From ac3d1fe25f5b923c5d2f181205d1c5bbf2d7ad2b Mon Sep 17 00:00:00 2001
From: Finn <finn@janky.solutions>
Date: Thu, 23 Jan 2025 13:10:09 -0800
Subject: [PATCH] Add test mobilizon instance

---
 k8s/kustomization.yaml           |  1 +
 k8s/mobilizon/database.yaml      | 66 +++++++++++++++++++++++
 k8s/mobilizon/ingress.yaml       | 18 +++++++
 k8s/mobilizon/kustomization.yaml | 37 +++++++++++++
 k8s/mobilizon/mobilizon.yaml     | 92 ++++++++++++++++++++++++++++++++
 k8s/mobilizon/namespace.yaml     |  4 ++
 6 files changed, 218 insertions(+)
 create mode 100644 k8s/mobilizon/database.yaml
 create mode 100644 k8s/mobilizon/ingress.yaml
 create mode 100644 k8s/mobilizon/kustomization.yaml
 create mode 100644 k8s/mobilizon/mobilizon.yaml
 create mode 100644 k8s/mobilizon/namespace.yaml

diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
index 4a51060..b3dd47e 100644
--- a/k8s/kustomization.yaml
+++ b/k8s/kustomization.yaml
@@ -10,6 +10,7 @@ resources:
   - keycloak
   - matrix
   - meshtastic
+  - mobilizon
   - miniflux
   - monitoring
   - netbox
diff --git a/k8s/mobilizon/database.yaml b/k8s/mobilizon/database.yaml
new file mode 100644
index 0000000..011ddb4
--- /dev/null
+++ b/k8s/mobilizon/database.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgis
+spec:
+  selector:
+    matchLabels:
+      app: postgis
+  serviceName: postgis
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgis
+    spec:
+      containers:
+        - name: postgis
+          image: postgis/postgis:15-3.4
+          ports:
+            - containerPort: 5432
+              name: postgres
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql
+          env:
+            - name: POSTGRES_USER
+              value: mobilizon
+            - name: POSTGRES_DB
+              value: mobilizon
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgis-password
+                  key: password
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgis
+spec:
+  selector:
+    app: postgis
+  ports:
+    - port: 5432
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: postgis-password
+spec:
+  target:
+    name: postgis-password
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: ClusterGenerator
+          name: password
diff --git a/k8s/mobilizon/ingress.yaml b/k8s/mobilizon/ingress.yaml
new file mode 100644
index 0000000..3720f0c
--- /dev/null
+++ b/k8s/mobilizon/ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mobilizon
+  labels:
+    name: mobilizon
+spec:
+  rules:
+  - host: mobilizon-test.k8s.home.finn.io
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: mobilizon
+            port: 
+              number: 4000
diff --git a/k8s/mobilizon/kustomization.yaml b/k8s/mobilizon/kustomization.yaml
new file mode 100644
index 0000000..ef38707
--- /dev/null
+++ b/k8s/mobilizon/kustomization.yaml
@@ -0,0 +1,37 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: mobilizon
+resources:
+  - namespace.yaml
+  - database.yaml
+  - mobilizon.yaml
+  - ingress.yaml
+configMapGenerator:
+  - name: mobilizon
+    literals:
+      # documented at https://framagit.org/framasoft/joinmobilizon/docker/-/blob/master/env.template?ref_type=heads
+      - MOBILIZON_INSTANCE_NAME=Mobilizon Test
+      - MOBILIZON_INSTANCE_HOST=mobilizon-test.k8s.home.finn.io
+      - MOBILIZON_INSTANCE_LISTEN_IP=0.0.0.0
+      - MOBILIZON_INSTANCE_PORT=4000
+      - MOBILIZON_INSTANCE_EMAIL=mobilizon-test@janky.solutions
+      - MOBILIZON_REPLY_EMAIL=mobilizon-test@janky.solutions
+      - MOBILIZON_INSTANCE_REGISTRATIONS_OPEN=false
+      - MOBILIZON_DATABASE_USERNAME=mobilizon
+      - MOBILIZON_DATABASE_DBNAME=mobilizon
+      - MOBILIZON_DATABASE_HOST=postgis
+      - MOBILIZON_DATABASE_PORT=5432
+      - MOBILIZON_DATABASE_SSL=false
+      # - MOBILIZON_INSTANCE_SECRET_KEY_BASE
+      # - MOBILIZON_INSTANCE_SECRET_KEY
+      - MOBILIZON_LOGLEVEL=debug
+      - MOBILIZON_SMTP_SERVER=mx1.janky.solutions
+      - MOBILIZON_SMTP_PORT=465
+      - MOBILIZON_SMTP_SSL=false
+      - MOBILIZON_SMTP_TLS=true
+      - MOBILIZON_SMTP_USERNAME=mobilizon-test@janky.solutions
+      # - MOBILIZON_SMTP_PASSWORD
+      # - MOBILIZON_UPLOADS
+      # - MOBILIZON_UPLOADS_EXPORTS
+      # - MOBILIZON_TIMEZONES_DIR
+      # - MOBILIZON_TZDATA_DIR
diff --git a/k8s/mobilizon/mobilizon.yaml b/k8s/mobilizon/mobilizon.yaml
new file mode 100644
index 0000000..f8d6306
--- /dev/null
+++ b/k8s/mobilizon/mobilizon.yaml
@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mobilizon
+spec:
+  selector:
+    matchLabels:
+      app: mobilizon
+  serviceName: mobilizon
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mobilizon
+    spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
+      containers:
+        - name: mobilizon
+          image: framasoft/mobilizon:5.1.1
+          ports:
+            - containerPort: 4000
+              name: web
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/mobilizon/uploads
+          env:
+            - name: MOBILIZON_DATABASE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgis-password
+                  key: password
+            - name: MOBILIZON_INSTANCE_SECRET_KEY_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: mobilizon-instance-secret-key-base
+                  key: password
+            - name: MOBILIZON_INSTANCE_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: mobilizon-instance-secret-key
+                  key: password
+          envFrom:
+            - configMapRef:
+                name: mobilizon
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mobilizon
+spec:
+  selector:
+    app: mobilizon
+  ports:
+    - port: 4000
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mobilizon-instance-secret-key-base
+spec:
+  target:
+    name: mobilizon-instance-secret-key-base
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: ClusterGenerator
+          name: password
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: mobilizon-instance-secret-key
+spec:
+  target:
+    name: mobilizon-instance-secret-key
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: ClusterGenerator
+          name: password
diff --git a/k8s/mobilizon/namespace.yaml b/k8s/mobilizon/namespace.yaml
new file mode 100644
index 0000000..21d935b
--- /dev/null
+++ b/k8s/mobilizon/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mobilizon