.io/v2beta1
+# kind: HelmRelease
+# metadata:
+#   name: immich-helmchart
+#   namespace: flux-system
+# spec:
+#   interval: 5m0s
+#   chart:
+#     spec:
+#       chart: immich
+#       sourceRef:
+#         kind: HelmRepository
+#         name: immich-helmrepo
+#       valuesFiles:
+#         - ./apps/immich/values.yaml
+#   #       - values-production.yaml
+#   # values: ./apps/immich/values.yaml
+# ---
+# apiVersion: image.toolkit.fluxcd.io/v1beta2
+# kind: ImageRepository
+# metadata:
+#   name: immich-registry
+#   namespace: flux-system
+# spec:
+#   image: ghcr.io/immich-app/immich-server
+#   interval: 15m
+# ---
+# apiVersion: image.toolkit.fluxcd.io/v1beta2
+# kind: ImagePolicy
+# metadata:
+#   name: immich-imagerange
+#   namespace: flux-system
+# spec:
+#   imageRepositoryRef:
+#     name: immich-registry
+#   policy:
+#     semver:
+#       range: 1.x.x
+# ---
+# apiVersion: image.toolkit.fluxcd.io/v1beta1
+# kind: ImageUpdateAutomation
+# metadata:
+#   name: immich-automation
+#   namespace: flux-system
+# spec:
+#   interval: 30m
+#   sourceRef:
+#     kind: GitRepository
+#     name: flux-system
+#   #### Git configuration
+#   git:
+#     checkout:
+#       ref:
+#         branch: main
+#     commit:
+#       author:
+#         email: flux@moll.re
+#         name: fluxcdbot
+#       messageTemplate: 'Bump {{range .Updated.Images}}{{println .}}{{end}}'
+#     push:
+#       #### Branch to push to
+#       branch: ci-update
+#   #### Update configuration
+#   update:
+#     #### Path to the file to update
+#     path: ./apps/immich/values.yaml
+#     #### Update strategy
+#     strategy: Setters
+# ---
+
+
+#   # sourceRef:
+#   #   kind: GitRepository
+#   #   name: immich
+#   # git:
+#   #   checkout:
+#   #     ref:
+#   #       branch: main
+#   #   commit:
+#   #     author:
+#   #       email: flux@moll.re
+#   #       name: fluxcdbot
+#   #     messageTemplate: '[CI SKIP] Bump {{range .Updated.Images}}{{println .}}{{end}}'
+#   #   push:
+#   #     branch: main
+#   # update:
+#   #   path: ./deployment/base/deployment.yaml
+#   #   strategy: Setters
+
+
+# ---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: immich-application
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - chart: immich
+      repoURL: https://immich-app.github.io/immich-charts
+      helm:
+        releaseName: immich
+        valueFiles:
+          - $values/apps/immich/values.yaml
+    - repoURL: 'https://github.com/moll-re/k3s-infra.git'
+      targetRevision: dev
+      ref: values
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: immich

kluster-deployments/immich/deploymentereference.yaml

@@ -1,97 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: immich-helmrepo
-  namespace: flux-system
-spec:
-  interval: 60m0s
-  url: https://immich-app.github.io/immich-charts
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: immich-helmchart
-  namespace: flux-system
-spec:
-  interval: 5m0s
-  chart:
-    spec:
-      chart: immich
-      sourceRef:
-        kind: HelmRepository
-        name: immich-helmrepo
-      valuesFiles:
-        - ./apps/immich/values.yaml
-  #       - values-production.yaml
-  # values: ./apps/immich/values.yaml
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImageRepository
-metadata:
-  name: immich-registry
-  namespace: flux-system
-spec:
-  image: ghcr.io/immich-app/immich-server
-  interval: 15m
----
-apiVersion: image.toolkit.fluxcd.io/v1beta2
-kind: ImagePolicy
-metadata:
-  name: immich-imagerange
-  namespace: flux-system
-spec:
-  imageRepositoryRef:
-    name: immich-registry
-  policy:
-    semver:
-      range: 1.x.x
----
-apiVersion: image.toolkit.fluxcd.io/v1beta1
-kind: ImageUpdateAutomation
-metadata:
-  name: immich-automation
-  namespace: flux-system
-spec:
-  interval: 30m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  #### Git configuration
-  git:
-    checkout:
-      ref:
-        branch: main
-    commit:
-      author:
-        email: flux@moll.re
-        name: fluxcdbot
-      messageTemplate: 'Bump {{range .Updated.Images}}{{println .}}{{end}}'
-    push:
-      #### Branch to push to
-      branch: ci-update
-  #### Update configuration
-  update:
-    #### Path to the file to update
-    path: ./apps/immich/values.yaml
-    #### Update strategy
-    strategy: Setters
----
-
-
-  # sourceRef:
-  #   kind: GitRepository
-  #   name: immich
-  # git:
-  #   checkout:
-  #     ref:
-  #       branch: main
-  #   commit:
-  #     author:
-  #       email: flux@moll.re
-  #       name: fluxcdbot
-  #     messageTemplate: '[CI SKIP] Bump {{range .Updated.Images}}{{println .}}{{end}}'
-  #   push:
-  #     branch: main
-  # update:
-  #   path: ./deployment/base/deployment.yaml
-  #   strategy: Setters

kluster-deployments/immich/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml

kluster-deployments/kustomization.yaml

@@ -7,3 +7,4 @@ namespace: argocd
 resources:
   - whoami/
   - journal/
+  - immich/

kluster-deployments/whoami/application.yaml

@@ -12,3 +12,7 @@ spec:
   destination:
     server: https://kubernetes.default.svc
     namespace: whoami
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true