Publish new changes in catalog

community/briefkasten/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.1.1
+digest: sha256:a7dbe3e4d42dbcd4325776e5e01a1d630c7f185f79e7ebf22b1b9cc80f56eed7
+generated: "2023-09-21T17:36:42.077526429+03:00"

community/briefkasten/1.0.0/Chart.yaml

@@ -0,0 +1,25 @@
+name: briefkasten
+description: Briefkasten is a self hosted bookmarking app
+annotations:
+  title: Briefkasten
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: latest
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+    email: dev@ixsystems.com
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.1.1
+home: https://github.com/ndom91/briefkasten
+icon: https://docs.briefkastenhq.com/logo.svg
+sources:
+  - https://github.com/truenas/charts/tree/master/library/ix-dev/community/briefkasten
+  - https://github.com/ndom91/briefkasten
+  - https://docs.briefkastenhq.com/
+keywords:
+  - bookmark

community/briefkasten/1.0.0/README.md

@@ -0,0 +1,11 @@
+# Briefkasten
+
+[Briefkasten](https://github.com/ndom91/briefkasten) is a self hosted bookmarking app
+
+> When application is installed, a container will be launched with **root** privileges.
+> This is required in order to apply the correct permissions to the `postgres` directories.
+> Afterward, the `postgres` container will run as a **non**-root user (`999`).
+> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
+> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
+> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
+> But will only be changed once for the `postgres` data directories.

community/briefkasten/1.0.0/app-readme.md

@@ -0,0 +1,11 @@
+# Briefkasten
+
+[Briefkasten](https://github.com/ndom91/briefkasten) is a self hosted bookmarking app
+
+> When application is installed, a container will be launched with **root** privileges.
+> This is required in order to apply the correct permissions to the `postgres` directories.
+> Afterward, the `postgres` container will run as a **non**-root user (`999`).
+> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
+> permissions to the `postgres` **backups** directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
+> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
+> But will only be changed once for the `postgres` data directories.

community/briefkasten/1.0.0/ci/basic-values.yaml

@@ -0,0 +1,17 @@
+briefkastenNetwork:
+  webPort: 31000
+
+briefkastenConfig:
+  url: http://localhost:31000
+  smtp:
+    enabled: true
+    server: some.smtp.server:587
+    from: briefkasten@example.com
+
+briefkastenStorage:
+  pgData:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgData
+  pgBackup:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgBackup

community/briefkasten/1.0.0/ci/extra-values.yaml

@@ -0,0 +1,24 @@
+briefkastenNetwork:
+  webPort: 31000
+
+briefkastenConfig:
+  url: http://localhost:31000
+  smtp:
+    enabled: true
+    server: some.smtp.server:587
+    from: briefkasten@example.com
+
+briefkastenStorage:
+  pgData:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgData
+  pgBackup:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgBackup
+  additionalStorages:
+  - type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/data1
+    mountPath: /data1
+  - type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/data2
+    mountPath: /data2

community/briefkasten/1.0.0/ci/hostNet-values.yaml

@@ -0,0 +1,18 @@
+briefkastenNetwork:
+  webPort: 31000
+  hostNetwork: true
+
+briefkastenConfig:
+  url: http://localhost:31000
+  smtp:
+    enabled: true
+    server: some.smtp.server:587
+    from: briefkasten@example.com
+
+briefkastenStorage:
+  pgData:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgData
+  pgBackup:
+    type: hostPath
+    hostPath: /mnt/{{ .Release.Namespace }}/pgBackup

community/briefkasten/1.0.0/ix_values.yaml

@@ -0,0 +1,73 @@
+image:
+  repository: ndom91/briefkasten
+  pullPolicy: IfNotPresent
+  # No versioned tag provided
+  tag: latest
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+briefkastenConfig:
+  url: http://localhost:30080
+  smtp:
+    enabled: false
+    server: ''
+    from: ''
+  github:
+    enabled: false
+    id: ''
+    secret: ''
+  google:
+    enabled: false
+    id: ''
+    secret: ''
+  keycloak:
+    enabled: false
+    name: ''
+    id: ''
+    secret: ''
+    issuer: ''
+  authentik:
+    enabled: false
+    name: ''
+    id: ''
+    secret: ''
+    issuer: ''
+  additionalEnvs: []
+
+briefkastenNetwork:
+  webPort: 30080
+  hostNetwork: false
+
+briefkastenStorage:
+  additionalStorages: []
+  pgData:
+    type: ixVolume
+    datasetName: pgData
+  pgBackup:
+    type: ixVolume
+    datasetName: pgBackup
+
+notes:
+  custom: |
+    Default credentials:
+      - Username: `demo@demo.demo`
+      - Password: `demo`
+
+    ## Database
+    You can connect to the database using the pgAdmin App from the catalog
+
+    <details>
+      <summary>Database Details</summary>
+
+      - Database: `briefkasten`
+      - Username: `briefkasten`
+      - Password: `{{ .Values.briefkastenDbPass }}`
+      - Host:     `{{ .Values.briefkastenDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
+      - Port:     `5432`
+
+    </details>
+    {{- $_ := unset .Values "briefkastenDbPass" }}
+    {{- $_ := unset .Values "briefkastenDbHost" }}

community/briefkasten/1.0.0/metadata.yaml

@@ -0,0 +1,13 @@
+runAsContext:
+  - userName: briefkasten
+    groupName: briefkasten
+    gid: 1001
+    uid: 1001
+    description: Briefkasten can runs as a non-root user.
+  - userName: postgres
+    groupName: postgres
+    gid: 999
+    uid: 999
+    description: Postgres runs as a non-root user.
+capabilities: []
+hostMounts: []

community/briefkasten/1.0.0/questions.yaml

@@ -0,0 +1,539 @@
+groups:
+  - name: Briefkasten Configuration
+    description: Configure Briefkasten
+  - name: Network Configuration
+    description: Configure Network for Briefkasten
+  - name: Storage Configuration
+    description: Configure Storage for Briefkasten
+  - name: Resources Configuration
+    description: Configure Resources for Briefkasten
+
+portals:
+  web_portal:
+    protocols:
+      - "$kubernetes-resource_configmap_portal_protocol"
+    host:
+      - "$kubernetes-resource_configmap_portal_host"
+    ports:
+      - "$kubernetes-resource_configmap_portal_port"
+    path: "$kubernetes-resource_configmap_portal_path"
+
+questions:
+  - variable: briefkastenConfig
+    label: ""
+    group: Briefkasten Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: url
+          label: BaseURL
+          description: |
+            The URL that Briefkasten will be accessible from.</br>
+            Example: </br>
+            http://server.ip:30080</br>
+            https://Briefkasten.example.com
+          schema:
+            type: uri
+            default: ""
+            required: true
+        - variable: smtp
+          label: SMTP Auth Provider
+          description: Configure SMTP for Briefkasten.
+          schema:
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable SMTP for auth.
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: server
+                      label: SMTP Server
+                      description: The SMTP server to use.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: from
+                      label: SMTP From
+                      description: The SMTP from address to use.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+        - variable: github
+          label: GitHub Auth Provider
+          description: Configure GitHub for Briefkasten.
+          schema:
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable GitHub for auth.
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: id
+                      label: GitHub Client ID
+                      description: The GitHub Client ID.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: secret
+                      label: GitHub Client Secret
+                      description: The GitHub Client Secret.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+        - variable: google
+          label: Google Auth Provider
+          description: Configure Google for Briefkasten.
+          schema:
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable Google for auth.
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: id
+                      label: Google Client ID
+                      description: The Google Client ID.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: secret
+                      label: Google Client Secret
+                      description: The Google Client Secret.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+        - variable: keycloak
+          label: Keycloak Auth Provider
+          description: Configure Keycloak for Briefkasten.
+          schema:
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable Keycloak for auth.
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: name
+                      label: Keycloak Name
+                      description: The Keycloak Name.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: id
+                      label: Keycloak Client ID
+                      description: The Keycloak Client ID.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: secret
+                      label: Keycloak Client Secret
+                      description: The Keycloak Client Secret.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: issuer
+                      label: Keycloak Issuer
+                      description: The Keycloak Issuer.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+        - variable: authentik
+          label: Authentik Auth Provider
+          description: Configure Authentik for Briefkasten.
+          schema:
+            type: dict
+            attrs:
+              - variable: enabled
+                label: Enabled
+                description: Enable Authentik for auth.
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: name
+                      label: Authentik Name
+                      description: The Authentik Name.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: id
+                      label: Authentik Client ID
+                      description: The Authentik Client ID.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: secret
+                      label: Authentik Client Secret
+                      description: The Authentik Client Secret.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+                    - variable: issuer
+                      label: Authentik Issuer
+                      description: The Authentik Issuer.
+                      schema:
+                        type: string
+                        default: ""
+                        required: true
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for Briefkasten.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: briefkastenNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: webPort
+          label: Web Port
+          description: The port for the Briefkasten Web UI.
+          schema:
+            type: int
+            default: 30080
+            min: 9000
+            max: 65535
+            required: true
+        - variable: hostNetwork
+          label: Host Network
+          description: |
+            Bind to the host network. It's recommended to keep this disabled.</br>
+          schema:
+            type: boolean
+            default: false
+
+  - variable: briefkastenStorage
+    label: ""
+    group: Storage Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: avatars
+          label: Briefkasten Avatars Storage
+          description: The path to store Briefkasten Avatars.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: "avatars"
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: backgroundImages
+          label: Briefkasten Background Images Storage
+          description: The path to store Briefkasten Background Images.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: "bg-img"
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: attachments
+          label: Briefkasten Attachments Storage
+          description: The path to store Briefkasten Attachments.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: "attachments"
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: pgData
+          label: Postgres Data Storage
+          description: The path to store Postgres Data.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: "pgData"
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: pgBackup
+          label: Postgres Backup Storage
+          description: The path to store Postgres Backup.
+          schema:
+            type: dict
+            attrs:
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
+                schema:
+                  type: string
+                  required: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: datasetName
+                label: Dataset Name
+                schema:
+                  type: string
+                  show_if: [["type", "=", "ixVolume"]]
+                  required: true
+                  hidden: true
+                  immutable: true
+                  default: "pgBackup"
+                  $ref:
+                    - "normalize/ixVolume"
+              - variable: hostPath
+                label: Host Path
+                schema:
+                  type: hostpath
+                  show_if: [["type", "=", "hostPath"]]
+                  immutable: true
+                  required: true
+        - variable: additionalStorages
+          label: Additional Storage
+          description: Additional storage for Briefkasten.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: storageEntry
+                label: Storage Entry
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: type
+                      label: Type
+                      description: |
+                        ixVolume: Is dataset created automatically by the system.</br>
+                        Host Path: Is a path that already exists on the system.
+                      schema:
+                        type: string
+                        required: true
+                        default: "ixVolume"
+                        enum:
+                          - value: "hostPath"
+                            description: Host Path (Path that already exists on the system)
+                          - value: "ixVolume"
+                            description: ixVolume (Dataset created automatically by the system)
+                    - variable: mountPath
+                      label: Mount Path
+                      description: The path inside the container to mount the storage.
+                      schema:
+                        type: path
+                        required: true
+                    - variable: hostPath
+                      label: Host Path
+                      description: The host path to use for storage.
+                      schema:
+                        type: hostpath
+                        show_if: [["type", "=", "hostPath"]]
+                        required: true
+                    - variable: datasetName
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        show_if: [["type", "=", "ixVolume"]]
+                        required: true
+                        immutable: true
+                        default: "storage_entry"
+                        $ref:
+                          - "normalize/ixVolume"
+
+  - variable: resources
+    group: Resources Configuration
+    label: ""
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for Briefkasten.
+                schema:
+                  type: string
+                  max_length: 6
+                  valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
+                  valid_chars_error: |
+                    Valid CPU limit formats are</br>
+                    - Plain Integer - eg. 1</br>
+                    - Float - eg. 0.5</br>
+                    - Milicpu - eg. 500m
+                  default: "4000m"
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for Briefkasten.
+                schema:
+                  type: string
+                  max_length: 12
+                  valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
+                  valid_chars_error: |
+                    Valid Memory limit formats are</br>
+                    - Suffixed with E/P/T/G/M/K - eg. 1G</br>
+                    - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
+                    - Plain Integer in bytes - eg. 1024</br>
+                    - Exponent - eg. 134e6
+                  default: "8Gi"
+                  required: true

community/briefkasten/1.0.0/templates/NOTES.txt

@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}

community/briefkasten/1.0.0/templates/_briefkasten.tpl

@@ -0,0 +1,70 @@
+{{- define "briefkasten.workload" -}}
+workload:
+  briefkasten:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      hostNetwork: {{ .Values.briefkastenNetwork.hostNetwork }}
+      containers:
+        briefkasten:
+          enabled: true
+          primary: true
+          imageSelector: image
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1001
+            readOnlyRootFilesystem: false
+          envFrom:
+            - secretRef:
+                name: briefkasten
+            - configMapRef:
+                name: briefkasten
+          {{ with .Values.briefkastenConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            liveness:
+              enabled: true
+              type: http
+              port: {{ .Values.briefkastenNetwork.webPort }}
+              path: /
+            readiness:
+              enabled: true
+              type: http
+              port: {{ .Values.briefkastenNetwork.webPort }}
+              path: /
+            startup:
+              enabled: true
+              type: http
+              port: {{ .Values.briefkastenNetwork.webPort }}
+              path: /
+      initContainers:
+      {{- include "ix.v1.common.app.postgresWait" (dict "name" "01-postgres-wait"
+                                                        "secretName" "postgres-creds") | nindent 8 }}
+        02-migrate-db:
+          enabled: true
+          type: init
+          imageSelector: image
+          securityContext:
+            runAsUser: 1001
+            runAsGroup: 1001
+            readOnlyRootFilesystem: false
+          envFrom:
+            - secretRef:
+                name: briefkasten
+            - configMapRef:
+                name: briefkasten
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Migrating database"
+              pnpm db:push || (echo "DB migration failed..." && exit 1)
+              echo "DB migration successful. Application will now start"
+              exit 0
+{{- end -}}

community/briefkasten/1.0.0/templates/_configuration.tpl

@@ -0,0 +1,77 @@
+{{- define "briefkasten.configuration" -}}
+  {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+
+  {{- $secretKey := randAlphaNum 64 -}}
+  {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-briefkasten" $fullname)) -}}
+    {{- $secretKey = ((index .data "NEXTAUTH_SECRET") | b64dec) -}}
+  {{- end -}}
+
+  {{- $dbHost := (printf "%s-postgres" $fullname) -}}
+  {{- $dbUser := "briefkasten" -}}
+  {{- $dbName := "briefkasten" -}}
+
+  {{- $dbPass := (randAlphaNum 32) -}}
+  {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
+    {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
+  {{- end -}}
+
+  {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) -}}
+  {{/* Temporary set dynamic db details on values,
+  so we can print them on the notes */}}
+  {{- $_ := set .Values "briefkastenDbPass" $dbPass -}}
+  {{- $_ := set .Values "briefkastenDbHost" $dbHost -}}
+
+  {{- $smtp := .Values.briefkastenConfig.smtp -}}
+  {{- $github := .Values.briefkastenConfig.github -}}
+  {{- $google := .Values.briefkastenConfig.google -}}
+  {{- $keycloak := .Values.briefkastenConfig.keycloak -}}
+  {{- $authentik := .Values.briefkastenConfig.authentik }}
+secret:
+  briefkasten:
+    enabled: true
+    data:
+      NEXTAUTH_SECRET: {{ $secretKey }}
+      DATABASE_URL: {{ $dbURL }}
+      {{- if $smtp.enabled }}
+      SMTP_SERVER: {{ $smtp.server }}
+      SMTP_FROM: {{ $smtp.from }}
+      {{- end -}}
+      {{- if $github.enabled }}
+      GITHUB_ID: {{ $github.id }}
+      GITHUB_SECRET: {{ $github.secret }}
+      {{- end -}}
+      {{- if $google.enabled }}
+      GOOGLE_ID: {{ $google.id }}
+      GOOGLE_SECRET: {{ $google.secret }}
+      {{- end -}}
+      {{- if $keycloak.enabled }}
+      KEYCLOAK_NAME: {{ $keycloak.name }}
+      KEYCLOAK_ID: {{ $keycloak.id }}
+      KEYCLOAK_SECRET: {{ $keycloak.secret }}
+      KEYCLOAK_ISSUER: {{ $keycloak.issuer }}
+      {{- end -}}
+      {{- if $authentik.enabled }}
+      AUTHENTIK_NAME: {{ $authentik.name }}
+      AUTHENTIK_ID: {{ $authentik.id }}
+      AUTHENTIK_SECRET: {{ $authentik.secret }}
+      AUTHENTIK_ISSUER: {{ $authentik.issuer }}
+      {{- end }}
+
+  postgres-creds:
+    enabled: true
+    data:
+      POSTGRES_USER: {{ $dbUser }}
+      POSTGRES_DB: {{ $dbName }}
+      POSTGRES_PASSWORD: {{ $dbPass }}
+      POSTGRES_HOST: {{ $dbHost }}
+      POSTGRES_URL: {{ $dbURL }}
+
+configmap:
+  briefkasten:
+    enabled: true
+    data:
+      NEXTAUTH_URL: {{ .Values.briefkastenConfig.url }}
+      NEXTAUTH_URL_INTERNAL: http://127.0.0.1:{{ .Values.briefkastenNetwork.webPort }}
+      PORT: {{ .Values.briefkastenNetwork.webPort | quote }}
+      NODE_ENV: production
+{{- end -}}

community/briefkasten/1.0.0/templates/_persistence.tpl

@@ -0,0 +1,53 @@
+{{- define "briefkasten.persistence" -}}
+persistence:
+  tmp:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      briefkasten:
+        briefkasten:
+          mountPath: /tmp
+  {{- range $idx, $storage := .Values.briefkastenStorage.additionalStorages }}
+  {{ printf "briefkasten-%v" (int $idx) }}:
+    enabled: true
+    type: {{ $storage.type }}
+    datasetName: {{ $storage.datasetName | default "" }}
+    hostPath: {{ $storage.hostPath | default "" }}
+    targetSelector:
+      briefkasten:
+        briefkasten:
+          mountPath: {{ $storage.mountPath }}
+  {{- end }}
+
+  {{/* Database */}}
+  postgresdata:
+    enabled: true
+    type: {{ .Values.briefkastenStorage.pgData.type }}
+    datasetName: {{ .Values.briefkastenStorage.pgData.datasetName | default "" }}
+    hostPath: {{ .Values.briefkastenStorage.pgData.hostPath | default "" }}
+    targetSelector:
+      # Postgres pod
+      postgres:
+        # Postgres container
+        postgres:
+          mountPath: /var/lib/postgresql/data
+        # Postgres - Permissions container
+        # Different than the 01-permissions
+        permissions:
+          mountPath: /mnt/directories/postgres_data
+  postgresbackup:
+    enabled: true
+    type: {{ .Values.briefkastenStorage.pgBackup.type }}
+    datasetName: {{ .Values.briefkastenStorage.pgBackup.datasetName | default "" }}
+    hostPath: {{ .Values.briefkastenStorage.pgBackup.hostPath | default "" }}
+    targetSelector:
+      # Postgres backup pod
+      postgresbackup:
+        # Postgres backup container
+        postgresbackup:
+          mountPath: /postgres_backup
+        # Postgres - Permissions container
+        # Different than the 01-permissions
+        permissions:
+          mountPath: /mnt/directories/postgres_backup
+{{- end -}}

community/briefkasten/1.0.0/templates/_portal.tpl

@@ -0,0 +1,35 @@
+{{- define "briefkasten.portal" -}}
+  {{- $host := "$node_ip" -}}
+  {{- $port := "" -}}
+  {{- $protocol := "http" -}}
+  {{- if hasPrefix "https://" .Values.briefkastenConfig.url -}}
+    {{- $protocol = "https" -}}
+  {{- end -}}
+
+  {{- with .Values.briefkastenConfig.url -}} {{/* Trim protocol and trailing slash */}}
+    {{- $host = . | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" -}}
+
+    {{- if contains ":" $host -}}
+      {{- $port = (split ":" $host)._1 -}}
+      {{- $host = (split ":" $host)._0 -}}
+    {{- end -}}
+
+    {{- if not $port -}}
+      {{- if eq $protocol "https" -}}
+        {{- $port = "443" -}}
+      {{- else -}}
+        {{- $port = "80" -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: portal
+data:
+  path: "/"
+  port: {{ $port | quote }}
+  protocol: {{ $protocol }}
+  host: {{ $host }}
+{{- end -}}

community/briefkasten/1.0.0/templates/_postgres.tpl

@@ -0,0 +1,6 @@
+{{- define "postgres.workload" -}}
+workload:
+{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
+                                              "resources" .Values.resources
+                                              "ixChartContext" .Values.ixChartContext) | nindent 2 }}
+{{- end -}}

community/briefkasten/1.0.0/templates/_service.tpl

@@ -0,0 +1,26 @@
+{{- define "briefkasten.service" -}}
+service:
+  briefkasten:
+    enabled: true
+    primary: true
+    type: NodePort
+    targetSelector: briefkasten
+    ports:
+      webui:
+        enabled: true
+        primary: true
+        port: {{ .Values.briefkastenNetwork.webPort }}
+        nodePort: {{ .Values.briefkastenNetwork.webPort }}
+        targetSelector: briefkasten
+  postgres:
+    enabled: true
+    type: ClusterIP
+    targetSelector: postgres
+    ports:
+      postgres:
+        enabled: true
+        primary: true
+        port: 5432
+        targetPort: 5432
+        targetSelector: postgres
+{{- end -}}

community/briefkasten/1.0.0/templates/_validation.tpl

@@ -0,0 +1,65 @@
+{{- define "briefkasten.validation" -}}
+  {{- $smtp := .Values.briefkastenConfig.smtp -}}
+  {{- $github := .Values.briefkastenConfig.github -}}
+  {{- $google := .Values.briefkastenConfig.google -}}
+  {{- $keycloak := .Values.briefkastenConfig.keycloak -}}
+  {{- $authentik := .Values.briefkastenConfig.authentik -}}
+
+  {{- $providers := (list "smtp" "github" "google" "keycloak" "authentik") -}}
+  {{- $found := false -}}
+  {{- range $p := $providers -}}
+    {{- $provider := get $.Values.briefkastenConfig $p -}}
+    {{- if $provider.enabled -}}
+      {{- $found = true -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if not $found -}}
+    {{- fail (printf "Briefkasten - One or more auth provider [%s] must be enabled" (join ", " $providers)) -}}
+  {{- end -}}
+
+  {{- if $smtp.enabled -}}
+    {{- $required := (list "server" "from") -}}
+    {{- range $key := $required -}}
+      {{- if not (get $smtp $key) -}}
+        {{- fail (printf "Briefkasten - Key [%s] is required for SMTP auth provider" $key) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $github.enabled -}}
+    {{- $required := (list "id" "secret") -}}
+    {{- range $key := $required -}}
+      {{- if not (get $github $key) -}}
+        {{- fail (printf "Briefkasten - Key [%s] is required for Github auth provider" $key) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $google.enabled -}}
+    {{- $required := (list "id" "secret") -}}
+    {{- range $key := $required -}}
+      {{- if not (get $google $key) -}}
+        {{- fail (printf "Briefkasten - Key [%s] is required for Google auth provider" $key) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $keycloak.enabled -}}
+    {{- $required := (list "name" "id" "secret" "issuer") -}}
+    {{- range $key := $required -}}
+      {{- if not (get $keycloak $key) -}}
+        {{- fail (printf "Briefkasten - Key [%s] is required for Keycloak auth provider" $key) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- if $authentik.enabled -}}
+    {{- $required := (list "name" "id" "secret" "issuer") -}}
+    {{- range $key := $required -}}
+      {{- if not (get $authentik $key) -}}
+        {{- fail (printf "Briefkasten - Key [%s] is required for Authentik auth provider" $key) -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}

community/briefkasten/1.0.0/templates/common.yaml

@@ -0,0 +1,14 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "briefkasten.validation" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "briefkasten.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "briefkasten.service" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "briefkasten.persistence" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "briefkasten.configuration" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
+
+{{/* Create the configmap for portal manually*/}}
+{{- include "briefkasten.portal" $ -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

community/briefkasten/1.0.0/upgrade_strategy_disable

@@ -0,0 +1,31 @@
+#!/usr/bin/python3
+import json
+import re
+import sys
+
+from catalog_update.upgrade_strategy import semantic_versioning
+
+
+RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+')
+
+
+def newer_mapping(image_tags):
+    key = list(image_tags.keys())[0]
+    tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)}
+    version = semantic_versioning(list(tags))
+    if not version:
+        return {}
+
+    return {
+        'tags': {key: tags[version]},
+        'app_version': version,
+    }
+
+
+if __name__ == '__main__':
+    try:
+        versions_json = json.loads(sys.stdin.read())
+    except ValueError:
+        raise ValueError('Invalid json specified')
+
+    print(json.dumps(newer_mapping(versions_json)))

community/briefkasten/item.yaml

@@ -0,0 +1,10 @@
+icon_url: https://docs.briefkastenhq.com/logo.svg
+categories:
+  - productivity
+screenshots:
+  - https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app01.png
+  - https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app05.png
+  - https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app04.png
+  - https://raw.githubusercontent.com/ndom91/briefkasten/main/public/screenshot_app06.png
+tags:
+  - bookmark