infrastructure/clusters/cl01tl/helm/dawarich/values.yaml

dawarich:
  controllers:
    main:
      type: deployment
      replicas: 1
      strategy: Recreate
      containers:
        main:
          image:
            repository: freikin/dawarich
            tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
          command:
            - "web-entrypoint.sh"
          args:
            - "bin/rails"
            - "server"
            - "-p"
            - "3000"
            - "-b"
            - "::"
          env:
            - name: RAILS_ENV
              value: production
            - name: REDIS_URL
              value: redis://dawarich-valkey.dawarich:6379
            - name: DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: host
            - name: DATABASE_PORT
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: port
            - name: DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: user
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: password
            - name: DATABASE_NAME
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: dbname
            - name: APPLICATION_HOSTS
              value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
            - name: TIME_ZONE
              value: America/Chicago
            - name: APPLICATION_PROTOCOL
              value: http
            - name: OIDC_ISSUER
              value: https://authentik.alexlebens.net/application/o/darwich/
            - name: OIDC_REDIRECT_URI
              value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: dawarich-oidc-secret
                  key: client
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: dawarich-oidc-secret
                  key: secret
            - name: OIDC_PROVIDER_NAME
              value: Authentik
            - name: OIDC_AUTO_REGISTER
              value: true
            - name: PROMETHEUS_EXPORTER_ENABLED
              value: true
            - name: PROMETHEUS_EXPORTER_HOST
              value: 0.0.0.0
            - name: PROMETHEUS_EXPORTER_PORT
              value: 9394
            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
                  name: dawarich-key-secret
                  key: key
            - name: RAILS_LOG_TO_STDOUT
              value: true
            - name: SELF_HOSTED
              value: true
            - name: STORE_GEODATA
              value: true
          probes:
            liveness:
              enabled: true
              custom: true
              spec:
                exec:
                  command:
                    - /bin/sh
                    - -c
                    - "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'"
                failureThreshold: 5
                initialDelaySeconds: 60
                periodSeconds: 10
                successThreshold: 1
                timeoutSeconds: 10
          resources:
            requests:
              cpu: 20m
              memory: 750Mi
        sidekiq:
          image:
            repository: freikin/dawarich
            tag: 1.6.0@sha256:5cba4d96fb57976fb6a956b8622365789d74a1178cc3ada1cb7541a4473993a9
          command:
            - "sidekiq-entrypoint.sh"
          args:
            - "sidekiq"
          env:
            - name: RAILS_ENV
              value: production
            - name: REDIS_URL
              value: redis://dawarich-valkey.dawarich:6379
            - name: DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: host
            - name: DATABASE_PORT
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: port
            - name: DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: user
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: password
            - name: DATABASE_NAME
              valueFrom:
                secretKeyRef:
                  name: dawarich-postgresql-18-cluster-app
                  key: dbname
            - name: APPLICATION_HOSTS
              value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
            - name: TIME_ZONE
              value: America/Chicago
            - name: APPLICATION_PROTOCOL
              value: http
            - name: DISTANCE_UNIT
              value: mi
            - name: OIDC_ISSUER
              value: https://authentik.alexlebens.net/application/o/darwich/
            - name: OIDC_REDIRECT_URI
              value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: dawarich-oidc-secret
                  key: client
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: dawarich-oidc-secret
                  key: secret
            - name: OIDC_PROVIDER_NAME
              value: Authentik
            - name: OIDC_AUTO_REGISTER
              value: true
            - name: PROMETHEUS_EXPORTER_ENABLED
              value: true
            - name: PROMETHEUS_EXPORTER_HOST
              value: 0.0.0.0
            - name: PROMETHEUS_EXPORTER_PORT
              value: 9394
            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
                  name: dawarich-key-secret
                  key: key
            - name: RAILS_LOG_TO_STDOUT
              value: true
            - name: SELF_HOSTED
              value: true
            - name: STORE_GEODATA
              value: true
          probes:
            liveness:
              enabled: true
              custom: true
              spec:
                exec:
                  command:
                    - pgrep
                    - -f
                    - sidekiq
                failureThreshold: 5
                initialDelaySeconds: 60
                periodSeconds: 10
                successThreshold: 1
                timeoutSeconds: 10
  service:
    main:
      controller: main
      ports:
        http:
          port: 80
          targetPort: 3000
          protocol: TCP
        metrics:
          port: 9394
          targetPort: 9394
          protocol: TCP
  serviceMonitor:
    main:
      selector:
        matchLabels:
          app.kubernetes.io/name: dawarich
          app.kubernetes.io/instance: dawarich
      serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
      endpoints:
        - port: metrics
          interval: 30s
          scrapeTimeout: 15s
          path: /metrics
  route:
    main:
      kind: HTTPRoute
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: traefik-gateway
          namespace: traefik
      hostnames:
        - dawarich.alexlebens.net
      rules:
        - backendRefs:
            - name: dawarich
              port: 80
          matches:
            - path:
                type: PathPrefix
                value: /
  persistence:
    storage:
      forceRename: dawarich-storage
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      advancedMounts:
        main:
          main:
            - path: /var/app/storage
              readOnly: false
          sidekiq:
            - path: /var/app/storage
              readOnly: false
    public:
      forceRename: dawarich-public
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 5Gi
      advancedMounts:
        main:
          main:
            - path: /var/app/public
              readOnly: false
          sidekiq:
            - path: /var/app/public
              readOnly: false
    watched:
      forceRename: dawarich-watched
      storageClass: ceph-block
      accessMode: ReadWriteOnce
      size: 1Gi
      advancedMounts:
        main:
          main:
            - path: /var/app/tmp/imports/watched
              readOnly: false
          sidekiq:
            - path: /var/app/tmp/imports/watched
              readOnly: false
postgres-18-cluster:
  mode: recovery
  cluster:
    image:
      repository: ghcr.io/cloudnative-pg/postgis
      tag: 18-3-system-trixie
    initdb:
      postInitTemplateSQL:
        - CREATE EXTENSION postgis;
        - CREATE EXTENSION postgis_topology;
        - CREATE EXTENSION fuzzystrmatch;
        - CREATE EXTENSION postgis_tiger_geocoder;
  recovery:
    method: objectStore
    objectStore:
      index: 1
  backup:
    objectStore:
      - name: garage-local
        index: 1
        destinationBucket: postgres-backups
        externalSecretCredentialPath: /garage/home-infra/postgres-backups
        isWALArchiver: true
    scheduledBackups:
      - name: live-backup
        suspend: false
        immediate: true
        schedule: "0 10 14 * * *"
        backupName: garage-local