devtools/issues/prod.jsonnet

#
# issues.hackerspace.pl redmine deployment
#
# Bootstrap:
#
#    ns=redmine
#    kubectl -n $ns create secret generic redmine --from-literal=secret_key=$(pwgen 24 1) --from-literal=postgres_password=$(pwgen 32 1) --from-literal=mailing_password=... --from-literal=oidc_secret=...
#
#    ceph_ns=ceph-waw3; ceph_pool=waw-hdd-redundant-3
#    kubectl -n $ceph_ns get secrets rook-ceph-object-user-${ceph_pool}-object-issues -o json | jq 'del(.metadata.namespace,.metadata.resourceVersion,.metadata.uid) | .metadata.creationTimestamp=null' | kubectl replace -f - -n $ns
#

local redmine = import "./redmine.libsonnet";

{
    issues: redmine {
        cfg+: {
            namespace: "redmine",
            domain: "issues.hackerspace.pl",

            storage+: {
                endpoint: "https://object.ceph-waw3.hswaw.net",
                bucket: "issues",

                # This is required for redmine_s3 to properly create a bucket
                region: "us-east-1",

                local rookSecret = "rook-ceph-object-user-waw-hdd-redundant-3-object-issues",
                accessKey: { secretKeyRef: { name: rookSecret, key: "AccessKey" } },
                secretKey: { secretKeyRef: { name: rookSecret, key: "SecretKey" } },
            },

            oidc+: {
                server: "https://sso.hackerspace.pl",
                clientID: "70ee2821-2657-4409-a298-98649d1f689f",
                clientSecret: { secretKeyRef: { name: "redmine", key: "oidc_secret" } },
            },

            mailing+: {
                address: "mail.hackerspace.pl",
                user_name: "issues",
                domain: "hackerspace.pl",
                password: { secretKeyRef: { name: "redmine", key: "mailing_password" } },
            },
        },
    },
}